From 2e09277305ecb5fc8570d5aef15f58b5b0bebdbc Mon Sep 17 00:00:00 2001 From: mgandharva Date: Tue, 3 Dec 2024 01:04:50 -0500 Subject: [PATCH 01/31] updated operator version --- .../dell-csm-operator.clusterserviceversion.yaml | 8 ++++---- config/manager/manager.yaml | 2 +- .../bases/dell-csm-operator.clusterserviceversion.yaml | 4 ++-- deploy/olm/operator_community.yaml | 2 +- deploy/operator.yaml | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 421f996d5..43956c8ae 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -1498,7 +1498,7 @@ metadata: ] capabilities: Seamless Upgrades categories: Storage - containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 createdAt: "2024-11-13T20:54:04Z" description: Easily install and manage Dell’s CSI Drivers and CSM features.operators.openshift.io/disconnected: "true" @@ -4354,7 +4354,7 @@ spec: - /manager env: - name: RELATED_IMAGE_dell-csm-operator - value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 - name: RELATED_IMAGE_csi-isilon value: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 - name: RELATED_IMAGE_csi-powermax @@ -4413,7 +4413,7 @@ spec: value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 - name: RELATED_IMAGE_metadataretriever value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 imagePullPolicy: Always livenessProbe: httpGet: @@ -4474,7 +4474,7 @@ spec: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 name: dell-csm-operator - image: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 name: csi-isilon diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 6e4050f8b..a89f0a52e 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -29,7 +29,7 @@ spec: imagePullPolicy: Always name: manager env: - - value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + - value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 name: RELATED_IMAGE_dell-csm-operator - value: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 name: RELATED_IMAGE_csi-isilon diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index f289864f1..d98566519 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -5,7 +5,7 @@ metadata: alm-examples: "[]" capabilities: Seamless Upgrades categories: Storage - containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 createdAt: "2022-03-29T11:59:59Z" description: Easily install and manage Dell’s CSI Drivers and CSM features.operators.openshift.io/disconnected: "true" @@ -1737,7 +1737,7 @@ spec: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 name: dell-csm-operator - image: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 name: csi-isilon diff --git a/deploy/olm/operator_community.yaml b/deploy/olm/operator_community.yaml index 8bc9b81e8..9154d9e03 100644 --- a/deploy/olm/operator_community.yaml +++ b/deploy/olm/operator_community.yaml @@ -5,7 +5,7 @@ metadata: namespace: test-csm-operator-olm spec: sourceType: grpc - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 6697d3c1b..4fc68debf 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1313,7 +1313,7 @@ spec: - /manager env: - name: RELATED_IMAGE_dell-csm-operator - value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 - name: RELATED_IMAGE_csi-isilon value: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 - name: RELATED_IMAGE_csi-powermax @@ -1372,7 +1372,7 @@ spec: value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 - name: RELATED_IMAGE_metadataretriever value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0 + image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 imagePullPolicy: Always livenessProbe: httpGet: From 04638aa9408d695cf8ec29ffbb3bdad1bab3cfac Mon Sep 17 00:00:00 2001 From: mgandharva Date: Tue, 3 Dec 2024 04:50:54 -0500 Subject: [PATCH 02/31] updated driver version --- ...ll-csm-operator.clusterserviceversion.yaml | 40 +++--- ...ll-csm-operator.clusterserviceversion.yaml | 10 +- config/samples/storage_v1_csm_powerflex.yaml | 30 ++-- config/samples/storage_v1_csm_powermax.yaml | 53 ++----- config/samples/storage_v1_csm_powerscale.yaml | 15 +- config/samples/storage_v1_csm_powerstore.yaml | 11 +- config/samples/storage_v1_csm_unity.yaml | 11 +- .../powerflex/v2.10.1/upgrade-path.yaml | 1 - .../powerflex/v2.13.0}/controller.yaml | 24 +++- .../{v2.10.1 => v2.13.0}/csidriver.yaml | 0 .../v2.13.0/driver-config-params.yaml | 13 ++ .../powerflex/{v2.10.1 => v2.13.0}/node.yaml | 24 +++- .../powerflex/v2.13.0/upgrade-path.yaml | 3 + .../powermax/v2.10.1/upgrade-path.yaml | 1 - .../powermax/v2.13.0}/controller.yaml | 45 +++--- .../{v2.10.1 => v2.13.0}/csidriver.yaml | 0 .../driver-config-params.yaml | 0 .../powermax/{v2.10.1 => v2.13.0}/node.yaml | 46 ++++-- .../powermax/v2.13.0/upgrade-path.yaml | 3 + .../powerscale/v2.10.1/upgrade-path.yaml | 1 - .../{v2.10.1 => v2.13.0}/controller.yaml | 24 ++-- .../powerscale/v2.13.0}/csidriver.yaml | 0 .../v2.13.0/driver-config-params.yaml | 13 ++ .../powerscale/{v2.10.1 => v2.13.0}/node.yaml | 8 +- .../powerscale/v2.13.0/upgrade-path.yaml | 3 + .../powerstore/v2.10.1/upgrade-path.yaml | 16 --- .../{v2.10.1 => v2.13.0}/controller.yaml | 18 +-- .../{v2.10.1 => v2.13.0}/csidriver.yaml | 0 .../driver-config-params.yaml | 0 .../powerstore/{v2.10.1 => v2.13.0}/node.yaml | 8 +- .../powerstore/v2.13.0/upgrade-path.yaml | 3 + .../unity/v2.10.1/upgrade-path.yaml | 1 - .../{v2.10.1 => v2.13.0}/controller.yaml | 16 ++- .../unity/{v2.10.1 => v2.13.0}/csidriver.yaml | 0 .../unity/v2.13.0}/driver-config-params.yaml | 1 + .../unity/{v2.10.1 => v2.13.0}/node.yaml | 10 +- .../unity/v2.13.0/upgrade-path.yaml | 3 + .../testdata/cr_powerflex_observability.yaml | 8 +- ...r_powerflex_observability_custom_cert.yaml | 8 +- ...observability_custom_cert_missing_key.yaml | 8 +- .../testdata/cr_powerflex_replica.yaml | 2 +- .../testdata/cr_powerflex_resiliency.yaml | 2 +- .../testdata/cr_powermax_observability.yaml | 4 +- pkg/modules/testdata/cr_powermax_replica.yaml | 4 +- .../testdata/cr_powermax_reverseproxy.yaml | 4 +- pkg/modules/testdata/cr_powerscale_auth.yaml | 4 +- .../cr_powerscale_auth_validate_cert.yaml | 4 +- .../testdata/cr_powerscale_observability.yaml | 4 +- .../testdata/cr_powerscale_replica.yaml | 4 +- .../testdata/cr_powerscale_resiliency.yaml | 4 +- .../testdata/cr_powerstore_resiliency.yaml | 4 +- ....yaml => storage_csm_powerflex_v2130.yaml} | 71 ++++++---- ...1.yaml => storage_csm_powermax_v2130.yaml} | 133 ++++++++++-------- ...yaml => storage_csm_powerscale_v2130.yaml} | 57 ++++---- ...yaml => storage_csm_powerstore_v2130.yaml} | 26 ++-- ...2101.yaml => storage_csm_unity_v2130.yaml} | 56 +++++--- .../v2.10.1 => badDriver/v2.13.0}/bad.yaml | 0 .../v2.13.0/controller.yaml} | 0 .../v2.13.0/csidriver.yaml} | 0 .../v2.13.0/driver-config-params.yaml | 3 + .../badDriver/v2.13.0/upgrade-path.yaml | 3 + .../v2.10.1/driver-config-params.yaml | 9 -- .../powerflex/v2.10.1/upgrade-path.yaml | 1 - .../driverconfig/powerflex/v2.13.0/bad.yaml | 3 + .../powerflex/v2.13.0}/controller.yaml | 15 +- .../{v2.10.1 => v2.13.0}/csidriver.yaml | 0 .../v2.13.0}/driver-config-params.yaml | 0 .../powerflex/{v2.10.1 => v2.13.0}/node.yaml | 11 +- .../powerflex/v2.13.0/upgrade-path.yaml | 1 + .../powermax/v2.10.1/upgrade-path.yaml | 1 - .../driverconfig/powermax/v2.13.0/bad.yaml | 3 + .../powermax/v2.13.0}/controller.yaml | 26 ++-- .../{v2.10.1 => v2.13.0}/csidriver.yaml | 0 .../driver-config-params.yaml | 0 .../powermax/{v2.10.1 => v2.13.0}/node.yaml | 14 +- .../powermax/v2.13.0/upgrade-path.yaml | 1 + .../v2.10.1/driver-config-params.yaml | 8 -- .../powerscale/v2.10.1/upgrade-path.yaml | 1 - .../driverconfig/powerscale/v2.13.0/bad.yaml | 3 + .../{v2.10.1 => v2.13.0}/controller.yaml | 12 +- .../powerscale/v2.13.0}/csidriver.yaml | 2 +- .../v2.13.0}/driver-config-params.yaml | 0 .../powerscale/{v2.10.1 => v2.13.0}/node.yaml | 4 +- .../powerscale/v2.13.0/upgrade-path.yaml | 1 + .../powerstore/{v2.10.1 => v2.13.0}/bad.yaml | 0 .../{v2.10.1 => v2.13.0}/config.json | 0 .../{v2.10.1 => v2.13.0}/controller.yaml | 12 +- .../{v2.10.1 => v2.13.0}/csidriver.yaml | 0 .../driver-config-params.yaml | 0 .../powerstore/{v2.10.1 => v2.13.0}/node.yaml | 4 +- .../{v2.10.1 => v2.13.0}/upgrade-path.yaml | 2 +- .../unity/v2.10.1/upgrade-path.yaml | 1 - .../unity/{v2.10.1 => v2.13.0}/bad.yaml | 0 .../unity/{v2.10.1 => v2.13.0}/config.json | 0 .../{v2.10.1 => v2.13.0}/controller.yaml | 12 +- .../unity/{v2.10.1 => v2.13.0}/csidriver.yaml | 0 .../unity/v2.13.0}/driver-config-params.yaml | 0 .../unity/{v2.10.1 => v2.13.0}/node.yaml | 4 +- .../unity/v2.13.0/upgrade-path.yaml | 1 + .../e2e/testfiles/storage_csm_powerflex.yaml | 6 +- .../storage_csm_powerflex_alt_vals_1.yaml | 6 +- .../storage_csm_powerflex_alt_vals_2.yaml | 6 +- .../storage_csm_powerflex_alt_vals_3.yaml | 6 +- .../storage_csm_powerflex_alt_vals_4.yaml | 6 +- .../testfiles/storage_csm_powerflex_auth.yaml | 6 +- .../storage_csm_powerflex_health_monitor.yaml | 6 +- .../storage_csm_powerflex_observability.yaml | 6 +- ...rage_csm_powerflex_observability_auth.yaml | 6 +- ...m_powerflex_observability_custom_cert.yaml | 6 +- ...erflex_observability_otel_custom_cert.yaml | 6 +- .../storage_csm_powerflex_replica.yaml | 6 +- .../storage_csm_powerflex_resiliency.yaml | 6 +- tests/e2e/testfiles/storage_csm_powermax.yaml | 8 +- .../storage_csm_powermax_observability.yaml | 8 +- .../e2e/testfiles/storage_csm_powerscale.yaml | 2 +- .../storage_csm_powerscale_alt_vals_1.yaml | 2 +- .../storage_csm_powerscale_alt_vals_2.yaml | 6 +- .../storage_csm_powerscale_alt_vals_3.yaml | 6 +- .../storage_csm_powerscale_auth.yaml | 2 +- ...storage_csm_powerscale_health_monitor.yaml | 2 +- .../storage_csm_powerscale_observability.yaml | 2 +- ...age_csm_powerscale_observability_auth.yaml | 2 +- ...erscale_observability_top_custom_cert.yaml | 2 +- .../storage_csm_powerscale_replica.yaml | 2 +- .../storage_csm_powerscale_resiliency.yaml | 2 +- .../e2e/testfiles/storage_csm_powerstore.yaml | 2 +- .../storage_csm_powerstore_resiliency.yaml | 2 +- tests/e2e/testfiles/storage_csm_unity.yaml | 2 +- 128 files changed, 640 insertions(+), 510 deletions(-) delete mode 100644 operatorconfig/driverconfig/powerflex/v2.10.1/upgrade-path.yaml rename {tests/config/driverconfig/powerflex/v2.10.1 => operatorconfig/driverconfig/powerflex/v2.13.0}/controller.yaml (91%) rename operatorconfig/driverconfig/powerflex/{v2.10.1 => v2.13.0}/csidriver.yaml (100%) create mode 100644 operatorconfig/driverconfig/powerflex/v2.13.0/driver-config-params.yaml rename operatorconfig/driverconfig/powerflex/{v2.10.1 => v2.13.0}/node.yaml (92%) create mode 100644 operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml delete mode 100644 operatorconfig/driverconfig/powermax/v2.10.1/upgrade-path.yaml rename {tests/config/driverconfig/powermax/v2.10.1 => operatorconfig/driverconfig/powermax/v2.13.0}/controller.yaml (90%) rename operatorconfig/driverconfig/powermax/{v2.10.1 => v2.13.0}/csidriver.yaml (100%) rename operatorconfig/driverconfig/powermax/{v2.10.1 => v2.13.0}/driver-config-params.yaml (100%) rename operatorconfig/driverconfig/powermax/{v2.10.1 => v2.13.0}/node.yaml (87%) create mode 100644 operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml delete mode 100644 operatorconfig/driverconfig/powerscale/v2.10.1/upgrade-path.yaml rename operatorconfig/driverconfig/powerscale/{v2.10.1 => v2.13.0}/controller.yaml (93%) rename {tests/config/driverconfig/powerscale/v2.10.1 => operatorconfig/driverconfig/powerscale/v2.13.0}/csidriver.yaml (100%) create mode 100644 operatorconfig/driverconfig/powerscale/v2.13.0/driver-config-params.yaml rename operatorconfig/driverconfig/powerscale/{v2.10.1 => v2.13.0}/node.yaml (97%) create mode 100644 operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml delete mode 100644 operatorconfig/driverconfig/powerstore/v2.10.1/upgrade-path.yaml rename operatorconfig/driverconfig/powerstore/{v2.10.1 => v2.13.0}/controller.yaml (94%) rename operatorconfig/driverconfig/powerstore/{v2.10.1 => v2.13.0}/csidriver.yaml (100%) rename operatorconfig/driverconfig/powerstore/{v2.10.1 => v2.13.0}/driver-config-params.yaml (100%) rename operatorconfig/driverconfig/powerstore/{v2.10.1 => v2.13.0}/node.yaml (97%) create mode 100644 operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml delete mode 100644 operatorconfig/driverconfig/unity/v2.10.1/upgrade-path.yaml rename operatorconfig/driverconfig/unity/{v2.10.1 => v2.13.0}/controller.yaml (94%) rename operatorconfig/driverconfig/unity/{v2.10.1 => v2.13.0}/csidriver.yaml (100%) rename {tests/config/driverconfig/unity/v2.10.1 => operatorconfig/driverconfig/unity/v2.13.0}/driver-config-params.yaml (92%) rename operatorconfig/driverconfig/unity/{v2.10.1 => v2.13.0}/node.yaml (95%) create mode 100644 operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml rename samples/{storage_csm_powerflex_v2101.yaml => storage_csm_powerflex_v2130.yaml} (87%) rename samples/{storage_csm_powermax_v2101.yaml => storage_csm_powermax_v2130.yaml} (83%) rename samples/{storage_csm_powerscale_v2101.yaml => storage_csm_powerscale_v2130.yaml} (93%) rename samples/{storage_csm_powerstore_v2101.yaml => storage_csm_powerstore_v2130.yaml} (93%) rename samples/{storage_csm_unity_v2101.yaml => storage_csm_unity_v2130.yaml} (81%) rename tests/config/driverconfig/{powerflex/v2.10.1 => badDriver/v2.13.0}/bad.yaml (100%) rename tests/config/driverconfig/{powermax/v2.10.1/bad.yaml => badDriver/v2.13.0/controller.yaml} (100%) rename tests/config/driverconfig/{powerscale/v2.10.1/bad.yaml => badDriver/v2.13.0/csidriver.yaml} (100%) create mode 100644 tests/config/driverconfig/badDriver/v2.13.0/driver-config-params.yaml create mode 100644 tests/config/driverconfig/badDriver/v2.13.0/upgrade-path.yaml delete mode 100644 tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml delete mode 100644 tests/config/driverconfig/powerflex/v2.10.1/upgrade-path.yaml create mode 100644 tests/config/driverconfig/powerflex/v2.13.0/bad.yaml rename {operatorconfig/driverconfig/powerflex/v2.10.1 => tests/config/driverconfig/powerflex/v2.13.0}/controller.yaml (95%) rename tests/config/driverconfig/powerflex/{v2.10.1 => v2.13.0}/csidriver.yaml (100%) rename {operatorconfig/driverconfig/powerflex/v2.10.1 => tests/config/driverconfig/powerflex/v2.13.0}/driver-config-params.yaml (100%) rename tests/config/driverconfig/powerflex/{v2.10.1 => v2.13.0}/node.yaml (97%) create mode 100644 tests/config/driverconfig/powerflex/v2.13.0/upgrade-path.yaml delete mode 100644 tests/config/driverconfig/powermax/v2.10.1/upgrade-path.yaml create mode 100644 tests/config/driverconfig/powermax/v2.13.0/bad.yaml rename {operatorconfig/driverconfig/powermax/v2.10.1 => tests/config/driverconfig/powermax/v2.13.0}/controller.yaml (93%) rename tests/config/driverconfig/powermax/{v2.10.1 => v2.13.0}/csidriver.yaml (100%) rename tests/config/driverconfig/powermax/{v2.10.1 => v2.13.0}/driver-config-params.yaml (100%) rename tests/config/driverconfig/powermax/{v2.10.1 => v2.13.0}/node.yaml (94%) create mode 100644 tests/config/driverconfig/powermax/v2.13.0/upgrade-path.yaml delete mode 100644 tests/config/driverconfig/powerscale/v2.10.1/driver-config-params.yaml delete mode 100644 tests/config/driverconfig/powerscale/v2.10.1/upgrade-path.yaml create mode 100644 tests/config/driverconfig/powerscale/v2.13.0/bad.yaml rename tests/config/driverconfig/powerscale/{v2.10.1 => v2.13.0}/controller.yaml (96%) rename {operatorconfig/driverconfig/powerscale/v2.10.1 => tests/config/driverconfig/powerscale/v2.13.0}/csidriver.yaml (92%) rename {operatorconfig/driverconfig/powerscale/v2.10.1 => tests/config/driverconfig/powerscale/v2.13.0}/driver-config-params.yaml (100%) rename tests/config/driverconfig/powerscale/{v2.10.1 => v2.13.0}/node.yaml (98%) create mode 100644 tests/config/driverconfig/powerscale/v2.13.0/upgrade-path.yaml rename tests/config/driverconfig/powerstore/{v2.10.1 => v2.13.0}/bad.yaml (100%) rename tests/config/driverconfig/powerstore/{v2.10.1 => v2.13.0}/config.json (100%) rename tests/config/driverconfig/powerstore/{v2.10.1 => v2.13.0}/controller.yaml (96%) rename tests/config/driverconfig/powerstore/{v2.10.1 => v2.13.0}/csidriver.yaml (100%) rename tests/config/driverconfig/powerstore/{v2.10.1 => v2.13.0}/driver-config-params.yaml (100%) rename tests/config/driverconfig/powerstore/{v2.10.1 => v2.13.0}/node.yaml (98%) rename tests/config/driverconfig/powerstore/{v2.10.1 => v2.13.0}/upgrade-path.yaml (96%) delete mode 100644 tests/config/driverconfig/unity/v2.10.1/upgrade-path.yaml rename tests/config/driverconfig/unity/{v2.10.1 => v2.13.0}/bad.yaml (100%) rename tests/config/driverconfig/unity/{v2.10.1 => v2.13.0}/config.json (100%) rename tests/config/driverconfig/unity/{v2.10.1 => v2.13.0}/controller.yaml (95%) rename tests/config/driverconfig/unity/{v2.10.1 => v2.13.0}/csidriver.yaml (100%) rename {operatorconfig/driverconfig/unity/v2.10.1 => tests/config/driverconfig/unity/v2.13.0}/driver-config-params.yaml (100%) rename tests/config/driverconfig/unity/{v2.10.1 => v2.13.0}/node.yaml (98%) create mode 100644 tests/config/driverconfig/unity/v2.13.0/upgrade-path.yaml diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 43956c8ae..fffde9cac 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -141,10 +141,10 @@ metadata: "value": "debug" } ], - "image": "quay.io/dell/container-storage-modules/csi-isilon:v2.12.0", + "image": "quay.io/dell/container-storage-modules/csi-isilon:v2.13.0", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.12.0", + "configVersion": "v2.13.0", "controller": { "envs": [ { @@ -514,10 +514,10 @@ metadata: "value": "TEXT" } ], - "image": "quay.io/dell/container-storage-modules/csi-powermax:v2.12.0", + "image": "quay.io/dell/container-storage-modules/csi-powermax:v2.13.0", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.12.0", + "configVersion": "v2.13.0", "controller": { "envs": [ { @@ -870,10 +870,10 @@ metadata: "value": "debug" } ], - "image": "quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0", + "image": "quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.12.0", + "configVersion": "v2.13.0", "controller": { "envs": [ { @@ -1059,10 +1059,10 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csi-unity:v2.12.0", + "image": "quay.io/dell/container-storage-modules/csi-unity:v2.13.0", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.12.0", + "configVersion": "v2.13.0", "controller": { "envs": [ { @@ -1172,10 +1172,10 @@ metadata: "value": "false" } ], - "image": "quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0", + "image": "quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.12.0", + "configVersion": "v2.13.0", "controller": { "envs": [ { @@ -4356,17 +4356,17 @@ spec: - name: RELATED_IMAGE_dell-csm-operator value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 - name: RELATED_IMAGE_csi-isilon - value: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 + value: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 - name: RELATED_IMAGE_csi-powermax - value: quay.io/dell/container-storage-modules/csi-powermax:v2.12.0 + value: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 - name: RELATED_IMAGE_csipowermax-reverseproxy value: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 - name: RELATED_IMAGE_csi-powerstore - value: quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0 + value: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 - name: RELATED_IMAGE_csi-unity - value: quay.io/dell/container-storage-modules/csi-unity:v2.12.0 + value: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 - name: RELATED_IMAGE_csi-vxflexos - value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 + value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - name: RELATED_IMAGE_karavi-authorization-proxy @@ -4476,17 +4476,17 @@ spec: relatedImages: - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 name: dell-csm-operator - - image: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 + - image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 name: csi-isilon - - image: quay.io/dell/container-storage-modules/csi-powermax:v2.12.0 + - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 name: csi-powermax - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 name: csipowermax-reverseproxy - - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0 + - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 name: csi-powerstore - - image: quay.io/dell/container-storage-modules/csi-unity:v2.12.0 + - image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 name: csi-unity - - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 + - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.2.1 name: sdc diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index d98566519..f67a5a0a2 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1739,17 +1739,17 @@ spec: relatedImages: - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 name: dell-csm-operator - - image: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 + - image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 name: csi-isilon - - image: quay.io/dell/container-storage-modules/csi-powermax:v2.12.0s + - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 name: csi-powermax - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 name: csipowermax-reverseproxy - - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0 + - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 name: csi-powerstore - - image: quay.io/dell/container-storage-modules/csi-unity:v2.12.0 + - image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 name: csi-unity - - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 + - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.2.1 name: sdc diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index 2cd1fafdf..705ea3147 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -17,13 +17,13 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -41,6 +41,13 @@ spec: value: "0" - name: X_CSI_QUOTA_ENABLED value: "false" + # CSI driver interface names for NFS deployment without SDC + # Multiple interface names should be separated by comma + # Ensure to single quote the whole value and double quote each interface name + # Examples: 'worker1: "interface1",worker2: "interface2"' + # Default value: None, required only when X_CSI_SDC_ENABLED is set to false + - name: INTERFACE_NAMES + value: sideCars: # 'k8s' represents a string prepended to each volume created by the CSI driver - name: provisioner @@ -64,7 +71,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -179,25 +186,32 @@ spec: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" initContainers: - image: docker.io/dellemc/sdc:4.5.2.1 imagePullPolicy: IfNotPresent name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization - # enable: Enable/Disable csm-authorization + # enabled: Enable/Disable csm-authorization enabled: false # For PowerFlex Tech-Preview v2.0.0-alpha use v1.11.0 as configVersion. # Do not change the configVersion to v2.0.0-alpha configVersion: v1.12.0 components: - name: karavi-authorization-proxy - # Use image: dellemc/csm-authorization-sidecar:v2.0.0-alpha for PowerFlex Tech-Preview v2.0.0-alpha - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 for Authorization v2.0.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -248,7 +262,7 @@ spec: envs: # image of nginx proxy image # Allowed values: string - # Default value: "nginxinc/nginx-unprivileged:1.27" + # Default value: "docker.io/nginxinc/nginx-unprivileged:1.27" - name: "NGINX_PROXY_IMAGE" value: "docker.io/nginxinc/nginx-unprivileged:1.27" # enabled: Enable/Disable cert-manager diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index 9ae4517dd..50ba59a64 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -32,7 +32,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 @@ -44,7 +44,7 @@ spec: forceUpdate: false forceRemoveDriver: true common: - image: quay.io/dell/container-storage-modules/csi-powermax:v2.12.0 + image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. @@ -53,17 +53,6 @@ spec: # Default value: None imagePullPolicy: IfNotPresent envs: - # X_CSI_MANAGED_ARRAYS: Serial ID of the arrays that will be used for provisioning - # Default value: None - # Examples: "000000000001", "000000000002" - - name: X_CSI_MANAGED_ARRAYS - value: "000000000000,000000000001" - # X_CSI_POWERMAX_ENDPOINT: Address of the Unisphere server that is managing the PowerMax arrays - # In case of multi-array, provide an endpoint of locally attached array - # Default value: None - # Example: https://0.0.0.1:8443 - - name: X_CSI_POWERMAX_ENDPOINT - value: "https://0.0.0.0:8443/" # X_CSI_K8S_CLUSTER_PREFIX: Define a prefix that is appended onto # all resources created in the Array # This should be unique per K8s/CSI deployment @@ -77,26 +66,6 @@ spec: # Default value: /var/lib/kubelet - name: KUBELET_CONFIG_DIR value: /var/lib/kubelet - # X_CSI_POWERMAX_PORTGROUPS: Define the set of existing port groups that the driver will use. - # It is a comma separated list of portgroup names. - # Required only in case of iSCSI port groups - # Allowed values: iSCSI Port Group names - # Default value: None - # Examples: "pg1", "pg1, pg2" - - name: X_CSI_POWERMAX_PORTGROUPS - value: "" - # "X_CSI_TRANSPORT_PROTOCOL" can be "FC" or "FIBRE" for fibrechannel, - # "ISCSI" for iSCSI, - # "NVMETCP" for NVMeTCP or "" for autoselection. - # Allowed values: - # "FC" - Fiber Channel protocol - # "FIBER" - Fiber Channel protocol - # "ISCSI" - iSCSI protocol - # "NVMETCP" = NVMeTCP protocol - # "" - Automatic selection of transport protocol - # Default value: "" - - name: X_CSI_TRANSPORT_PROTOCOL - value: "" # VMware/vSphere virtualization support # set X_CSI_VSPHERE_ENABLED to true, if you to enable VMware virtualized environment support via RDM # Allowed values: @@ -218,6 +187,17 @@ spec: - key: "node.kubernetes.io/network-unavailable" operator: "Exists" effect: "NoExecute" + # Uncomment and tab if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment and tab if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.powermax.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "powermax.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" sideCars: # 'pmax' represents a string prepended to each volume created by the CSI driver - name: provisioner @@ -246,9 +226,6 @@ spec: modules: # CSI Powermax Reverseproxy is a mandatory module for Powermax - name: csireverseproxy - # enabled: Always set to true - enabled: true - forceRemoveModule: true configVersion: v2.11.0 components: - name: csipowermax-reverseproxy @@ -278,7 +255,7 @@ spec: configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -385,7 +362,7 @@ spec: envs: # image of nginx proxy image # Allowed values: string - # Default value: "nginxinc/nginx-unprivileged:1.27" + # Default value: "docker.io/nginxinc/nginx-unprivileged:1.27" - name: "NGINX_PROXY_IMAGE" value: "docker.io/nginxinc/nginx-unprivileged:1.27" - name: cert-manager diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index 83d5982ad..ad70808db 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -17,14 +17,14 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet # Uninstall CSI Driver and/or modules when CR is deleted forceRemoveDriver: true common: - image: "quay.io/dell/container-storage-modules/csi-isilon:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-isilon:v2.13.0" imagePullPolicy: IfNotPresent envs: # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs @@ -223,6 +223,13 @@ spec: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" sideCars: - name: provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 @@ -255,7 +262,7 @@ spec: configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -362,7 +369,7 @@ spec: envs: # image of nginx proxy image # Allowed values: string - # Default value: "nginxinc/nginx-unprivileged:1.27" + # Default value: "docker.io/nginxinc/nginx-unprivileged:1.27" - name: "NGINX_PROXY_IMAGE" value: "docker.io/nginxinc/nginx-unprivileged:1.27" - name: cert-manager diff --git a/config/samples/storage_v1_csm_powerstore.yaml b/config/samples/storage_v1_csm_powerstore.yaml index f5fdc1d29..d7da05b1c 100644 --- a/config/samples/storage_v1_csm_powerstore.yaml +++ b/config/samples/storage_v1_csm_powerstore.yaml @@ -32,7 +32,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 # authSecret: This is the secret used to validate the default PowerStore secret used for installation # Allowed values: -config # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config @@ -43,7 +43,7 @@ spec: forceUpdate: false forceRemoveDriver: true common: - image: "quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0" imagePullPolicy: IfNotPresent envs: - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX @@ -169,6 +169,13 @@ spec: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.powerstore.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "powerstore.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" modules: - name: resiliency # enabled: Enable/Disable Resiliency feature diff --git a/config/samples/storage_v1_csm_unity.yaml b/config/samples/storage_v1_csm_unity.yaml index bfb82dcb8..cce151c13 100644 --- a/config/samples/storage_v1_csm_unity.yaml +++ b/config/samples/storage_v1_csm_unity.yaml @@ -17,14 +17,14 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 # Controller count replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "quay.io/dell/container-storage-modules/csi-unity:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-unity:v2.13.0" imagePullPolicy: IfNotPresent envs: # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. @@ -162,6 +162,13 @@ spec: # Leave as blank to install controller on worker nodes # Default value: None tolerations: +# Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled +# - key: "offline.unity.storage.dell.com" +# operator: "Exists" +# effect: "NoSchedule" +# - key: "unity.podmon.storage.dell.com" +# operator: "Exists" +# effect: "NoSchedule" # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/upgrade-path.