From ca52bbdcf20999fea5e74e3185d14f7280f316ec Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Wed, 13 Nov 2024 16:38:23 +0000 Subject: [PATCH 1/9] add authorization server images --- .../dell-csm-operator.clusterserviceversion.yaml | 13 +++++++++++-- config/manager/manager.yaml | 13 +++++++++++-- .../dell-csm-operator.clusterserviceversion.yaml | 12 +++++++++++- deploy/operator.yaml | 13 +++++++++++-- 4 files changed, 44 insertions(+), 7 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index feafa0d78..94a580a4b 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -4289,8 +4289,17 @@ spec: value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - - name: RELATED_IMAGE_karavi-authorization-proxy - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-proxy + value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-tenant + value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-role + value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-storage + value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-controller + value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 - name: RELATED_IMAGE_dell-csi-replicator value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 - name: RELATED_IMAGE_dell-replication-controller-manager diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 5c19e7941..c80764343 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -45,8 +45,17 @@ spec: name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/sdc:4.5.2.1 name: RELATED_IMAGE_sdc - - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 - name: RELATED_IMAGE_karavi-authorization-proxy + - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-proxy + value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-tenant + value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-role + value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-storage + value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-controller + value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 - value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 name: RELATED_IMAGE_dell-csi-replicator - value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index 11b61a279..f289864f1 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1753,8 +1753,18 @@ spec: name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.2.1 name: sdc - - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 name: karavi-authorization-proxy + - image: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + name: csm-authorization-proxy + - image: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + name: csm-authorization-tenant + - image: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + name: csm-authorization-role + - image: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + name: csm-authorization-storage + - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + name: csm-authorization-controller - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 name: dell-csi-replicator - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 624a15f99..d8536a1a4 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1328,8 +1328,17 @@ spec: value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - - name: RELATED_IMAGE_karavi-authorization-proxy - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-proxy + value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-tenant + value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-role + value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-storage + value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-controller + value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 - name: RELATED_IMAGE_dell-csi-replicator value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 - name: RELATED_IMAGE_dell-replication-controller-manager From 3674111bd0802ba8b31ce699cca4d1b7c52aa36b Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Wed, 13 Nov 2024 17:17:10 +0000 Subject: [PATCH 2/9] fix env --- bundle/manifests/dell-csm-operator.clusterserviceversion.yaml | 3 ++- config/manager/manager.yaml | 3 ++- deploy/operator.yaml | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 94a580a4b..7ebc1511a 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -4289,7 +4289,8 @@ spec: value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-sidecar + value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 - name: RELATED_IMAGE_csm-authorization-proxy value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 - name: RELATED_IMAGE_csm-authorization-tenant diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index c80764343..0a1953ae1 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -45,7 +45,8 @@ spec: name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/sdc:4.5.2.1 name: RELATED_IMAGE_sdc - - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-sidecar + value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 - name: RELATED_IMAGE_csm-authorization-proxy value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 - name: RELATED_IMAGE_csm-authorization-tenant diff --git a/deploy/operator.yaml b/deploy/operator.yaml index d8536a1a4..59501a09f 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1328,7 +1328,8 @@ spec: value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - name: RELATED_IMAGE_csm-authorization-sidecar + value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 - name: RELATED_IMAGE_csm-authorization-proxy value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 - name: RELATED_IMAGE_csm-authorization-tenant From