diff --git a/bundle/manifests/csm-config-params_v1_configmap.yaml b/bundle/manifests/csm-config-params_v1_configmap.yaml new file mode 100644 index 000000000..21fd3f3f3 --- /dev/null +++ b/bundle/manifests/csm-config-params_v1_configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + csm-config-params.yaml: |- + CONCURRENT_POWERFLEX_REQUESTS: 10 + CONCURRENT_POWERSCALE_REQUESTS: 10 + LOG_LEVEL: debug + STORAGE_CAPACITY_POLL_INTERVAL: 5m +kind: ConfigMap +metadata: + name: csm-config-params diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index feafa0d78..421f996d5 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -4,6 +4,86 @@ metadata: annotations: alm-examples: |- [ + { + "apiVersion": "storage.dell.com/v1", + "kind": "ContainerStorageModule", + "metadata": { + "name": "authorization", + "namespace": "authorization" + }, + "spec": { + "modules": [ + { + "components": [ + { + "enabled": true, + "name": "nginx" + }, + { + "enabled": true, + "name": "cert-manager" + }, + { + "authorizationController": "quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0", + "authorizationControllerReplicas": 1, + "certificate": "", + "controllerReconcileInterval": "5m", + "enabled": true, + "hostname": "csm-authorization.com", + "leaderElection": true, + "name": "proxy-server", + "opa": "docker.io/openpolicyagent/opa:latest", + "opaKubeMgmt": "docker.io/openpolicyagent/kube-mgmt:8.5.10", + "openTelemetryCollectorAddress": "", + "privateKey": "", + "proxyServerIngress": [ + { + "annotations": {}, + "hosts": [], + "ingressClassName": "nginx" + } + ], + "proxyService": "quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0", + "proxyServiceReplicas": 1, + "roleService": "quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0", + "roleServiceReplicas": 1, + "storageService": "quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0", + "storageServiceReplicas": 1, + "tenantService": "quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0", + "tenantServiceReplicas": 1 + }, + { + "commander": "docker.io/rediscommander/redis-commander:latest", + "name": "redis", + "redis": "docker.io/redis:7.4.1-alpine", + "redisCommander": "rediscommander", + "redisName": "redis-csm", + "redisReplicas": 5, + "sentinel": "sentinel" + }, + { + "name": "vault", + "vaultConfigurations": [ + { + "address": "https://10.0.0.1:8400", + "certificateAuthority": "", + "clientCertificate": "", + "clientKey": "", + "identifier": "vault0", + "role": "csm-authorization", + "skipCertificateValidation": true + } + ] + } + ], + "configVersion": "v2.0.0", + "enabled": true, + "forceRemoveModule": true, + "name": "authorization-proxy-server" + } + ] + } + }, { "apiVersion": "storage.dell.com/v1", "kind": "ContainerStorageModule", @@ -177,7 +257,7 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0", + "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0", "name": "karavi-authorization-proxy" } ], @@ -577,7 +657,7 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0", + "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0", "name": "karavi-authorization-proxy" } ], @@ -1229,7 +1309,7 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0", + "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0", "name": "karavi-authorization-proxy" } ], @@ -1419,7 +1499,7 @@ metadata: capabilities: Seamless Upgrades categories: Storage containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 - createdAt: "2024-09-30T10:28:43Z" + createdAt: "2024-11-13T20:54:04Z" description: Easily install and manage Dell’s CSI Drivers and CSM features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "false" @@ -4290,7 +4370,17 @@ spec: - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - name: RELATED_IMAGE_karavi-authorization-proxy - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-proxy + value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-tenant + value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-role + value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-storage + value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-controller + value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 - name: RELATED_IMAGE_dell-csi-replicator value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 - name: RELATED_IMAGE_dell-replication-controller-manager @@ -4400,8 +4490,18 @@ spec: name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.2.1 name: sdc - - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 name: karavi-authorization-proxy + - image: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + name: csm-authorization-proxy + - image: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + name: csm-authorization-tenant + - image: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + name: csm-authorization-role + - image: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + name: csm-authorization-storage + - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + name: csm-authorization-controller - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 name: dell-csi-replicator - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 5c19e7941..6e4050f8b 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -45,8 +45,18 @@ spec: name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/sdc:4.5.2.1 name: RELATED_IMAGE_sdc - - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 - name: RELATED_IMAGE_karavi-authorization-proxy + - name: RELATED_IMAGE_karavi-authorization-proxy + value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-proxy + value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-tenant + value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-role + value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-storage + value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-controller + value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 - value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 name: RELATED_IMAGE_dell-csi-replicator - value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index 11b61a279..f289864f1 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1753,8 +1753,18 @@ spec: name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.2.1 name: sdc - - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 name: karavi-authorization-proxy + - image: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + name: csm-authorization-proxy + - image: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + name: csm-authorization-tenant + - image: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + name: csm-authorization-role + - image: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + name: csm-authorization-storage + - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + name: csm-authorization-controller - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 name: dell-csi-replicator - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index e419985b4..31226c84e 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -5,4 +5,5 @@ resources: - storage_v1_csm_powerstore.yaml - storage_v1_csm_unity.yaml - storage_v1_csm_powermax.yaml + - storage_v1_csm_authorization_v2.yaml # +kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/storage_v1_csm_authorization_v2.yaml b/config/samples/storage_v1_csm_authorization_v2.yaml new file mode 100644 index 000000000..95b141cf1 --- /dev/null +++ b/config/samples/storage_v1_csm_authorization_v2.yaml @@ -0,0 +1,114 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: authorization + namespace: authorization +spec: + modules: + # Authorization: enable csm-authorization proxy server for RBAC + - name: authorization-proxy-server + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v2.0.0 + forceRemoveModule: true + components: + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + proxyServiceReplicas: 1 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + tenantServiceReplicas: 1 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + roleServiceReplicas: 1 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + storageServiceReplicas: 1 + opa: docker.io/openpolicyagent/opa:latest + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.10 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + authorizationControllerReplicas: 1 + leaderElection: true + # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. + controllerReconcileInterval: 5m + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + # proxy-server ingress will use this hostname + # NOTE: an additional hostname can be configured in proxyServerIngress.hosts + # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required + hostname: "csm-authorization.com" + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx + # additional host rules for the proxy-server ingress + hosts: [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local + + # additional annotations for the proxy-server ingress + annotations: {} + # openTelemetryCollectorAddress: the OTLP receiving endpoint using gRPC + openTelemetryCollectorAddress: "" + - name: redis + redis: docker.io/redis:7.4.1-alpine + commander: docker.io/rediscommander/redis-commander:latest + redisName: redis-csm + redisCommander: rediscommander + sentinel: sentinel + redisReplicas: 5 + - name: vault + vaultConfigurations: + - identifier: vault0 + address: https://10.0.0.1:8400 + role: csm-authorization + skipCertificateValidation: true + # clientCertificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientCertificate: "" + # clientKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientKey: "" + # certificateAuthority: base64-encoded certificate authority for validating vault server certificate -- add certificate authority here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificateAuthority: "" +# - identifier: vault0 +# address: https://10.0.0.1:8400 +# role: csm-authorization +# skipCertificateValidation: true +# clientCertificate: +# clientKey: +# certificateAuthority: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: csm-config-params + namespace: authorization +data: + csm-config-params.yaml: |- + CONCURRENT_POWERFLEX_REQUESTS: 10 + CONCURRENT_POWERSCALE_REQUESTS: 10 + LOG_LEVEL: debug + STORAGE_CAPACITY_POLL_INTERVAL: 5m diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index 009ad4ec2..2cd1fafdf 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -197,7 +197,7 @@ spec: components: - name: karavi-authorization-proxy # Use image: dellemc/csm-authorization-sidecar:v2.0.0-alpha for PowerFlex Tech-Preview v2.0.0-alpha - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index edcfe4e63..9ae4517dd 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -278,7 +278,7 @@ spec: configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index 394bbd660..83d5982ad 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -255,7 +255,7 @@ spec: configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 624a15f99..6697d3c1b 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1329,7 +1329,17 @@ spec: - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - name: RELATED_IMAGE_karavi-authorization-proxy - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-proxy + value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-tenant + value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-role + value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-storage + value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-controller + value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 - name: RELATED_IMAGE_dell-csi-replicator value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 - name: RELATED_IMAGE_dell-replication-controller-manager