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/upgrade-path.yaml deleted file mode 100644 index a902cb64c..000000000 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/upgrade-path.yaml +++ /dev/null @@ -1 +0,0 @@ -minUpgradePath: v2.8.0 diff --git a/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml similarity index 91% rename from tests/config/driverconfig/powerflex/v2.10.1/controller.yaml rename to operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml index a4d2a5e2a..9aad92428 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml @@ -71,6 +71,14 @@ rules: - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get"] + # Permissions for ReplicationReplicator + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["create", "get", "list", "watch"] + # Permissions for configmaps needed by NFS without SDC + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "update"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -104,6 +112,8 @@ spec: metadata: labels: name: -controller + annotations: + kubectl.kubernetes.io/default-container: driver spec: affinity: nodeSelector: @@ -119,7 +129,7 @@ spec: serviceAccountName: -controller containers: - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -132,7 +142,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -162,7 +172,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: csi-external-health-monitor-controller - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -179,7 +189,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -193,7 +203,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -206,8 +216,8 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-vxflexos:v2.10.1 - imagePullPolicy: IfNotPresent + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 + imagePullPolicy: Always command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.13.0/csidriver.yaml similarity index 100% rename from operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml rename to operatorconfig/driverconfig/powerflex/v2.13.0/csidriver.yaml diff --git a/operatorconfig/driverconfig/powerflex/v2.13.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.13.0/driver-config-params.yaml new file mode 100644 index 000000000..738f9ae4e --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.13.0/driver-config-params.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: |- + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "TEXT" + PODMON_CONTROLLER_LOG_LEVEL: "debug" + PODMON_CONTROLLER_LOG_FORMAT: "TEXT" + PODMON_NODE_LOG_LEVEL: "debug" + PODMON_NODE_LOG_FORMAT: "TEXT" diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerflex/v2.13.0/node.yaml similarity index 92% rename from operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml rename to operatorconfig/driverconfig/powerflex/v2.13.0/node.yaml index eb0706e64..224fed8b0 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.13.0/node.yaml @@ -40,6 +40,9 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "update"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -70,6 +73,8 @@ spec: labels: app: -node driver.dellemc.com: dell-storage + annotations: + kubectl.kubernetes.io/default-container: driver spec: serviceAccount: -node dnsPolicy: ClusterFirstWithHostNet @@ -82,8 +87,8 @@ spec: allowPrivilegeEscalation: true capabilities: add: ["SYS_ADMIN"] - image: dellemc/csi-vxflexos:v2.10.1 - imagePullPolicy: IfNotPresent + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 + imagePullPolicy: Always command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" @@ -101,6 +106,8 @@ spec: value: /certs - name: X_CSI_HEALTH_MONITOR_ENABLED value: "" + - name: X_CSI_SDC_ENABLED + value: - name: X_CSI_APPROVE_SDC_ENABLED value: - name: X_CSI_RENAME_SDC_ENABLED @@ -117,6 +124,9 @@ spec: volumeMounts: - name: driver-path mountPath: /plugins/vxflexos.emc.dell.com + - name: disks-path + mountPath: /plugins/vxflexos.emc.dell.com/disks + mountPropagation: "Bidirectional" - name: volumedevices-path mountPath: /plugins/kubernetes.io/csi/volumeDevices mountPropagation: "Bidirectional" @@ -135,7 +145,7 @@ spec: mountPath: /certs readOnly: true - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -157,7 +167,7 @@ spec: - name: sdc-monitor securityContext: privileged: true - image: dellemc/sdc:4.5.1 + image: dellemc/sdc:4.5.2.1 imagePullPolicy: IfNotPresent env: - name: HOST_PID @@ -185,7 +195,7 @@ spec: - name: sdc securityContext: privileged: true - image: dellemc/sdc:4.5.1 + image: dellemc/sdc:4.5.2.1 imagePullPolicy: IfNotPresent env: - name: NODENAME @@ -223,6 +233,10 @@ spec: hostPath: path: /plugins/vxflexos.emc.dell.com type: DirectoryOrCreate + - name: disks-path + hostPath: + path: /plugins/vxflexos.emc.dell.com/disks + type: DirectoryOrCreate - name: volumedevices-path hostPath: path: /plugins/kubernetes.io/csi/volumeDevices diff --git a/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml new file mode 100644 index 000000000..1264a1da5 --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml @@ -0,0 +1,3 @@ + + minUpgradePath: v2.12.0 + diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/upgrade-path.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/upgrade-path.yaml deleted file mode 100644 index a902cb64c..000000000 --- a/operatorconfig/driverconfig/powermax/v2.10.1/upgrade-path.yaml +++ /dev/null @@ -1 +0,0 @@ -minUpgradePath: v2.8.0 diff --git a/tests/config/driverconfig/powermax/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml similarity index 90% rename from tests/config/driverconfig/powermax/v2.10.1/controller.yaml rename to operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml index 1abe10494..f5d9c57de 100644 --- a/tests/config/driverconfig/powermax/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml @@ -90,6 +90,10 @@ rules: - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get"] + # Permissions for ReplicationReplicator + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["create", "get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -122,6 +126,8 @@ spec: metadata: labels: app: -controller + annotations: + kubectl.kubernetes.io/default-container: driver spec: serviceAccount: -controller affinity: @@ -136,7 +142,7 @@ spec: topologyKey: kubernetes.io/hostname containers: - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -150,7 +156,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -165,7 +171,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: external-health-monitor - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -182,7 +188,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -213,7 +219,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -229,20 +235,16 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-powermax:v2.10.1 - imagePullPolicy: IfNotPresent + image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 + imagePullPolicy: Always command: ["/csi-powermax.sh"] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com - name: CSI_ENDPOINT value: /var/run/csi/csi.sock - - name: X_CSI_MANAGED_ARRAYS - value: "" - - name: X_CSI_POWERMAX_ENDPOINT - value: "" - name: X_CSI_K8S_CLUSTER_PREFIX - value: "" + value: "CSM" - name: X_CSI_MODE value: controller - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION @@ -259,30 +261,22 @@ spec: name: powermax-creds - name: X_CSI_POWERMAX_DEBUG value: "" - - name: X_CSI_POWERMAX_PORTGROUPS - value: "" - name: X_CSI_GRPC_MAX_THREADS value: "50" - name: X_CSI_ENABLE_BLOCK value: "true" - - name: X_CSI_TRANSPORT_PROTOCOL - value: "" - name: SSL_CERT_DIR value: /certs - name: X_CSI_IG_NODENAME_TEMPLATE value: "" - name: X_CSI_IG_MODIFY_HOSTNAME value: "" - - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME - value: "powermax-reverseproxy" - - name: X_CSI_REPLICATION_CONTEXT_PREFIX - value: powermax/ - - name: X_CSI_REPLICATION_PREFIX - value: replication.storage.dell.com/ - name: X_CSI_UNISPHERE_TIMEOUT value: 5m - name: X_CSI_POWERMAX_CONFIG_PATH value: /powermax-config-params/driver-config-params.yaml + - name: X_CSI_POWERMAX_ARRAY_CONFIG_PATH + value: /powermax-array-config/powermax-array-config.yaml - name: X_CSI_HEALTH_MONITOR_ENABLED value: "" - name: X_CSI_VSPHERE_ENABLED @@ -312,7 +306,9 @@ spec: mountPath: /certs readOnly: true - name: powermax-config-params - mountPath: /csi-powermax-config-params + mountPath: -config-params + - name: powermax-array-config + mountPath: /powermax-array-config volumes: - name: socket-dir emptyDir: @@ -323,5 +319,8 @@ spec: - name: powermax-config-params configMap: name: -config-params + - name: powermax-array-config + configMap: + name: powermax-array-config - name: cert-dir emptyDir: diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.13.0/csidriver.yaml similarity index 100% rename from operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml rename to operatorconfig/driverconfig/powermax/v2.13.0/csidriver.yaml diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/powermax/v2.13.0/driver-config-params.yaml similarity index 100% rename from operatorconfig/driverconfig/powermax/v2.10.1/driver-config-params.yaml rename to operatorconfig/driverconfig/powermax/v2.13.0/driver-config-params.yaml diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml b/operatorconfig/driverconfig/powermax/v2.13.0/node.yaml similarity index 87% rename from operatorconfig/driverconfig/powermax/v2.10.1/node.yaml rename to operatorconfig/driverconfig/powermax/v2.13.0/node.yaml index 9830a8446..e55e93c46 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powermax/v2.13.0/node.yaml @@ -73,6 +73,8 @@ spec: metadata: labels: app: -node + annotations: + kubectl.kubernetes.io/default-container: driver spec: serviceAccount: -node # nodeSelector: @@ -87,19 +89,15 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: dellemc/csi-powermax:v2.10.1 - imagePullPolicy: IfNotPresent + image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 + imagePullPolicy: Always env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com - name: CSI_ENDPOINT value: unix:///plugins/powermax.emc.dell.com/csi_sock - - name: X_CSI_MANAGED_ARRAYS - value: "" - - name: X_CSI_POWERMAX_ENDPOINT - value: "" - name: X_CSI_K8S_CLUSTER_PREFIX - value: "" + value: "CSM" - name: X_CSI_MODE value: node - name: X_CSI_PRIVATE_MOUNT_DIR @@ -125,24 +123,22 @@ spec: value: "" - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME value: "csipowermax-reverseproxy" - - name: X_CSI_ISCSI_CHROOT + - name: X_CSI_NODE_CHROOT value: noderoot - name: X_CSI_GRPC_MAX_THREADS value: "50" - - name: X_CSI_TRANSPORT_PROTOCOL - value: "" - name: SSL_CERT_DIR value: /certs - name: X_CSI_POWERMAX_CONFIG_PATH value: /powermax-config-params/driver-config-params.yaml + - name: X_CSI_POWERMAX_ARRAY_CONFIG_PATH + value: /powermax-array-config/powermax-array-config.yaml - name: X_CSI_POWERMAX_TOPOLOGY_CONFIG_PATH value: /node-topology-config/topologyConfig.yaml - name: X_CSI_IG_NODENAME_TEMPLATE value: "" - name: X_CSI_IG_MODIFY_HOSTNAME value: "" - - name: X_CSI_POWERMAX_PORTGROUPS - value: "" - name: X_CSI_HEALTH_MONITOR_ENABLED value: "" - name: X_CSI_MAX_VOLUMES_PER_NODE @@ -174,9 +170,13 @@ spec: mountPath: /plugins/powermax.emc.dell.com - name: volumedevices-path mountPath: /plugins/kubernetes.io/csi/volumeDevices + mountPropagation: "Bidirectional" - name: pods-path mountPath: /pods mountPropagation: "Bidirectional" + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" - name: dev mountPath: /dev - name: sys @@ -190,10 +190,12 @@ spec: readOnly: true - name: powermax-config-params mountPath: /powermax-config-params + - name: powermax-array-config + mountPath: /powermax-array-config - name: node-topology-config mountPath: /node-topology-config - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -225,6 +227,9 @@ spec: hostPath: path: /plugins/kubernetes.io/csi/volumeDevices type: DirectoryOrCreate + - name: csi-path + hostPath: + path: /plugins/kubernetes.io/csi - name: pods-path hostPath: path: /pods @@ -252,7 +257,22 @@ spec: - name: powermax-config-params configMap: name: -config-params + - name: powermax-array-config + configMap: + name: powermax-array-config - name: node-topology-config configMap: name: node-topology-config optional: true + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory diff --git a/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml new file mode 100644 index 000000000..1264a1da5 --- /dev/null +++ b/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml @@ -0,0 +1,3 @@ + + minUpgradePath: v2.12.0 + diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/upgrade-path.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/upgrade-path.yaml deleted file mode 100644 index a902cb64c..000000000 --- a/operatorconfig/driverconfig/powerscale/v2.10.1/upgrade-path.yaml +++ /dev/null @@ -1 +0,0 @@ -minUpgradePath: v2.8.0 diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml similarity index 93% rename from operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml rename to operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml index 0d0712e19..f96c66736 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml @@ -81,6 +81,10 @@ rules: - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get"] + # Permissions for ReplicationReplicator + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["create", "get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -113,6 +117,8 @@ spec: metadata: labels: app: -controller + annotations: + kubectl.kubernetes.io/default-container: driver spec: serviceAccount: -controller affinity: @@ -127,7 +133,7 @@ spec: topologyKey: kubernetes.io/hostname containers: - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -144,7 +150,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -161,7 +167,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: external-health-monitor - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -181,7 +187,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -214,7 +220,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -232,8 +238,8 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: csi-metadata-retriever - image: dellemc/csi-metadata-retriever:v1.7.3 - imagePullPolicy: IfNotPresent + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + imagePullPolicy: Always args: - "--csi-address=$(ADDRESS)" - "--timeout=120s" @@ -252,8 +258,8 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-isilon:v2.10.1 - imagePullPolicy: IfNotPresent + image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 + imagePullPolicy: Always command: ["/csi-isilon"] args: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" diff --git a/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/csidriver.yaml similarity index 100% rename from tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml rename to operatorconfig/driverconfig/powerscale/v2.13.0/csidriver.yaml diff --git a/operatorconfig/driverconfig/powerscale/v2.13.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/driver-config-params.yaml new file mode 100644 index 000000000..5e0a6004f --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/driver-config-params.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "TEXT" + PODMON_CONTROLLER_LOG_LEVEL: "debug" + PODMON_CONTROLLER_LOG_FORMAT: "TEXT" + PODMON_NODE_LOG_LEVEL: "debug" + PODMON_NODE_LOG_FORMAT: "TEXT" diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/node.yaml similarity index 97% rename from operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml rename to operatorconfig/driverconfig/powerscale/v2.13.0/node.yaml index 260e6a114..a11856e90 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/node.yaml @@ -61,6 +61,8 @@ spec: metadata: labels: app: -node + annotations: + kubectl.kubernetes.io/default-container: driver spec: serviceAccount: -node # nodeSelector: @@ -77,8 +79,8 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: dellemc/csi-isilon:v2.10.1 - imagePullPolicy: IfNotPresent + image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 + imagePullPolicy: Always env: - name: CSI_ENDPOINT value: /plugins/csi-isilon/csi_sock @@ -144,7 +146,7 @@ spec: - name: csi-isilon-config-params mountPath: /csi-isilon-config-params - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 imagePullPolicy: IfNotPresent args: - "--v=5" diff --git a/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml new file mode 100644 index 000000000..1264a1da5 --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml @@ -0,0 +1,3 @@ + + minUpgradePath: v2.12.0 + diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/upgrade-path.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/upgrade-path.yaml deleted file mode 100644 index d41faddac..000000000 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/upgrade-path.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# -# -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -minUpgradePath: v2.8.0 diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml similarity index 94% rename from operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml rename to operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml index 39e186a70..c4f803a95 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml @@ -117,6 +117,8 @@ spec: metadata: labels: name: -controller + annotations: + kubectl.kubernetes.io/default-container: driver spec: serviceAccountName: -controller affinity: @@ -131,7 +133,7 @@ spec: topologyKey: kubernetes.io/hostname containers: - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -147,7 +149,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -160,7 +162,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -189,7 +191,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -203,7 +205,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: external-health-monitor - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -223,8 +225,8 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-powerstore:v2.10.1 - imagePullPolicy: IfNotPresent + image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 + imagePullPolicy: Always command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" @@ -249,7 +251,7 @@ spec: - name: GOPOWERSTORE_DEBUG value: true - name: CSI_AUTO_ROUND_OFF_FILESYSTEM_SIZE - value: false + value: true - name: X_CSI_HEALTH_MONITOR_ENABLED value: "" volumeMounts: diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.13.0/csidriver.yaml similarity index 100% rename from operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml rename to operatorconfig/driverconfig/powerstore/v2.13.0/csidriver.yaml diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.13.0/driver-config-params.yaml similarity index 100% rename from operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml rename to operatorconfig/driverconfig/powerstore/v2.13.0/driver-config-params.yaml diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerstore/v2.13.0/node.yaml similarity index 97% rename from operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml rename to operatorconfig/driverconfig/powerstore/v2.13.0/node.yaml index 898e4016b..fbf7600ed 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.13.0/node.yaml @@ -77,6 +77,8 @@ spec: labels: app: -node driver.dellemc.com: dell-storage + annotations: + kubectl.kubernetes.io/default-container: driver spec: # nodeSelector: # tolerations: @@ -91,8 +93,8 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: dellemc/csi-powerstore:v2.10.1 - imagePullPolicy: IfNotPresent + image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 + imagePullPolicy: Always command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" @@ -161,7 +163,7 @@ spec: - name: powerstore-config-params mountPath: /powerstore-config-params - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 imagePullPolicy: IfNotPresent args: - "--v=5" diff --git a/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml new file mode 100644 index 000000000..1264a1da5 --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml @@ -0,0 +1,3 @@ + + minUpgradePath: v2.12.0 + diff --git a/operatorconfig/driverconfig/unity/v2.10.1/upgrade-path.yaml b/operatorconfig/driverconfig/unity/v2.10.1/upgrade-path.yaml deleted file mode 100644 index a902cb64c..000000000 --- a/operatorconfig/driverconfig/unity/v2.10.1/upgrade-path.yaml +++ /dev/null @@ -1 +0,0 @@ -minUpgradePath: v2.8.0 diff --git a/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml b/operatorconfig/driverconfig/unity/v2.13.0/controller.yaml similarity index 94% rename from operatorconfig/driverconfig/unity/v2.10.1/controller.yaml rename to operatorconfig/driverconfig/unity/v2.13.0/controller.yaml index a788bec4c..34d3826d8 100644 --- a/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.13.0/controller.yaml @@ -106,6 +106,8 @@ spec: metadata: labels: app: -controller + annotations: + kubectl.kubernetes.io/default-container: driver spec: serviceAccountName: -controller affinity: @@ -120,7 +122,7 @@ spec: topologyKey: "kubernetes.io/hostname" containers: - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -133,7 +135,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -165,7 +167,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -181,7 +183,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -194,7 +196,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: external-health-monitor - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -211,12 +213,12 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-unity:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" - "--driver-secret=/unity-secret/config" - imagePullPolicy: IfNotPresent + imagePullPolicy: Always env: - name: CSI_ENDPOINT value: /var/run/csi/csi.sock diff --git a/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.13.0/csidriver.yaml similarity index 100% rename from operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml rename to operatorconfig/driverconfig/unity/v2.13.0/csidriver.yaml diff --git a/tests/config/driverconfig/unity/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/unity/v2.13.0/driver-config-params.yaml similarity index 92% rename from tests/config/driverconfig/unity/v2.10.1/driver-config-params.yaml rename to operatorconfig/driverconfig/unity/v2.13.0/driver-config-params.yaml index e249d5138..26d6e4a73 100644 --- a/tests/config/driverconfig/unity/v2.10.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/unity/v2.13.0/driver-config-params.yaml @@ -6,6 +6,7 @@ metadata: data: driver-config-params.yaml: |- CSI_LOG_LEVEL: "info" + CSI_LOG_FORMAT: "JSON" ALLOW_RWO_MULTIPOD_ACCESS: "false" MAX_UNITY_VOLUMES_PER_NODE: 0 SYNC_NODE_INFO_TIME_INTERVAL: 15 diff --git a/operatorconfig/driverconfig/unity/v2.10.1/node.yaml b/operatorconfig/driverconfig/unity/v2.13.0/node.yaml similarity index 95% rename from operatorconfig/driverconfig/unity/v2.10.1/node.yaml rename to operatorconfig/driverconfig/unity/v2.13.0/node.yaml index 41f8c4d2c..864cda39a 100644 --- a/operatorconfig/driverconfig/unity/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/unity/v2.13.0/node.yaml @@ -63,6 +63,8 @@ spec: metadata: labels: app: -node + annotations: + kubectl.kubernetes.io/default-container: driver spec: serviceAccountName: -node hostIPC: true @@ -75,8 +77,8 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: dellemc/csi-unity:v2.10.1 - imagePullPolicy: IfNotPresent + image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 + imagePullPolicy: Always args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -109,6 +111,8 @@ spec: value: "" - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION value: "true" + - name: X_CSI_ALLOWED_NETWORKS + value: "" volumeMounts: - name: driver-path mountPath: /var/lib/kubelet/plugins/unity.emc.dell.com @@ -130,7 +134,7 @@ spec: - name: unity-secret mountPath: /unity-secret - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 args: - "--v=5" - "--csi-address=$(ADDRESS)" diff --git a/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml new file mode 100644 index 000000000..1264a1da5 --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml @@ -0,0 +1,3 @@ + + minUpgradePath: v2.12.0 + diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index e7028a84a..3ff6b6127 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -11,13 +11,13 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "quay.io/dell/container-storage-modules/csi-powermax:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-powermax:v2.13.0" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -42,7 +42,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -121,7 +121,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml index 3d4d256a4..6cf9602de 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml @@ -16,13 +16,13 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -52,7 +52,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -165,7 +165,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml index 7b1e7d544..bab04ba57 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml @@ -16,13 +16,13 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -52,7 +52,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -165,7 +165,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/pkg/modules/testdata/cr_powerflex_replica.yaml b/pkg/modules/testdata/cr_powerflex_replica.yaml index 585637a01..c3c495e69 100644 --- a/pkg/modules/testdata/cr_powerflex_replica.yaml +++ b/pkg/modules/testdata/cr_powerflex_replica.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false diff --git a/pkg/modules/testdata/cr_powerflex_resiliency.yaml b/pkg/modules/testdata/cr_powerflex_resiliency.yaml index 7b6487d3c..a91eba1dc 100644 --- a/pkg/modules/testdata/cr_powerflex_resiliency.yaml +++ b/pkg/modules/testdata/cr_powerflex_resiliency.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false diff --git a/pkg/modules/testdata/cr_powermax_observability.yaml b/pkg/modules/testdata/cr_powermax_observability.yaml index 3113da8ae..5ba57cd06 100644 --- a/pkg/modules/testdata/cr_powermax_observability.yaml +++ b/pkg/modules/testdata/cr_powermax_observability.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: test-powermax-creds replicas: 1 common: - image: "quay.io/dell/container-storage-modules/csi-powermax:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-powermax:v2.13.0" imagePullPolicy: IfNotPresent modules: # observability: allows to configure observability diff --git a/pkg/modules/testdata/cr_powermax_replica.yaml b/pkg/modules/testdata/cr_powermax_replica.yaml index ed8f10acf..a41bc94e4 100644 --- a/pkg/modules/testdata/cr_powermax_replica.yaml +++ b/pkg/modules/testdata/cr_powermax_replica.yaml @@ -18,11 +18,11 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: test-powermax-creds replicas: 1 common: - image: "quay.io/dell/container-storage-modules/csi-powermax:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-powermax:v2.13.0" imagePullPolicy: IfNotPresent modules: - name: replication diff --git a/pkg/modules/testdata/cr_powermax_reverseproxy.yaml b/pkg/modules/testdata/cr_powermax_reverseproxy.yaml index 9c81c5b82..8966b3599 100644 --- a/pkg/modules/testdata/cr_powermax_reverseproxy.yaml +++ b/pkg/modules/testdata/cr_powermax_reverseproxy.yaml @@ -18,11 +18,11 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: powermax-creds replicas: 1 common: - image: "quay.io/dell/container-storage-modules/csi-powermax:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-powermax:v2.13.0" imagePullPolicy: IfNotPresent modules: # CSI Powermax Reverseproxy is a mandatory module diff --git a/pkg/modules/testdata/cr_powerscale_auth.yaml b/pkg/modules/testdata/cr_powerscale_auth.yaml index f9dacdcca..734d2101c 100644 --- a/pkg/modules/testdata/cr_powerscale_auth.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds-custom replicas: 1 common: - image: "quay.io/dell/container-storage-modules/csi-isilon:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-isilon:v2.13.0" imagePullPolicy: IfNotPresent modules: - name: authorization diff --git a/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml b/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml index c7752abad..162ee9a91 100644 --- a/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds-custom replicas: 1 common: - image: "quay.io/dell/container-storage-modules/csi-isilon:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-isilon:v2.13.0" imagePullPolicy: IfNotPresent modules: - name: authorization diff --git a/pkg/modules/testdata/cr_powerscale_observability.yaml b/pkg/modules/testdata/cr_powerscale_observability.yaml index e4486d42e..103e65971 100644 --- a/pkg/modules/testdata/cr_powerscale_observability.yaml +++ b/pkg/modules/testdata/cr_powerscale_observability.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds replicas: 1 common: - image: "quay.io/dell/container-storage-modules/csi-isilon:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-isilon:v2.13.0" imagePullPolicy: IfNotPresent modules: # observability: allows to configure observability diff --git a/pkg/modules/testdata/cr_powerscale_replica.yaml b/pkg/modules/testdata/cr_powerscale_replica.yaml index 7c326876c..d51367cf9 100644 --- a/pkg/modules/testdata/cr_powerscale_replica.yaml +++ b/pkg/modules/testdata/cr_powerscale_replica.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds replicas: 1 common: - image: "quay.io/dell/container-storage-modules/csi-isilon:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-isilon:v2.13.0" imagePullPolicy: IfNotPresent modules: - name: replication diff --git a/pkg/modules/testdata/cr_powerscale_resiliency.yaml b/pkg/modules/testdata/cr_powerscale_resiliency.yaml index fbf7a4c51..a6e03100d 100644 --- a/pkg/modules/testdata/cr_powerscale_resiliency.yaml +++ b/pkg/modules/testdata/cr_powerscale_resiliency.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds-custom replicas: 1 common: - image: "quay.io/dell/container-storage-modules/csi-isilon:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-isilon:v2.13.0" imagePullPolicy: IfNotPresent modules: - name: resiliency diff --git a/pkg/modules/testdata/cr_powerstore_resiliency.yaml b/pkg/modules/testdata/cr_powerstore_resiliency.yaml index 737046d9f..03ba01dde 100644 --- a/pkg/modules/testdata/cr_powerstore_resiliency.yaml +++ b/pkg/modules/testdata/cr_powerstore_resiliency.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "powerstore" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: powerstore-creds replicas: 1 common: - image: "quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0" imagePullPolicy: IfNotPresent modules: - name: resiliency diff --git a/samples/storage_csm_powerflex_v2101.yaml b/samples/storage_csm_powerflex_v2130.yaml similarity index 87% rename from samples/storage_csm_powerflex_v2101.yaml rename to samples/storage_csm_powerflex_v2130.yaml index f547e17ef..705ea3147 100644 --- a/samples/storage_csm_powerflex_v2101.yaml +++ b/samples/storage_csm_powerflex_v2130.yaml @@ -17,13 +17,13 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.10.1 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "docker.io/dellemc/csi-vxflexos:v2.10.1" + image: "quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -41,36 +41,43 @@ spec: value: "0" - name: X_CSI_QUOTA_ENABLED value: "false" + # CSI driver interface names for NFS deployment without SDC + # Multiple interface names should be separated by comma + # Ensure to single quote the whole value and double quote each interface name + # Examples: 'worker1: "interface1",worker2: "interface2"' + # Default value: None, required only when X_CSI_SDC_ENABLED is set to false + - name: INTERFACE_NAMES + value: sideCars: # 'k8s' represents a string prepended to each volume created by the CSI driver - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 args: ["--volume-name-prefix=k8s"] - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: docker.io/dellemc/csi-metadata-retriever:v1.7.3 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false - image: docker.io/dellemc/sdc:4.5.1 + image: docker.io/dellemc/sdc:4.5.2.1 envs: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -116,6 +123,13 @@ spec: # effect: "NoSchedule" node: envs: + # X_CSI_SDC_ENABLED: Enable/Disable SDC + # Allowed values: + # true: enable SDC + # false: disable SDC + # Default value: true + - name: X_CSI_SDC_ENABLED + value: "true" # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval # Allowed values: # true: enable SDC approval @@ -180,21 +194,24 @@ spec: # operator: "Exists" # effect: "NoSchedule" initContainers: - - image: docker.io/dellemc/sdc:4.5.1 + - image: docker.io/dellemc/sdc:4.5.2.1 imagePullPolicy: IfNotPresent name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization - # enable: Enable/Disable csm-authorization + # enabled: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.1 + # For PowerFlex Tech-Preview v2.0.0-alpha use v1.11.0 as configVersion. + # Do not change the configVersion to v2.0.0-alpha + configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: docker.io/dellemc/csm-authorization-sidecar:v1.10.1 + # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 for Authorization v2.0.