f07ee9fd1bd2fdf7eb1a4b0439a2711f22b61adb Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Wed, 13 Nov 2024 17:27:17 +0000 Subject: [PATCH 3/9] use karavi-authorization-proxy --- .../dell-csm-operator.clusterserviceversion.yaml | 10 +++++----- config/manager/manager.yaml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 7ebc1511a..2c27d96aa 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -177,7 +177,7 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0", + "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0", "name": "karavi-authorization-proxy" } ], @@ -577,7 +577,7 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0", + "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0", "name": "karavi-authorization-proxy" } ], @@ -1229,7 +1229,7 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0", + "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0", "name": "karavi-authorization-proxy" } ], @@ -4289,7 +4289,7 @@ spec: value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - - name: RELATED_IMAGE_csm-authorization-sidecar + - name: RELATED_IMAGE_karavi-authorization-proxy value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 - name: RELATED_IMAGE_csm-authorization-proxy value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 @@ -4410,7 +4410,7 @@ spec: name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.2.1 name: sdc - - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 name: dell-csi-replicator diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 0a1953ae1..6e4050f8b 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -45,7 +45,7 @@ spec: name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/sdc:4.5.2.1 name: RELATED_IMAGE_sdc - - name: RELATED_IMAGE_csm-authorization-sidecar + - name: RELATED_IMAGE_karavi-authorization-proxy value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 - name: RELATED_IMAGE_csm-authorization-proxy value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 From 5eb3fdd7b8619d4e7509025488f67fe11721deca Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Wed, 13 Nov 2024 19:41:31 +0000 Subject: [PATCH 4/9] update sidecar in samples --- config/samples/storage_v1_csm_powerflex.yaml | 2 +- config/samples/storage_v1_csm_powermax.yaml | 2 +- config/samples/storage_v1_csm_powerscale.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index 009ad4ec2..2cd1fafdf 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -197,7 +197,7 @@ spec: components: - name: karavi-authorization-proxy # Use image: dellemc/csm-authorization-sidecar:v2.0.0-alpha for PowerFlex Tech-Preview v2.0.0-alpha - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index edcfe4e63..9ae4517dd 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -278,7 +278,7 @@ spec: configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index 394bbd660..83d5982ad 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -255,7 +255,7 @@ spec: configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" From 1d829f9fe1afe773d3b4dea116d29dfa2d07e70e Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Wed, 13 Nov 2024 21:03:55 +0000 Subject: [PATCH 5/9] add auth sample --- ...ll-csm-operator.clusterserviceversion.yaml | 114 ++++++++++++++---- config/rbac/role.yaml | 20 --- config/samples/kustomization.yaml | 1 + deploy/operator.yaml | 22 +--- 4 files changed, 94 insertions(+), 63 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 2c27d96aa..7cd6c6fcf 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -4,6 +4,86 @@ metadata: annotations: alm-examples: |- [ + { + "apiVersion": "storage.dell.com/v1", + "kind": "ContainerStorageModule", + "metadata": { + "name": "authorization", + "namespace": "authorization" + }, + "spec": { + "modules": [ + { + "components": [ + { + "enabled": true, + "name": "nginx" + }, + { + "enabled": true, + "name": "cert-manager" + }, + { + "authorizationController": "quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0", + "authorizationControllerReplicas": 1, + "certificate": "", + "controllerReconcileInterval": "5m", + "enabled": true, + "hostname": "csm-authorization.com", + "leaderElection": true, + "name": "proxy-server", + "opa": "docker.io/openpolicyagent/opa:latest", + "opaKubeMgmt": "docker.io/openpolicyagent/kube-mgmt:8.5.7", + "openTelemetryCollectorAddress": "", + "privateKey": "", + "proxyServerIngress": [ + { + "annotations": {}, + "hosts": [], + "ingressClassName": "nginx" + } + ], + "proxyService": "quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0", + "proxyServiceReplicas": 1, + "roleService": "quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0", + "roleServiceReplicas": 1, + "storageService": "quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0", + "storageServiceReplicas": 1, + "tenantService": "quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0", + "tenantServiceReplicas": 1 + }, + { + "commander": "docker.io/rediscommander/redis-commander:latest", + "name": "redis", + "redis": "docker.io/redis:7.4.0-alpine", + "redisCommander": "rediscommander", + "redisName": "redis-csm", + "redisReplicas": 5, + "sentinel": "sentinel" + }, + { + "name": "vault", + "vaultConfigurations": [ + { + "address": "https://10.0.0.1:8400", + "certificateAuthority": "", + "clientCertificate": "", + "clientKey": "", + "identifier": "vault0", + "role": "csm-authorization", + "skipCertificateValidation": true + } + ] + } + ], + "configVersion": "v2.0.0", + "enabled": true, + "forceRemoveModule": true, + "name": "authorization-proxy-server" + } + ] + } + }, { "apiVersion": "storage.dell.com/v1", "kind": "ContainerStorageModule", @@ -1419,7 +1499,7 @@ metadata: capabilities: Seamless Upgrades categories: Storage containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 - createdAt: "2024-09-30T10:28:43Z" + createdAt: "2024-11-13T20:54:04Z" description: Easily install and manage Dell’s CSI Drivers and CSM features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "false" @@ -3382,18 +3462,6 @@ spec: - patch - update - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - auditregistration.k8s.io resources: @@ -3577,14 +3645,6 @@ spec: - get - patch - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - apiGroups: - csi.storage.k8s.io resources: @@ -4333,7 +4393,7 @@ spec: value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 - name: RELATED_IMAGE_metadataretriever value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + image: docker.io/dellemc/dell-csm-operator:v1.7.0 imagePullPolicy: Always livenessProbe: httpGet: @@ -4412,6 +4472,16 @@ spec: name: sdc - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 name: karavi-authorization-proxy + - image: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + name: csm-authorization-proxy + - image: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + name: csm-authorization-tenant + - image: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + name: csm-authorization-role + - image: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + name: csm-authorization-storage + - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + name: csm-authorization-controller - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 name: dell-csi-replicator - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index d6794a4a2..905ed180b 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -260,18 +260,6 @@ rules: - patch - update - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - auditregistration.k8s.io resources: @@ -455,14 +443,6 @@ rules: - get - patch - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - apiGroups: - csi.storage.k8s.io resources: diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index e419985b4..31226c84e 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -5,4 +5,5 @@ resources: - storage_v1_csm_powerstore.yaml - storage_v1_csm_unity.yaml - storage_v1_csm_powermax.yaml + - storage_v1_csm_authorization_v2.yaml # +kubebuilder:scaffold:manifestskustomizesamples diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 59501a09f..e6b05b840 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -317,18 +317,6 @@ rules: - patch - update - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - auditregistration.k8s.io resources: @@ -512,14 +500,6 @@ rules: - get - patch - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - apiGroups: - csi.storage.k8s.io resources: @@ -1328,7 +1308,7 @@ spec: value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - - name: RELATED_IMAGE_csm-authorization-sidecar + - name: RELATED_IMAGE_karavi-authorization-proxy value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 - name: RELATED_IMAGE_csm-authorization-proxy value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 From 74316b01fb66115d77db74639bb3ab19bfd945be Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Wed, 13 Nov 2024 21:25:41 +0000 Subject: [PATCH 6/9] revert some changes --- ...ll-csm-operator.clusterserviceversion.yaml | 22 ++++++++++++++++++- config/rbac/role.yaml | 20 +++++++++++++++++ deploy/operator.yaml | 20 +++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 7cd6c6fcf..0a917ef7e 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -3462,6 +3462,18 @@ spec: - patch - update - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - auditregistration.k8s.io resources: @@ -3645,6 +3657,14 @@ spec: - get - patch - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch - apiGroups: - csi.storage.k8s.io resources: @@ -4393,7 +4413,7 @@ spec: value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 - name: RELATED_IMAGE_metadataretriever value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 - image: docker.io/dellemc/dell-csm-operator:v1.7.0 + image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 imagePullPolicy: Always livenessProbe: httpGet: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 905ed180b..d6794a4a2 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -260,6 +260,18 @@ rules: - patch - update - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - auditregistration.k8s.io resources: @@ -443,6 +455,14 @@ rules: - get - patch - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch - apiGroups: - csi.storage.k8s.io resources: diff --git a/deploy/operator.yaml b/deploy/operator.yaml index e6b05b840..6697d3c1b 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -317,6 +317,18 @@ rules: - patch - update - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - auditregistration.k8s.io resources: @@ -500,6 +512,14 @@ rules: - get - patch - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch - apiGroups: - csi.storage.k8s.io resources: From ac5ada72741f89a2ca77a07b72482f911f81d83b Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Wed, 13 Nov 2024 21:33:54 +0000 Subject: [PATCH 7/9] add sample --- .../csm-config-params_v1_configmap.yaml | 10 ++ .../storage_v1_csm_authorization_v2.yaml | 114 ++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 bundle/manifests/csm-config-params_v1_configmap.yaml create mode 100644 config/samples/storage_v1_csm_authorization_v2.yaml diff --git a/bundle/manifests/csm-config-params_v1_configmap.yaml