From edecb7a70abdd673e3eef23094cc332e05e0e466 Mon Sep 17 00:00:00 2001 From: Jooseppi Luna Date: Fri, 23 Feb 2024 12:12:21 -0500 Subject: [PATCH] Automate certificate creation for observability (#494) * add cert creation for observability * Create selfsigned-cert.yaml * add automatic self-signed cert creation * add imports * add custom cert for observability * add certificate and private key types * add certificate and privatekey to obs sample file * move IssuerCertService into common * issuer cert service * OtelCollector constant * add custom cert logic * Update types.go * Update types.go * base64-encode certificate and private key * add print to test to figure things out * fix compilation errors * compilation errors * println to printf * add logging to understand function * Update csm_controller.go * handle each component cert separately * I think i fixed something * Create otel-collector-custom-cert.yaml * Update custom-cert * make custom cert generic * make component generic * move to obs directory and edit obs component placeholder name * move to obs folder and adjust placeholder names * update placeholder name * update placeholder name * Update observability.go * fix error check * remove comma * update map declaration * fix map declaration * compilation issues * compilation error * compilation errors * compilation errors + code cleanup * add error check * add retry logic in applyobject * add import * bruh * added unit test coverage to controllers * generate/manifests/install * added full unit test coverage of added code * get rid of misc unneeded changes * add cert and privatekey to obs * add cert and privatekey * add sample files * add new e2e test scenarios * add e2e test files * fix lint * fix linting * update samples based on review --- api/v1/types.go | 11 + ...rage.dell.com_apexconnectivityclients.yaml | 24 + ...rage.dell.com_containerstoragemodules.yaml | 56 ++ controllers/csm_controller.go | 5 + controllers/csm_controller_test.go | 27 + deploy/crds/storage.dell.com.crds.all.yaml | 60 +++ .../observability/custom-cert.yaml | 52 ++ .../observability/selfsigned-cert.yaml | 37 ++ pkg/modules/observability.go | 88 +++- pkg/modules/observability_test.go | 97 ++++ .../testdata/cr_powerflex_observability.yaml | 28 +- ...r_powerflex_observability_custom_cert.yaml | 293 +++++++++++ ...observability_custom_cert_missing_key.yaml | 293 +++++++++++ samples/storage_csm_powerflex_v2100.yaml | 16 + samples/storage_csm_powerflex_v280.yaml | 16 + samples/storage_csm_powerflex_v290.yaml | 16 + samples/storage_csm_powerflex_v291.yaml | 16 + samples/storage_csm_powermax_v2100.yaml | 16 + samples/storage_csm_powermax_v280.yaml | 16 + samples/storage_csm_powermax_v290.yaml | 16 + samples/storage_csm_powermax_v291.yaml | 16 + samples/storage_csm_powerscale_v2100.yaml | 16 + samples/storage_csm_powerscale_v280.yaml | 16 + samples/storage_csm_powerscale_v290.yaml | 16 + samples/storage_csm_powerscale_v291.yaml | 16 + tests/e2e/testfiles/observability-cert.yaml | 68 --- .../storage_csm_powerflex_observability.yaml | 16 + ...rage_csm_powerflex_observability_auth.yaml | 16 + ...m_powerflex_observability_custom_cert.yaml | 248 +++++++++ ...erflex_observability_otel_custom_cert.yaml | 248 +++++++++ .../storage_csm_powermax_observability.yaml | 16 + .../storage_csm_powerscale_observability.yaml | 16 + ...age_csm_powerscale_observability_auth.yaml | 16 + ...erscale_observability_top_custom_cert.yaml | 488 ++++++++++++++++++ tests/e2e/testfiles/values.yaml | 64 ++- 35 files changed, 2377 insertions(+), 82 deletions(-) create mode 100644 operatorconfig/moduleconfig/observability/custom-cert.yaml create mode 100644 operatorconfig/moduleconfig/observability/selfsigned-cert.yaml create mode 100644 pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml create mode 100644 pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml delete mode 100644 tests/e2e/testfiles/observability-cert.yaml create mode 100644 tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml create mode 100644 tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml create mode 100644 tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml diff --git a/api/v1/types.go b/api/v1/types.go index d68c6da77..0e98f43b8 100644 --- a/api/v1/types.go +++ b/api/v1/types.go @@ -71,6 +71,9 @@ const ( // Topology - placeholder for constant topology Topology ObservabilityComponentType = "topology" + // OtelCollector - placeholder for constant otel-collector + OtelCollector ObservabilityComponentType = "otel-collector" + // PowerFlex - placeholder for constant powerflex PowerFlex DriverType = "powerflex" @@ -364,6 +367,14 @@ type ContainerTemplate struct { // DeployNodeAgent is to enable/disable node-agent services // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Deploy node-agent for Application Mobility" DeployNodeAgent bool `json:"deployNodeAgent,omitempty" yaml:"deployNodeAgent,omitempty"` + + // Certificate is a certificate used for a certificate/private-key pair + // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Certificate for certificate/private-key pair" + Certificate string `json:"certificate,omitempty" yaml:"certificate,omitempty"` + + // PrivateKey is a private key used for a certificate/private-key pair + // +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Private key for certificate/private-key pair" + PrivateKey string `json:"privateKey,omitempty" yaml:"privateKey,omitempty"` } // SnapshotClass struct diff --git a/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml b/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml index 2e7ad09df..202345c9d 100644 --- a/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml +++ b/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml @@ -67,6 +67,10 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -252,6 +256,10 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -348,6 +356,10 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -535,6 +547,10 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -617,6 +633,10 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -804,6 +824,10 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string diff --git a/config/crd/bases/storage.dell.com_containerstoragemodules.yaml b/config/crd/bases/storage.dell.com_containerstoragemodules.yaml index 8f7a1cb18..c12a53b05 100644 --- a/config/crd/bases/storage.dell.com_containerstoragemodules.yaml +++ b/config/crd/bases/storage.dell.com_containerstoragemodules.yaml @@ -71,6 +71,10 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -256,6 +260,10 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -339,6 +347,10 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -524,6 +536,10 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -628,6 +644,10 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -815,6 +835,10 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -895,6 +919,10 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -1080,6 +1108,10 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -1165,6 +1197,10 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -1352,6 +1388,10 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -1461,6 +1501,10 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -1650,6 +1694,10 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -1746,6 +1794,10 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -1935,6 +1987,10 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string diff --git a/controllers/csm_controller.go b/controllers/csm_controller.go index 3cc656d4d..5cff76076 100644 --- a/controllers/csm_controller.go +++ b/controllers/csm_controller.go @@ -914,6 +914,11 @@ func (r *ContainerStorageModuleReconciler) reconcileObservability(ctx context.Co } } + // We are doing this separately after creating other components because the certificates rely on cert-manager being up + if err := modules.IssuerCertServiceObs(ctx, isDeleting, op, cr, ctrlClient); err != nil { + return fmt.Errorf("unable to deploy Certificate & Issuer for Observability: %v", err) + } + return nil } diff --git a/controllers/csm_controller_test.go b/controllers/csm_controller_test.go index 965d3da7a..cf2c573cc 100644 --- a/controllers/csm_controller_test.go +++ b/controllers/csm_controller_test.go @@ -1396,6 +1396,7 @@ func (suite *CSMControllerTestSuite) TestReconcileObservabilityError() { assert.NotNil(suite.T(), err) for i := range csm.Spec.Modules[0].Components { + fmt.Printf("Component name: %s\n", csm.Spec.Modules[0].Components[i].Name) csm.Spec.Modules[0].Components[i].Enabled = &[]bool{false}[0] err = reconciler.reconcileObservability(ctx, false, badOperatorConfig, csm, nil, suite.fakeClient, suite.k8sClient) if i < len(csm.Spec.Modules[0].Components)-1 { @@ -1438,6 +1439,32 @@ func (suite *CSMControllerTestSuite) TestReconcileObservabilityErrorBadComponent csm.Spec.Modules[0].Components = goodModules } +func (suite *CSMControllerTestSuite) TestReconcileObservabilityErrorBadCert() { + csm := shared.MakeCSM(csmName, suite.namespace, configVersion) + csm.Spec.Modules = getObservabilityModule() + reconciler := suite.createReconciler() + + goodModules := csm.Spec.Modules[0].Components + for index, component := range csm.Spec.Modules[0].Components { + if component.Name == "topology" { + csm.Spec.Modules[0].Components[index].Certificate = "bad-cert" + } + if component.Name == "metrics-powerscale" { + csm.Spec.Modules[0].Components[index].Enabled = &[]bool{false}[0] + } + if component.Name == "metrics-powerflex" { + csm.Spec.Modules[0].Components[index].Enabled = &[]bool{false}[0] + } + } + + fmt.Printf("[TestReconcileObservabilityErrorBadCert] module components: %+v\n", csm.Spec.Modules[0].Components) + + err := reconciler.reconcileObservability(ctx, false, operatorConfig, csm, nil, suite.fakeClient, suite.k8sClient) + assert.NotNil(suite.T(), err) + + csm.Spec.Modules[0].Components = goodModules +} + func (suite *CSMControllerTestSuite) TestReconcileAuthorization() { csm := shared.MakeCSM(csmName, suite.namespace, configVersion) csm.Spec.Modules = getAuthProxyServer() diff --git a/deploy/crds/storage.dell.com.crds.all.yaml b/deploy/crds/storage.dell.com.crds.all.yaml index fa88ed3f0..1067f3ac7 100644 --- a/deploy/crds/storage.dell.com.crds.all.yaml +++ b/deploy/crds/storage.dell.com.crds.all.yaml @@ -59,6 +59,9 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -197,6 +200,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -267,6 +273,9 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -405,6 +414,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -464,6 +476,9 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -602,6 +617,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -749,6 +767,9 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -887,6 +908,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -946,6 +970,9 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -1084,6 +1111,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -1162,6 +1192,9 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -1300,6 +1333,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -1357,6 +1393,9 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -1495,6 +1534,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -1557,6 +1599,9 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -1695,6 +1740,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -1778,6 +1826,9 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -1916,6 +1967,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string @@ -1984,6 +2038,9 @@ spec: items: type: string type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string commander: description: Commander is the image tag for the Container type: string @@ -2122,6 +2179,9 @@ spec: opaKubeMgmt: description: OpaKubeMgmt is the image tag for the Container type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string proxyService: description: ProxyService is the image tag for the Container type: string diff --git a/operatorconfig/moduleconfig/observability/custom-cert.yaml b/operatorconfig/moduleconfig/observability/custom-cert.yaml new file mode 100644 index 000000000..03a3ff3f2 --- /dev/null +++ b/operatorconfig/moduleconfig/observability/custom-cert.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: -secret + namespace: karavi +data: + # replace with actual base64-encoded certificate + tls.crt: + # replace with actual base64-encoded private key + tls.key: + +--- + +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: -issuer + namespace: karavi +spec: + ca: + secretName: -secret + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: + namespace: karavi +spec: + secretName: -tls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - dell + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + - client auth + dnsNames: + - + - .karavi.svc.kubernetes.local + issuerRef: + name: -issuer + kind: Issuer + group: cert-manager.io diff --git a/operatorconfig/moduleconfig/observability/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/selfsigned-cert.yaml new file mode 100644 index 000000000..9aa62cf3c --- /dev/null +++ b/operatorconfig/moduleconfig/observability/selfsigned-cert.yaml @@ -0,0 +1,37 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: karavi +spec: + selfSigned: {} + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: + namespace: karavi +spec: + secretName: -tls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - dell + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + - client auth + dnsNames: + - + - .karavi.svc.kubernetes.local + issuerRef: + name: selfsigned-issuer + kind: Issuer + group: cert-manager.io diff --git a/pkg/modules/observability.go b/pkg/modules/observability.go index e3aed1755..bc2831319 100644 --- a/pkg/modules/observability.go +++ b/pkg/modules/observability.go @@ -11,6 +11,8 @@ package modules import ( "context" "fmt" + "os" + "path/filepath" "strconv" "strings" @@ -27,6 +29,7 @@ import ( confv1 "k8s.io/client-go/applyconfigurations/apps/v1" "k8s.io/client-go/kubernetes" "sigs.k8s.io/controller-runtime/pkg/client" + crclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/yaml" ) @@ -172,10 +175,28 @@ const ( // PMaxObsYamlFile - powermax metrics yaml file PMaxObsYamlFile string = "karavi-metrics-powermax.yaml" + // SelfSignedCert - self-signed certificate file + SelfSignedCert string = "selfsigned-cert.yaml" + + // CustomCert - custom certificate file + CustomCert string = "custom-cert.yaml" + + // ObservabilityCertificate -- certificate for either topology or otel-collector in base64 + ObservabilityCertificate string = "" + + // ObservabilityPrivateKey -- private key for either topology or otel-collector in base64 + ObservabilityPrivateKey string = "" + + // ObservabilitySecretPrefix -- placeholder for either karavi-topology or otel-collector + ObservabilitySecretPrefix string = "" // #nosec G101 -- false positive + // CSMNameSpace - namespace CSM is found in. Needed for cases where pod namespace is not namespace of CSM - CSMNameSpace = "" + CSMNameSpace string = "" ) +// ComponentNameToSecretPrefix - map from component name to secret prefix +var ComponentNameToSecretPrefix = map[string]string{ObservabilityOtelCollectorName: "otel-collector", ObservabilityTopologyName: "karavi-topology"} + // ObservabilitySupportedDrivers is a map containing the CSI Drivers supported by CSM Replication. The key is driver name and the value is the driver plugin identifier var ObservabilitySupportedDrivers = map[string]SupportedDriverParam{ "powerscale": { @@ -238,6 +259,7 @@ func ObservabilityPrecheck(ctx context.Context, op utils.OperatorConfig, obs csm // ObservabilityTopology - delete or update topology objects func ObservabilityTopology(ctx context.Context, isDeleting bool, op utils.OperatorConfig, cr csmv1.ContainerStorageModule, ctrlClient client.Client) error { + log := logger.GetLogger(ctx) YamlString, err := getTopology(op, cr) if err != nil { return err @@ -249,6 +271,7 @@ func ObservabilityTopology(ctx context.Context, isDeleting bool, op utils.Operat } for _, ctrlObj := range topoObjects { + log.Infow("current topoObject is ", "ctrlObj", ctrlObj) if isDeleting { if err := utils.DeleteObject(ctx, ctrlObj, ctrlClient); err != nil { return err @@ -799,6 +822,69 @@ func getNewAuthSecretName(driverType csmv1.DriverType, secretName string) string return fmt.Sprintf("%s-%s", driverType, secretName) } +// getIssuerCertServiceObs - gets cert manager issuer and certificate manifest for observability +func getIssuerCertServiceObs(op utils.OperatorConfig, obs csmv1.Module, componentName string) (string, error) { + yamlString := "" + certificate := "" + privateKey := "" + certificatePath := "" + + for _, component := range obs.Components { + if component.Name == componentName { + certificate = component.Certificate + privateKey = component.PrivateKey + } + } + + // If we have at least one of the certificate or privateKey fields filled in, we assume the customer is trying to use a custom cert. + // Otherwise, we give them the self-signed cert. + if certificate != "" || privateKey != "" { + if certificate != "" && privateKey != "" { + certificatePath = fmt.Sprintf("%s/moduleconfig/observability/%s", op.ConfigDirectory, CustomCert) + } else { + return yamlString, fmt.Errorf("observability install failed -- either cert or privatekey missing for %s custom cert", componentName) + } + } else { + certificatePath = fmt.Sprintf("%s/moduleconfig/observability/%s", op.ConfigDirectory, SelfSignedCert) + } + + buf, err := os.ReadFile(filepath.Clean(certificatePath)) + if err != nil { + return yamlString, err + } + + yamlString = string(buf) + + yamlString = strings.ReplaceAll(yamlString, ObservabilityCertificate, certificate) + yamlString = strings.ReplaceAll(yamlString, ObservabilityPrivateKey, privateKey) + yamlString = strings.ReplaceAll(yamlString, ObservabilitySecretPrefix, ComponentNameToSecretPrefix[componentName]) + + return yamlString, nil +} + +// IssuerCertServiceObs - apply and delete the observability issuer and certificate service +func IssuerCertServiceObs(ctx context.Context, isDeleting bool, op utils.OperatorConfig, cr csmv1.ContainerStorageModule, ctrlClient crclient.Client) error { + obs, err := getObservabilityModule(cr) + if err != nil { + return err + } + + for _, component := range obs.Components { + if (component.Name == ObservabilityOtelCollectorName && *(component.Enabled)) || (component.Name == ObservabilityTopologyName && *(component.Enabled)) { + yamlString, err := getIssuerCertServiceObs(op, obs, component.Name) + if err != nil { + return err + } + err = applyDeleteObjects(ctx, ctrlClient, yamlString, isDeleting) + if err != nil { + return err + } + } + } + + return nil +} + // PowerMaxMetrics - delete or update powermax metrics objects func PowerMaxMetrics(ctx context.Context, isDeleting bool, op utils.OperatorConfig, cr csmv1.ContainerStorageModule, ctrlClient client.Client, k8sClient kubernetes.Interface) error { log := logger.GetLogger(ctx) diff --git a/pkg/modules/observability_test.go b/pkg/modules/observability_test.go index 198dbaf5f..9bd2c8404 100644 --- a/pkg/modules/observability_test.go +++ b/pkg/modules/observability_test.go @@ -12,6 +12,7 @@ import ( "context" "testing" + certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" csmv1 "github.com/dell/csm-operator/api/v1" utils "github.com/dell/csm-operator/pkg/utils" "github.com/dell/csm-operator/tests/shared" @@ -23,6 +24,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes/fake" + "k8s.io/client-go/kubernetes/scheme" ctrlClient "sigs.k8s.io/controller-runtime/pkg/client" ctrlClientFake "sigs.k8s.io/controller-runtime/pkg/client/fake" ) @@ -965,3 +967,98 @@ func TestPowerMaxMetrics(t *testing.T) { }) } } + +func TestObservabilityCertIssuer(t *testing.T) { + tests := map[string]func(t *testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client, utils.OperatorConfig){ + "success - creating with self-signed cert": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client, utils.OperatorConfig) { + customResource, err := getCustomResource("./testdata/cr_powerflex_observability.yaml") + if err != nil { + panic(err) + } + + tmpCR := customResource + certmanagerv1.AddToScheme(scheme.Scheme) + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects().Build() + + return true, false, tmpCR, sourceClient, operatorConfig + }, + "success - creating with custom cert": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client, utils.OperatorConfig) { + customResource, err := getCustomResource("./testdata/cr_powerflex_observability_custom_cert.yaml") + if err != nil { + panic(err) + } + + tmpCR := customResource + certmanagerv1.AddToScheme(scheme.Scheme) + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects().Build() + + return true, false, tmpCR, sourceClient, operatorConfig + }, + "fail - creating with partial custom cert": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client, utils.OperatorConfig) { + customResource, err := getCustomResource("./testdata/cr_powerflex_observability_custom_cert_missing_key.yaml") + if err != nil { + panic(err) + } + + tmpCR := customResource + certmanagerv1.AddToScheme(scheme.Scheme) + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects().Build() + + return false, false, tmpCR, sourceClient, operatorConfig + }, + "fail - observability module not found": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client, utils.OperatorConfig) { + customResource, err := getCustomResource("./testdata/cr_powerscale_replica.yaml") + if err != nil { + panic(err) + } + + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects().Build() + tmpCR := customResource + + return false, false, tmpCR, sourceClient, operatorConfig + }, + "fail - observability deployment file bad yaml": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client, utils.OperatorConfig) { + customResource, err := getCustomResource("./testdata/cr_powerflex_observability.yaml") + if err != nil { + panic(err) + } + + tmpCR := customResource + badOperatorConfig.ConfigDirectory = "./testdata/badYaml" + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects().Build() + + return false, false, tmpCR, sourceClient, badOperatorConfig + }, + "fail - observability config file not found": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client, utils.OperatorConfig) { + customResource, err := getCustomResource("./testdata/cr_powerflex_observability.yaml") + if err != nil { + panic(err) + } + + tmpCR := customResource + badOperatorConfig.ConfigDirectory = "invalid-dir" + sourceClient := ctrlClientFake.NewClientBuilder().WithObjects().Build() + + return false, false, tmpCR, sourceClient, badOperatorConfig + }, + } + + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + oldNewControllerRuntimeClientWrapper := utils.NewControllerRuntimeClientWrapper + oldNewK8sClientWrapper := utils.NewK8sClientWrapper + defer func() { + utils.NewControllerRuntimeClientWrapper = oldNewControllerRuntimeClientWrapper + utils.NewK8sClientWrapper = oldNewK8sClientWrapper + }() + success, isDeleting, cr, sourceClient, op := tc(t) + + err := IssuerCertServiceObs(ctx, isDeleting, op, cr, sourceClient) + if success { + assert.NoError(t, err) + } else { + assert.Error(t, err) + } + }) + } +} diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index 0ff007935..eef25b9fd 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -135,15 +135,21 @@ spec: # observability: allows to configure observability - name: observability # enabled: Enable/Disable observability - enabled: false + enabled: true configVersion: v1.8.0 components: - name: topology # enabled: Enable/Disable topology - enabled: false + enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.8.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -153,10 +159,16 @@ spec: - name: otel-collector # enabled: Enable/Disable OpenTelemetry Collector - enabled: false + enabled: true # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string @@ -164,9 +176,17 @@ spec: - name: "NGINX_PROXY_IMAGE" value: "nginxinc/nginx-unprivileged:1.20" + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: true + - name: metrics-powerflex # enabled: Enable/Disable PowerFlex metrics - enabled: false + enabled: true # image: Defines PowerFlex metrics image. This shouldn't be changed image: dellemc/csm-metrics-powerflex:v1.8.0 envs: diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml new file mode 100644 index 000000000..6924a0159 --- /dev/null +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml @@ -0,0 +1,293 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: vxflexos + namespace: vxflexos +spec: + driver: + csiDriverType: "powerflex" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "File" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.10.0 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "dellemc/csi-vxflexos:v2.9.1" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + - name: X_CSI_DEBUG + value: "true" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + - name: "CERT_SECRET_COUNT" + value: "0" + - name: X_CSI_QUOTA_ENABLED + value: "false" + + sideCars: + # 'k8s' represents a string prepended to each volume created by the CSI driver + - name: provisioner + args: ["--volume-name-prefix=k8s"] + + # sdc-monitor is disabled by default, due to high CPU usage + - name: sdc-monitor + enabled: false + image: dellemc/sdc:4.5 + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret + + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + - name: csi-external-health-monitor-controller + enabled: false + args: ["--monitor-interval=60s"] + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_POWERFLEX_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: None + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + + #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval + # Allowed values: + # true: enable SDC approval + # false: disable SDC approval + # Default value: false + - name: X_CSI_APPROVE_SDC_ENABLED + value: "false" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_RENAME_SDC_ENABLED: Enable/Disable rename of SDC + # Allowed values: + # true: enable renaming + # false: disable renaming + # Default value: false + - name: X_CSI_RENAME_SDC_ENABLED + value: "false" + + # X_CSI_RENAME_SDC_PREFIX: defines a string for prefix of the SDC name. + # "prefix" + "worker_node_hostname" should not exceed 31 chars. + # Default value: none + # Examples: "rhel-sdc", "sdc-test" + - name: X_CSI_RENAME_SDC_PREFIX + value: "" + + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # If value is zero Container Orchestrator shall decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'maxVxflexosVolumesPerNode' is not set. + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + + + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "node.tolerations" defines tolerations that would be applied to node daemonset + # Leave as blank to install node driver only on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + initContainers: + - image: dellemc/sdc:4.5 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + + modules: + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: true + configVersion: v1.7.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: true + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:v1.7.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + privateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeUl4ZGdOMDQ3Z2ZONU9Id0hxYTI5RzVnd3Q5M2VidnEwZVdnZE5RWXUvUU91YktoCkNyVmFDekFwc0xoUXJ5YThDODlrUzN1ZkRzSzN6N2hySEV4Z25XOGc3Ri9XTjVpaXYzcU9GcDk2ZVc4VFR5UHIKYVZLSld6bGsvcUloVnZIRlRsU25OY3JiU2VuOUZIcWZkeEZwN3ozVUl3bVVrZk8vTTQ1RHkrcDU2cmdqOW4vSQo2L1ZraTFlcWpQSDdXWU52SUFyTWtKb2UwYUhZVUk3amt3RGdTemRNYzJzN1I5NWxQTFY1MDgxdFNCWTJtNno0ClRrdXZLUHRtUWdaTC9ySi9pR1EwS1U5MmJkRVAvVEg1UnhJMkR2dlNwUEs1UkhzTEhPVDdUZWV5NGJXU1VQemIKU0cwUUFBNG9ScjU1djNVWG5pZjBMcDRENDlOcXB0UitFc2ZMdndJREFRQUJBb0lCQUUva2V5dG05ZEw5a094cApoYnJ3TjFwUXpvTlRlc2tvTDNmR3ZwRk1IVDVqRDZxeW1xMGxhZVdqSGppa2RLQVNFait5TXdaUERTSllOOW1zClloODMzaFZadkFmdWRleFlCaDI1dVBrU056eEJIN1FiWHlEcUhJWVc2MEQxWGNyQkxoVHliRnBsb2M1a1JNbnYKdjY4elpMeEdLVWg3L0kvWVJvZEhXWUxXdWhMaTYvVGpKMGNJbWlOVWxMeWhXNHJrUXRveUZmelYvWkZpZGYvWApSYjQwRHRCRk1QbytVdFRBbnJuTlF3UDN2cEF5U09OV2U3MW45dS9XdFlwYzVNeDJGaGZFbm5PcTlZcVNEMVNQCm5hUC9OUndOQ2xOY1BleWZaSU84SytWT3MvbFpBOGErMXREWTZzOFVOTHBvcm42YkRWdEsweU4rTU9YK1FLaXEKTG9KeDZtRUNnWUVBNlU3ZU96OEcybG9wd245ald6YXBobG5TU2RFTHZobS95cllNMy9TN2puTkRYNkd3TkRlKwpFQTFINUs1UDRLNnlleFMvZEllaWo4bDhiRytVb0V3Rm9pOVIxaTdGR21DL1p6WTRpa2IyQXI0MU8yV29kVk9UCkRjNnBjdmlkWnp5ZjJWaGlTMFNLZ3ZodDdzSTlQcjFyZWlyNW9TYXBuUC9hUFhCTkl3dDh3V01DZ1lFQTNBM1AKODNrOUlPdjNNUWhiL1JiUDVBRWZYaW85U0hJNW1oekFLankxY2M1WDdadjI2SmpIc21RNGQrb0s0UjljMGFIWApETDFBRlYrWTkyRTU4ZVE1SXJhQ3JTQVAwYk45bENqLzdEMDFrT2ZnTis5QXJzVy8yc0tFcFRtZENtc3ZGb1JuClNOUzBNYmpDdmQxOEtYdWNFYmdoZzZTcjZwaGN2QWVoaGtpcjZQVUNnWUVBcFl0bXVKZENINUUyYkdIRGVDZFQKSnBkNVZSTlZ4Nit4blA2TUtDVVpLRHkxSTVndzFQeHdpaWRDU2dzOWRtbS9Ed0pyengybXhXdnNNMjBCQXJTdQprcVFNNTNNTVBHbEZwdENjVWRHRUlmSWhCMkpjbzlPSFZwYTdPVzhiRVBPOVlKVU1PZWdLZUdBYWNQMjJRMXhZCmRMa2xvNmt4Vk10ZWFaWFR4ZmdTcjQwQ2dZRUF3K2lnSEZqeHJSK213TVo2YndZaUt4RTh4ZTdCQklCOCs5RmcKMjdtVXFDOVdaTG9YeGRoTzRXa01ST1hlcmJIb1J0SFl6UVNueXQrREphb3Zsa1RqQVI2UGxHWVk3MDduSEVLcwpKYndRdG1OWllUTGwyVE5BclJmRVUvekk3UCtqdWw1Q1BicndlZHZOdEk4OC9RbUpWdFVoTVR3bnVnSFBmYThsCmhKR3FTd2tDZ1lFQW1UKzJQY1VIdVZuYXU1ZjVYMXZPaVI1aGtyNEZYUFhwZVVRZDVyMFZZazBsb01Yc3FQVGsKc0lZN0lmSUlRZ01xbFNnUVhMeVBpbjJPWEN1ZnBKTlVDRlJRamtMV2ZCZW1QbEh6N2hjNURvVHJEU1doOUtETApNak9HL3d4ckRwZGlvRnZmcVA3bldIeGk3UzAxNXpHNHhtbkg2WUZ1TThuaHpyU3NSQzhzV20wPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: true + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQrekNDQXVPZ0F3SUJBZ0lVUWd1aFg2U1BHR08rcVBFcEFGNG9nMlhPRnJrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZd3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwT1pTQUlkeUJaYjNKck1SRXdEd1lEVlFRSApEQWhPWlhjZ1dXOXlhekVOTUFzR0ExVUVDZ3dFUkdWc2JERU1NQW9HQTFVRUN3d0RTVk5ITVJFd0R3WURWUVFECkRBaEtiMjl6WlhCd2FURWxNQ01HQ1NxR1NJYjNEUUVKQVJZV2FtOXZjMlZ3Y0dsZmJIVnVZVUJrWld4c0xtTnYKYlRBZUZ3MHlOREF5TWpFeE9ESTJNRFphRncweU5EQTFNakV4T0RJMk1EWmFNSUdNTVFzd0NRWURWUVFHRXdKVgpVekVUTUJFR0ExVUVDQXdLVG1VZ0NIY2dXVzl5YXpFUk1BOEdBMVVFQnd3SVRtVjNJRmx2Y21zeERUQUxCZ05WCkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVSTUE4R0ExVUVBd3dJU205dmMyVndjR2t4SlRBakJna3EKaGtpRzl3MEJDUUVXRm1wdmIzTmxjSEJwWDJ4MWJtRkFaR1ZzYkM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREFQaE5Wb2dHdmFiL1EreE1zem04QW5uK1JvcytuaXNCUm12eTd0UWJ1CkFvN3lNZ2Vra0gxZFVxLzVzSTN3ZEVvckJWbUdkcHBZNm04Y2xLTkEwSndhQ2NGazRva2QxTXFxNURqeUxocHIKTkduYms5R2Rrc1UxN2NTbE5uTTRKRVVZUTVxMWM2RzlFbExQeUFBTXFVeDd1TEtVa0ZSRjBtTHJzTlRkWG5xcwo0U0p5WkU5bnBIallHVGQrT01RYVlWZldON01PYVNKclRTc0lFdFNOVXM5UWdCRzE4Z0lqUlVZUUpSWDNpeFE3CitMMlVtQTJqYmYxSG5wSVp6ejRIdWkxVWw0WllZMUVJeU1wZTVaQzdrUlliWDRWRFcvMGxRSmhleU5FODVDUlAKNUwxYUhjQ3JTcnRvb3ZNWVlGWG5ZYThJeVJxaFRsM1RjSE81OXJYdzdPemhBZ01CQUFHalV6QlJNQjBHQTFVZApEZ1FXQkJRV2JBalpCWlB3K1B6NXlOYXdwM3Q1SU14MTdEQWZCZ05WSFNNRUdEQVdnQlFXYkFqWkJaUHcrUHo1CnlOYXdwM3Q1SU14MTdEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQTAKOUNaZXIySWZFZ0NqQkVseC8xRTMxak9XUHhhNDVMSFdNRHl0RlNTT3hEc0EyN2txcnc4ZHRqeUQyTVlST0c3VQpaSDFrVHB6dGtaWXJjMGQ5YWxUT2RWa0dRamFFc2tWM3p3NVFDZTJVV1k4ZmZGWkdFZ3IxbFVGc3lMMTZBT1phCjVCREIrZkx4Y3RBRnBjM0lPS08vRFBrdWdiZFR5OURtT0xGa0w2VTd2ZDI1bGlpV1VBZ0ZhQW9tZlVqY2N6ZUQKWGw5VFBlL1dVbzRIb2lpOVh3MDF3YVI3a0xkVzN6UlBwTlpyTmo5QlZqYTRCTm5jMTM0OERScXhWR1J2SGdwVApnVW81RC94SDN0YzRUQm9EYmlIY09Pb1Iweks4NUlUQUYzVExubG9yMEt2d2o5UUR2TFFkZ1liK0liZ0hZbDNVCjc5Z3E3WEt0V09jVzVvMG85cm9pCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + privateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd0Q0VFZhSUJyMm0vMFBzVExNNXZBSjUva2FMUHA0ckFVWnI4dTdVRzdnS084aklICnBKQjlYVkt2K2JDTjhIUktLd1ZaaG5hYVdPcHZISlNqUU5DY0dnbkJaT0tKSGRUS3F1UTQ4aTRhYXpScDI1UFIKblpMRk5lM0VwVFp6T0NSRkdFT2F0WE9odlJKU3o4Z0FES2xNZTdpeWxKQlVSZEppNjdEVTNWNTZyT0VpY21SUApaNlI0MkJrM2ZqakVHbUZYMWplekRta2lhMDByQ0JMVWpWTFBVSUFSdGZJQ0kwVkdFQ1VWOTRzVU8vaTlsSmdOCm8yMzlSNTZTR2M4K0I3b3RWSmVHV0dOUkNNaktYdVdRdTVFV0cxK0ZRMXY5SlVDWVhzalJQT1FrVCtTOVdoM0EKcTBxN2FLTHpHR0JWNTJHdkNNa2FvVTVkMDNCenVmYTE4T3pzNFFJREFRQUJBb0lCQUJCdC9iY0cxb0FJV0tWaQpuOXZuZEtNbjZKMG92ZmlDcWpjUE9PUk43MTZ1QjB0NXJSK0tYYng1RWFNVVRMMHRJeDJVSW5lVWNWS0NEcWJ4CnFSWWovZ05YckJpVUo4WE41dGcrRXdQWG50aGtyVnRmd2IxbXlzWDJJU1ZCaHcxWVJETnpxNmd3VHJWYStJcmIKZSsyWkZubElhcks1dHdvVWxmR3d0akNKSDVEZ3N1YWVxdUNncVBjSXEwVzJWNytQMnhFYTFGTzgrZzYzN3prOApIdG1DYlVGU0s1NTV2TjMzSjZneWxrK0trN2FEVW92a1VvR3ZCQ2psaE8wOVpwcEF5cmlwVkJndHNYMEdDR3ZFCkF6ME9IL1VobFZhY1kwTkJDTzkrL2RGdEpOMWtFQ2xYMUt2WDJ4Q0NDc0FocGxXWkpGRWM1b09CdzdMZGlpTjAKRlg2NUNqRUNnWUVBM2RuSG52cExqQ3pFNmZJUHFSSk1qWms2MWhybGR1N2d6YWRmV2h6TFFvSG1CUEQ1V3lMMgpqYkVQczFNRDN2a0w1L3lWODJmOWM5NVJpejJKZDRwOTJtb0JhblJSWEhpZXpHZ2NqZDN0enoxWFpUS1kyWENwCmdIVWxSTzZKbUVPcXNnbW5UajZabWd3bDdwRTg5bkJjcWVJMmhRSHNXMUI0blQrbGg2MzgxaDBDZ1lFQTNkV08KM1Bva3MzV015QjBvY2RUMFE2S3dTUnlYR3JQMDVEK3ZmM3Z4Z2ZERlBySmFROVVkUE50OEJKNkx1S21VV0RaTApaWm52bTJDNUNkZWtLbXNwNTg1aUp2bHNzbndxcUVZejN6WSswRzVZMGlDdU5qdVhyYzN4dktUZ2kwckJpYUNoCnJ5N1QwMU1GdG4vbDkrSXR2NGRTa1RkWHp0VzdJOUFZNnpnc0pwVUNnWUIyeGhUUXNYSm0vc1VCOXoyWktCbmkKS1dwTm5LTERkUXJZTDhhbUNRcHRkZncvSXdCdFlaK2NwbklnY001K3Z0azMvNHdNZjkwNi9vaXJ3bXRwbTdUYgpqYXRxWWhINUx2N2RzdE91eEdXQWNYZnJ6eFgwUEJRVG1TUTE3bnV1RUhRLzAxbEdVOCtLb1B4aDZGSTZJbGdKCi8vbHVabVF6VXpid0FWWk8rTUNIcFFLQmdGVnZJZzVJNkVtVlJCcnQzOTIzUGp1dU5HWno5RjM4WUp4blNwZTIKakZTVy9lQWZvRlB2aDhzZ1hLc0t4SlRoK3BmZWtUc1lCZ2U1UUlwaDJuL2J0Yy9vMURSZWExWnlLNXVUTGZjUgpWUy9BejhSZGdicXhTTUZQUjRKM25XTUg3M0dwdzV0TVZaaFZxU1dZTEdGRFlvc1krdHVpak5iRHljY0pKZyt4CkdvL2hBb0dCQUorY0lCZzhENGNXNnJQMFV1dUIrQWFiVlJYWEQyd2lnL2ZFZlRtNUIyS0RJWXk0NGZUYWlIZlMKMzgwQnNmcm1CeWlWYnJNUzZ2b2t2MFJOSmUxZ1o3YlBUWk5GRjFJN1ZXY1hXdzE1QmhvMjd2cWFmcmFsOXBlOQp4RElRTHdPeFRFaVF5OXllbHZBZHpqRituMlR5SFNic3hVUlU5SzFNQWloTTdqVUU3N0VlCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: true + + - name: metrics-powerflex + # enabled: Enable/Disable PowerFlex metrics + enabled: true + # image: Defines PowerFlex metrics image. This shouldn't be changed + image: dellemc/csm-metrics-powerflex:v1.7.0 + envs: + # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERFLEX_SDC_METRICS_ENABLED: enable/disable collection of sdc metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_SDC_METRICS_ENABLED" + value: "true" + # POWERFLEX_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_VOLUME_METRICS_ENABLED" + value: "true" + # POWERFLEX_STORAGE_POOL_METRICS_ENABLED: enable/disable collection of storage pool metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_STORAGE_POOL_METRICS_ENABLED" + value: "true" + # POWERFLEX_SDC_IO_POLL_FREQUENCY: set polling frequency to get sdc metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_SDC_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_VOLUME_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_STORAGE_POOL_POLL_FREQUENCY" + value: "10" + # PowerFlex metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERFLEX_LOG_LEVEL" + value: "INFO" + # PowerFlex Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERFLEX_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml new file mode 100644 index 000000000..ad08bb28a --- /dev/null +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml @@ -0,0 +1,293 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: vxflexos + namespace: vxflexos +spec: + driver: + csiDriverType: "powerflex" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "File" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.10.0 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "dellemc/csi-vxflexos:v2.9.1" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + - name: X_CSI_DEBUG + value: "true" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + - name: "CERT_SECRET_COUNT" + value: "0" + - name: X_CSI_QUOTA_ENABLED + value: "false" + + sideCars: + # 'k8s' represents a string prepended to each volume created by the CSI driver + - name: provisioner + args: ["--volume-name-prefix=k8s"] + + # sdc-monitor is disabled by default, due to high CPU usage + - name: sdc-monitor + enabled: false + image: dellemc/sdc:4.5 + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret + + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + - name: csi-external-health-monitor-controller + enabled: false + args: ["--monitor-interval=60s"] + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_POWERFLEX_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: None + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + + #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval + # Allowed values: + # true: enable SDC approval + # false: disable SDC approval + # Default value: false + - name: X_CSI_APPROVE_SDC_ENABLED + value: "false" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_RENAME_SDC_ENABLED: Enable/Disable rename of SDC + # Allowed values: + # true: enable renaming + # false: disable renaming + # Default value: false + - name: X_CSI_RENAME_SDC_ENABLED + value: "false" + + # X_CSI_RENAME_SDC_PREFIX: defines a string for prefix of the SDC name. + # "prefix" + "worker_node_hostname" should not exceed 31 chars. + # Default value: none + # Examples: "rhel-sdc", "sdc-test" + - name: X_CSI_RENAME_SDC_PREFIX + value: "" + + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # If value is zero Container Orchestrator shall decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'maxVxflexosVolumesPerNode' is not set. + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + + + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "node.tolerations" defines tolerations that would be applied to node daemonset + # Leave as blank to install node driver only on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + initContainers: + - image: dellemc/sdc:4.5 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + + modules: + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: true + configVersion: v1.7.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: true + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:v1.7.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + privateKey: + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: true + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + certificate: + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # Allowed values: string + privateKey: + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: true + + - name: metrics-powerflex + # enabled: Enable/Disable PowerFlex metrics + enabled: true + # image: Defines PowerFlex metrics image. This shouldn't be changed + image: dellemc/csm-metrics-powerflex:v1.7.0 + envs: + # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERFLEX_SDC_METRICS_ENABLED: enable/disable collection of sdc metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_SDC_METRICS_ENABLED" + value: "true" + # POWERFLEX_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_VOLUME_METRICS_ENABLED" + value: "true" + # POWERFLEX_STORAGE_POOL_METRICS_ENABLED: enable/disable collection of storage pool metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_STORAGE_POOL_METRICS_ENABLED" + value: "true" + # POWERFLEX_SDC_IO_POLL_FREQUENCY: set polling frequency to get sdc metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_SDC_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_VOLUME_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_STORAGE_POOL_POLL_FREQUENCY" + value: "10" + # PowerFlex metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERFLEX_LOG_LEVEL" + value: "INFO" + # PowerFlex Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERFLEX_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" diff --git a/samples/storage_csm_powerflex_v2100.yaml b/samples/storage_csm_powerflex_v2100.yaml index 753c9b117..184f12939 100644 --- a/samples/storage_csm_powerflex_v2100.yaml +++ b/samples/storage_csm_powerflex_v2100.yaml @@ -224,6 +224,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.8.