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -206,14 +223,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.1 + configVersion: v1.10.0 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: docker.io/dellemc/csm-topology:v1.8.1 + image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -245,9 +262,9 @@ spec: envs: # image of nginx proxy image # Allowed values: string - # Default value: "docker.io/nginxinc/nginx-unprivileged:1.20" + # Default value: "docker.io/nginxinc/nginx-unprivileged:1.27" - name: "NGINX_PROXY_IMAGE" - value: "docker.io/nginxinc/nginx-unprivileged:1.20" + value: "docker.io/nginxinc/nginx-unprivileged:1.27" # enabled: Enable/Disable cert-manager # Allowed values: # true: enable deployment of cert-manager @@ -259,7 +276,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: false # image: Defines PowerFlex metrics image. This shouldn't be changed - image: docker.io/dellemc/csm-metrics-powerflex:v1.8.1 + image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int @@ -320,13 +337,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.1 + configVersion: v1.10.0 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: docker.io/dellemc/dell-csi-replicator:v1.8.1 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -340,7 +357,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: docker.io/dellemc/dell-replication-controller:v1.8.1 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -373,10 +390,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.1 + configVersion: v1.11.0 components: - name: podmon-controller - image: docker.io/dellemc/podmon:v1.9.1 + image: quay.io/dell/container-storage-modules/podmon:v1.11.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-vxflexos" @@ -390,7 +407,7 @@ spec: - "--mode=controller" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - name: podmon-node - image: docker.io/dellemc/podmon:v1.9.1 + image: quay.io/dell/container-storage-modules/podmon:v1.11.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/samples/storage_csm_powermax_v2101.yaml b/samples/storage_csm_powermax_v2130.yaml similarity index 83% rename from samples/storage_csm_powermax_v2101.yaml rename to samples/storage_csm_powermax_v2130.yaml index 9b4f76369..50ba59a64 100644 --- a/samples/storage_csm_powermax_v2101.yaml +++ b/samples/storage_csm_powermax_v2130.yaml @@ -32,8 +32,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.10.1 driver - configVersion: v2.10.1 + configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 @@ -45,8 +44,7 @@ spec: forceUpdate: false forceRemoveDriver: true common: - # Image for CSI PowerMax driver v2.10.1 - image: docker.io/dellemc/csi-powermax:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. @@ -55,17 +53,6 @@ spec: # Default value: None imagePullPolicy: IfNotPresent envs: - # X_CSI_MANAGED_ARRAYS: Serial ID of the arrays that will be used for provisioning - # Default value: None - # Examples: "000000000001", "000000000002" - - name: X_CSI_MANAGED_ARRAYS - value: "000000000000,000000000001" - # X_CSI_POWERMAX_ENDPOINT: Address of the Unisphere server that is managing the PowerMax arrays - # In case of multi-array, provide an endpoint of locally attached array - # Default value: None - # Example: https://0.0.0.1:8443 - - name: X_CSI_POWERMAX_ENDPOINT - value: "https://0.0.0.0:8443/" # X_CSI_K8S_CLUSTER_PREFIX: Define a prefix that is appended onto # all resources created in the Array # This should be unique per K8s/CSI deployment @@ -79,24 +66,6 @@ spec: # Default value: /var/lib/kubelet - name: KUBELET_CONFIG_DIR value: /var/lib/kubelet - # X_CSI_POWERMAX_PORTGROUPS: Define the set of existing port groups that the driver will use. - # It is a comma separated list of portgroup names. - # Required only in case of iSCSI port groups - # Allowed values: iSCSI Port Group names - # Default value: None - # Examples: "pg1", "pg1, pg2" - - name: X_CSI_POWERMAX_PORTGROUPS - value: "" - # "X_CSI_TRANSPORT_PROTOCOL" can be "FC" or "FIBRE" for fibrechannel, - # "ISCSI" for iSCSI, or "" for autoselection. - # Allowed values: - # "FC" - Fiber Channel protocol - # "FIBER" - Fiber Channel protocol - # "ISCSI" - iSCSI protocol - # "" - Automatic selection of transport protocol - # Default value: "" - - name: X_CSI_TRANSPORT_PROTOCOL - value: "" # VMware/vSphere virtualization support # set X_CSI_VSPHERE_ENABLED to true, if you to enable VMware virtualized environment support via RDM # Allowed values: @@ -123,6 +92,16 @@ spec: # Default value: "" - name: "X_CSI_VCENTER_HOST" value: "" + # CSI driver log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "CSI_LOG_LEVEL" + value: "debug" + # CSI driver log format + # Allowed values: "TEXT" or "JSON" + # Default value: "TEXT" + - name: "CSI_LOG_FORMAT" + value: "TEXT" controller: envs: # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin- volume usage, volume condition @@ -212,7 +191,7 @@ spec: # - key: "node-role.kubernetes.io/master" # operator: "Exists" # effect: "NoSchedule" - # Uncomment tab if CSM for Resiliency and CSI Driver pods monitor is enabled + # Uncomment and tab if CSM for Resiliency and CSI Driver pods monitor is enabled # - key: "offline.powermax.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" @@ -222,23 +201,23 @@ spec: sideCars: # 'pmax' represents a string prepended to each volume created by the CSI driver - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 args: ["--volume-name-prefix=pmax"] - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: docker.io/dellemc/csi-metadata-retriever:v1.7.3 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false args: ["--monitor-interval=60s"] - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -247,16 +226,12 @@ spec: modules: # CSI Powermax Reverseproxy is a mandatory module for Powermax - name: csireverseproxy - # enabled: Always set to true - enabled: true - forceRemoveModule: true - configVersion: v2.9.1 + configVersion: v2.11.0 components: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: docker.io/dellemc/csipowermax-reverseproxy:v2.9.1 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 envs: # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key @@ -277,10 +252,10 @@ spec: - name: authorization # enabled: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.1 + configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: docker.io/dellemc/csm-authorization-sidecar:v1.10.1 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -297,13 +272,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.1 + configVersion: v1.10.0 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: docker.io/dellemc/dell-csi-replicator:v1.8.1 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -318,7 +293,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: docker.io/dellemc/dell-replication-controller:v1.8.1 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -348,14 +323,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.1 + configVersion: v1.10.0 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: docker.io/dellemc/csm-topology:v1.8.1 + image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -387,9 +362,9 @@ spec: envs: # image of nginx proxy image # Allowed values: string - # Default value: "docker.io/nginxinc/nginx-unprivileged:1.20" + # Default value: "docker.io/nginxinc/nginx-unprivileged:1.27" - name: "NGINX_PROXY_IMAGE" - value: "docker.io/nginxinc/nginx-unprivileged:1.20" + value: "docker.io/nginxinc/nginx-unprivileged:1.27" - name: cert-manager # enabled: Enable/Disable cert-manager # Allowed values: @@ -401,7 +376,7 @@ spec: # enabled: Enable/Disable PowerMax metrics enabled: false # image: Defines PowerMax metrics image. This shouldn't be changed - image: docker.io/dellemc/csm-metrics-powermax:v1.3.1 + image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 envs: # POWERMAX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerMax # Allowed values: int @@ -446,3 +421,47 @@ spec: # configMap name which has all array/endpoint related info - name: "X_CSI_CONFIG_MAP_NAME" value: "powermax-reverseproxy-config" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.11.0 + components: + - name: podmon-controller + image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-powermax" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" + - "--driverPath=csi-powermax.dellemc.com" + - name: podmon-node + image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-powermax" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/powermax.emc.dell.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" + - "--driverPath=csi-powermax.dellemc.com" diff --git a/samples/storage_csm_powerscale_v2101.yaml b/samples/storage_csm_powerscale_v2130.yaml similarity index 93% rename from samples/storage_csm_powerscale_v2101.yaml rename to samples/storage_csm_powerscale_v2130.yaml index d756f6ce1..ad70808db 100644 --- a/samples/storage_csm_powerscale_v2101.yaml +++ b/samples/storage_csm_powerscale_v2130.yaml @@ -17,16 +17,14 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerScale v2.10.1 driver - configVersion: v2.10.1 + configVersion: v2.13.0 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet # Uninstall CSI Driver and/or modules when CR is deleted forceRemoveDriver: true common: - # Image for CSI PowerScale driver v2.10.1 - image: "docker.io/dellemc/csi-isilon:v2.10.1" + image: "quay.io/dell/container-storage-modules/csi-isilon:v2.13.0" imagePullPolicy: IfNotPresent envs: # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs @@ -232,40 +230,39 @@ spec: # - key: "isilon.podmon.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" - sideCars: - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 args: ["--volume-name-prefix=csipscale"] - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: docker.io/dellemc/csi-metadata-retriever:v1.7.3 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false args: ["--monitor-interval=60s"] - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 - # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity - # Configure when the storageCapacity is set as "true" - # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m - # - name: provisioner - # args: ["--capacity-poll-interval=5m"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + # - name: provisioner + # args: ["--capacity-poll-interval=5m"] modules: # Authorization: enable csm-authorization for RBAC - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.1 + configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: docker.io/dellemc/csm-authorization-sidecar:v1.10.1 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -282,13 +279,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.1 + configVersion: v1.10.0 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: docker.io/dellemc/dell-csi-replicator:v1.8.1 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -303,7 +300,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: docker.io/dellemc/dell-replication-controller:v1.8.1 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -333,14 +330,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.1 + configVersion: v1.10.0 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: docker.io/dellemc/csm-topology:v1.8.1 + image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -372,9 +369,9 @@ spec: envs: # image of nginx proxy image # Allowed values: string - # Default value: "docker.io/nginxinc/nginx-unprivileged:1.20" + # Default value: "docker.io/nginxinc/nginx-unprivileged:1.27" - name: "NGINX_PROXY_IMAGE" - value: "docker.io/nginxinc/nginx-unprivileged:1.20" + value: "docker.io/nginxinc/nginx-unprivileged:1.27" - name: cert-manager # enabled: Enable/Disable cert-manager # Allowed values: @@ -387,7 +384,7 @@ spec: enabled: false # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: docker.io/dellemc/csm-metrics-powerscale:v1.5.1 + image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int @@ -456,10 +453,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.1 + configVersion: v1.11.0 components: - name: podmon-controller - image: docker.io/dellemc/podmon:v1.9.1 + image: quay.io/dell/container-storage-modules/podmon:v1.11.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-isilon" @@ -474,7 +471,7 @@ spec: - "--driverPath=csi-isilon.dellemc.com" - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - name: podmon-node - image: docker.io/dellemc/podmon:v1.9.1 + image: quay.io/dell/container-storage-modules/podmon:v1.11.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/samples/storage_csm_powerstore_v2101.yaml b/samples/storage_csm_powerstore_v2130.yaml similarity index 93% rename from samples/storage_csm_powerstore_v2101.yaml rename to samples/storage_csm_powerstore_v2130.yaml index 558e06c1a..d7da05b1c 100644 --- a/samples/storage_csm_powerstore_v2101.yaml +++ b/samples/storage_csm_powerstore_v2130.yaml @@ -32,8 +32,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerStore v2.10.1 driver - configVersion: v2.10.1 + configVersion: v2.13.0 # authSecret: This is the secret used to validate the default PowerStore secret used for installation # Allowed values: -config # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config @@ -44,8 +43,7 @@ spec: forceUpdate: false forceRemoveDriver: true common: - # Image for CSI PowerStore driver v2.10.1 - image: "docker.io/dellemc/csi-powerstore:v2.10.1" + image: "quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0" imagePullPolicy: IfNotPresent envs: - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX @@ -62,23 +60,23 @@ spec: sideCars: # 'csivol' represents a string prepended to each volume created by the CSI driver - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 args: ["--volume-name-prefix=csivol"] - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: docker.io/dellemc/csi-metadata-retriever:v1.7.3 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false args: ["--monitor-interval=60s"] - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -186,10 +184,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.1 + configVersion: v1.11.0 components: - name: podmon-controller - image: docker.io/dellemc/podmon:v1.9.1 + image: quay.io/dell/container-storage-modules/podmon:v1.11.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-powerstore" @@ -204,7 +202,7 @@ spec: - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - "--driverPath=csi-powerstore.dellemc.com" - name: podmon-node - image: docker.io/dellemc/podmon:v1.9.1 + image: quay.io/dell/container-storage-modules/podmon:v1.11.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/samples/storage_csm_unity_v2101.yaml b/samples/storage_csm_unity_v2130.yaml similarity index 81% rename from samples/storage_csm_unity_v2101.yaml rename to samples/storage_csm_unity_v2130.yaml index 3c29695e8..cce151c13 100644 --- a/samples/storage_csm_unity_v2101.yaml +++ b/samples/storage_csm_unity_v2130.yaml @@ -17,16 +17,14 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI Unity v2.10.1 driver - configVersion: v2.10.1 + configVersion: v2.13.0 # Controller count replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - # Image for CSI Unity driver v2.10.1 - image: "docker.io/dellemc/csi-unity:v2.10.1" + image: "quay.io/dell/container-storage-modules/csi-unity:v2.13.0" imagePullPolicy: IfNotPresent envs: # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. @@ -58,6 +56,11 @@ spec: # Default value: "info" - name: CSI_LOG_LEVEL value: debug + # CSI driver log format + # Allowed values: "TEXT" or "JSON" + # Default value: "TEXT" + - name: CSI_LOG_FORMAT + value: "TEXT" # TENANT_NAME - Tenant name that need to added while adding host entry to the array. # Allowed values: string # Default value: "" @@ -82,18 +85,18 @@ spec: sideCars: # 'csivol' represents a string prepended to each volume created by the CSI driver - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 args: ["--volume-name-prefix=csivol"] - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: docker.io/dellemc/csi-metadata-retriever:v1.7.3 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity @@ -104,7 +107,7 @@ spec: enabled: false args: ["--monitor-interval=60s"] - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 controller: envs: # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. @@ -136,6 +139,15 @@ spec: # Default value: false - name: X_CSI_HEALTH_MONITOR_ENABLED value: "false" + # X_CSI_ALLOWED_NETWORKS: Custom networks for Unity export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks (comma separated) + # Default value: "" + # Provide them in the following format: "net1, net2" + # CIDR format should be used + # eg: "192.168.1.0/24, 192.168.100.0/22" + - name: X_CSI_ALLOWED_NETWORKS + value: "" # nodeSelector: Define node selection constraints for node pods. # For the pod to be eligible to run on a node, the node must have each # of the indicated key-value pairs as labels. @@ -150,14 +162,14 @@ spec: # Leave as blank to install controller on worker nodes # Default value: None tolerations: - # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled - # - key: "offline.unity.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "unity.podmon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" +# Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled +# - key: "offline.unity.storage.dell.com" +# operator: "Exists" +# effect: "NoSchedule" +# - key: "unity.podmon.storage.dell.com" +# operator: "Exists" +# effect: "NoSchedule" +# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint +# - key: "node-role.kubernetes.io/control-plane" +# operator: "Exists" +# effect: "NoSchedule" diff --git a/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.13.0/bad.yaml similarity index 100% rename from tests/config/driverconfig/powerflex/v2.10.1/bad.yaml rename to tests/config/driverconfig/badDriver/v2.13.0/bad.yaml diff --git a/tests/config/driverconfig/powermax/v2.10.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.13.0/controller.yaml similarity index 100% rename from tests/config/driverconfig/powermax/v2.10.1/bad.yaml rename to tests/config/driverconfig/badDriver/v2.13.0/controller.yaml diff --git a/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.13.0/csidriver.yaml similarity index 100% rename from tests/config/driverconfig/powerscale/v2.10.1/bad.yaml rename to tests/config/driverconfig/badDriver/v2.13.0/csidriver.yaml diff --git a/tests/config/driverconfig/badDriver/v2.13.0/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.13.0/driver-config-params.yaml new file mode 100644 index 000000000..596805cdc --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.13.0/driver-config-params.yaml @@ -0,0 +1,3 @@ +|- + this snfoiasga is + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.13.0/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.13.0/upgrade-path.yaml new file mode 100644 index 000000000..596805cdc --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.13.0/upgrade-path.yaml @@ -0,0 +1,3 @@ +|- + this snfoiasga is + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml deleted file mode 100644 index b5a7060aa..000000000 --- a/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: -config-params - namespace: -data: - driver-config-params.yaml: |- - CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT diff --git a/tests/config/driverconfig/powerflex/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/powerflex/v2.10.1/upgrade-path.yaml deleted file mode 100644 index a902cb64c..000000000 --- a/tests/config/driverconfig/powerflex/v2.10.1/upgrade-path.yaml +++ /dev/null @@ -1 +0,0 @@ -minUpgradePath: v2.8.0 diff --git a/tests/config/driverconfig/powerflex/v2.13.0/bad.yaml b/tests/config/driverconfig/powerflex/v2.13.0/bad.yaml new file mode 100644 index 000000000..596805cdc --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.13.0/bad.yaml @@ -0,0 +1,3 @@ +|- + this snfoiasga is + 843*&(*(% invalid YAml diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml b/tests/config/driverconfig/powerflex/v2.13.0/controller.yaml similarity index 95% rename from operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml rename to tests/config/driverconfig/powerflex/v2.13.0/controller.yaml index a4d2a5e2a..feed1f957 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.13.0/controller.yaml @@ -71,6 +71,9 @@ rules: - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "update"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -119,7 +122,7 @@ spec: serviceAccountName: -controller containers: - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -132,7 +135,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -162,7 +165,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: csi-external-health-monitor-controller - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -179,7 +182,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -193,7 +196,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -206,7 +209,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-vxflexos:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 imagePullPolicy: IfNotPresent command: ["/csi-vxflexos.sh"] args: diff --git a/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.13.0/csidriver.yaml similarity index 100% rename from tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml rename to tests/config/driverconfig/powerflex/v2.13.0/csidriver.yaml diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.13.0/driver-config-params.yaml similarity index 100% rename from operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml rename to tests/config/driverconfig/powerflex/v2.13.0/driver-config-params.yaml diff --git a/tests/config/driverconfig/powerflex/v2.10.1/node.yaml b/tests/config/driverconfig/powerflex/v2.13.0/node.yaml similarity index 97% rename from tests/config/driverconfig/powerflex/v2.10.1/node.yaml rename to tests/config/driverconfig/powerflex/v2.13.0/node.yaml index 80a667018..7803eb49d 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.13.0/node.yaml @@ -40,6 +40,9 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "update"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -82,7 +85,7 @@ spec: allowPrivilegeEscalation: true capabilities: add: ["SYS_ADMIN"] - image: dellemc/csi-vxflexos:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 imagePullPolicy: IfNotPresent command: ["/csi-vxflexos.sh"] args: @@ -135,7 +138,7 @@ spec: mountPath: /certs readOnly: true - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -157,7 +160,7 @@ spec: - name: sdc-monitor securityContext: privileged: true - image: dellemc/sdc:4.5.1 + image: dellemc/sdc:4.5.2.1 imagePullPolicy: IfNotPresent env: - name: HOST_PID @@ -183,7 +186,7 @@ spec: - name: sdc securityContext: privileged: true - image: dellemc/sdc:4.5.1 + image: dellemc/sdc:4.5.2.1 imagePullPolicy: IfNotPresent env: - name: NODENAME diff --git a/tests/config/driverconfig/powerflex/v2.13.0/upgrade-path.yaml b/tests/config/driverconfig/powerflex/v2.13.0/upgrade-path.yaml new file mode 100644 index 000000000..91b27e540 --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.13.0/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.10.1 diff --git a/tests/config/driverconfig/powermax/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/powermax/v2.10.1/upgrade-path.yaml deleted file mode 100644 index a902cb64c..000000000 --- a/tests/config/driverconfig/powermax/v2.10.1/upgrade-path.yaml +++ /dev/null @@ -1 +0,0 @@ -minUpgradePath: v2.8.0 diff --git a/tests/config/driverconfig/powermax/v2.13.0/bad.yaml b/tests/config/driverconfig/powermax/v2.13.0/bad.yaml new file mode 100644 index 000000000..596805cdc --- /dev/null +++ b/tests/config/driverconfig/powermax/v2.13.0/bad.yaml @@ -0,0 +1,3 @@ +|- + this snfoiasga is + 843*&(*(% invalid YAml diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml b/tests/config/driverconfig/powermax/v2.13.0/controller.yaml similarity index 93% rename from operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml rename to tests/config/driverconfig/powermax/v2.13.0/controller.yaml index 83c692469..e90a34c50 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.13.0/controller.yaml @@ -136,7 +136,7 @@ spec: topologyKey: kubernetes.io/hostname containers: - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -150,7 +150,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -165,7 +165,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: external-health-monitor - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -182,7 +182,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -213,7 +213,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -229,7 +229,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-powermax:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-powermax:v2.12.0 imagePullPolicy: IfNotPresent command: ["/csi-powermax.sh"] env: @@ -237,10 +237,6 @@ spec: value: csi-powermax.dellemc.com - name: CSI_ENDPOINT value: /var/run/csi/csi.sock - - name: X_CSI_MANAGED_ARRAYS - value: "" - - name: X_CSI_POWERMAX_ENDPOINT - value: "" - name: X_CSI_K8S_CLUSTER_PREFIX value: "" - name: X_CSI_MODE @@ -259,20 +255,20 @@ spec: name: powermax-creds - name: X_CSI_POWERMAX_DEBUG value: "" - - name: X_CSI_POWERMAX_PORTGROUPS - value: "" - name: X_CSI_GRPC_MAX_THREADS value: "50" - name: X_CSI_ENABLE_BLOCK value: "true" - - name: X_CSI_TRANSPORT_PROTOCOL - value: "" - name: SSL_CERT_DIR value: /certs - name: X_CSI_IG_NODENAME_TEMPLATE value: "" - name: X_CSI_IG_MODIFY_HOSTNAME value: "" + - name: X_CSI_REPLICATION_CONTEXT_PREFIX + value: powermax/ + - name: X_CSI_REPLICATION_PREFIX + value: replication.storage.dell.com/ - name: X_CSI_UNISPHERE_TIMEOUT value: 5m - name: X_CSI_POWERMAX_CONFIG_PATH @@ -306,7 +302,7 @@ spec: mountPath: /certs readOnly: true - name: powermax-config-params - mountPath: -config-params + mountPath: /csi-powermax-config-params volumes: - name: socket-dir emptyDir: diff --git a/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powermax/v2.13.0/csidriver.yaml similarity index 100% rename from tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml rename to tests/config/driverconfig/powermax/v2.13.0/csidriver.yaml diff --git a/tests/config/driverconfig/powermax/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powermax/v2.13.0/driver-config-params.yaml similarity index 100% rename from tests/config/driverconfig/powermax/v2.10.1/driver-config-params.yaml rename to tests/config/driverconfig/powermax/v2.13.0/driver-config-params.yaml diff --git a/tests/config/driverconfig/powermax/v2.10.1/node.yaml b/tests/config/driverconfig/powermax/v2.13.0/node.yaml similarity index 94% rename from tests/config/driverconfig/powermax/v2.10.1/node.yaml rename to tests/config/driverconfig/powermax/v2.13.0/node.yaml index 946ebd80c..9f20cb7bf 100644 --- a/tests/config/driverconfig/powermax/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powermax/v2.13.0/node.yaml @@ -87,17 +87,13 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: dellemc/csi-powermax:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-powermax:v2.12.0 imagePullPolicy: IfNotPresent env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com - name: CSI_ENDPOINT value: unix:///plugins/powermax.emc.dell.com/csi_sock - - name: X_CSI_MANAGED_ARRAYS - value: "" - - name: X_CSI_POWERMAX_ENDPOINT - value: "" - name: X_CSI_K8S_CLUSTER_PREFIX value: "" - name: X_CSI_MODE @@ -125,12 +121,10 @@ spec: value: "" - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME value: "csipowermax-reverseproxy" - - name: X_CSI_ISCSI_CHROOT + - name: X_CSI_NODE_CHROOT value: noderoot - name: X_CSI_GRPC_MAX_THREADS value: "50" - - name: X_CSI_TRANSPORT_PROTOCOL - value: "" - name: SSL_CERT_DIR value: /certs - name: X_CSI_POWERMAX_CONFIG_PATH @@ -141,8 +135,6 @@ spec: value: "" - name: X_CSI_IG_MODIFY_HOSTNAME value: "" - - name: X_CSI_POWERMAX_PORTGROUPS - value: "" - name: X_CSI_HEALTH_MONITOR_ENABLED value: "" - name: X_CSI_TOPOLOGY_CONTROL_ENABLED @@ -189,7 +181,7 @@ spec: - name: node-topology-config mountPath: /node-topology-config - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 imagePullPolicy: IfNotPresent args: - "--v=5" diff --git a/tests/config/driverconfig/powermax/v2.13.0/upgrade-path.yaml b/tests/config/driverconfig/powermax/v2.13.0/upgrade-path.yaml new file mode 100644 index 000000000..91b27e540 --- /dev/null +++ b/tests/config/driverconfig/powermax/v2.13.0/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.10.1 diff --git a/tests/config/driverconfig/powerscale/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerscale/v2.10.1/driver-config-params.yaml deleted file mode 100644 index da4dddd64..000000000 --- a/tests/config/driverconfig/powerscale/v2.10.1/driver-config-params.