b/bundle/manifests/csm-config-params_v1_configmap.yaml new file mode 100644 index 000000000..21fd3f3f3 --- /dev/null +++ b/bundle/manifests/csm-config-params_v1_configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + csm-config-params.yaml: |- + CONCURRENT_POWERFLEX_REQUESTS: 10 + CONCURRENT_POWERSCALE_REQUESTS: 10 + LOG_LEVEL: debug + STORAGE_CAPACITY_POLL_INTERVAL: 5m +kind: ConfigMap +metadata: + name: csm-config-params diff --git a/config/samples/storage_v1_csm_authorization_v2.yaml b/config/samples/storage_v1_csm_authorization_v2.yaml new file mode 100644 index 000000000..2d0ec9289 --- /dev/null +++ b/config/samples/storage_v1_csm_authorization_v2.yaml @@ -0,0 +1,114 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: authorization + namespace: authorization +spec: + modules: + # Authorization: enable csm-authorization proxy server for RBAC + - name: authorization-proxy-server + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v2.0.0 + forceRemoveModule: true + components: + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + proxyServiceReplicas: 1 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + tenantServiceReplicas: 1 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + roleServiceReplicas: 1 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + storageServiceReplicas: 1 + opa: docker.io/openpolicyagent/opa:latest + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.7 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + authorizationControllerReplicas: 1 + leaderElection: true + # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. + controllerReconcileInterval: 5m + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + # proxy-server ingress will use this hostname + # NOTE: an additional hostname can be configured in proxyServerIngress.hosts + # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required + hostname: "csm-authorization.com" + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx + # additional host rules for the proxy-server ingress + hosts: [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local + + # additional annotations for the proxy-server ingress + annotations: {} + # openTelemetryCollectorAddress: the OTLP receiving endpoint using gRPC + openTelemetryCollectorAddress: "" + - name: redis + redis: docker.io/redis:7.4.0-alpine + commander: docker.io/rediscommander/redis-commander:latest + redisName: redis-csm + redisCommander: rediscommander + sentinel: sentinel + redisReplicas: 5 + - name: vault + vaultConfigurations: + - identifier: vault0 + address: https://10.0.0.1:8400 + role: csm-authorization + skipCertificateValidation: true + # clientCertificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientCertificate: "" + # clientKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientKey: "" + # certificateAuthority: base64-encoded certificate authority for validating vault server certificate -- add certificate authority here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificateAuthority: "" +# - identifier: vault0 +# address: https://10.0.0.1:8400 +# role: csm-authorization +# skipCertificateValidation: true +# clientCertificate: +# clientKey: +# certificateAuthority: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: csm-config-params + namespace: authorization +data: + csm-config-params.yaml: |- + CONCURRENT_POWERFLEX_REQUESTS: 10 + CONCURRENT_POWERSCALE_REQUESTS: 10 + LOG_LEVEL: debug + STORAGE_CAPACITY_POLL_INTERVAL: 5m From c278ded2f6105c2d19ee2f097e5e6125ab19055a Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Tue, 19 Nov 2024 15:59:02 +0000 Subject: [PATCH 8/9] update kube-mgmt and redis tag --- config/samples/storage_v1_csm_authorization_v2.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/samples/storage_v1_csm_authorization_v2.yaml b/config/samples/storage_v1_csm_authorization_v2.yaml index 2d0ec9289..95b141cf1 100644 --- a/config/samples/storage_v1_csm_authorization_v2.yaml +++ b/config/samples/storage_v1_csm_authorization_v2.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:latest - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.7 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.10 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 authorizationControllerReplicas: 1 leaderElection: true @@ -69,7 +69,7 @@ spec: # openTelemetryCollectorAddress: the OTLP receiving endpoint using gRPC openTelemetryCollectorAddress: "" - name: redis - redis: docker.io/redis:7.4.0-alpine + redis: docker.io/redis:7.4.1-alpine commander: docker.io/rediscommander/redis-commander:latest redisName: redis-csm redisCommander: rediscommander From 23f7121b674b5fc6a1070150c5dbb45f4f1888b8 Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Tue, 19 Nov 2024 16:55:38 +0000 Subject: [PATCH 9/9] remake bundle --- bundle/manifests/dell-csm-operator.clusterserviceversion.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 0a917ef7e..421f996d5 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -33,7 +33,7 @@ metadata: "leaderElection": true, "name": "proxy-server", "opa": "docker.io/openpolicyagent/opa:latest", - "opaKubeMgmt": "docker.io/openpolicyagent/kube-mgmt:8.5.7", + "opaKubeMgmt": "docker.io/openpolicyagent/kube-mgmt:8.5.10", "openTelemetryCollectorAddress": "", "privateKey": "", "proxyServerIngress": [ @@ -55,7 +55,7 @@ metadata: { "commander": "docker.io/rediscommander/redis-commander:latest", "name": "redis", - "redis": "docker.io/redis:7.4.0-alpine", + "redis": "docker.io/redis:7.4.1-alpine", "redisCommander": "rediscommander", "redisName": "redis-csm", "redisReplicas": 5,