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -237,6 +245,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powerflex_v280.yaml b/samples/storage_csm_powerflex_v280.yaml index 599c7639e..3bd549d0c 100644 --- a/samples/storage_csm_powerflex_v280.yaml +++ b/samples/storage_csm_powerflex_v280.yaml @@ -198,6 +198,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.6.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -211,6 +219,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powerflex_v290.yaml b/samples/storage_csm_powerflex_v290.yaml index 68f2b9817..06fcab39a 100644 --- a/samples/storage_csm_powerflex_v290.yaml +++ b/samples/storage_csm_powerflex_v290.yaml @@ -212,6 +212,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.7.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -225,6 +233,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powerflex_v291.yaml b/samples/storage_csm_powerflex_v291.yaml index 4172da468..9c41b9810 100644 --- a/samples/storage_csm_powerflex_v291.yaml +++ b/samples/storage_csm_powerflex_v291.yaml @@ -212,6 +212,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.7.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -225,6 +233,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powermax_v2100.yaml b/samples/storage_csm_powermax_v2100.yaml index 4180ee765..977f9268e 100644 --- a/samples/storage_csm_powermax_v2100.yaml +++ b/samples/storage_csm_powermax_v2100.yaml @@ -350,6 +350,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.8.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -363,6 +371,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powermax_v280.yaml b/samples/storage_csm_powermax_v280.yaml index baefab7f8..57472c4f2 100644 --- a/samples/storage_csm_powermax_v280.yaml +++ b/samples/storage_csm_powermax_v280.yaml @@ -338,6 +338,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.6.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -351,6 +359,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powermax_v290.yaml b/samples/storage_csm_powermax_v290.yaml index 65e86613e..293ceb588 100644 --- a/samples/storage_csm_powermax_v290.yaml +++ b/samples/storage_csm_powermax_v290.yaml @@ -338,6 +338,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.7.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -351,6 +359,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powermax_v291.yaml b/samples/storage_csm_powermax_v291.yaml index d7a73f50d..b57bbb5e7 100644 --- a/samples/storage_csm_powermax_v291.yaml +++ b/samples/storage_csm_powermax_v291.yaml @@ -338,6 +338,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.7.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -351,6 +359,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powerscale_v2100.yaml b/samples/storage_csm_powerscale_v2100.yaml index f319296f2..bdbd83870 100644 --- a/samples/storage_csm_powerscale_v2100.yaml +++ b/samples/storage_csm_powerscale_v2100.yaml @@ -361,6 +361,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.8.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -374,6 +382,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powerscale_v280.yaml b/samples/storage_csm_powerscale_v280.yaml index 02cd69688..e3f15bc84 100644 --- a/samples/storage_csm_powerscale_v280.yaml +++ b/samples/storage_csm_powerscale_v280.yaml @@ -349,6 +349,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.6.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -362,6 +370,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powerscale_v290.yaml b/samples/storage_csm_powerscale_v290.yaml index 0ae46c9fd..4c2e2954e 100644 --- a/samples/storage_csm_powerscale_v290.yaml +++ b/samples/storage_csm_powerscale_v290.yaml @@ -349,6 +349,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.7.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -362,6 +370,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/samples/storage_csm_powerscale_v291.yaml b/samples/storage_csm_powerscale_v291.yaml index b6db5a9b2..9a50e18ae 100644 --- a/samples/storage_csm_powerscale_v291.yaml +++ b/samples/storage_csm_powerscale_v291.yaml @@ -349,6 +349,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.7.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -362,6 +370,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/tests/e2e/testfiles/observability-cert.yaml b/tests/e2e/testfiles/observability-cert.yaml deleted file mode 100644 index 07d3feaa1..000000000 --- a/tests/e2e/testfiles/observability-cert.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: karavi -spec: - selfSigned: {} - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: otel-collector - namespace: karavi -spec: - secretName: otel-collector-tls - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - dell - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - usages: - - server auth - - client auth - dnsNames: - - otel-collector - - otel-collector.karavi.svc.kubernetes.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: karavi-topology - namespace: karavi -spec: - secretName: karavi-topology-tls - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - dell - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - usages: - - server auth - - client auth - dnsNames: - - karavi-topology - - karavi-topology.karavi.svc.kubernetes.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io - diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml index af3ac9845..9b7aa2ffe 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml @@ -146,6 +146,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:nightly + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -159,6 +167,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml index 5f1c17b77..b0346f792 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml @@ -162,6 +162,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:nightly + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -175,6 +183,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml new file mode 100644 index 000000000..103e9f359 --- /dev/null +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml @@ -0,0 +1,248 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: test-vxflexos + namespace: test-vxflexos +spec: + driver: + csiDriverType: "powerflex" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "File" + configVersion: v2.10.0 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "dellemc/csi-vxflexos:nightly" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + - name: X_CSI_DEBUG + value: "true" + - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS + value: "false" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + - name: "CERT_SECRET_COUNT" + value: "0" + + + sideCars: + # sdc-monitor is disabled by default, due to high CPU usage + - name: sdc-monitor + enabled: false + image: dellemc/sdc:4.5.1 + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "10.x.x.x,10.x.x.x" #provide MDM value + + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + - name: csi-external-health-monitor-controller + enabled: false + args: ["--monitor-interval=60s"] + + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/control-plane: "" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/control-plane: "" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "node.tolerations" defines tolerations that would be applied to node daemonset + # Leave as blank to install node driver only on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + initContainers: + - image: dellemc/sdc:4.5.1 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.x.x.x,10.x.x.x" #provide MDM value + + modules: + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: true + configVersion: v1.8.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: true + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:nightly + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeUl4ZGdOMDQ3Z2ZONU9Id0hxYTI5RzVnd3Q5M2VidnEwZVdnZE5RWXUvUU91YktoCkNyVmFDekFwc0xoUXJ5YThDODlrUzN1ZkRzSzN6N2hySEV4Z25XOGc3Ri9XTjVpaXYzcU9GcDk2ZVc4VFR5UHIKYVZLSld6bGsvcUloVnZIRlRsU25OY3JiU2VuOUZIcWZkeEZwN3ozVUl3bVVrZk8vTTQ1RHkrcDU2cmdqOW4vSQo2L1ZraTFlcWpQSDdXWU52SUFyTWtKb2UwYUhZVUk3amt3RGdTemRNYzJzN1I5NWxQTFY1MDgxdFNCWTJtNno0ClRrdXZLUHRtUWdaTC9ySi9pR1EwS1U5MmJkRVAvVEg1UnhJMkR2dlNwUEs1UkhzTEhPVDdUZWV5NGJXU1VQemIKU0cwUUFBNG9ScjU1djNVWG5pZjBMcDRENDlOcXB0UitFc2ZMdndJREFRQUJBb0lCQUUva2V5dG05ZEw5a094cApoYnJ3TjFwUXpvTlRlc2tvTDNmR3ZwRk1IVDVqRDZxeW1xMGxhZVdqSGppa2RLQVNFait5TXdaUERTSllOOW1zClloODMzaFZadkFmdWRleFlCaDI1dVBrU056eEJIN1FiWHlEcUhJWVc2MEQxWGNyQkxoVHliRnBsb2M1a1JNbnYKdjY4elpMeEdLVWg3L0kvWVJvZEhXWUxXdWhMaTYvVGpKMGNJbWlOVWxMeWhXNHJrUXRveUZmelYvWkZpZGYvWApSYjQwRHRCRk1QbytVdFRBbnJuTlF3UDN2cEF5U09OV2U3MW45dS9XdFlwYzVNeDJGaGZFbm5PcTlZcVNEMVNQCm5hUC9OUndOQ2xOY1BleWZaSU84SytWT3MvbFpBOGErMXREWTZzOFVOTHBvcm42YkRWdEsweU4rTU9YK1FLaXEKTG9KeDZtRUNnWUVBNlU3ZU96OEcybG9wd245ald6YXBobG5TU2RFTHZobS95cllNMy9TN2puTkRYNkd3TkRlKwpFQTFINUs1UDRLNnlleFMvZEllaWo4bDhiRytVb0V3Rm9pOVIxaTdGR21DL1p6WTRpa2IyQXI0MU8yV29kVk9UCkRjNnBjdmlkWnp5ZjJWaGlTMFNLZ3ZodDdzSTlQcjFyZWlyNW9TYXBuUC9hUFhCTkl3dDh3V01DZ1lFQTNBM1AKODNrOUlPdjNNUWhiL1JiUDVBRWZYaW85U0hJNW1oekFLankxY2M1WDdadjI2SmpIc21RNGQrb0s0UjljMGFIWApETDFBRlYrWTkyRTU4ZVE1SXJhQ3JTQVAwYk45bENqLzdEMDFrT2ZnTis5QXJzVy8yc0tFcFRtZENtc3ZGb1JuClNOUzBNYmpDdmQxOEtYdWNFYmdoZzZTcjZwaGN2QWVoaGtpcjZQVUNnWUVBcFl0bXVKZENINUUyYkdIRGVDZFQKSnBkNVZSTlZ4Nit4blA2TUtDVVpLRHkxSTVndzFQeHdpaWRDU2dzOWRtbS9Ed0pyengybXhXdnNNMjBCQXJTdQprcVFNNTNNTVBHbEZwdENjVWRHRUlmSWhCMkpjbzlPSFZwYTdPVzhiRVBPOVlKVU1PZWdLZUdBYWNQMjJRMXhZCmRMa2xvNmt4Vk10ZWFaWFR4ZmdTcjQwQ2dZRUF3K2lnSEZqeHJSK213TVo2YndZaUt4RTh4ZTdCQklCOCs5RmcKMjdtVXFDOVdaTG9YeGRoTzRXa01ST1hlcmJIb1J0SFl6UVNueXQrREphb3Zsa1RqQVI2UGxHWVk3MDduSEVLcwpKYndRdG1OWllUTGwyVE5BclJmRVUvekk3UCtqdWw1Q1BicndlZHZOdEk4OC9RbUpWdFVoTVR3bnVnSFBmYThsCmhKR3FTd2tDZ1lFQW1UKzJQY1VIdVZuYXU1ZjVYMXZPaVI1aGtyNEZYUFhwZVVRZDVyMFZZazBsb01Yc3FQVGsKc0lZN0lmSUlRZ01xbFNnUVhMeVBpbjJPWEN1ZnBKTlVDRlJRamtMV2ZCZW1QbEh6N2hjNURvVHJEU1doOUtETApNak9HL3d4ckRwZGlvRnZmcVA3bldIeGk3UzAxNXpHNHhtbkg2WUZ1TThuaHpyU3NSQzhzV20wPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: true + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQrekNDQXVPZ0F3SUJBZ0lVUWd1aFg2U1BHR08rcVBFcEFGNG9nMlhPRnJrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZd3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwT1pTQUlkeUJaYjNKck1SRXdEd1lEVlFRSApEQWhPWlhjZ1dXOXlhekVOTUFzR0ExVUVDZ3dFUkdWc2JERU1NQW9HQTFVRUN3d0RTVk5ITVJFd0R3WURWUVFECkRBaEtiMjl6WlhCd2FURWxNQ01HQ1NxR1NJYjNEUUVKQVJZV2FtOXZjMlZ3Y0dsZmJIVnVZVUJrWld4c0xtTnYKYlRBZUZ3MHlOREF5TWpFeE9ESTJNRFphRncweU5EQTFNakV4T0RJMk1EWmFNSUdNTVFzd0NRWURWUVFHRXdKVgpVekVUTUJFR0ExVUVDQXdLVG1VZ0NIY2dXVzl5YXpFUk1BOEdBMVVFQnd3SVRtVjNJRmx2Y21zeERUQUxCZ05WCkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVSTUE4R0ExVUVBd3dJU205dmMyVndjR2t4SlRBakJna3EKaGtpRzl3MEJDUUVXRm1wdmIzTmxjSEJwWDJ4MWJtRkFaR1ZzYkM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREFQaE5Wb2dHdmFiL1EreE1zem04QW5uK1JvcytuaXNCUm12eTd0UWJ1CkFvN3lNZ2Vra0gxZFVxLzVzSTN3ZEVvckJWbUdkcHBZNm04Y2xLTkEwSndhQ2NGazRva2QxTXFxNURqeUxocHIKTkduYms5R2Rrc1UxN2NTbE5uTTRKRVVZUTVxMWM2RzlFbExQeUFBTXFVeDd1TEtVa0ZSRjBtTHJzTlRkWG5xcwo0U0p5WkU5bnBIallHVGQrT01RYVlWZldON01PYVNKclRTc0lFdFNOVXM5UWdCRzE4Z0lqUlVZUUpSWDNpeFE3CitMMlVtQTJqYmYxSG5wSVp6ejRIdWkxVWw0WllZMUVJeU1wZTVaQzdrUlliWDRWRFcvMGxRSmhleU5FODVDUlAKNUwxYUhjQ3JTcnRvb3ZNWVlGWG5ZYThJeVJxaFRsM1RjSE81OXJYdzdPemhBZ01CQUFHalV6QlJNQjBHQTFVZApEZ1FXQkJRV2JBalpCWlB3K1B6NXlOYXdwM3Q1SU14MTdEQWZCZ05WSFNNRUdEQVdnQlFXYkFqWkJaUHcrUHo1CnlOYXdwM3Q1SU14MTdEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQTAKOUNaZXIySWZFZ0NqQkVseC8xRTMxak9XUHhhNDVMSFdNRHl0RlNTT3hEc0EyN2txcnc4ZHRqeUQyTVlST0c3VQpaSDFrVHB6dGtaWXJjMGQ5YWxUT2RWa0dRamFFc2tWM3p3NVFDZTJVV1k4ZmZGWkdFZ3IxbFVGc3lMMTZBT1phCjVCREIrZkx4Y3RBRnBjM0lPS08vRFBrdWdiZFR5OURtT0xGa0w2VTd2ZDI1bGlpV1VBZ0ZhQW9tZlVqY2N6ZUQKWGw5VFBlL1dVbzRIb2lpOVh3MDF3YVI3a0xkVzN6UlBwTlpyTmo5QlZqYTRCTm5jMTM0OERScXhWR1J2SGdwVApnVW81RC94SDN0YzRUQm9EYmlIY09Pb1Iweks4NUlUQUYzVExubG9yMEt2d2o5UUR2TFFkZ1liK0liZ0hZbDNVCjc5Z3E3WEt0V09jVzVvMG85cm9pCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd0Q0VFZhSUJyMm0vMFBzVExNNXZBSjUva2FMUHA0ckFVWnI4dTdVRzdnS084aklICnBKQjlYVkt2K2JDTjhIUktLd1ZaaG5hYVdPcHZISlNqUU5DY0dnbkJaT0tKSGRUS3F1UTQ4aTRhYXpScDI1UFIKblpMRk5lM0VwVFp6T0NSRkdFT2F0WE9odlJKU3o4Z0FES2xNZTdpeWxKQlVSZEppNjdEVTNWNTZyT0VpY21SUApaNlI0MkJrM2ZqakVHbUZYMWplekRta2lhMDByQ0JMVWpWTFBVSUFSdGZJQ0kwVkdFQ1VWOTRzVU8vaTlsSmdOCm8yMzlSNTZTR2M4K0I3b3RWSmVHV0dOUkNNaktYdVdRdTVFV0cxK0ZRMXY5SlVDWVhzalJQT1FrVCtTOVdoM0EKcTBxN2FLTHpHR0JWNTJHdkNNa2FvVTVkMDNCenVmYTE4T3pzNFFJREFRQUJBb0lCQUJCdC9iY0cxb0FJV0tWaQpuOXZuZEtNbjZKMG92ZmlDcWpjUE9PUk43MTZ1QjB0NXJSK0tYYng1RWFNVVRMMHRJeDJVSW5lVWNWS0NEcWJ4CnFSWWovZ05YckJpVUo4WE41dGcrRXdQWG50aGtyVnRmd2IxbXlzWDJJU1ZCaHcxWVJETnpxNmd3VHJWYStJcmIKZSsyWkZubElhcks1dHdvVWxmR3d0akNKSDVEZ3N1YWVxdUNncVBjSXEwVzJWNytQMnhFYTFGTzgrZzYzN3prOApIdG1DYlVGU0s1NTV2TjMzSjZneWxrK0trN2FEVW92a1VvR3ZCQ2psaE8wOVpwcEF5cmlwVkJndHNYMEdDR3ZFCkF6ME9IL1VobFZhY1kwTkJDTzkrL2RGdEpOMWtFQ2xYMUt2WDJ4Q0NDc0FocGxXWkpGRWM1b09CdzdMZGlpTjAKRlg2NUNqRUNnWUVBM2RuSG52cExqQ3pFNmZJUHFSSk1qWms2MWhybGR1N2d6YWRmV2h6TFFvSG1CUEQ1V3lMMgpqYkVQczFNRDN2a0w1L3lWODJmOWM5NVJpejJKZDRwOTJtb0JhblJSWEhpZXpHZ2NqZDN0enoxWFpUS1kyWENwCmdIVWxSTzZKbUVPcXNnbW5UajZabWd3bDdwRTg5bkJjcWVJMmhRSHNXMUI0blQrbGg2MzgxaDBDZ1lFQTNkV08KM1Bva3MzV015QjBvY2RUMFE2S3dTUnlYR3JQMDVEK3ZmM3Z4Z2ZERlBySmFROVVkUE50OEJKNkx1S21VV0RaTApaWm52bTJDNUNkZWtLbXNwNTg1aUp2bHNzbndxcUVZejN6WSswRzVZMGlDdU5qdVhyYzN4dktUZ2kwckJpYUNoCnJ5N1QwMU1GdG4vbDkrSXR2NGRTa1RkWHp0VzdJOUFZNnpnc0pwVUNnWUIyeGhUUXNYSm0vc1VCOXoyWktCbmkKS1dwTm5LTERkUXJZTDhhbUNRcHRkZncvSXdCdFlaK2NwbklnY001K3Z0azMvNHdNZjkwNi9vaXJ3bXRwbTdUYgpqYXRxWWhINUx2N2RzdE91eEdXQWNYZnJ6eFgwUEJRVG1TUTE3bnV1RUhRLzAxbEdVOCtLb1B4aDZGSTZJbGdKCi8vbHVabVF6VXpid0FWWk8rTUNIcFFLQmdGVnZJZzVJNkVtVlJCcnQzOTIzUGp1dU5HWno5RjM4WUp4blNwZTIKakZTVy9lQWZvRlB2aDhzZ1hLc0t4SlRoK3BmZWtUc1lCZ2U1UUlwaDJuL2J0Yy9vMURSZWExWnlLNXVUTGZjUgpWUy9BejhSZGdicXhTTUZQUjRKM25XTUg3M0dwdzV0TVZaaFZxU1dZTEdGRFlvc1krdHVpak5iRHljY0pKZyt4CkdvL2hBb0dCQUorY0lCZzhENGNXNnJQMFV1dUIrQWFiVlJYWEQyd2lnL2ZFZlRtNUIyS0RJWXk0NGZUYWlIZlMKMzgwQnNmcm1CeWlWYnJNUzZ2b2t2MFJOSmUxZ1o3YlBUWk5GRjFJN1ZXY1hXdzE1QmhvMjd2cWFmcmFsOXBlOQp4RElRTHdPeFRFaVF5OXllbHZBZHpqRituMlR5SFNic3hVUlU5SzFNQWloTTdqVUU3N0VlCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + enabled: true + + - name: metrics-powerflex + # enabled: Enable/Disable PowerFlex metrics + enabled: true + # image: Defines PowerFlex metrics image. This shouldn't be changed + image: dellemc/csm-metrics-powerflex:nightly + envs: + # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERFLEX_SDC_METRICS_ENABLED: enable/disable collection of sdc metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_SDC_METRICS_ENABLED" + value: "true" + # POWERFLEX_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_VOLUME_METRICS_ENABLED" + value: "true" + # POWERFLEX_STORAGE_POOL_METRICS_ENABLED: enable/disable collection of storage pool metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_STORAGE_POOL_METRICS_ENABLED" + value: "true" + # POWERFLEX_SDC_IO_POLL_FREQUENCY: set polling frequency to get sdc metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_SDC_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_VOLUME_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_STORAGE_POOL_POLL_FREQUENCY" + value: "10" + # PowerFlex metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERFLEX_LOG_LEVEL" + value: "INFO" + # PowerFlex Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERFLEX_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml new file mode 100644 index 000000000..6343fc6fa --- /dev/null +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml @@ -0,0 +1,248 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: test-vxflexos + namespace: test-vxflexos +spec: + driver: + csiDriverType: "powerflex" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "File" + configVersion: v2.10.0 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "dellemc/csi-vxflexos:nightly" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + - name: X_CSI_DEBUG + value: "true" + - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS + value: "false" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + - name: "CERT_SECRET_COUNT" + value: "0" + + + sideCars: + # sdc-monitor is disabled by default, due to high CPU usage + - name: sdc-monitor + enabled: false + image: dellemc/sdc:4.5.1 + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "10.x.x.x,10.x.x.x" #provide MDM value + + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + - name: csi-external-health-monitor-controller + enabled: false + args: ["--monitor-interval=60s"] + + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/control-plane: "" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/control-plane: "" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "node.tolerations" defines tolerations that would be applied to node daemonset + # Leave as blank to install node driver only on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + initContainers: + - image: dellemc/sdc:4.5.1 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.x.x.x,10.x.x.x" #provide MDM value + + modules: + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: true + configVersion: v1.8.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: false + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:nightly + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: true + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQrekNDQXVPZ0F3SUJBZ0lVUWd1aFg2U1BHR08rcVBFcEFGNG9nMlhPRnJrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZd3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwT1pTQUlkeUJaYjNKck1SRXdEd1lEVlFRSApEQWhPWlhjZ1dXOXlhekVOTUFzR0ExVUVDZ3dFUkdWc2JERU1NQW9HQTFVRUN3d0RTVk5ITVJFd0R3WURWUVFECkRBaEtiMjl6WlhCd2FURWxNQ01HQ1NxR1NJYjNEUUVKQVJZV2FtOXZjMlZ3Y0dsZmJIVnVZVUJrWld4c0xtTnYKYlRBZUZ3MHlOREF5TWpFeE9ESTJNRFphRncweU5EQTFNakV4T0RJMk1EWmFNSUdNTVFzd0NRWURWUVFHRXdKVgpVekVUTUJFR0ExVUVDQXdLVG1VZ0NIY2dXVzl5YXpFUk1BOEdBMVVFQnd3SVRtVjNJRmx2Y21zeERUQUxCZ05WCkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVSTUE4R0ExVUVBd3dJU205dmMyVndjR2t4SlRBakJna3EKaGtpRzl3MEJDUUVXRm1wdmIzTmxjSEJwWDJ4MWJtRkFaR1ZzYkM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREFQaE5Wb2dHdmFiL1EreE1zem04QW5uK1JvcytuaXNCUm12eTd0UWJ1CkFvN3lNZ2Vra0gxZFVxLzVzSTN3ZEVvckJWbUdkcHBZNm04Y2xLTkEwSndhQ2NGazRva2QxTXFxNURqeUxocHIKTkduYms5R2Rrc1UxN2NTbE5uTTRKRVVZUTVxMWM2RzlFbExQeUFBTXFVeDd1TEtVa0ZSRjBtTHJzTlRkWG5xcwo0U0p5WkU5bnBIallHVGQrT01RYVlWZldON01PYVNKclRTc0lFdFNOVXM5UWdCRzE4Z0lqUlVZUUpSWDNpeFE3CitMMlVtQTJqYmYxSG5wSVp6ejRIdWkxVWw0WllZMUVJeU1wZTVaQzdrUlliWDRWRFcvMGxRSmhleU5FODVDUlAKNUwxYUhjQ3JTcnRvb3ZNWVlGWG5ZYThJeVJxaFRsM1RjSE81OXJYdzdPemhBZ01CQUFHalV6QlJNQjBHQTFVZApEZ1FXQkJRV2JBalpCWlB3K1B6NXlOYXdwM3Q1SU14MTdEQWZCZ05WSFNNRUdEQVdnQlFXYkFqWkJaUHcrUHo1CnlOYXdwM3Q1SU14MTdEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQTAKOUNaZXIySWZFZ0NqQkVseC8xRTMxak9XUHhhNDVMSFdNRHl0RlNTT3hEc0EyN2txcnc4ZHRqeUQyTVlST0c3VQpaSDFrVHB6dGtaWXJjMGQ5YWxUT2RWa0dRamFFc2tWM3p3NVFDZTJVV1k4ZmZGWkdFZ3IxbFVGc3lMMTZBT1phCjVCREIrZkx4Y3RBRnBjM0lPS08vRFBrdWdiZFR5OURtT0xGa0w2VTd2ZDI1bGlpV1VBZ0ZhQW9tZlVqY2N6ZUQKWGw5VFBlL1dVbzRIb2lpOVh3MDF3YVI3a0xkVzN6UlBwTlpyTmo5QlZqYTRCTm5jMTM0OERScXhWR1J2SGdwVApnVW81RC94SDN0YzRUQm9EYmlIY09Pb1Iweks4NUlUQUYzVExubG9yMEt2d2o5UUR2TFFkZ1liK0liZ0hZbDNVCjc5Z3E3WEt0V09jVzVvMG85cm9pCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd0Q0VFZhSUJyMm0vMFBzVExNNXZBSjUva2FMUHA0ckFVWnI4dTdVRzdnS084aklICnBKQjlYVkt2K2JDTjhIUktLd1ZaaG5hYVdPcHZISlNqUU5DY0dnbkJaT0tKSGRUS3F1UTQ4aTRhYXpScDI1UFIKblpMRk5lM0VwVFp6T0NSRkdFT2F0WE9odlJKU3o4Z0FES2xNZTdpeWxKQlVSZEppNjdEVTNWNTZyT0VpY21SUApaNlI0MkJrM2ZqakVHbUZYMWplekRta2lhMDByQ0JMVWpWTFBVSUFSdGZJQ0kwVkdFQ1VWOTRzVU8vaTlsSmdOCm8yMzlSNTZTR2M4K0I3b3RWSmVHV0dOUkNNaktYdVdRdTVFV0cxK0ZRMXY5SlVDWVhzalJQT1FrVCtTOVdoM0EKcTBxN2FLTHpHR0JWNTJHdkNNa2FvVTVkMDNCenVmYTE4T3pzNFFJREFRQUJBb0lCQUJCdC9iY0cxb0FJV0tWaQpuOXZuZEtNbjZKMG92ZmlDcWpjUE9PUk43MTZ1QjB0NXJSK0tYYng1RWFNVVRMMHRJeDJVSW5lVWNWS0NEcWJ4CnFSWWovZ05YckJpVUo4WE41dGcrRXdQWG50aGtyVnRmd2IxbXlzWDJJU1ZCaHcxWVJETnpxNmd3VHJWYStJcmIKZSsyWkZubElhcks1dHdvVWxmR3d0akNKSDVEZ3N1YWVxdUNncVBjSXEwVzJWNytQMnhFYTFGTzgrZzYzN3prOApIdG1DYlVGU0s1NTV2TjMzSjZneWxrK0trN2FEVW92a1VvR3ZCQ2psaE8wOVpwcEF5cmlwVkJndHNYMEdDR3ZFCkF6ME9IL1VobFZhY1kwTkJDTzkrL2RGdEpOMWtFQ2xYMUt2WDJ4Q0NDc0FocGxXWkpGRWM1b09CdzdMZGlpTjAKRlg2NUNqRUNnWUVBM2RuSG52cExqQ3pFNmZJUHFSSk1qWms2MWhybGR1N2d6YWRmV2h6TFFvSG1CUEQ1V3lMMgpqYkVQczFNRDN2a0w1L3lWODJmOWM5NVJpejJKZDRwOTJtb0JhblJSWEhpZXpHZ2NqZDN0enoxWFpUS1kyWENwCmdIVWxSTzZKbUVPcXNnbW5UajZabWd3bDdwRTg5bkJjcWVJMmhRSHNXMUI0blQrbGg2MzgxaDBDZ1lFQTNkV08KM1Bva3MzV015QjBvY2RUMFE2S3dTUnlYR3JQMDVEK3ZmM3Z4Z2ZERlBySmFROVVkUE50OEJKNkx1S21VV0RaTApaWm52bTJDNUNkZWtLbXNwNTg1aUp2bHNzbndxcUVZejN6WSswRzVZMGlDdU5qdVhyYzN4dktUZ2kwckJpYUNoCnJ5N1QwMU1GdG4vbDkrSXR2NGRTa1RkWHp0VzdJOUFZNnpnc0pwVUNnWUIyeGhUUXNYSm0vc1VCOXoyWktCbmkKS1dwTm5LTERkUXJZTDhhbUNRcHRkZncvSXdCdFlaK2NwbklnY001K3Z0azMvNHdNZjkwNi9vaXJ3bXRwbTdUYgpqYXRxWWhINUx2N2RzdE91eEdXQWNYZnJ6eFgwUEJRVG1TUTE3bnV1RUhRLzAxbEdVOCtLb1B4aDZGSTZJbGdKCi8vbHVabVF6VXpid0FWWk8rTUNIcFFLQmdGVnZJZzVJNkVtVlJCcnQzOTIzUGp1dU5HWno5RjM4WUp4blNwZTIKakZTVy9lQWZvRlB2aDhzZ1hLc0t4SlRoK3BmZWtUc1lCZ2U1UUlwaDJuL2J0Yy9vMURSZWExWnlLNXVUTGZjUgpWUy9BejhSZGdicXhTTUZQUjRKM25XTUg3M0dwdzV0TVZaaFZxU1dZTEdGRFlvc1krdHVpak5iRHljY0pKZyt4CkdvL2hBb0dCQUorY0lCZzhENGNXNnJQMFV1dUIrQWFiVlJYWEQyd2lnL2ZFZlRtNUIyS0RJWXk0NGZUYWlIZlMKMzgwQnNmcm1CeWlWYnJNUzZ2b2t2MFJOSmUxZ1o3YlBUWk5GRjFJN1ZXY1hXdzE1QmhvMjd2cWFmcmFsOXBlOQp4RElRTHdPeFRFaVF5OXllbHZBZHpqRituMlR5SFNic3hVUlU5SzFNQWloTTdqVUU3N0VlCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + enabled: true + + - name: metrics-powerflex + # enabled: Enable/Disable PowerFlex metrics + enabled: true + # image: Defines PowerFlex metrics image. This shouldn't be changed + image: dellemc/csm-metrics-powerflex:nightly + envs: + # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERFLEX_SDC_METRICS_ENABLED: enable/disable collection of sdc metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_SDC_METRICS_ENABLED" + value: "true" + # POWERFLEX_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_VOLUME_METRICS_ENABLED" + value: "true" + # POWERFLEX_STORAGE_POOL_METRICS_ENABLED: enable/disable collection of storage pool metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_STORAGE_POOL_METRICS_ENABLED" + value: "true" + # POWERFLEX_SDC_IO_POLL_FREQUENCY: set polling frequency to get sdc metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_SDC_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_VOLUME_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_STORAGE_POOL_POLL_FREQUENCY" + value: "10" + # PowerFlex metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERFLEX_LOG_LEVEL" + value: "INFO" + # PowerFlex Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERFLEX_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index 7798ba34c..399cf9cd8 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -210,6 +210,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.8.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -223,6 +231,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index 93cb62111..53268738f 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -334,6 +334,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:nightly + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -347,6 +355,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml index f78d3802f..807f0be85 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml @@ -261,6 +261,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.8.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -274,6 +282,14 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml new file mode 100644 index 000000000..149c1ac95 --- /dev/null +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -0,0 +1,488 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: isilon + namespace: isilon +spec: + driver: + csiDriverType: "isilon" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + configVersion: v2.10.0 + authSecret: isilon-creds + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + # Uninstall CSI Driver and/or modules when CR is deleted + forceRemoveDriver: true + common: + image: "dellemc/csi-isilon:nightly" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs + # Allowed Values: + # 0: log full content of the HTTP request and response + # 1: log without the HTTP response body + # 2: log only 1st line of the HTTP request and response + # Default value: 0 + - name: X_CSI_VERBOSE + value: "1" + + # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server + # This value acts as a default value for endpointPort, if not specified for a cluster config in secret + # Allowed value: valid port number + # Default value: 8080 + - name: X_CSI_ISI_PORT + value: "8080" + + # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. + # This value acts as a default value for isiPath, if not specified for a cluster config in secret + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Default value: /ifs + # Examples: /ifs/data/csi, /ifs/engineering + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + + # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization + # Allowed values: + # true : do not probe all PowerScale clusters during driver initialization + # false: probe all PowerScale clusters during driver initialization + # Default value: false + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + + # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. + # Allowed values: + # true : enable auto probe. + # false: disable auto probe. + # Default value: false + - name: X_CSI_ISI_AUTOPROBE + value: "true" + + # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. + # Formerly this attribute was named as "X_CSI_ISI_INSECURE" + # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret + # Allowed values: + # true: skip OneFS API server's certificate verification + # false: verify OneFS API server's certificates + # Default value: true + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + + # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: + # has to be used for making connection to backend PowerScale Array. + # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. + # Allowed values: + # true : enable custom topology + # false: disable custom topology + # Default value: false + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + + # certSecretCount: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (isilon-cert-0..isilon-cert-n) + # Allowed values: n, where n > 0 + # Default value: None + - name: "CERT_SECRET_COUNT" + value: "1" + + # CSI driver log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "CSI_LOG_LEVEL" + value: "debug" + + controller: + envs: + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of controller deployment. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controller deployment, if required. + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of node daemonset + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the node daemonset, if required. + # Default value: None + tolerations: + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + sideCars: + - name: provisioner + args: ["--volume-name-prefix=csipscale"] + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + configVersion: v1.10.0 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:nightly + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.8.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.8.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.8.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "self" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-init:v1.0.0 + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: true + configVersion: v1.8.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: true + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:nightly + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeUl4ZGdOMDQ3Z2ZONU9Id0hxYTI5RzVnd3Q5M2VidnEwZVdnZE5RWXUvUU91YktoCkNyVmFDekFwc0xoUXJ5YThDODlrUzN1ZkRzSzN6N2hySEV4Z25XOGc3Ri9XTjVpaXYzcU9GcDk2ZVc4VFR5UHIKYVZLSld6bGsvcUloVnZIRlRsU25OY3JiU2VuOUZIcWZkeEZwN3ozVUl3bVVrZk8vTTQ1RHkrcDU2cmdqOW4vSQo2L1ZraTFlcWpQSDdXWU52SUFyTWtKb2UwYUhZVUk3amt3RGdTemRNYzJzN1I5NWxQTFY1MDgxdFNCWTJtNno0ClRrdXZLUHRtUWdaTC9ySi9pR1EwS1U5MmJkRVAvVEg1UnhJMkR2dlNwUEs1UkhzTEhPVDdUZWV5NGJXU1VQemIKU0cwUUFBNG9ScjU1djNVWG5pZjBMcDRENDlOcXB0UitFc2ZMdndJREFRQUJBb0lCQUUva2V5dG05ZEw5a094cApoYnJ3TjFwUXpvTlRlc2tvTDNmR3ZwRk1IVDVqRDZxeW1xMGxhZVdqSGppa2RLQVNFait5TXdaUERTSllOOW1zClloODMzaFZadkFmdWRleFlCaDI1dVBrU056eEJIN1FiWHlEcUhJWVc2MEQxWGNyQkxoVHliRnBsb2M1a1JNbnYKdjY4elpMeEdLVWg3L0kvWVJvZEhXWUxXdWhMaTYvVGpKMGNJbWlOVWxMeWhXNHJrUXRveUZmelYvWkZpZGYvWApSYjQwRHRCRk1QbytVdFRBbnJuTlF3UDN2cEF5U09OV2U3MW45dS9XdFlwYzVNeDJGaGZFbm5PcTlZcVNEMVNQCm5hUC9OUndOQ2xOY1BleWZaSU84SytWT3MvbFpBOGErMXREWTZzOFVOTHBvcm42YkRWdEsweU4rTU9YK1FLaXEKTG9KeDZtRUNnWUVBNlU3ZU96OEcybG9wd245ald6YXBobG5TU2RFTHZobS95cllNMy9TN2puTkRYNkd3TkRlKwpFQTFINUs1UDRLNnlleFMvZEllaWo4bDhiRytVb0V3Rm9pOVIxaTdGR21DL1p6WTRpa2IyQXI0MU8yV29kVk9UCkRjNnBjdmlkWnp5ZjJWaGlTMFNLZ3ZodDdzSTlQcjFyZWlyNW9TYXBuUC9hUFhCTkl3dDh3V01DZ1lFQTNBM1AKODNrOUlPdjNNUWhiL1JiUDVBRWZYaW85U0hJNW1oekFLankxY2M1WDdadjI2SmpIc21RNGQrb0s0UjljMGFIWApETDFBRlYrWTkyRTU4ZVE1SXJhQ3JTQVAwYk45bENqLzdEMDFrT2ZnTis5QXJzVy8yc0tFcFRtZENtc3ZGb1JuClNOUzBNYmpDdmQxOEtYdWNFYmdoZzZTcjZwaGN2QWVoaGtpcjZQVUNnWUVBcFl0bXVKZENINUUyYkdIRGVDZFQKSnBkNVZSTlZ4Nit4blA2TUtDVVpLRHkxSTVndzFQeHdpaWRDU2dzOWRtbS9Ed0pyengybXhXdnNNMjBCQXJTdQprcVFNNTNNTVBHbEZwdENjVWRHRUlmSWhCMkpjbzlPSFZwYTdPVzhiRVBPOVlKVU1PZWdLZUdBYWNQMjJRMXhZCmRMa2xvNmt4Vk10ZWFaWFR4ZmdTcjQwQ2dZRUF3K2lnSEZqeHJSK213TVo2YndZaUt4RTh4ZTdCQklCOCs5RmcKMjdtVXFDOVdaTG9YeGRoTzRXa01ST1hlcmJIb1J0SFl6UVNueXQrREphb3Zsa1RqQVI2UGxHWVk3MDduSEVLcwpKYndRdG1OWllUTGwyVE5BclJmRVUvekk3UCtqdWw1Q1BicndlZHZOdEk4OC9RbUpWdFVoTVR3bnVnSFBmYThsCmhKR3FTd2tDZ1lFQW1UKzJQY1VIdVZuYXU1ZjVYMXZPaVI1aGtyNEZYUFhwZVVRZDVyMFZZazBsb01Yc3FQVGsKc0lZN0lmSUlRZ01xbFNnUVhMeVBpbjJPWEN1ZnBKTlVDRlJRamtMV2ZCZW1QbEh6N2hjNURvVHJEU1doOUtETApNak9HL3d4ckRwZGlvRnZmcVA3bldIeGk3UzAxNXpHNHhtbkg2WUZ1TThuaHpyU3NSQzhzV20wPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + enabled: true + + - name: metrics-powerscale + # enabled: Enable/Disable PowerScale metrics + enabled: false + # image: Defines PowerScale metrics image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-metrics-powerscale:nightly + envs: + # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale + # Allowed values: int + # Default value: 10 + - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data + # Allowed values: int + # Default value: 30 + - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" + value: "30" + # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" + value: "20" + # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" + value: "30" + # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_INSECURE" + value: "true" + # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_AUTH_TYPE" + value: "0" + # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs + # Allowed values: 0,1,2 + # Default value: 0 + - name: "ISICLIENT_VERBOSE" + value: "0" + # PowerScale metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERSCALE_LOG_LEVEL" + value: "INFO" + # PowerScale Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERSCALE_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.6.0 + components: + - name: podmon-controller + image: dellemc/podmon:nightly + imagePullPolicy: IfNotPresent + args: + - "--csisock=unix:/var/run/csi/csi.sock" + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--driverPath=csi-isilon.dellemc.com" + - "--mode=controller" + - "--skipArrayConnectionValidation=false" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - name: podmon-node + image: dellemc/podmon:nightly + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--driverPath=csi-isilon.dellemc.com" + - "--mode=node" + - "--leaderelection=false" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" diff --git a/tests/e2e/testfiles/values.yaml b/tests/e2e/testfiles/values.yaml index 62d34c70f..c2dfb299c 100644 --- a/tests/e2e/testfiles/values.yaml +++ b/tests/e2e/testfiles/values.yaml @@ -356,7 +356,6 @@ - "Create storageclass with name [op-e2e-isilon] and template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" - "Set up secret with template [testfiles/powerscale-templates/powerscale-secret-template.yaml] name [isilon-creds] in namespace [isilon] for [pscale]" - "Apply custom resource [1]" - - "Set up secret from [testfiles/observability-cert.yaml] in namespace [karavi]" - "Validate custom resource [1]" - "Validate [powerscale] driver from CR [1] is installed" - "Validate [observability] module from CR [1] is installed" @@ -387,6 +386,25 @@ - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" +- scenario: "Install PowerScale Driver(With Observability)" + paths: + - "testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml" + modules: + - "observability" + steps: + - "Given an environment with k8s or openshift, and CSM operator installed" + - "Create storageclass with name [op-e2e-isilon] and template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" + - "Set up secret with template [testfiles/powerscale-templates/powerscale-secret-template.yaml] name [isilon-creds] in namespace [isilon] for [pscale]" + - "Apply custom resource [1]" + - "Validate custom resource [1]" + - "Validate [powerscale] driver from CR [1] is installed" + - "Validate [observability] module from CR [1] is installed" + # cleanup + - "Enable forceRemoveDriver on CR [1]" + - "Delete custom resource [1]" + - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" + - "Restore template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" + - scenario: "Install PowerScale Driver(With Observability), Disable Observability module" paths: - "testfiles/storage_csm_powerscale_observability.yaml" @@ -424,7 +442,6 @@ - "Set up secret with template [testfiles/powerscale-templates/karavi-authorization-config.json] name [karavi-authorization-config] in namespace [isilon] for [pscaleAuthSidecar]" - "Set up secret with template [testfiles/authorization-templates/rootCertificate.pem] name [proxy-server-root-certificate] in namespace [isilon] for [authSidecarCert]" - "Apply custom resource [2]" - - "Set up secret from [testfiles/observability-cert.yaml] in namespace [karavi]" - "Validate custom resource [2]" - "Validate [powerscale] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" @@ -472,7 +489,6 @@ - "Validate [authorization] module from CR [2] is installed" - "Validate [observability] module from CR [2] is not installed" - "Enable [observability] module from CR [2]" - - "Set up secret from [testfiles/observability-cert.yaml] in namespace [karavi]" - "Validate [powerscale] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" - "Validate [observability] module from CR [2] is installed" @@ -502,7 +518,6 @@ - "Set up secret with template [testfiles/powerscale-templates/karavi-authorization-config.json] name [karavi-authorization-config] in namespace [isilon] for [pscaleAuthSidecar]" - "Set up secret with template [testfiles/authorization-templates/rootCertificate.pem] name [proxy-server-root-certificate] in namespace [isilon] for [authSidecarCert]" - "Apply custom resource [2]" - - "Set up secret from [testfiles/observability-cert.yaml] in namespace [karavi]" - "Validate custom resource [2]" - "Validate [powerscale] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" @@ -549,7 +564,6 @@ - "Set up secret with template [testfiles/powerscale-templates/karavi-authorization-config.json] name [karavi-authorization-config] in namespace [isilon] for [pscaleAuthSidecar]" - "Set up secret with template [testfiles/authorization-templates/rootCertificate.pem] name [proxy-server-root-certificate] in namespace [isilon] for [authSidecarCert]" - "Apply custom resource [2]" - - "Set up secret from [testfiles/observability-cert.yaml] in namespace [karavi]" - "Validate custom resource [2]" - "Validate [powerscale] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" @@ -861,6 +875,42 @@ - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" +- scenario: "Install PowerFlex Driver(With Observability)" + paths: + - "testfiles/storage_csm_powerflex_observability_custom_cert.yaml" + modules: + - "observability" + steps: + - "Given an environment with k8s or openshift, and CSM operator installed" + - "Create storageclass with name [op-e2e-vxflexos] and template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" + - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" + - "Apply custom resource [1]" + - "Validate [powerflex] driver from CR [1] is installed" + - "Validate [observability] module from CR [1] is installed" + # cleanup + - "Enable forceRemoveDriver on CR [1]" + - "Delete custom resource [1]" + - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" + - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" + +- scenario: "Install PowerFlex Driver(With Observability)" + paths: + - "testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml" + modules: + - "observability" + steps: + - "Given an environment with k8s or openshift, and CSM operator installed" + - "Create storageclass with name [op-e2e-vxflexos] and template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" + - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" + - "Apply custom resource [1]" + - "Validate [powerflex] driver from CR [1] is installed" + - "Validate [observability] module from CR [1] is installed" + # cleanup + - "Enable forceRemoveDriver on CR [1]" + - "Delete custom resource [1]" + - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" + - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" + - scenario: "Install PowerFlex Driver(Standalone), Enable/Disable Observability" paths: - "testfiles/storage_csm_powerflex.yaml" @@ -1036,7 +1086,6 @@ - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflexAuth]" - "Apply custom resource [2]" - - "Set up secret from [testfiles/observability-cert.yaml] in namespace [karavi]" - "Validate custom resource [2]" - "Validate [powerflex] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" @@ -1073,7 +1122,6 @@ - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflexAuth]" - "Apply custom resource [2]" - - "Set up secret from [testfiles/observability-cert.yaml] in namespace [karavi]" - "Validate custom resource [2]" - "Validate [powerflex] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" @@ -1119,7 +1167,6 @@ - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflexAuth]" - "Apply custom resource [2]" - - "Set up secret from [testfiles/observability-cert.yaml] in namespace [karavi]" - "Validate custom resource [2]" - "Validate [powerflex] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" @@ -1577,7 +1624,6 @@ - "Create storageclass with name [op-e2e-pmax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" - "Set up secret with template [testfiles/powermax-templates/powermax-secret-template.yaml] name [powermax-creds] in namespace [powermax] for [pmax]" - "Apply custom resource [1]" - - "Set up secret from [testfiles/observability-cert.yaml] in namespace [karavi]" - "Validate custom resource [1]" - "Validate [powermax] driver from CR [1] is installed" - "Validate [observability] module from CR [1] is installed"