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: -config-params - namespace: -data: - driver-config-params.yaml: |- - CSI_LOG_LEVEL: debug diff --git a/tests/config/driverconfig/powerscale/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/powerscale/v2.10.1/upgrade-path.yaml deleted file mode 100644 index a902cb64c..000000000 --- a/tests/config/driverconfig/powerscale/v2.10.1/upgrade-path.yaml +++ /dev/null @@ -1 +0,0 @@ -minUpgradePath: v2.8.0 diff --git a/tests/config/driverconfig/powerscale/v2.13.0/bad.yaml b/tests/config/driverconfig/powerscale/v2.13.0/bad.yaml new file mode 100644 index 000000000..596805cdc --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.13.0/bad.yaml @@ -0,0 +1,3 @@ +|- + this snfoiasga is + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml b/tests/config/driverconfig/powerscale/v2.13.0/controller.yaml similarity index 96% rename from tests/config/driverconfig/powerscale/v2.10.1/controller.yaml rename to tests/config/driverconfig/powerscale/v2.13.0/controller.yaml index de98b9b9b..c1d12b2a7 100644 --- a/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.13.0/controller.yaml @@ -127,7 +127,7 @@ spec: topologyKey: kubernetes.io/hostname containers: - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -144,7 +144,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -161,7 +161,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: external-health-monitor - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -181,7 +181,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -214,7 +214,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -232,7 +232,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-isilon:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 imagePullPolicy: IfNotPresent command: ["/csi-isilon"] args: diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.13.0/csidriver.yaml similarity index 92% rename from operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml rename to tests/config/driverconfig/powerscale/v2.13.0/csidriver.yaml index 6c62f78c5..32d1667e2 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.13.0/csidriver.yaml @@ -7,7 +7,7 @@ metadata: spec: attachRequired: true podInfoOnMount: true - storageCapacity: true + storageCapacity: false fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerscale/v2.13.0/driver-config-params.yaml similarity index 100% rename from operatorconfig/driverconfig/powerscale/v2.10.1/driver-config-params.yaml rename to tests/config/driverconfig/powerscale/v2.13.0/driver-config-params.yaml diff --git a/tests/config/driverconfig/powerscale/v2.10.1/node.yaml b/tests/config/driverconfig/powerscale/v2.13.0/node.yaml similarity index 98% rename from tests/config/driverconfig/powerscale/v2.10.1/node.yaml rename to tests/config/driverconfig/powerscale/v2.13.0/node.yaml index 834108a61..8eab733a9 100644 --- a/tests/config/driverconfig/powerscale/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.13.0/node.yaml @@ -77,7 +77,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: dellemc/csi-isilon:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 imagePullPolicy: IfNotPresent env: - name: CSI_ENDPOINT @@ -140,7 +140,7 @@ spec: - name: csi-isilon-config-params mountPath: /csi-isilon-config-params - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 imagePullPolicy: IfNotPresent args: - "--v=5" diff --git a/tests/config/driverconfig/powerscale/v2.13.0/upgrade-path.yaml b/tests/config/driverconfig/powerscale/v2.13.0/upgrade-path.yaml new file mode 100644 index 000000000..91b27e540 --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.13.0/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.10.1 diff --git a/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml b/tests/config/driverconfig/powerstore/v2.13.0/bad.yaml similarity index 100% rename from tests/config/driverconfig/powerstore/v2.10.1/bad.yaml rename to tests/config/driverconfig/powerstore/v2.13.0/bad.yaml diff --git a/tests/config/driverconfig/powerstore/v2.10.1/config.json b/tests/config/driverconfig/powerstore/v2.13.0/config.json similarity index 100% rename from tests/config/driverconfig/powerstore/v2.10.1/config.json rename to tests/config/driverconfig/powerstore/v2.13.0/config.json diff --git a/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml b/tests/config/driverconfig/powerstore/v2.13.0/controller.yaml similarity index 96% rename from tests/config/driverconfig/powerstore/v2.10.1/controller.yaml rename to tests/config/driverconfig/powerstore/v2.13.0/controller.yaml index 545e6ef92..846255bb9 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.13.0/controller.yaml @@ -131,7 +131,7 @@ spec: topologyKey: kubernetes.io/hostname containers: - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -147,7 +147,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -160,7 +160,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -189,7 +189,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -203,7 +203,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: external-health-monitor - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -223,7 +223,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-powerstore:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0 imagePullPolicy: IfNotPresent command: ["/csi-powerstore"] args: diff --git a/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.13.0/csidriver.yaml similarity index 100% rename from tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml rename to tests/config/driverconfig/powerstore/v2.13.0/csidriver.yaml diff --git a/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.13.0/driver-config-params.yaml similarity index 100% rename from tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml rename to tests/config/driverconfig/powerstore/v2.13.0/driver-config-params.yaml diff --git a/tests/config/driverconfig/powerstore/v2.10.1/node.yaml b/tests/config/driverconfig/powerstore/v2.13.0/node.yaml similarity index 98% rename from tests/config/driverconfig/powerstore/v2.10.1/node.yaml rename to tests/config/driverconfig/powerstore/v2.13.0/node.yaml index 898e4016b..b595cd182 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.13.0/node.yaml @@ -91,7 +91,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: dellemc/csi-powerstore:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0 imagePullPolicy: IfNotPresent command: ["/csi-powerstore"] args: @@ -161,7 +161,7 @@ spec: - name: powerstore-config-params mountPath: /powerstore-config-params - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 imagePullPolicy: IfNotPresent args: - "--v=5" diff --git a/tests/config/driverconfig/powerstore/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/powerstore/v2.13.0/upgrade-path.yaml similarity index 96% rename from tests/config/driverconfig/powerstore/v2.10.1/upgrade-path.yaml rename to tests/config/driverconfig/powerstore/v2.13.0/upgrade-path.yaml index d41faddac..e3b7b449a 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/upgrade-path.yaml +++ b/tests/config/driverconfig/powerstore/v2.13.0/upgrade-path.yaml @@ -13,4 +13,4 @@ # limitations under the License. # # -minUpgradePath: v2.8.0 +minUpgradePath: v2.10.1 diff --git a/tests/config/driverconfig/unity/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/unity/v2.10.1/upgrade-path.yaml deleted file mode 100644 index a902cb64c..000000000 --- a/tests/config/driverconfig/unity/v2.10.1/upgrade-path.yaml +++ /dev/null @@ -1 +0,0 @@ -minUpgradePath: v2.8.0 diff --git a/tests/config/driverconfig/unity/v2.10.1/bad.yaml b/tests/config/driverconfig/unity/v2.13.0/bad.yaml similarity index 100% rename from tests/config/driverconfig/unity/v2.10.1/bad.yaml rename to tests/config/driverconfig/unity/v2.13.0/bad.yaml diff --git a/tests/config/driverconfig/unity/v2.10.1/config.json b/tests/config/driverconfig/unity/v2.13.0/config.json similarity index 100% rename from tests/config/driverconfig/unity/v2.10.1/config.json rename to tests/config/driverconfig/unity/v2.13.0/config.json diff --git a/tests/config/driverconfig/unity/v2.10.1/controller.yaml b/tests/config/driverconfig/unity/v2.13.0/controller.yaml similarity index 95% rename from tests/config/driverconfig/unity/v2.10.1/controller.yaml rename to tests/config/driverconfig/unity/v2.13.0/controller.yaml index a788bec4c..5b85d3eda 100644 --- a/tests/config/driverconfig/unity/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/unity/v2.13.0/controller.yaml @@ -120,7 +120,7 @@ spec: topologyKey: "kubernetes.io/hostname" containers: - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -133,7 +133,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -165,7 +165,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -181,7 +181,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" @@ -194,7 +194,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: external-health-monitor - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -211,7 +211,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-unity:v2.10.1 + image: quay.io/dell/container-storage-modules/csi-unity:v2.12.0 args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" diff --git a/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml b/tests/config/driverconfig/unity/v2.13.0/csidriver.yaml similarity index 100% rename from tests/config/driverconfig/unity/v2.10.1/csidriver.yaml rename to tests/config/driverconfig/unity/v2.13.0/csidriver.yaml diff --git a/operatorconfig/driverconfig/unity/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/unity/v2.13.0/driver-config-params.yaml similarity index 100% rename from operatorconfig/driverconfig/unity/v2.10.1/driver-config-params.yaml rename to tests/config/driverconfig/unity/v2.13.0/driver-config-params.yaml diff --git a/tests/config/driverconfig/unity/v2.10.1/node.yaml b/tests/config/driverconfig/unity/v2.13.0/node.yaml similarity index 98% rename from tests/config/driverconfig/unity/v2.10.1/node.yaml rename to tests/config/driverconfig/unity/v2.13.0/node.yaml index 69466603f..8302ecb0d 100644 --- a/tests/config/driverconfig/unity/v2.10.1/node.yaml +++ b/tests/config/driverconfig/unity/v2.13.0/node.yaml @@ -75,7 +75,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: dellemc/csi-unity:nightly + image: quay.io/dell/container-storage-modules/csi-unity:nightly imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" @@ -130,7 +130,7 @@ spec: - name: unity-secret mountPath: /unity-secret - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 args: - "--v=5" - "--csi-address=$(ADDRESS)" diff --git a/tests/config/driverconfig/unity/v2.13.0/upgrade-path.yaml b/tests/config/driverconfig/unity/v2.13.0/upgrade-path.yaml new file mode 100644 index 000000000..91b27e540 --- /dev/null +++ b/tests/config/driverconfig/unity/v2.13.0/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.10.1 diff --git a/tests/e2e/testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/storage_csm_powerflex.yaml index 7d530c3ba..3e69c5c71 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -51,7 +51,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -161,7 +161,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml index 7728afd04..2365186d7 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: true @@ -46,7 +46,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -150,7 +150,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml index 787d65a5b..334446353 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "None" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -46,7 +46,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -149,7 +149,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml index a720950b7..96d7d0202 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -46,7 +46,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -149,7 +149,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml index 8476d2e58..1066993b7 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -46,7 +46,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -150,7 +150,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml index f4a710f24..c399075af 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -44,7 +44,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -123,7 +123,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization diff --git a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml index 357f6d8eb..d07eb9516 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -46,7 +46,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -150,7 +150,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml index 8e2500d88..8b0e853a1 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -44,7 +44,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -123,7 +123,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml index 5f5652531..c4f7837a6 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -44,7 +44,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -123,7 +123,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml index 51ec0bfdc..4b86449e7 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -44,7 +44,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -123,7 +123,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml index 0c0c63ee9..07f2d3f74 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -44,7 +44,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -123,7 +123,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml index 2243b25be..cd7478ecd 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -51,7 +51,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -161,7 +161,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Replication: allows to configure replication # Replication CRDs must be installed before installing driver diff --git a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml index 1471a2867..c4fbe0db5 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml @@ -27,7 +27,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -60,7 +60,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -170,7 +170,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: - name: resiliency # enabled: Enable/Disable Resiliency feature diff --git a/tests/e2e/testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/storage_csm_powermax.yaml index 924fa1a91..c8ed1dbc3 100644 --- a/tests/e2e/testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax.yaml @@ -32,7 +32,7 @@ spec: # false: disable storage capacity tracking storageCapacity: true # Config version for CSI PowerMax v2.10.1 driver - configVersion: v2.12.0 + configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 @@ -45,7 +45,7 @@ spec: forceRemoveDriver: true common: # Image for CSI PowerMax driver v2.12.0 - image: quay.io/dell/container-storage-modules/csi-powermax:nightly + image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. @@ -182,7 +182,7 @@ spec: # 'pmax' represents a string prepended to each volume created by the CSI driver - name: provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 - args: [ "--volume-name-prefix=pmax" ] + args: ["--volume-name-prefix=pmax"] - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 - name: registrar @@ -196,7 +196,7 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: [ "--monitor-interval=60s" ] + args: ["--monitor-interval=60s"] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index 074b7a6b0..30527d122 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -32,7 +32,7 @@ spec: # false: disable storage capacity tracking storageCapacity: true # Config version for CSI PowerMax v2.10.1 driver - configVersion: v2.12.0 + configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 @@ -45,7 +45,7 @@ spec: forceRemoveDriver: true common: # Image for CSI PowerMax driver v2.12.0 - image: quay.io/dell/container-storage-modules/csi-powermax:nightly + image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. @@ -182,7 +182,7 @@ spec: # 'pmax' represents a string prepended to each volume created by the CSI driver - name: provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 - args: [ "--volume-name-prefix=pmax" ] + args: ["--volume-name-prefix=pmax"] - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 - name: registrar @@ -196,7 +196,7 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: [ "--monitor-interval=60s" ] + args: ["--monitor-interval=60s"] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index ae3a84334..8f55132b6 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds replicas: 1 dnsPolicy: ClusterFirstWithHostNet diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml index 769c9eb59..85e45b1a2 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: csm-creds # currently fails with something about nodes taints etc replicas: 3 diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml index 63864c62d..266453ced 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "None" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: csm-creds replicas: 1 dnsPolicy: ClusterFirstWithHostNet @@ -209,11 +209,11 @@ spec: - key: "node.kubernetes.io/network-unavailable" operator: "Exists" effect: "NoExecute" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoSchedule" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml index 0fe5040c2..384ec0bcd 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: csm-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -149,11 +149,11 @@ spec: # tolerations: Define tolerations for the controller deployment, if required. # Default value: None tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoSchedule" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint - key: "node-role.kubernetes.io/master" operator: "Exists" effect: "NoSchedule" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml index b42d82723..a87d323b7 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds-auth replicas: 1 dnsPolicy: ClusterFirstWithHostNet diff --git a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml index 616fba324..093002314 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: csm-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index aeb914b3e..330ed71af 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml index 66365689a..42d524a8f 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds-auth replicas: 2 dnsPolicy: ClusterFirstWithHostNet diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 3b893332b..5a28f7cae 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet diff --git a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml index f89d0cce4..46c28cc95 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet diff --git a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml index 845e79d15..9849a1cd8 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml @@ -26,7 +26,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet diff --git a/tests/e2e/testfiles/storage_csm_powerstore.yaml b/tests/e2e/testfiles/storage_csm_powerstore.yaml index b5d73e7d6..3475d8123 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore.yaml @@ -28,7 +28,7 @@ spec: # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" storageCapacity: false - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: powerstore-config # Controller count replicas: 1 diff --git a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml index 68065cd97..1ddedeeb9 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml @@ -28,7 +28,7 @@ spec: # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" storageCapacity: false - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: powerstore-config # Controller count replicas: 2 diff --git a/tests/e2e/testfiles/storage_csm_unity.yaml b/tests/e2e/testfiles/storage_csm_unity.yaml index 57a024a27..b662ec80d 100644 --- a/tests/e2e/testfiles/storage_csm_unity.yaml +++ b/tests/e2e/testfiles/storage_csm_unity.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 # Controller count replicas: 1 dnsPolicy: ClusterFirstWithHostNet From e8931a7cd08e79b895c2345b3348c98a9690be10 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Tue, 3 Dec 2024 06:21:14 -0500 Subject: [PATCH 03/31] fix: updated spaces --- ...ll-csm-operator.clusterserviceversion.yaml | 20 +++++++++---------- ...ll-csm-operator.clusterserviceversion.yaml | 10 +++++----- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index fffde9cac..204e71367 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -4356,17 +4356,17 @@ spec: - name: RELATED_IMAGE_dell-csm-operator value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 - name: RELATED_IMAGE_csi-isilon - value: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 + value: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 - name: RELATED_IMAGE_csi-powermax - value: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 + value: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 - name: RELATED_IMAGE_csipowermax-reverseproxy value: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 - name: RELATED_IMAGE_csi-powerstore - value: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 + value: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 - name: RELATED_IMAGE_csi-unity - value: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 + value: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 - name: RELATED_IMAGE_csi-vxflexos - value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 + value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - name: RELATED_IMAGE_karavi-authorization-proxy @@ -4476,17 +4476,17 @@ spec: relatedImages: - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 name: dell-csm-operator - - image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 + - image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 name: csi-isilon - - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 + - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 name: csi-powermax - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 name: csipowermax-reverseproxy - - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 + - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 name: csi-powerstore - - image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 + - image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 name: csi-unity - - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 + - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.2.1 name: sdc diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index f67a5a0a2..be7cf9ea7 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1739,17 +1739,17 @@ spec: relatedImages: - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 name: dell-csm-operator - - image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 + - image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 name: csi-isilon - - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 + - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 name: csi-powermax - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 name: csipowermax-reverseproxy - - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 + - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 name: csi-powerstore - - image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 + - image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 name: csi-unity - - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 + - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.2.1 name: sdc From 6a90f0d77677aa28ec9b77701b37b31b80751172 Mon Sep 17 00:00:00 2001 From: mgandharva <124261698+mgandharva@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:10:46 +0530 Subject: [PATCH 04/31] updated version (#809) --- Dockerfile | 2 +- .../dell-csm-operator.clusterserviceversion.yaml | 6 +++--- config/install/kustomization.yaml | 2 +- config/manager/kustomization.yaml | 2 +- .../bases/dell-csm-operator.clusterserviceversion.yaml | 6 +++--- controllers/csm_controller.go | 2 +- deploy/operator.yaml | 2 +- docker.mk | 8 ++++---- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4768208da..3da7658bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,7 +46,7 @@ LABEL vendor="Dell Inc." \ name="dell-csm-operator" \ summary="Operator for installing Dell CSI Drivers and Dell CSM Modules" \ description="Common Operator for installing various Dell CSI Drivers and Dell CSM Modules" \ - version="1.7.0" \ + version="1.8.0" \ license="Dell CSM Operator Apache License" # copy the licenses folder diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 204e71367..c8cf98274 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -1512,7 +1512,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/dell/csm-operator support: Dell Technologies - name: dell-csm-operator.v1.7.0 + name: dell-csm-operator.v1.8.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -4535,5 +4535,5 @@ spec: - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 name: metadataretriever skips: - - dell-csm-operator.v1.6.0 - version: 1.7.0 + - dell-csm-operator.v1.7.0 + version: 1.8.0 diff --git a/config/install/kustomization.yaml b/config/install/kustomization.yaml index 44ec3cd01..8259d48dd 100644 --- a/config/install/kustomization.yaml +++ b/config/install/kustomization.yaml @@ -11,4 +11,4 @@ bases: images: - name: controller newName: quay.io/dell/container-storage-modules/dell-csm-operator - newTag: v1.7.0 + newTag: v1.8.0 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 76c8a4e99..d0e0919f7 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -11,4 +11,4 @@ kind: Kustomization images: - name: controller newName: quay.io/dell/container-storage-modules/dell-csm-operator - newTag: v1.7.0 + newTag: v1.8.0 diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index be7cf9ea7..a283b316d 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -17,7 +17,7 @@ metadata: features.operators.openshift.io/token-auth-gcp: "false" repository: https://github.com/dell/csm-operator support: Dell Technologies - name: dell-csm-operator.v1.7.0 + name: dell-csm-operator.v1.8.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -1798,5 +1798,5 @@ spec: - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 name: metadataretriever skips: - - dell-csm-operator.v1.6.0 - version: 1.7.0 + - dell-csm-operator.v1.7.0 + version: 1.8.0 diff --git a/controllers/csm_controller.go b/controllers/csm_controller.go index 997a516c0..7c5c7b591 100644 --- a/controllers/csm_controller.go +++ b/controllers/csm_controller.go @@ -93,7 +93,7 @@ const ( CSMFinalizerName = "finalizer.dell.emc.com" // CSMVersion - - CSMVersion = "v1.12.0" + CSMVersion = "v1.13.0" ) var ( diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 4fc68debf..7e778fd3b 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1302,7 +1302,7 @@ spec: template: metadata: annotations: - storage.dell.com/CSMVersion: v1.12.0 + storage.dell.com/CSMVersion: v1.13.0 labels: control-plane: controller-manager spec: diff --git a/docker.mk b/docker.mk index 9eb53927c..1c61b9de0 100644 --- a/docker.mk +++ b/docker.mk @@ -14,11 +14,11 @@ BUNDLE_IMAGE_TAG_BASE_COMMUNITY ?= dell-csm-community-operator-bundle # Image tag base for community catalog images CATALOG_IMAGE_TAG_BASE_COMMUNITY ?= dell-csm-community-operator-catalog -# Operator version tagged with build number. For e.g. - v1.7.0.001 -VERSION ?= v1.7.0 +# Operator version tagged with build number. For e.g. - v1.8.0.001 +VERSION ?= v1.8.0 # Bundle Version is the semantic version(required by operator-sdk) -BUNDLE_VERSION ?= 1.7.0 +BUNDLE_VERSION ?= 1.8.0 # Timestamp local builds TIMESTAMP := $(shell date +%Y%m%d%H%M%S) @@ -37,5 +37,5 @@ IMG ?= "$(REGISTRY)/$(IMAGE_TAG_BASE):$(VERSION)" # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) BUNDLE_IMG ?= "$(REGISTRY)/$(BUNDLE_IMAGE_TAG_BASE_COMMUNITY):$(VERSION)" -# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v1.7.0). +# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v1.8.0). CATALOG_IMG ?= "$(REGISTRY)/$(CATALOG_IMAGE_TAG_BASE_COMMUNITY):$(VERSION)" From 84710f3ab6341724ad5fd6ee5e9f71aac5bb7df4 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Tue, 3 Dec 2024 06:52:42 -0500 Subject: [PATCH 05/31] fix: obesrvability version update --- ...ll-csm-operator.clusterserviceversion.yaml | 10 +- config/manager/manager.yaml | 2 +- ...ll-csm-operator.clusterserviceversion.yaml | 2 +- config/samples/storage_v1_csm_powerflex.yaml | 2 +- config/samples/storage_v1_csm_powermax.yaml | 2 +- config/samples/storage_v1_csm_powerscale.yaml | 2 +- deploy/operator.yaml | 2 +- .../observability/v1.11.0/custom-cert.yaml | 48 ++++++ .../v1.11.0/karavi-metrics-powerflex.yaml | 147 +++++++++++++++++ .../v1.11.0/karavi-metrics-powermax.yaml | 154 ++++++++++++++++++ .../v1.11.0/karavi-metrics-powerscale.yaml | 148 +++++++++++++++++ .../v1.11.0/karavi-otel-collector.yaml | 148 +++++++++++++++++ .../v1.11.0/karavi-topology.yaml | 112 +++++++++++++ .../v1.11.0/selfsigned-cert.yaml | 35 ++++ .../testdata/cr_powerflex_observability.yaml | 2 +- ...r_powerflex_observability_custom_cert.yaml | 2 +- ...observability_custom_cert_missing_key.yaml | 2 +- .../testdata/cr_powermax_observability.yaml | 2 +- .../testdata/cr_powerscale_observability.yaml | 2 +- samples/storage_csm_powerflex_v2130.yaml | 2 +- samples/storage_csm_powermax_v2130.yaml | 2 +- samples/storage_csm_powerscale_v2130.yaml | 2 +- 22 files changed, 811 insertions(+), 19 deletions(-) create mode 100644 operatorconfig/moduleconfig/observability/v1.11.0/custom-cert.yaml create mode 100644 operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerflex.yaml create mode 100644 operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powermax.yaml create mode 100644 operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerscale.yaml create mode 100644 operatorconfig/moduleconfig/observability/v1.11.0/karavi-otel-collector.yaml create mode 100644 operatorconfig/moduleconfig/observability/v1.11.0/karavi-topology.yaml create mode 100644 operatorconfig/moduleconfig/observability/v1.11.0/selfsigned-cert.yaml diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index c8cf98274..b8ff5a75c 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -323,7 +323,7 @@ metadata: "value": "INFO" } ], - "image": "quay.io/dell/container-storage-modules/csm-topology:v1.10.0", + "image": "quay.io/dell/container-storage-modules/csm-topology:v1.11.0", "name": "topology", "privateKey": "" }, @@ -723,7 +723,7 @@ metadata: "value": "INFO" } ], - "image": "quay.io/dell/container-storage-modules/csm-topology:v1.10.0", + "image": "quay.io/dell/container-storage-modules/csm-topology:v1.11.0", "name": "topology", "privateKey": "" }, @@ -1328,7 +1328,7 @@ metadata: "value": "INFO" } ], - "image": "quay.io/dell/container-storage-modules/csm-topology:v1.10.0", + "image": "quay.io/dell/container-storage-modules/csm-topology:v1.11.0", "name": "topology", "privateKey": "" }, @@ -4386,7 +4386,7 @@ spec: - name: RELATED_IMAGE_dell-replication-controller-manager value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 - name: RELATED_IMAGE_topology - value: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + value: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 - name: RELATED_IMAGE_otel-collector value: docker.io/otel/opentelemetry-collector:0.42.0 - name: RELATED_IMAGE_metrics-powerscale @@ -4506,7 +4506,7 @@ spec: name: dell-csi-replicator - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 name: dell-replication-controller-manager - - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + - image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 name: topology - image: docker.io/otel/opentelemetry-collector:0.42.0 name: otel-collector diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index a89f0a52e..5f6e635c4 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -61,7 +61,7 @@ spec: name: RELATED_IMAGE_dell-csi-replicator - value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 name: RELATED_IMAGE_dell-replication-controller-manager - - value: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + - value: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 name: RELATED_IMAGE_topology - value: docker.io/otel/opentelemetry-collector:0.42.0 name: RELATED_IMAGE_otel-collector diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index a283b316d..4f3308ab1 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1769,7 +1769,7 @@ spec: name: dell-csi-replicator - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 name: dell-replication-controller-manager - - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + - image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 name: topology - image: docker.io/otel/opentelemetry-collector:0.42.0 name: otel-collector diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index 705ea3147..e57d32c44 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -230,7 +230,7 @@ spec: enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index 50ba59a64..63498a460 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -330,7 +330,7 @@ spec: enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index ad70808db..12c109a29 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -337,7 +337,7 @@ spec: enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 7e778fd3b..0dc32cd63 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1345,7 +1345,7 @@ spec: - name: RELATED_IMAGE_dell-replication-controller-manager value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 - name: RELATED_IMAGE_topology - value: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + value: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 - name: RELATED_IMAGE_otel-collector value: docker.io/otel/opentelemetry-collector:0.42.0 - name: RELATED_IMAGE_metrics-powerscale diff --git a/operatorconfig/moduleconfig/observability/v1.11.0/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.11.0/custom-cert.yaml new file mode 100644 index 000000000..6e90f65fa --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.11.0/custom-cert.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: -secret + namespace: karavi +data: + # replace with actual base64-encoded certificate + tls.crt: + # replace with actual base64-encoded private key + tls.key: +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: -issuer + namespace: karavi +spec: + ca: + secretName: -secret +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: + namespace: karavi +spec: + secretName: -tls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - dell + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + - client auth + dnsNames: + - + - .karavi.svc.kubernetes.local + issuerRef: + name: -issuer + kind: Issuer + group: cert-manager.io diff --git a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerflex.yaml new file mode 100644 index 000000000..4cdf043a7 --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerflex.yaml @@ -0,0 +1,147 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karavi-metrics-powerflex-controller + namespace: karavi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: karavi-metrics-powerflex-controller +rules: + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes", "storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes", "nodes"] + verbs: ["list"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["*"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: karavi-metrics-powerflex-controller +subjects: + - kind: ServiceAccount + name: karavi-metrics-powerflex-controller + namespace: karavi +roleRef: + kind: ClusterRole + name: karavi-metrics-powerflex-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powerflex + app.kubernetes.io/instance: karavi + name: karavi-metrics-powerflex + namespace: karavi +spec: + type: ClusterIP + ports: + - name: karavi-metrics-powerflex + port: 2222 + targetPort: 2222 + selector: + app.kubernetes.io/name: karavi-metrics-powerflex + app.kubernetes.io/instance: karavi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: karavi-metrics-powerflex-configmap + namespace: karavi +data: + karavi-metrics-powerflex.yaml: | + COLLECTOR_ADDR: + PROVISIONER_NAMES: csi-vxflexos.dellemc.com + POWERFLEX_SDC_METRICS_ENABLED: + POWERFLEX_SDC_IO_POLL_FREQUENCY: + POWERFLEX_VOLUME_IO_POLL_FREQUENCY: + POWERFLEX_VOLUME_METRICS_ENABLED: + POWERFLEX_STORAGE_POOL_METRICS_ENABLED: + POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: + POWERFLEX_MAX_CONCURRENT_QUERIES: + LOG_LEVEL: + LOG_FORMAT: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: karavi +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug + CSI_LOG_FORMAT: TEXT +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: karavi-metrics-powerflex + namespace: karavi + labels: + app.kubernetes.io/name: karavi-metrics-powerflex + app.kubernetes.io/instance: karavi +spec: + selector: + matchLabels: + app.kubernetes.io/name: karavi-metrics-powerflex + app.kubernetes.io/instance: karavi + replicas: 1 + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powerflex + app.kubernetes.io/instance: karavi + csm: + csmNamespace: + spec: + serviceAccount: karavi-metrics-powerflex-controller + containers: + - name: karavi-metrics-powerflex + image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + resources: {} + env: + - name: POWERFLEX_METRICS_ENDPOINT + value: "karavi-metrics-powerflex" + - name: POWERFLEX_METRICS_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TLS_ENABLED + value: "true" + volumeMounts: + - name: vxflexos-config + mountPath: /vxflexos-config + - name: tls-secret + mountPath: /etc/ssl/certs + readOnly: true + - name: karavi-metrics-powerflex-configmap + mountPath: /etc/config + volumes: + - name: vxflexos-config + secret: + secretName: -config + - name: tls-secret + secret: + secretName: otel-collector-tls + items: + - key: tls.crt + path: cert.crt + - name: karavi-metrics-powerflex-configmap + configMap: + name: karavi-metrics-powerflex-configmap + - name: vxflexos-config-params + configMap: + name: -config-params + restartPolicy: Always +status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powermax.yaml new file mode 100644 index 000000000..c4ab008d0 --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powermax.yaml @@ -0,0 +1,154 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karavi-metrics-powermax-controller + namespace: karavi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: karavi-metrics-powermax-controller +rules: + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes", "storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes", "nodes"] + verbs: ["list"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch", "get"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: karavi-metrics-powermax-controller +subjects: + - kind: ServiceAccount + name: karavi-metrics-powermax-controller + namespace: karavi +roleRef: + kind: ClusterRole + name: karavi-metrics-powermax-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powermax + app.kubernetes.io/instance: karavi + name: karavi-metrics-powermax + namespace: karavi +spec: + type: ClusterIP + ports: + - name: karavi-metrics-powermax + port: 8081 + targetPort: 8081 + selector: + app.kubernetes.io/name: karavi-metrics-powermax + app.kubernetes.io/instance: karavi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: karavi-metrics-powermax-configmap + namespace: karavi +data: + karavi-metrics-powermax.yaml: | + COLLECTOR_ADDR: + PROVISIONER_NAMES: csi-powermax.dellemc.com + POWERMAX_CAPACITY_METRICS_ENABLED: + POWERMAX_CAPACITY_POLL_FREQUENCY: + POWERMAX_PERFORMANCE_METRICS_ENABLED: + POWERMAX_PERFORMANCE_POLL_FREQUENCY: + POWERMAX_MAX_CONCURRENT_QUERIES: + LOG_LEVEL: + LOG_FORMAT: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: karavi +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug + CSI_LOG_FORMAT: TEXT +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: karavi-metrics-powermax + namespace: karavi + labels: + app.kubernetes.io/name: karavi-metrics-powermax + app.kubernetes.io/instance: karavi +spec: + selector: + matchLabels: + app.kubernetes.io/name: karavi-metrics-powermax + app.kubernetes.io/instance: karavi + replicas: 1 + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powermax + app.kubernetes.io/instance: karavi + csm: + csmNamespace: + spec: + serviceAccountName: karavi-metrics-powermax-controller + containers: + - name: karavi-metrics-powermax + image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 + resources: {} + env: + - name: POWERMAX_METRICS_ENDPOINT + value: "karavi-metrics-powermax" + - name: POWERMAX_METRICS_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TLS_ENABLED + value: "true" + - name: SSL_CERT_DIR + value: /certs + volumeMounts: + - name: + mountPath: /etc/reverseproxy + - name: tls-secret + mountPath: /etc/ssl/certs + readOnly: true + - name: karavi-metrics-powermax-configmap + mountPath: /etc/config + - name: certs + mountPath: /certs + volumes: + - name: certs + emptyDir: {} + - name: + configMap: + name: + - name: tls-secret + secret: + secretName: otel-collector-tls + items: + - key: tls.crt + path: cert.crt + - name: karavi-metrics-powermax-configmap + configMap: + name: karavi-metrics-powermax-configmap + - name: powermax-config-params + configMap: + name: -config-params + restartPolicy: Always +status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerscale.yaml new file mode 100644 index 000000000..d0ca651a1 --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerscale.yaml @@ -0,0 +1,148 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karavi-metrics-powerscale-controller + namespace: karavi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: karavi-metrics-powerscale-controller +rules: + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes", "storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes", "nodes"] + verbs: ["list"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["*"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: karavi-metrics-powerscale-controller +subjects: + - kind: ServiceAccount + name: karavi-metrics-powerscale-controller + namespace: karavi +roleRef: + kind: ClusterRole + name: karavi-metrics-powerscale-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powerscale + app.kubernetes.io/instance: karavi + name: karavi-metrics-powerscale + namespace: karavi +spec: + type: ClusterIP + ports: + - name: karavi-metrics-powerscale + port: 8080 + targetPort: 8080 + selector: + app.kubernetes.io/name: karavi-metrics-powerscale + app.kubernetes.io/instance: karavi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: karavi-metrics-powerscale-configmap + namespace: karavi +data: + karavi-metrics-powerscale.yaml: | + COLLECTOR_ADDR: + PROVISIONER_NAMES: csi-isilon.dellemc.com + POWERSCALE_MAX_CONCURRENT_QUERIES: + POWERSCALE_CAPACITY_METRICS_ENABLED: + POWERSCALE_PERFORMANCE_METRICS_ENABLED: + POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: + POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: + POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: + POWERSCALE_ISICLIENT_INSECURE: + POWERSCALE_ISICLIENT_AUTH_TYPE: + POWERSCALE_ISICLIENT_VERBOSE: + LOG_LEVEL: + LOG_FORMAT: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: karavi +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: karavi-metrics-powerscale + namespace: karavi + labels: + app.kubernetes.io/name: karavi-metrics-powerscale + app.kubernetes.io/instance: karavi +spec: + selector: + matchLabels: + app.kubernetes.io/name: karavi-metrics-powerscale + app.kubernetes.io/instance: karavi + replicas: 1 + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powerscale + app.kubernetes.io/instance: karavi + csm: + csmNamespace: + spec: + serviceAccount: karavi-metrics-powerscale-controller + containers: + - name: karavi-metrics-powerscale + image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 + resources: {} + env: + - name: POWERSCALE_METRICS_ENDPOINT + value: "karavi-metrics-powerscale" + - name: POWERSCALE_METRICS_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TLS_ENABLED + value: "true" + volumeMounts: + - name: isilon-creds + mountPath: /isilon-creds + - name: tls-secret + mountPath: /etc/ssl/certs + readOnly: true + - name: karavi-metrics-powerscale-configmap + mountPath: /etc/config + volumes: + - name: isilon-creds + secret: + secretName: -creds + - name: tls-secret + secret: + secretName: otel-collector-tls + items: + - key: tls.crt + path: cert.crt + - name: karavi-metrics-powerscale-configmap + configMap: + name: karavi-metrics-powerscale-configmap + - name: csi-isilon-config-params + configMap: + name: -config-params + restartPolicy: Always +status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-otel-collector.yaml new file mode 100644 index 000000000..066f858f7 --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-otel-collector.yaml @@ -0,0 +1,148 @@ +apiVersion: v1 +data: + otel-collector-config.yaml: |- + receivers: + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:55680 + tls: + cert_file: /etc/ssl/certs/tls.crt + key_file: /etc/ssl/certs/tls.key + + exporters: + prometheus: + endpoint: 0.0.0.0:8889 + logging: + + extensions: + health_check: {} + + service: + extensions: [health_check] + pipelines: + metrics: + receivers: [otlp] + processors: [] + exporters: [logging,prometheus] +kind: ConfigMap +metadata: + name: otel-collector-config + namespace: karavi +--- +apiVersion: v1 +data: + nginx.conf: |- + worker_processes 1; + events { + worker_connections 1024; + } + + pid /tmp/nginx.pid; + + http { + include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + server { + listen 8443 ssl; + server_name localhost; + ssl_certificate /etc/ssl/certs/tls.crt; + ssl_certificate_key /etc/ssl/certs/tls.key; + ssl_protocols TLSv1.2; + ssl_ciphers AESGCM:-aNULL:-DH:-kRSA:@STRENGTH; + ssl_prefer_server_ciphers on; + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:8889/; + } + } + } +kind: ConfigMap +metadata: + name: nginx-config + namespace: karavi +--- +apiVersion: v1 +kind: Service +metadata: + name: otel-collector + namespace: karavi + labels: + app.kubernetes.io/name: otel-collector + app.kubernetes.io/instance: karavi-observability +spec: + type: ClusterIP + ports: + - port: 55680 + targetPort: 55680 + name: receiver + - port: 8443 + targetPort: 8443 + name: exporter-https + selector: + app.kubernetes.io/name: otel-collector + app.kubernetes.io/instance: karavi-observability +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: otel-collector + namespace: karavi + labels: + app.kubernetes.io/name: otel-collector + app.kubernetes.io/instance: karavi-observability +spec: + selector: + matchLabels: + app.kubernetes.io/name: otel-collector + app.kubernetes.io/instance: karavi-observability + replicas: 1 + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: otel-collector + app.kubernetes.io/instance: karavi-observability + csm: + csmNamespace: + spec: + volumes: + - name: tls-secret + secret: + secretName: otel-collector-tls + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - name: nginx-config + configMap: + name: nginx-config + - name: otel-collector-config + configMap: + name: otel-collector-config + containers: + - name: nginx-proxy + image: + volumeMounts: + - name: tls-secret + mountPath: /etc/ssl/certs + - name: nginx-config + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + - name: otel-collector + image: + args: + - --config=/etc/otel-collector-config.yaml + resources: {} + volumeMounts: + - name: otel-collector-config + mountPath: /etc/otel-collector-config.yaml + subPath: otel-collector-config.yaml + - name: tls-secret + mountPath: /etc/ssl/certs + restartPolicy: Always +status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-topology.yaml new file mode 100644 index 000000000..3eea09fda --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-topology.yaml @@ -0,0 +1,112 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: karavi-topology-configmap + namespace: karavi +data: + karavi-topology.yaml: | + PROVISIONER_NAMES: csi-isilon.dellemc.com,csi-vxflexos.dellemc.com, csi-powermax.dellemc.com + LOG_LEVEL: + LOG_FORMAT: text + ZIPKIN_URI: "" + ZIPKIN_SERVICE_NAME: karavi-topology + ZIPKIN_PROBABILITY: 0.0 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karavi-observability-topology-controller + namespace: karavi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: karavi-observability-topology-controller +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: karavi-observability-topology-controller +subjects: + - kind: ServiceAccount + name: karavi-observability-topology-controller + namespace: karavi +roleRef: + kind: ClusterRole + name: karavi-observability-topology-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: karavi-topology + app.kubernetes.io/instance: karavi-observability + name: karavi-topology + namespace: karavi +spec: + type: ClusterIP + ports: + - name: karavi-topology + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/name: karavi-topology + app.kubernetes.io/instance: karavi-observability +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: karavi-topology + namespace: karavi + labels: + app.kubernetes.io/name: karavi-topology + app.kubernetes.io/instance: karavi-observability +spec: + selector: + matchLabels: + app.kubernetes.io/name: karavi-topology + app.kubernetes.io/instance: karavi-observability + replicas: 1 + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: karavi-topology + app.kubernetes.io/instance: karavi-observability + csm: + csmNamespace: + spec: + volumes: + - name: karavi-topology-secret-volume + secret: + secretName: karavi-topology-tls + items: + - key: tls.crt + path: localhost.crt + - key: tls.key + path: localhost.key + - name: karavi-topology-configmap + configMap: + name: karavi-topology-configmap + serviceAccount: karavi-observability-topology-controller + containers: + - name: karavi-topology + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 + resources: {} + env: + - name: PORT + value: "8443" + - name: DEBUG + value: "false" + volumeMounts: + - name: karavi-topology-secret-volume + mountPath: "/certs" + - name: karavi-topology-configmap + mountPath: "/etc/config" + restartPolicy: Always +status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.11.0/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.11.0/selfsigned-cert.yaml new file mode 100644 index 000000000..72e5ffa7f --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.11.0/selfsigned-cert.yaml @@ -0,0 +1,35 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: karavi +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: + namespace: karavi +spec: + secretName: -tls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - dell + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + - client auth + dnsNames: + - + - .karavi.svc.kubernetes.local + issuerRef: + name: selfsigned-issuer + kind: Issuer + group: cert-manager.io diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index 3ff6b6127..b45b13c55 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -134,7 +134,7 @@ spec: enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates # Allowed values: string certificate: "" diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml index 6cf9602de..a00a14120 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml @@ -178,7 +178,7 @@ spec: enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates # Allowed values: string certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml index bab04ba57..d5ecd1c59 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml @@ -178,7 +178,7 @@ spec: enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates # Allowed values: string certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" diff --git a/pkg/modules/testdata/cr_powermax_observability.yaml b/pkg/modules/testdata/cr_powermax_observability.yaml index 5ba57cd06..c8800eddd 100644 --- a/pkg/modules/testdata/cr_powermax_observability.yaml +++ b/pkg/modules/testdata/cr_powermax_observability.yaml @@ -24,7 +24,7 @@ spec: enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC diff --git a/pkg/modules/testdata/cr_powerscale_observability.yaml b/pkg/modules/testdata/cr_powerscale_observability.yaml index 103e65971..ce3c045bc 100644 --- a/pkg/modules/testdata/cr_powerscale_observability.yaml +++ b/pkg/modules/testdata/cr_powerscale_observability.yaml @@ -24,7 +24,7 @@ spec: enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC diff --git a/samples/storage_csm_powerflex_v2130.yaml b/samples/storage_csm_powerflex_v2130.yaml index 705ea3147..e57d32c44 100644 --- a/samples/storage_csm_powerflex_v2130.yaml +++ b/samples/storage_csm_powerflex_v2130.yaml @@ -230,7 +230,7 @@ spec: enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string diff --git a/samples/storage_csm_powermax_v2130.yaml b/samples/storage_csm_powermax_v2130.yaml index 50ba59a64..63498a460 100644 --- a/samples/storage_csm_powermax_v2130.yaml +++ b/samples/storage_csm_powermax_v2130.yaml @@ -330,7 +330,7 @@ spec: enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string diff --git a/samples/storage_csm_powerscale_v2130.yaml b/samples/storage_csm_powerscale_v2130.yaml index ad70808db..12c109a29 100644 --- a/samples/storage_csm_powerscale_v2130.yaml +++ b/samples/storage_csm_powerscale_v2130.yaml @@ -337,7 +337,7 @@ spec: enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-topology:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string From a59f48e6b4b5b0c0325c84fa6403d538f5813595 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Tue, 3 Dec 2024 11:17:42 -0500 Subject: [PATCH 06/31] fix: module version updated --- .../authorization/v1.13.0/cert-manager.yaml | 1100 +++++++++++++++++ .../authorization/v1.13.0/container.yaml | 27 + .../authorization/v1.13.0/custom-cert.yaml | 11 + .../authorization/v1.13.0/deployment.yaml | 467 +++++++ .../v1.13.0/local-provisioner.yaml | 21 + .../v1.13.0/nginx-ingress-controller.yaml | 663 ++++++++++ .../authorization/v1.13.0/policies.yaml | 279 +++++ .../authorization/v1.13.0/upgrade-path.yaml | 1 + .../authorization/v1.13.0/volumes.yaml | 6 + .../csireverseproxy/v2.12.0/container.yaml | 21 + .../csireverseproxy/v2.12.0/controller.yaml | 105 ++ .../csireverseproxy/v2.12.0/service.yaml | 13 + .../v1.11.0/karavi-metrics-powerflex.yaml | 2 +- .../v1.11.0/karavi-metrics-powermax.yaml | 2 +- .../v1.11.0/karavi-metrics-powerscale.yaml | 2 +- .../replication/v1.11.0/container.yaml | 24 + .../replication/v1.11.0/controller.yaml | 293 +++++ .../dell-replication-controller-config.yaml | 10 + .../v1.11.0/replicationcrds.all.yaml | 240 ++++ .../replication/v1.11.0/rules.yaml | 9 + .../container-powerflex-controller.yaml | 47 + .../v1.12.0/container-powerflex-node.yaml | 70 ++ .../container-powermax-controller.yaml | 48 + .../v1.12.0/container-powermax-node.yaml | 74 ++ .../container-powerscale-controller.yaml | 48 + .../v1.12.0/container-powerscale-node.yaml | 74 ++ .../container-powerstore-controller.yaml | 47 + .../v1.12.0/container-powerstore-node.yaml | 73 ++ .../resiliency/v1.12.0/controller-roles.yaml | 24 + .../resiliency/v1.12.0/node-roles.yaml | 21 + 30 files changed, 3819 insertions(+), 3 deletions(-) create mode 100644 operatorconfig/moduleconfig/authorization/v1.13.0/cert-manager.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.13.0/container.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.13.0/custom-cert.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.13.0/deployment.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.13.0/local-provisioner.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.13.0/nginx-ingress-controller.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.13.0/policies.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.13.0/upgrade-path.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.13.0/volumes.yaml create mode 100644 operatorconfig/moduleconfig/csireverseproxy/v2.12.0/container.yaml create mode 100644 operatorconfig/moduleconfig/csireverseproxy/v2.12.0/controller.yaml create mode 100644 operatorconfig/moduleconfig/csireverseproxy/v2.12.0/service.yaml create mode 100644 operatorconfig/moduleconfig/replication/v1.11.0/container.yaml create mode 100644 operatorconfig/moduleconfig/replication/v1.11.0/controller.yaml create mode 100644 operatorconfig/moduleconfig/replication/v1.11.0/dell-replication-controller-config.yaml create mode 100644 operatorconfig/moduleconfig/replication/v1.11.0/replicationcrds.all.yaml create mode 100644 operatorconfig/moduleconfig/replication/v1.11.0/rules.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.12.0/controller-roles.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.12.0/node-roles.yaml diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/cert-manager.yaml new file mode 100644 index 000000000..a1e2ed289 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/cert-manager.yaml @@ -0,0 +1,1100 @@ +# Copyright 2021 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Source: cert-manager/templates/cainjector-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager-cainjector + namespace: "" + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/webhook-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-cainjector + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "create", "update", "patch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiregistration.k8s.io"] + resources: ["apiservices"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["auditregistration.k8s.io"] + resources: ["auditsinks"] + verbs: ["get", "list", "watch", "update"] +--- +# Source: cert-manager/templates/rbac.yaml +# Issuer controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-issuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["issuers", "issuers/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# ClusterIssuer controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-clusterissuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers", "clusterissuers/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Certificates controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-certificates + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + verbs: ["get", "list", "watch"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["cert-manager.io"] + resources: ["certificates/finalizers", "certificaterequests/finalizers"] + verbs: ["update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders"] + verbs: ["create", "delete", "get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Orders controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-orders + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders", "orders/status"] + verbs: ["update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders", "challenges"] + verbs: ["get", "list", "watch"] + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers", "issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["create", "delete"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders/finalizers"] + verbs: ["update"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Challenges controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-challenges + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + # Use to update challenge resource status + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "challenges/status"] + verbs: ["update"] + # Used to watch challenge resources + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["get", "list", "watch"] + # Used to watch challenges, issuer and clusterissuer resources + - apiGroups: ["cert-manager.io"] + resources: ["issuers", "clusterissuers"] + verbs: ["get", "list", "watch"] + # Need to be able to retrieve ACME account private key to complete challenges + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + # Used to create events + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + # HTTP01 rules + - apiGroups: [""] + resources: ["pods", "services"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: ["networking.x-k8s.io"] + resources: ["httproutes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + # We require the ability to specify a custom hostname when we are creating + # new ingress resources. + # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148 + - apiGroups: ["route.openshift.io"] + resources: ["routes/custom-host"] + verbs: ["create"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges/finalizers"] + verbs: ["update"] + # DNS01 rules (duplicated above) + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] +--- +# Source: cert-manager/templates/rbac.yaml +# ingress-shim controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-ingress-shim + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests"] + verbs: ["create", "update", "delete"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses/finalizers"] + verbs: ["update"] + - apiGroups: ["networking.x-k8s.io"] + resources: ["gateways", "httproutes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.x-k8s.io"] + resources: ["gateways/finalizers", "httproutes/finalizers"] + verbs: ["update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-view + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "orders"] + verbs: ["get", "list", "watch"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-edit + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "orders"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +# Source: cert-manager/templates/rbac.yaml +# Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-approve:cert-manager-io + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["signers"] + verbs: ["approve"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] +--- +# Source: cert-manager/templates/rbac.yaml +# Permission to: +# - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers +# - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-certificatesigningrequests + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests/status"] + verbs: ["update"] + - apiGroups: ["certificates.k8s.io"] + resources: ["signers"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + verbs: ["sign"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-webhook:subjectaccessreviews + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-cainjector + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-cainjector +subjects: + - name: -cert-manager-cainjector + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-issuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-issuers +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-clusterissuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-clusterissuers +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: -cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-certificates + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-certificates +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-orders + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-orders +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-challenges + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-challenges +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-ingress-shim + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-ingress-shim +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-approve:cert-manager-io + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-approve:cert-manager-io +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-certificatesigningrequests + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-certificatesigningrequests +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-webhook:subjectaccessreviews + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-webhook:subjectaccessreviews +subjects: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +# leader election rules +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager-cainjector:leaderelection + namespace: kube-system + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +rules: + # Used for leader election by the controller + # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller + # see cmd/cainjector/start.go#L113 + # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller + # see cmd/cainjector/start.go#L137 + # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + verbs: ["get", "update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + verbs: ["get", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager:leaderelection + namespace: kube-system + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + # Used for leader election by the controller + # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["cert-manager-controller"] + verbs: ["get", "update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["cert-manager-controller"] + verbs: ["get", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create"] +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager-webhook:dynamic-serving + namespace: + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +# grant cert-manager permission to manage the leaderelection configmap in the +# leader election namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager-cainjector:leaderelection + namespace: kube-system + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager-cainjector:leaderelection +subjects: + - kind: ServiceAccount + name: -cert-manager-cainjector + namespace: +--- +# Source: cert-manager/templates/rbac.yaml +# grant cert-manager permission to manage the leaderelection configmap in the +# leader election namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager:leaderelection + namespace: kube-system + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager:leaderelection +subjects: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager + namespace: +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager-webhook:dynamic-serving + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager-webhook:dynamic-serving +subjects: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: +--- +# Source: cert-manager/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +spec: + type: ClusterIP + ports: + - protocol: TCP + port: 9402 + name: tcp-prometheus-servicemonitor + targetPort: 9402 + selector: + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" +--- +# Source: cert-manager/templates/webhook-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +spec: + type: ClusterIP + ports: + - name: https + port: 443 + protocol: TCP + targetPort: 10250 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" +--- +# Source: cert-manager/templates/cainjector-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager-cainjector + namespace: "" + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + template: + metadata: + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" + spec: + serviceAccountName: -cert-manager-cainjector + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --leader-election-namespace=kube-system + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} +--- +# Source: cert-manager/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + template: + metadata: + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + annotations: + prometheus.io/path: "/metrics" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' + spec: + serviceAccountName: -cert-manager + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-controller:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + ports: + - containerPort: 9402 + protocol: TCP + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} +--- +# Source: cert-manager/templates/webhook-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + template: + metadata: + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + spec: + serviceAccountName: -cert-manager-webhook + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + ports: + - name: https + protocol: TCP + containerPort: 10250 + livenessProbe: + httpGet: + path: /livez + port: 6080 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /healthz + port: 6080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} +--- +# Source: cert-manager/templates/webhook-mutating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: -cert-manager-webhook + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + annotations: + cert-manager.io/inject-ca-from-secret: "/cert-manager-webhook-ca" +webhooks: + - name: webhook.cert-manager.io + rules: + - apiGroups: + - "cert-manager.io" + - "acme.cert-manager.io" + apiVersions: + - "v1" + operations: + - CREATE + - UPDATE + resources: + - "*/*" + # We don't actually support `v1beta1` but is listed here as it is a + # required value for + # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025). + # The API server reads the supported versions in order, so _should always_ + # attempt a `v1` request which is understood by the cert-manager webhook. + # Any `v1beta1` request will return an error and fail closed for that + # resource (the whole object request is rejected). When we no longer + # support v1.16 we can remove `v1beta1` from this list. + admissionReviewVersions: ["v1", "v1beta1"] + # This webhook only accepts v1 cert-manager resources. + # Equivalent matchPolicy ensures that non-v1 resource requests are sent to + # this webhook (after the resources have been converted to v1). + matchPolicy: Equivalent + timeoutSeconds: 10 + failurePolicy: Fail + # Only include 'sideEffects' field in Kubernetes 1.12+ + sideEffects: None + clientConfig: + service: + name: -cert-manager-webhook + namespace: "" + path: /mutate +--- +# Source: cert-manager/templates/webhook-validating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: -cert-manager-webhook + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + annotations: + cert-manager.io/inject-ca-from-secret: "/cert-manager-webhook-ca" +webhooks: + - name: webhook.cert-manager.io + namespaceSelector: + matchExpressions: + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager + rules: + - apiGroups: + - "cert-manager.io" + - "acme.cert-manager.io" + apiVersions: + - "v1" + operations: + - CREATE + - UPDATE + resources: + - "*/*" + # We don't actually support `v1beta1` but is listed here as it is a + # required value for + # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025). + # The API server reads the supported versions in order, so _should always_ + # attempt a `v1` request which is understood by the cert-manager webhook. + # Any `v1beta1` request will return an error and fail closed for that + # resource (the whole object request is rejected). When we no longer + # support v1.16 we can remove `v1beta1` from this list. + admissionReviewVersions: ["v1", "v1beta1"] + # This webhook only accepts v1 cert-manager resources. + # Equivalent matchPolicy ensures that non-v1 resource requests are sent to + # this webhook (after the resources have been converted to v1). + matchPolicy: Equivalent + timeoutSeconds: 10 + failurePolicy: Fail + sideEffects: None + clientConfig: + service: + name: -cert-manager-webhook + namespace: "" + path: /validate diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/container.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/container.yaml new file mode 100644 index 000000000..afcc8be59 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/container.yaml @@ -0,0 +1,27 @@ +name: karavi-authorization-proxy +imagePullPolicy: Always +image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 +env: + - name: PROXY_HOST + value: "" + - name: INSECURE + value: "true" + - name: PLUGIN_IDENTIFIER + value: + - name: ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: proxy-authz-tokens + key: access + - name: REFRESH_TOKEN + valueFrom: + secretKeyRef: + name: proxy-authz-tokens + key: refresh +volumeMounts: + - name: karavi-authorization-config + mountPath: /etc/karavi-authorization/config + - name: proxy-server-root-certificate + mountPath: /etc/karavi-authorization/root-certificates + - name: + mountPath: /etc/karavi-authorization diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/custom-cert.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/custom-cert.yaml new file mode 100644 index 000000000..e3a89dd86 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/custom-cert.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + # replace with actual base64-encoded certificate + tls.crt: + # replace with actual base64-encoded private key + tls.key: +kind: Secret +type: kubernetes.io/tls +metadata: + name: user-provided-tls + namespace: diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/deployment.yaml new file mode 100644 index 000000000..c6e2b9047 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/deployment.yaml @@ -0,0 +1,467 @@ +# Proxy service +apiVersion: apps/v1 +kind: Deployment +metadata: + name: proxy-server + namespace: + labels: + app: proxy-server +spec: + replicas: 1 + selector: + matchLabels: + app: proxy-server + template: + metadata: + labels: + csm: + app: proxy-server + spec: + containers: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--namespaces=" + - "--enable-data" + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: storage-volume + secret: + secretName: karavi-storage-secret + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: proxy-server + namespace: +spec: + selector: + app: proxy-server + ports: + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 +--- +# Tenant Service +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tenant-service + namespace: + labels: + app: tenant-service +spec: + replicas: 1 + selector: + matchLabels: + app: tenant-service + template: + metadata: + labels: + csm: + app: tenant-service + spec: + containers: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: tenant-service + namespace: +spec: + selector: + app: tenant-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Role Service +apiVersion: v1 +kind: ServiceAccount +metadata: + name: role-service + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: role-service +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: role-service +subjects: + - kind: ServiceAccount + name: role-service + namespace: +roleRef: + kind: ClusterRole + name: role-service + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: role-service + namespace: + labels: + app: role-service +spec: + replicas: 1 + selector: + matchLabels: + app: role-service + template: + metadata: + labels: + csm: + app: role-service + spec: + serviceAccountName: role-service + containers: + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: role-service + namespace: +spec: + selector: + app: role-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Storage service +apiVersion: v1 +kind: ServiceAccount +metadata: + name: storage-service + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: storage-service +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "patch", "post"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: storage-service +subjects: + - kind: ServiceAccount + name: storage-service + namespace: +roleRef: + kind: ClusterRole + name: storage-service + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Service +metadata: + name: storage-service + namespace: +spec: + selector: + app: storage-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Redis +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-primary + namespace: + labels: + app: redis +spec: + selector: + matchLabels: + app: redis + role: primary + tier: backend + replicas: 1 + template: + metadata: + labels: + csm: + app: redis + role: primary + tier: backend + spec: + containers: + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data + volumes: + - name: redis-primary-volume + persistentVolumeClaim: + claimName: redis-primary-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: redis-primary-pv-claim + namespace: + labels: + app: redis-primary +spec: + accessModes: + - ReadWriteOnce + storageClassName: + resources: + requests: + storage: 8Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-commander + namespace: +spec: + replicas: 1 + selector: + matchLabels: + app: redis-commander + template: + metadata: + labels: + csm: + app: redis-commander + tier: backend + spec: + containers: + - name: redis-commander + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: + - name: redis-commander + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: +spec: + selector: + app: redis + ports: + - protocol: TCP + port: 6379 + targetPort: 6379 +--- +apiVersion: v1 +kind: Service +metadata: + name: redis-commander + namespace: +spec: + selector: + app: redis-commander + ports: + - protocol: TCP + port: 8081 + targetPort: 8081 +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: auth-resource-reader +rules: + - apiGroups: [""] + resources: ["secrets", "configmaps", "pods"] + verbs: ["get", "watch", "list", "patch", "create", "update", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["ingress-controller-leader"] + verbs: ["get", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:serviceaccounts: +subjects: + - kind: Group + name: system:serviceaccounts: + namespace: +roleRef: + kind: ClusterRole + name: auth-resource-reader + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: view +--- +# Grant OPA/kube-mgmt read-only access to resources. This lets kube-mgmt +# list configmaps to be loaded into OPA as policies. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: view +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: opa-viewer +roleRef: + kind: ClusterRole + name: view + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io +--- +# Define role for OPA/kube-mgmt to update configmaps with policy status. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: + name: configmap-modifier +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] +--- +# Grant OPA/kube-mgmt role defined above. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: + name: opa-configmap-modifier +roleRef: + kind: Role + name: configmap-modifier + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/local-provisioner.yaml new file mode 100644 index 000000000..507372537 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/local-provisioner.yaml @@ -0,0 +1,21 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: csm-authorization-local-storage +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: WaitForFirstConsumer +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: csm-authorization-redis +spec: + capacity: + storage: 8Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Recycle + storageClassName: csm-authorization-local-storage + hostPath: + path: /csm-authorization/redis diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/nginx-ingress-controller.yaml new file mode 100644 index 000000000..e26676c99 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/nginx-ingress-controller.yaml @@ -0,0 +1,663 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -ingress-nginx +subjects: + - kind: ServiceAccount + name: -ingress-nginx + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -ingress-nginx +subjects: + - kind: ServiceAccount + name: -ingress-nginx + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: +--- +apiVersion: v1 +data: + allow-snippet-annotations: "true" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +spec: + externalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller-admission + namespace: +spec: + ports: + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +spec: + minReadySeconds: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + template: + metadata: + labels: + csm: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + spec: + containers: + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true + dnsPolicy: ClusterFirst + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: -ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-create + namespace: +spec: + ttlSecondsAfterFinished: 10 + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-create + spec: + containers: + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: -ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-patch + namespace: +spec: + ttlSecondsAfterFinished: 10 + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-patch + spec: + containers: + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: -ingress-nginx-admission +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/policies.yaml new file mode 100644 index 000000000..ec61ed43f --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/policies.yaml @@ -0,0 +1,279 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: common + namespace: + labels: + openpolicyagent.org/policy: rego +data: + common.rego: | + package karavi.common + default roles = {} + roles = {} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-create + namespace: + labels: + openpolicyagent.org/policy: rego +data: + volumes-create.rego: | + package karavi.volumes.create + + import data.karavi.common + default allow = false + + allow { + count(permitted_roles) != 0 + count(deny) == 0 + } + + deny[msg] { + common.roles == {} + msg := sprintf("no configured roles", []) + } + + deny[msg] { + count(permitted_roles) == 0 + msg := sprintf("no roles in [%s] allow the %s Kb request on %s/%s/%s", + [input.claims.roles, + input.request.volumeSizeInKb, + input.systemtype, + input.storagesystemid, + input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] >= to_number(input.request.volumeSizeInKb) + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] == 0 + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-delete + namespace: + labels: + openpolicyagent.org/policy: rego +data: + volumes-delete.rego: | + package karavi.volumes.delete + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-map + namespace: + labels: + openpolicyagent.org/policy: rego +data: + volumes-map.rego: | + package karavi.volumes.map + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: powermax-volumes-create + namespace: + labels: + openpolicyagent.org/policy: rego +data: + volumes-powermax-create.rego: | + package karavi.volumes.powermax.create + + import data.karavi.common + + default allow = false + + allow { + count(permitted_roles) != 0 + count(deny) == 0 + } + + deny[msg] { + common.roles == {} + msg := sprintf("no configured roles", []) + } + + deny[msg] { + count(permitted_roles) == 0 + msg := sprintf("no roles in [%s] allow the %v Kb request on %s/%s/%s", + [input.claims.roles, + input.request.volumeSizeInKb, + input.systemtype, + input.storagesystemid, + input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] >= to_number(input.request.volumeSizeInKb) + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] == 0 + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-unmap + namespace: + labels: + openpolicyagent.org/policy: rego +data: + volumes-unmap.rego: | + package karavi.volumes.unmap + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sdc-approve + namespace: + labels: + openpolicyagent.org/policy: rego +data: + sdc-approve.rego: |- + package karavi.sdc.approve + + import data.karavi.common + + # Allow requests by default. + default allow = true + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/upgrade-path.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/upgrade-path.yaml new file mode 100644 index 000000000..ea2066e2d --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v1.10.1 diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/volumes.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/volumes.yaml new file mode 100644 index 000000000..ec4a5b445 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/volumes.yaml @@ -0,0 +1,6 @@ +- name: karavi-authorization-config + secret: + secretName: karavi-authorization-config +- name: proxy-server-root-certificate + secret: + secretName: proxy-server-root-certificate diff --git a/operatorconfig/moduleconfig/csireverseproxy/v2.12.0/container.yaml b/operatorconfig/moduleconfig/csireverseproxy/v2.12.0/container.yaml new file mode 100644 index 000000000..77a5d20a7 --- /dev/null +++ b/operatorconfig/moduleconfig/csireverseproxy/v2.12.0/container.yaml @@ -0,0 +1,21 @@ +name: reverseproxy +image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 +imagePullPolicy: Always +env: + - name: X_CSI_REVPROXY_CONFIG_DIR + value: /etc/config/configmap + - name: X_CSI_REVPROXY_CONFIG_FILE_NAME + value: config.yaml + - name: X_CSI_REVRPOXY_IN_CLUSTER + value: "true" + - name: X_CSI_REVPROXY_TLS_CERT_DIR + value: /app/tls + - name: X_CSI_REVPROXY_WATCH_NAMESPACE + value: +volumeMounts: + - name: configmap-volume + mountPath: /etc/config/configmap + - name: tls-secret + mountPath: /app/tls + - name: cert-dir + mountPath: /app/certs diff --git a/operatorconfig/moduleconfig/csireverseproxy/v2.12.0/controller.yaml b/operatorconfig/moduleconfig/csireverseproxy/v2.12.0/controller.yaml new file mode 100644 index 000000000..dbb2044b4 --- /dev/null +++ b/operatorconfig/moduleconfig/csireverseproxy/v2.12.0/controller.yaml @@ -0,0 +1,105 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csipowermax-reverseproxy + namespace: +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csipowermax-reverseproxy + namespace: +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch", "get"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csipowermax-reverseproxy + namespace: +subjects: + - kind: ServiceAccount + name: csipowermax-reverseproxy + namespace: +roleRef: + kind: Role + name: csipowermax-reverseproxy + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Service +metadata: + name: csipowermax-reverseproxy + namespace: +spec: + ports: + - port: + protocol: TCP + targetPort: 2222 + selector: + name: csipowermax-reverseproxy + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: csipowermax-reverseproxy + namespace: +spec: + replicas: 1 + selector: + matchLabels: + name: csipowermax-reverseproxy + template: + metadata: + labels: + name: csipowermax-reverseproxy + spec: + serviceAccountName: csipowermax-reverseproxy + containers: + - name: csipowermax-reverseproxy + # Replace this with the built image name + image: + imagePullPolicy: Always + env: + - name: X_CSI_REVPROXY_CONFIG_DIR + value: /etc/config/configmap + - name: X_CSI_REVPROXY_CONFIG_FILE_NAME + value: config.yaml + - name: X_CSI_REVRPOXY_IN_CLUSTER + value: "true" + - name: X_CSI_REVPROXY_TLS_CERT_DIR + value: /app/tls + - name: X_CSI_REVPROXY_WATCH_NAMESPACE + value: # Change this to the namespace where proxy will be installed + volumeMounts: + - name: configmap-volume + mountPath: /etc/config/configmap + - name: tls-secret + mountPath: /app/tls + - name: cert-dir + mountPath: /app/certs + volumes: + - name: configmap-volume + configMap: + name: + optional: true + - name: tls-secret + secret: + secretName: + - name: cert-dir + emptyDir: diff --git a/operatorconfig/moduleconfig/csireverseproxy/v2.12.0/service.yaml b/operatorconfig/moduleconfig/csireverseproxy/v2.12.0/service.yaml new file mode 100644 index 000000000..24e108a36 --- /dev/null +++ b/operatorconfig/moduleconfig/csireverseproxy/v2.12.0/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: csipowermax-reverseproxy + namespace: +spec: + ports: + - port: + protocol: TCP + targetPort: 2222 + selector: + app: -controller + type: ClusterIP diff --git a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerflex.yaml index 4cdf043a7..23b58b8f2 100644 --- a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerflex.yaml +++ b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerflex.yaml @@ -108,7 +108,7 @@ spec: serviceAccount: karavi-metrics-powerflex-controller containers: - name: karavi-metrics-powerflex - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 resources: {} env: - name: POWERFLEX_METRICS_ENDPOINT diff --git a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powermax.yaml index c4ab008d0..473bffe31 100644 --- a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powermax.yaml +++ b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powermax.yaml @@ -109,7 +109,7 @@ spec: serviceAccountName: karavi-metrics-powermax-controller containers: - name: karavi-metrics-powermax - image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.6.0 resources: {} env: - name: POWERMAX_METRICS_ENDPOINT diff --git a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerscale.yaml index d0ca651a1..c89b9e86a 100644 --- a/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerscale.yaml +++ b/operatorconfig/moduleconfig/observability/v1.11.0/karavi-metrics-powerscale.yaml @@ -109,7 +109,7 @@ spec: serviceAccount: karavi-metrics-powerscale-controller containers: - name: karavi-metrics-powerscale - image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.8.0 resources: {} env: - name: POWERSCALE_METRICS_ENDPOINT diff --git a/operatorconfig/moduleconfig/replication/v1.11.0/container.yaml b/operatorconfig/moduleconfig/replication/v1.11.0/container.yaml new file mode 100644 index 000000000..b92188d63 --- /dev/null +++ b/operatorconfig/moduleconfig/replication/v1.11.0/container.yaml @@ -0,0 +1,24 @@ +name: dell-csi-replicator +image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 +imagePullPolicy: Always +args: + - "--csi-address=$(ADDRESS)" + - "--leader-election=true" + - "--worker-threads=2" + - "--retry-interval-start=1s" + - "--retry-interval-max=300s" + - "--timeout=300s" + - "--context-prefix=" + - "--prefix=" +env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: X_CSI_REPLICATION_CONFIG_DIR + value: / + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: driver-config-params.yaml +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: + mountPath: / diff --git a/operatorconfig/moduleconfig/replication/v1.11.0/controller.yaml b/operatorconfig/moduleconfig/replication/v1.11.0/controller.yaml new file mode 100644 index 000000000..343953bd2 --- /dev/null +++ b/operatorconfig/moduleconfig/replication/v1.11.0/controller.yaml @@ -0,0 +1,293 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: dell-replication-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dell-replication-controller-sa + namespace: dell-replication-controller +secrets: + - name: replication-secret +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: dell-replication-manager-role +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dell-replication-metrics-reader +rules: + - nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dell-replication-proxy-role +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: v1 +kind: Secret +metadata: + name: replication-secret + namespace: dell-replication-controller + annotations: + kubernetes.io/service-account.name: dell-replication-controller-sa + kubernetes.io/service-account.namespace: dell-replication-controller +type: kubernetes.io/service-account-token +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dell-replication-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dell-replication-manager-role +subjects: + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dell-replication-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dell-replication-proxy-role +subjects: + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: dell-replication-controller-manager-metrics-service + namespace: dell-replication-controller +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: dell-replication-controller-manager + namespace: dell-replication-controller +spec: + replicas: + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + labels: + control-plane: controller-manager + spec: + serviceAccountName: dell-replication-controller-sa + containers: + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.11.0/dell-replication-controller-config.yaml b/operatorconfig/moduleconfig/replication/v1.11.0/dell-replication-controller-config.yaml new file mode 100644 index 000000000..69599f19f --- /dev/null +++ b/operatorconfig/moduleconfig/replication/v1.11.0/dell-replication-controller-config.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: dell-replication-controller-config + namespace: dell-replication-controller +data: + config.yaml: | + clusterId: "" + targets: [] + CSI_LOG_LEVEL: "debug" diff --git a/operatorconfig/moduleconfig/replication/v1.11.0/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.11.0/replicationcrds.all.yaml new file mode 100644 index 000000000..e3e6bc07e --- /dev/null +++ b/operatorconfig/moduleconfig/replication/v1.11.0/replicationcrds.all.yaml @@ -0,0 +1,240 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: dellcsimigrationgroups.replication.storage.dell.com +spec: + group: replication.storage.dell.com + names: + kind: DellCSIMigrationGroup + listKind: DellCSIMigrationGroupList + plural: dellcsimigrationgroups + shortNames: + - mg + singular: dellcsimigrationgroup + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: + type: string + migrationGroupAttributes: + additionalProperties: + type: string + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: DellCSIMigrationGroupStatus defines the observed state of DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: dellcsireplicationgroups.replication.storage.dell.com +spec: + group: replication.storage.dell.com + names: + kind: DellCSIReplicationGroup + listKind: DellCSIReplicationGroupList + plural: dellcsireplicationgroups + shortNames: + - rg + singular: dellcsireplicationgroup + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIReplicationGroupSpec defines the desired state of DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: + type: string + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: + type: string + type: object + remoteProtectionGroupId: + type: string + requestParametersClass: + type: string + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: DellCSIReplicationGroupStatus defines the observed state of DellCSIReplicationGroup + properties: + conditions: + items: + description: LastAction - Stores the last updated action + properties: + condition: + description: Condition is the last known condition of the Custom Resource + type: string + errorMessage: + description: ErrorMessage is the last error message associated with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: + type: string + type: object + type: object + type: array + lastAction: + description: LastAction - Stores the last updated action + properties: + condition: + description: Condition is the last known condition of the Custom Resource + type: string + errorMessage: + description: ErrorMessage is the last error message associated with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: + type: string + type: object + type: object + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: ErrorMessage is the last error message associated with the link state + type: string + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: LastSuccessfulUpdate is the time stamp for the last state update + format: date-time + type: string + state: + description: State is the last reported state of the Replication Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.11.0/rules.yaml b/operatorconfig/moduleconfig/replication/v1.11.0/rules.yaml new file mode 100644 index 000000000..790f60de3 --- /dev/null +++ b/operatorconfig/moduleconfig/replication/v1.11.0/rules.yaml @@ -0,0 +1,9 @@ +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml new file mode 100644 index 000000000..10a2e7e48 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml @@ -0,0 +1,47 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +imagePullPolicy: Always +args: + - "--labelvalue=csi-vxflexos" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 3 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" +env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml new file mode 100644 index 000000000..5d105e965 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml @@ -0,0 +1,70 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +imagePullPolicy: Always +securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true +args: + - "--labelvalue=csi-vxflexos" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + # Below 3 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" +env: + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_PRIVATE_MOUNT_DIR + value: /var/lib/kubelet + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: kubelet-pods + mountPath: /pods + mountPropagation: "Bidirectional" + - name: driver-path + mountPath: /plugins/vxflexos.emc.dell.com + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: usr-bin + mountPath: /usr-bin + - name: var-run + mountPath: /var/run + - name: vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml new file mode 100644 index 000000000..466d6946d --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml @@ -0,0 +1,48 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +imagePullPolicy: Always +args: + - "--labelvalue=csi-powermax" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" + - "--driverPath=csi-powermax.dellemc.com" +env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: powermax-config-params + mountPath: /powermax-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml new file mode 100644 index 000000000..24f9b1574 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml @@ -0,0 +1,74 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true +image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +imagePullPolicy: Always +args: + - "--labelvalue=csi-powermax" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/powermax.emc.dell.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" + - "--driverPath=csi-powermax.dellemc.com" +env: + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_PRIVATE_MOUNT_DIR + value: /var/lib/kubelet + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: kubelet-pods + mountPath: /pods + mountPropagation: "Bidirectional" + - name: driver-path + mountPath: /plugins/powermax.emc.dell.com + mountPropagation: "Bidirectional" + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: usr-bin + mountPath: /usr-bin + - name: var-run + mountPath: /var/run + - name: powermax-config-params + mountPath: /powermax-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml new file mode 100644 index 000000000..a35c98d2d --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml @@ -0,0 +1,48 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +imagePullPolicy: Always +args: + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driverPath=csi-isilon.dellemc.com" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" +env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml new file mode 100644 index 000000000..52e785af4 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml @@ -0,0 +1,74 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +imagePullPolicy: Always +securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true +args: + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" + - "--mode=node" + - "--driverPath=csi-isilon.dellemc.com" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" +env: + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_PRIVATE_MOUNT_DIR + value: /var/lib/kubelet + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: kubelet-pods + mountPath: /pods + mountPropagation: "Bidirectional" + - name: driver-path + mountPath: /plugins/csi-isilon + mountPropagation: "Bidirectional" + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: usr-bin + mountPath: /usr-bin + - name: var-run + mountPath: /var/run + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml new file mode 100644 index 000000000..b471f4930 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml @@ -0,0 +1,47 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +imagePullPolicy: Always +args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" +env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml new file mode 100644 index 000000000..790b82aca --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml @@ -0,0 +1,73 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true +image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +imagePullPolicy: Always +args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" +env: + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_PRIVATE_MOUNT_DIR + value: /var/lib/kubelet + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: kubelet-pods + mountPath: /pods + mountPropagation: "Bidirectional" + - name: driver-path + mountPath: /plugins/csi-powerstore.dellemc.com + mountPropagation: "Bidirectional" + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: usr-bin + mountPath: /usr-bin + - name: var-run + mountPath: /var/run + - name: powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/controller-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/controller-roles.yaml new file mode 100644 index 000000000..10abf39ec --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/controller-roles.yaml @@ -0,0 +1,24 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch"] +- apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/node-roles.yaml new file mode 100644 index 000000000..f5f8cbbc0 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/node-roles.yaml @@ -0,0 +1,21 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] From 28d92fb7276ebcfb01e0ed985857f07814f86b71 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 01:33:42 -0500 Subject: [PATCH 07/31] version update in minimal file --- samples/minimal-samples/powerflex.yaml | 2 +- samples/minimal-samples/powermax.yaml | 2 +- samples/minimal-samples/powerscale.yaml | 2 +- samples/minimal-samples/powerstore.yaml | 2 +- samples/minimal-samples/unity.yaml | 2 +- .../e2e/testfiles/minimal-testfiles/storage_csm_powerflex.yaml | 2 +- .../testfiles/minimal-testfiles/storage_csm_powerflex_auth.yaml | 2 +- .../minimal-testfiles/storage_csm_powerflex_auth_v1.yaml | 2 +- .../minimal-testfiles/storage_csm_powerflex_observability.yaml | 2 +- .../storage_csm_powerflex_observability_otel_custom_cert.yaml | 2 +- .../minimal-testfiles/storage_csm_powerflex_replica.yaml | 2 +- .../minimal-testfiles/storage_csm_powerflex_resiliency.yaml | 2 +- tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax.yaml | 2 +- .../minimal-testfiles/storage_csm_powermax_authorization.yaml | 2 +- .../minimal-testfiles/storage_csm_powermax_observability.yaml | 2 +- .../minimal-testfiles/storage_csm_powermax_replica.yaml | 2 +- .../minimal-testfiles/storage_csm_powermax_resiliency.yaml | 2 +- .../storage_csm_powermax_reverseproxy_authorization.yaml | 2 +- .../storage_csm_powermax_reverseproxy_authorization_v2.yaml | 2 +- .../e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml | 2 +- .../minimal-testfiles/storage_csm_powerscale_auth.yaml | 2 +- .../minimal-testfiles/storage_csm_powerscale_auth2.0.yaml | 2 +- .../minimal-testfiles/storage_csm_powerscale_observability.yaml | 2 +- .../storage_csm_powerscale_observability_top_custom_cert.yaml | 2 +- .../minimal-testfiles/storage_csm_powerscale_replica.yaml | 2 +- .../minimal-testfiles/storage_csm_powerscale_resiliency.yaml | 2 +- .../e2e/testfiles/minimal-testfiles/storage_csm_powerstore.yaml | 2 +- .../minimal-testfiles/storage_csm_powerstore_resiliency.yaml | 2 +- tests/e2e/testfiles/minimal-testfiles/storage_csm_unity.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax_authorization.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax_observability.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml | 2 +- 34 files changed, 34 insertions(+), 34 deletions(-) diff --git a/samples/minimal-samples/powerflex.yaml b/samples/minimal-samples/powerflex.yaml index 6683f7819..753afd209 100644 --- a/samples/minimal-samples/powerflex.yaml +++ b/samples/minimal-samples/powerflex.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerflex" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/samples/minimal-samples/powermax.yaml b/samples/minimal-samples/powermax.yaml index 9d3ce8a9b..4a0cda4f2 100644 --- a/samples/minimal-samples/powermax.yaml +++ b/samples/minimal-samples/powermax.yaml @@ -14,7 +14,7 @@ spec: # enable: Enable/Disable csm-authorization enabled: false # For Auth 2.0, use v2.0.0 as configVersion - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy envs: diff --git a/samples/minimal-samples/powerscale.yaml b/samples/minimal-samples/powerscale.yaml index 6f21e84c0..4934a211c 100644 --- a/samples/minimal-samples/powerscale.yaml +++ b/samples/minimal-samples/powerscale.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/samples/minimal-samples/powerstore.yaml b/samples/minimal-samples/powerstore.yaml index 28b698493..647d783aa 100644 --- a/samples/minimal-samples/powerstore.yaml +++ b/samples/minimal-samples/powerstore.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerstore" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: - name: resiliency diff --git a/samples/minimal-samples/unity.yaml b/samples/minimal-samples/unity.yaml index a7fe55cc0..16905b74c 100644 --- a/samples/minimal-samples/unity.yaml +++ b/samples/minimal-samples/unity.yaml @@ -6,5 +6,5 @@ metadata: spec: driver: csiDriverType: "unity" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex.yaml index 413ce08b5..2af76112a 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerflex" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth.yaml index 050e3d09b..d5d8b041a 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerflex" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth_v1.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth_v1.yaml index 8e85ed69b..70447855d 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth_v1.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth_v1.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerflex" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_observability.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_observability.yaml index 6ebdee6a7..708e816b6 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_observability.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_observability.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerflex" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: - name: observability diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml index 04b58f56c..ffd3a076f 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerflex" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: - name: observability diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_replica.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_replica.yaml index ec032290c..019ae85ab 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_replica.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_replica.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerflex" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: - name: replication diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_resiliency.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_resiliency.yaml index ce4f76f02..ee09c0464 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_resiliency.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_resiliency.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerflex" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: - name: resiliency diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax.yaml index 294c5854a..853ae8385 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: - name: authorization diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_authorization.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_authorization.yaml index 60bc622f5..c0d24317b 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_authorization.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_authorization.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: - name: authorization diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_observability.yaml index 320743b51..ded7f99df 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_observability.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: - name: observability diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_replica.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_replica.yaml index 2247e958e..5c746644e 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_replica.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_replica.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true common: image: "quay.io/dell/container-storage-modules/csi-powermax:nightly" diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_resiliency.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_resiliency.yaml index ba342767e..ea0b19152 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_resiliency.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_resiliency.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: - name: resiliency diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization.yaml index c71aeb105..60713fce3 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 common: image: "quay.io/dell/container-storage-modules/csi-powermax:nightly" forceRemoveDriver: true diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization_v2.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization_v2.yaml index dd2ed26f5..6ccfc70ae 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization_v2.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization_v2.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 common: image: "quay.io/dell/container-storage-modules/csi-powermax:nightly" forceRemoveDriver: true diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml index aae518923..de5ef0885 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml index fb09610db..84f230979 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth2.0.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth2.0.yaml index 657c13ac4..a2fb98fe8 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth2.0.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth2.0.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 forceRemoveDriver: true common: diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml index 5a0b0cfe4..d1eeb693e 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 5612be20c..65dd91779 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml index 872c0d7cf..d3926efd6 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: - name: authorization diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml index 7d4706d75..dd29465fb 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerstore.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerstore.yaml index 35d292e15..b4a259b78 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerstore.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerstore.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerstore" - configVersion: v2.12.0 + configVersion: v2.13.0 modules: - name: resiliency enabled: false diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerstore_resiliency.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerstore_resiliency.yaml index d96297255..9b4abb07f 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerstore_resiliency.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerstore_resiliency.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerstore" - configVersion: v2.12.0 + configVersion: v2.13.0 modules: - name: resiliency enabled: true diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_unity.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_unity.yaml index a7fe55cc0..16905b74c 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_unity.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_unity.yaml @@ -6,5 +6,5 @@ metadata: spec: driver: csiDriverType: "unity" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true diff --git a/tests/e2e/testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/storage_csm_powermax.yaml index c8ed1dbc3..5b2f2a515 100644 --- a/tests/e2e/testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax.yaml @@ -192,7 +192,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false diff --git a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml index e94cdb7d3..b73cb5fbd 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml @@ -201,7 +201,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index 30527d122..b88b4ff0b 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -192,7 +192,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false diff --git a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml index 2c357589c..efef50b63 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml @@ -192,7 +192,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false diff --git a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml index 15da84f16..de7aebdf5 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml @@ -192,7 +192,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false From fba141c1fd0edcaf6d298e6091086eb5ef0a7422 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 02:00:54 -0500 Subject: [PATCH 08/31] updated config yamls --- config/manager/manager.yaml | 24 +++++++++---------- ...ll-csm-operator.clusterserviceversion.yaml | 14 +++++------ config/samples/storage_v1_csm_powerflex.yaml | 10 ++++---- config/samples/storage_v1_csm_powermax.yaml | 12 +++++----- config/samples/storage_v1_csm_powerscale.yaml | 10 ++++---- config/samples/storage_v1_csm_powerstore.yaml | 2 +- config/samples/storage_v1_csm_unity.yaml | 2 +- 7 files changed, 37 insertions(+), 37 deletions(-) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 5f6e635c4..16bd718bd 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -31,17 +31,17 @@ spec: env: - value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 name: RELATED_IMAGE_dell-csm-operator - - value: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 + - value: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 name: RELATED_IMAGE_csi-isilon - - value: quay.io/dell/container-storage-modules/csi-powermax:v2.12.0 + - value: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 name: RELATED_IMAGE_csi-powermax - - value: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 + - value: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 name: RELATED_IMAGE_csipowermax-reverseproxy - - value: quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0 + - value: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 name: RELATED_IMAGE_csi-powerstore - - value: quay.io/dell/container-storage-modules/csi-unity:v2.12.0 + - value: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 name: RELATED_IMAGE_csi-unity - - value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 + - value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/sdc:4.5.2.1 name: RELATED_IMAGE_sdc @@ -57,19 +57,19 @@ spec: value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 - name: RELATED_IMAGE_csm-authorization-controller value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 - - value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + - value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 name: RELATED_IMAGE_dell-csi-replicator - - value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + - value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 name: RELATED_IMAGE_dell-replication-controller-manager - value: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 name: RELATED_IMAGE_topology - value: docker.io/otel/opentelemetry-collector:0.42.0 name: RELATED_IMAGE_otel-collector - - value: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 + - value: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.8.0 name: RELATED_IMAGE_metrics-powerscale - - value: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 + - value: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.6.0 name: RELATED_IMAGE_metrics-powermax - - value: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + - value: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 name: RELATED_IMAGE_metrics-powerflex - value: quay.io/dell/container-storage-modules/podmon:v1.11.0 name: RELATED_IMAGE_podmon-node @@ -87,7 +87,7 @@ spec: name: RELATED_IMAGE_resizer - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 name: RELATED_IMAGE_externalhealthmonitorcontroller - - value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + - value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 name: RELATED_IMAGE_metadataretriever securityContext: allowPrivilegeEscalation: false diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index 4f3308ab1..2b052bc52 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1743,7 +1743,7 @@ spec: name: csi-isilon - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 name: csi-powermax - - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 + - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 name: csipowermax-reverseproxy - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 name: csi-powerstore @@ -1765,19 +1765,19 @@ spec: name: csm-authorization-storage - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 name: csm-authorization-controller - - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 name: dell-csi-replicator - - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 name: dell-replication-controller-manager - image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 name: topology - image: docker.io/otel/opentelemetry-collector:0.42.0 name: otel-collector - - image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 + - image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.8.0 name: metrics-powerscale - - image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 + - image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.6.0 name: metrics-powermax - - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 name: metrics-powerflex - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 name: podmon-node @@ -1795,7 +1795,7 @@ spec: name: resizer - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 name: externalhealthmonitorcontroller - - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 name: metadataretriever skips: - dell-csm-operator.v1.7.0 diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index e57d32c44..ee324a08e 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -62,7 +62,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false @@ -211,7 +211,7 @@ spec: components: - name: karavi-authorization-proxy # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 for Authorization v2.0.0 - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -276,7 +276,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: false # image: Defines PowerFlex metrics image. This shouldn't be changed - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int @@ -343,7 +343,7 @@ spec: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -357,7 +357,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index 63498a460..09e3ddde0 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -212,7 +212,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false @@ -231,7 +231,7 @@ spec: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy # Default value: None - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 envs: # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key @@ -255,7 +255,7 @@ spec: configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -278,7 +278,7 @@ spec: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -293,7 +293,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -376,7 +376,7 @@ spec: # enabled: Enable/Disable PowerMax metrics enabled: false # image: Defines PowerMax metrics image. This shouldn't be changed - image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.6.0 envs: # POWERMAX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerMax # Allowed values: int diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index 12c109a29..7a23c7b39 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -243,7 +243,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false @@ -262,7 +262,7 @@ spec: configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -285,7 +285,7 @@ spec: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -300,7 +300,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -384,7 +384,7 @@ spec: enabled: false # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.8.0 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int diff --git a/config/samples/storage_v1_csm_powerstore.yaml b/config/samples/storage_v1_csm_powerstore.yaml index d7da05b1c..2a6c03df6 100644 --- a/config/samples/storage_v1_csm_powerstore.yaml +++ b/config/samples/storage_v1_csm_powerstore.yaml @@ -71,7 +71,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false diff --git a/config/samples/storage_v1_csm_unity.yaml b/config/samples/storage_v1_csm_unity.yaml index cce151c13..7da8659b0 100644 --- a/config/samples/storage_v1_csm_unity.yaml +++ b/config/samples/storage_v1_csm_unity.yaml @@ -96,7 +96,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity From 2785358e0b45a5db00cd5a90ec5b39c9ca82dcda Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 04:25:59 -0500 Subject: [PATCH 09/31] updated driver version in tests --- deploy/operator.yaml | 24 +- ...ty-controller-manager-metrics-service.yaml | 25 + .../app-mobility-controller-manager.yaml | 625 ++++ .../v1.3.0/app-mobility-crds.yaml | 745 ++++ .../v1.3.0/app-mobility-webhook-service.yaml | 68 + .../v1.3.0/certificate.yaml | 21 + .../v1.3.0/node-agent.yaml | 73 + .../v1.3.0/upgrade-path.yaml | 1 + .../v1.3.0/velero-backupstoragelocation.yaml | 18 + .../v1.3.0/velero-crds.yaml | 3255 +++++++++++++++++ .../v1.3.0/velero-deployment.yaml | 178 + .../v1.3.0/velero-secret.yaml | 14 + .../v1.3.0/velero-volumesnapshotlocation.yaml | 13 + .../powerflex/v2.13.0/controller.yaml | 2 +- .../driverconfig/powerflex/v2.13.0/node.yaml | 2 +- .../powermax/v2.13.0/controller.yaml | 2 +- .../driverconfig/powermax/v2.13.0/node.yaml | 2 +- .../powerscale/v2.13.0/controller.yaml | 2 +- .../driverconfig/powerscale/v2.13.0/node.yaml | 2 +- .../powerstore/v2.13.0/controller.yaml | 2 +- .../driverconfig/powerstore/v2.13.0/node.yaml | 2 +- .../unity/v2.13.0/controller.yaml | 2 +- 22 files changed, 5057 insertions(+), 21 deletions(-) create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-controller-manager-metrics-service.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-controller-manager.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-crds.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-webhook-service.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/certificate.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/node-agent.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/upgrade-path.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-backupstoragelocation.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-crds.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-deployment.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-secret.yaml create mode 100644 operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-volumesnapshotlocation.yaml diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 0dc32cd63..d89af7241 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1315,17 +1315,17 @@ spec: - name: RELATED_IMAGE_dell-csm-operator value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 - name: RELATED_IMAGE_csi-isilon - value: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 + value: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 - name: RELATED_IMAGE_csi-powermax - value: quay.io/dell/container-storage-modules/csi-powermax:v2.12.0 + value: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 - name: RELATED_IMAGE_csipowermax-reverseproxy - value: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 + value: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 - name: RELATED_IMAGE_csi-powerstore - value: quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0 + value: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 - name: RELATED_IMAGE_csi-unity - value: quay.io/dell/container-storage-modules/csi-unity:v2.12.0 + value: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 - name: RELATED_IMAGE_csi-vxflexos - value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 + value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - name: RELATED_IMAGE_karavi-authorization-proxy @@ -1341,19 +1341,19 @@ spec: - name: RELATED_IMAGE_csm-authorization-controller value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 - name: RELATED_IMAGE_dell-csi-replicator - value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 - name: RELATED_IMAGE_dell-replication-controller-manager - value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 - name: RELATED_IMAGE_topology value: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 - name: RELATED_IMAGE_otel-collector value: docker.io/otel/opentelemetry-collector:0.42.0 - name: RELATED_IMAGE_metrics-powerscale - value: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 + value: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.8.0 - name: RELATED_IMAGE_metrics-powermax - value: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 + value: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.6.0 - name: RELATED_IMAGE_metrics-powerflex - value: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + value: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 - name: RELATED_IMAGE_podmon-node value: quay.io/dell/container-storage-modules/podmon:v1.11.0 - name: RELATED_IMAGE_kube-rbac-proxy @@ -1371,7 +1371,7 @@ spec: - name: RELATED_IMAGE_externalhealthmonitorcontroller value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 - name: RELATED_IMAGE_metadataretriever - value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 imagePullPolicy: Always livenessProbe: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-controller-manager-metrics-service.yaml new file mode 100644 index 000000000..96b1ac2d8 --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-controller-manager-metrics-service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: application-mobility-controller-manager-metrics-service + namespace: +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -metrics-reader +rules: + - nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-controller-manager.yaml new file mode 100644 index 000000000..28efb5959 --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-controller-manager.yaml @@ -0,0 +1,625 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: application-mobility-controller-manager + namespace: +spec: + replicas: + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + csm: + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + serviceAccountName: -controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller-manager + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: -manager-role +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -leader-election-role + namespace: +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -manager-role +subjects: + - kind: ServiceAccount + name: -controller-manager + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: -manager-role + namespace: +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -leader-election-rolebinding + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -leader-election-role +subjects: + - kind: ServiceAccount + name: -controller-manager + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -proxy-role +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -proxy-role +subjects: + - kind: ServiceAccount + name: -controller-manager + namespace: +--- +apiVersion: v1 +data: + controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1\r\nkind: ControllerManagerConfig\r\nhealth:\r\n healthProbeBindAddress: :8081\r\nmetrics:\r\n bindAddress: 127.0.0.1:8080\r\nwebhook:\r\n port: 9443\r\nleaderElection:\r\n leaderElect: true\r\n resourceName: 50a66265.storage.dell.com\r\n" +kind: ConfigMap +metadata: + name: -manager-config + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -manager-rolebinding + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -manager-role +subjects: + - kind: ServiceAccount + name: -controller-manager + namespace: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-crds.yaml new file mode 100644 index 000000000..04f0456d0 --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-crds.yaml @@ -0,0 +1,745 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: application-mobility + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + controller-gen.kubebuilder.io/version: v0.7.0 + name: backups.mobility.storage.dell.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: -webhook-service + namespace: + path: /convert + conversionReviewVersions: + - v1 + group: mobility.storage.dell.com + names: + kind: Backup + listKind: BackupList + plural: backups + singular: backup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string + type: object + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: application-mobility + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: clusterconfigs.mobility.storage.dell.com +spec: + group: mobility.storage.dell.com + names: + kind: ClusterConfig + listKind: ClusterConfigList + plural: clusterconfigs + singular: clusterconfig + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: application-mobility + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: podvolumebackups.mobility.storage.dell.com +spec: + group: mobility.storage.dell.com + names: + kind: PodVolumeBackup + listKind: PodVolumeBackupList + plural: podvolumebackups + singular: podvolumebackup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: application-mobility + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: podvolumerestores.mobility.storage.dell.com +spec: + group: mobility.storage.dell.com + names: + kind: PodVolumeRestore + listKind: PodVolumeRestoreList + plural: podvolumerestores + singular: podvolumerestore + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: application-mobility + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: restores.mobility.storage.dell.com +spec: + group: mobility.storage.dell.com + names: + kind: Restore + listKind: RestoreList + plural: restores + singular: restore + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: application-mobility + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: schedules.mobility.storage.dell.com +spec: + group: mobility.storage.dell.com + names: + kind: Schedule + listKind: ScheduleList + plural: schedules + singular: schedule + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: BackupSpec is the spec of the Backup to be created on the specified Schedule. + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: Schedule is the cron expression representing when to create the Backup. + type: string + setOwnerReferencesInBackup: + description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: LastBackupTime is the last time when a backup was created successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-webhook-service.yaml new file mode 100644 index 000000000..fea760de2 --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/app-mobility-webhook-service.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + name: -webhook-service + namespace: +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -mutating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -validating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/certificate.yaml new file mode 100644 index 000000000..06216bf10 --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/certificate.yaml @@ -0,0 +1,21 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: -selfsigned-issuer + namespace: +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: -serving-cert + namespace: +spec: + dnsNames: + - -webhook-service..svc + - -webhook-service..svc.cluster.local + issuerRef: + kind: Issuer + name: -selfsigned-issuer + secretName: webhook-server-cert diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/node-agent.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/node-agent.yaml new file mode 100644 index 000000000..b160911d2 --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/node-agent.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: node-agent + namespace: + labels: + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility +spec: + selector: + matchLabels: + name: node-agent + template: + metadata: + labels: + name: node-agent + csm: application-mobility + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility + spec: + serviceAccountName: application-mobility-velero-server-service-account + terminationGracePeriodSeconds: 3600 + volumes: + - name: cloud-credentials + secret: + secretName: + - name: host-pods + hostPath: + path: /var/lib/kubelet/pods + - name: scratch + emptyDir: {} + dnsPolicy: ClusterFirst + securityContext: + runAsUser: 0 + containers: + - name: node-agent + image: + imagePullPolicy: + command: + - /velero + args: + - node-agent + - server + volumeMounts: + - name: cloud-credentials + mountPath: /credentials + - name: host-pods + mountPath: /host_pods + mountPropagation: HostToContainer + - name: scratch + mountPath: /scratch + env: + - name: VELERO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: VELERO_SCRATCH_DIR + value: /scratch + - name: AWS_SHARED_CREDENTIALS_FILE + value: /credentials/cloud + securityContext: + privileged: true + resources: + requests: + cpu: 1000m + memory: 1028Mi + limits: + cpu: 2000m + memory: 2024Mi diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/upgrade-path.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/upgrade-path.yaml new file mode 100644 index 000000000..354ccfa7c --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v1.0.3 diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-backupstoragelocation.yaml new file mode 100644 index 000000000..20231f870 --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-backupstoragelocation.yaml @@ -0,0 +1,18 @@ +apiVersion: velero.io/v1 +kind: BackupStorageLocation +metadata: + name: + namespace: + labels: + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility +spec: + provider: + accessMode: ReadWrite + objectStorage: + bucket: + default: true + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-crds.yaml new file mode 100644 index 000000000..675a641c3 --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-crds.yaml @@ -0,0 +1,3255 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: backuprepositories.velero.io +spec: + group: velero.io + names: + kind: BackupRepository + listKind: BackupRepositoryList + plural: backuprepositories + singular: backuprepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: MaintenanceFrequency is how often maintenance should be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: |- + ResticIdentifier is the full restic-compatible string for identifying + this repository. + type: string + volumeNamespace: + description: |- + VolumeNamespace is the namespace this backup repository contains + pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: LastMaintenanceTime is the last time maintenance was run. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the current status of the BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: backups.velero.io +spec: + group: velero.io + names: + kind: Backup + listKind: BackupList + plural: backups + singular: backup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. + + + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource policies that backup should follow + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: SnapshotMoveData specifies whether snapshot data should be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the uploader. + nullable: true + properties: + parallelFilesUpload: + description: ParallelFilesUpload is the number of files parallel uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: |- + BackupItemOperationsAttempted is the total number of attempted + async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: |- + BackupItemOperationsCompleted is the total number of successfully completed + async BackupItemAction operations for this backup. + type: integer + backupItemOperationsFailed: + description: |- + BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an error. + type: integer + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: |- + CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: |- + CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: |- + Errors is a count of all error messages that were generated during + execution of the backup. The actual errors are in the backup's log + file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: FailureReason is an error that caused the entire backup to fail. + type: string + formatVersion: + description: FormatVersion is the backup format version, including major, minor, and patch version. + type: string + hookStatus: + description: HookStatus contains information about the status of the hooks. + nullable: true + properties: + hooksAttempted: + description: |- + HooksAttempted is the total number of attempted hooks + Specifically, HooksAttempted represents the number of hooks that failed to execute + and the number of hooks that executed successfully. + type: integer + hooksFailed: + description: HooksFailed is the total number of hooks which ended with an error + type: integer + type: object + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: |- + Progress contains information about the backup's execution progress. Note + that this information is best-effort only -- if Velero fails to update it + during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: |- + ItemsBackedUp is the number of items that have actually been written to the + backup tarball so far. + type: integer + totalItems: + description: |- + TotalItems is the total number of items to be backed up. This number may change + throughout the execution of the backup due to plugins that return additional related + items to back up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable). + items: + type: string + nullable: true + type: array + version: + description: |- + Version is the backup format major version. + Deprecated: Please see FormatVersion + type: integer + volumeSnapshotsAttempted: + description: |- + VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: |- + VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: |- + Warnings is a count of all warning messages that were generated during + execution of the backup. The actual warnings are in the backup's log + file in object storage. + type: integer + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: backupstoragelocations.velero.io +spec: + group: velero.io + names: + kind: BackupStorageLocation + listKind: BackupStorageLocationList + plural: backupstoragelocations + shortNames: + - bsl + singular: backupstoragelocation + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: LastValidationTime is the last time the backup store location was validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: BackupStorageLocation is a location where Velero stores backup objects + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BackupStorageLocationSpec defines the desired state of a Velero BackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup storage location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + description: Default indicates this location is the default backup storage location. + type: boolean + objectStorage: + description: ObjectStorageLocation specifies the settings necessary to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for Velero storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: BackupStorageLocationStatus defines the observed state of BackupStorageLocation + properties: + accessMode: + description: |- + AccessMode is an unused field. + + + Deprecated: there is now an AccessMode field on the Spec and this field + will be removed entirely as of v2.0. + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: |- + LastSyncedRevision is the value of the `metadata/revision` file in the backup + storage location the last time the BSL's contents were synced into the cluster. + + + Deprecated: this field is no longer updated or used for detecting changes to + the location's contents and will be removed entirely in v2.0. + type: string + lastSyncedTime: + description: |- + LastSyncedTime is the last time the contents of the location were synced into + the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: |- + LastValidationTime is the last time the backup store location was validated + the cluster. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the backup storage location's status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: datadownloads.velero.io +spec: + group: velero.io + names: + kind: DataDownload + listKind: DataDownloadList + plural: datadownloads + singular: datadownload + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: DataDownload status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time duration since this DataDownload was started + jsonPath: .status.startTimestamp + name: Started + type: date + - description: Completed bytes + format: int64 + jsonPath: .status.progress.bytesDone + name: Bytes Done + type: integer + - description: Total bytes + format: int64 + jsonPath: .status.progress.totalBytes + name: Total Bytes + type: integer + - description: Name of the Backup Storage Location where the backup data is stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - description: Time duration since this DataDownload was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Name of the node where the DataDownload is processed + jsonPath: .status.node + name: Node + type: string + name: v2alpha1 + schema: + openAPIV3Schema: + description: DataDownload acts as the protocol between data mover plugins and data mover controller for the datamover restore operation + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DataDownloadSpec is the specification for a DataDownload. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + cancel: + description: |- + Cancel indicates request to cancel the ongoing DataDownload. It can be set + when the DataDownload is in InProgress phase + type: boolean + dataMoverConfig: + additionalProperties: + type: string + description: DataMoverConfig is for data-mover-specific configuration fields. + type: object + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + operationTimeout: + description: |- + OperationTimeout specifies the time used to wait internal operations, + before returning error as timeout. + type: string + snapshotID: + description: SnapshotID is the ID of the Velero backup snapshot to be restored from. + type: string + sourceNamespace: + description: |- + SourceNamespace is the original namespace where the volume is backed up from. + It may be different from SourcePVC's namespace if namespace is remapped during restore. + type: string + targetVolume: + description: TargetVolume is the information of the target PVC and PV. + properties: + namespace: + description: Namespace is the target namespace + type: string + pv: + description: PV is the name of the target PV that is created by Velero restore + type: string + pvc: + description: PVC is the name of the target PVC that is created by Velero restore + type: string + required: + - namespace + - pv + - pvc + type: object + required: + - backupStorageLocation + - operationTimeout + - snapshotID + - sourceNamespace + - targetVolume + type: object + status: + description: DataDownloadStatus is the current status of a DataDownload. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the DataDownload's status. + type: string + node: + description: Node is name of the node where the DataDownload is processed. + type: string + phase: + description: Phase is the current state of the DataDownload. + enum: + - New + - Accepted + - Prepared + - InProgress + - Canceling + - Canceled + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the snapshot and the current + number of restored bytes. This can be used to display progress information + about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: datauploads.velero.io +spec: + group: velero.io + names: + kind: DataUpload + listKind: DataUploadList + plural: datauploads + singular: dataupload + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: DataUpload status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time duration since this DataUpload was started + jsonPath: .status.startTimestamp + name: Started + type: date + - description: Completed bytes + format: int64 + jsonPath: .status.progress.bytesDone + name: Bytes Done + type: integer + - description: Total bytes + format: int64 + jsonPath: .status.progress.totalBytes + name: Total Bytes + type: integer + - description: Name of the Backup Storage Location where this backup should be stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - description: Time duration since this DataUpload was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Name of the node where the DataUpload is processed + jsonPath: .status.node + name: Node + type: string + name: v2alpha1 + schema: + openAPIV3Schema: + description: DataUpload acts as the protocol between data mover plugins and data mover controller for the datamover backup operation + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DataUploadSpec is the specification for a DataUpload. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + cancel: + description: |- + Cancel indicates request to cancel the ongoing DataUpload. It can be set + when the DataUpload is in InProgress phase + type: boolean + csiSnapshot: + description: If SnapshotType is CSI, CSISnapshot provides the information of the CSI snapshot. + nullable: true + properties: + snapshotClass: + description: SnapshotClass is the name of the snapshot class that the volume snapshot is created with + type: string + storageClass: + description: StorageClass is the name of the storage class of the PVC that the volume snapshot is created from + type: string + volumeSnapshot: + description: VolumeSnapshot is the name of the volume snapshot to be backed up + type: string + required: + - storageClass + - volumeSnapshot + type: object + dataMoverConfig: + additionalProperties: + type: string + description: DataMoverConfig is for data-mover-specific configuration fields. + nullable: true + type: object + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + operationTimeout: + description: |- + OperationTimeout specifies the time used to wait internal operations, + before returning error as timeout. + type: string + snapshotType: + description: SnapshotType is the type of the snapshot to be backed up. + type: string + sourceNamespace: + description: |- + SourceNamespace is the original namespace where the volume is backed up from. + It is the same namespace for SourcePVC and CSI namespaced objects. + type: string + sourcePVC: + description: SourcePVC is the name of the PVC which the snapshot is taken for. + type: string + required: + - backupStorageLocation + - operationTimeout + - snapshotType + - sourceNamespace + - sourcePVC + type: object + status: + description: DataUploadStatus is the current status of a DataUpload. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + dataMoverResult: + additionalProperties: + type: string + description: DataMoverResult stores data-mover-specific information as a result of the DataUpload. + nullable: true + type: object + message: + description: Message is a message about the DataUpload's status. + type: string + node: + description: Node is name of the node where the DataUpload is processed. + type: string + path: + description: Path is the full path of the snapshot volume being backed up. + type: string + phase: + description: Phase is the current state of the DataUpload. + enum: + - New + - Accepted + - Prepared + - InProgress + - Canceling + - Canceled + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the volume and the current + number of backed up bytes. This can be used to display progress information + about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: SnapshotID is the identifier for the snapshot in the backup repository. + type: string + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: deletebackuprequests.velero.io +spec: + group: velero.io + names: + kind: DeleteBackupRequest + listKind: DeleteBackupRequestList + plural: deletebackuprequests + singular: deletebackuprequest + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DeleteBackupRequestSpec is the specification for which backups to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: Errors contains any errors that were encountered during the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: downloadrequests.velero.io +spec: + group: velero.io + names: + kind: DownloadRequest + listKind: DownloadRequestList + plural: downloadrequests + singular: downloadrequest + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + DownloadRequest is a request to download an artifact from backup object storage, such as a backup + log file. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + - BackupVolumeInfos + - RestoreVolumeInfo + type: string + name: + description: Name is the name of the Kubernetes resource with which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: DownloadURL contains the pre-signed URL for the target file. + type: string + expiration: + description: Expiration is when this DownloadRequest expires and can be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: podvolumebackups.velero.io +spec: + group: velero.io + names: + kind: PodVolumeBackup + listKind: PodVolumeBackupList + plural: podvolumebackups + singular: podvolumebackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the Backup Storage Location where this backup should be stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + node: + description: Node is the name of the node that the Pod is running on. + type: string + pod: + description: Pod is a reference to the pod containing the volume to be backed up. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: + type: string + description: |- + Tags are a map of key-value pairs that should be applied to the + volume backup as tags. + type: object + uploaderSettings: + additionalProperties: + type: string + description: |- + UploaderSettings are a map of key-value pairs that should be applied to the + uploader configuration. + nullable: true + type: object + uploaderType: + description: UploaderType is the type of the uploader to handle the data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: |- + Volume is the name of the volume within the Pod to be backed + up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: Path is the full path within the controller pod being backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the volume and the current + number of backed up bytes. This can be used to display progress information + about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: SnapshotID is the identifier for the snapshot of the pod volume. + type: string + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: podvolumerestores.velero.io +spec: + group: velero.io + names: + kind: PodVolumeRestore + listKind: PodVolumeRestoreList + plural: podvolumerestores + singular: podvolumerestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + pod: + description: Pod is a reference to the pod containing the volume to be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: SourceNamespace is the original namespace for namaspace mapping. + type: string + uploaderSettings: + additionalProperties: + type: string + description: |- + UploaderSettings are a map of key-value pairs that should be applied to the + uploader configuration. + nullable: true + type: object + uploaderType: + description: UploaderType is the type of the uploader to handle the data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: Volume is the name of the volume within the Pod to be restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the snapshot and the current + number of restored bytes. This can be used to display progress information + about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: restores.velero.io +spec: + group: velero.io + names: + kind: Restore + listKind: RestoreList + plural: restores + singular: restore + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Restore is a Velero resource that represents the application of + resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: |- + BackupName is the unique name of the Velero backup to restore + from. + type: string + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: ExistingResourcePolicy specifies the restore behavior for the Kubernetes resource to be restored + nullable: true + type: string + hooks: + description: Hooks represent custom behaviors that should be executed during or post restore. + properties: + resources: + items: + description: |- + RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore hook for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments to execute from within a container after a pod has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + execTimeout: + description: |- + ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + waitForReady: + description: WaitForReady ensures command will be launched when container is Ready instead of Running. + nullable: true + type: boolean + waitTimeout: + description: |- + WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready + before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init containers to be added to a pod during its restore. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout defines the maximum amount of time Velero should wait for the initContainers to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the restore. If null, defaults + to true. + nullable: true + type: boolean + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for RestoreItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceMapping: + additionalProperties: + type: string + description: |- + NamespaceMapping is a map of source namespace names + to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when restoring individual objects from the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in restore request, only one of them + can be used + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + preserveNodePorts: + description: PreserveNodePorts specifies whether to restore old nodePorts from backup. + nullable: true + type: boolean + resourceModifier: + description: ResourceModifier specifies the reference to JSON resource patches that should be applied to resources before restoration. + nullable: true + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + restorePVs: + description: |- + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: |- + RestoreStatus specifies which resources we should restore the status + field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: ExcludedResources specifies the resources to which will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which will restore the status. + If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: |- + ScheduleName is the unique name of the Velero schedule to restore + from. If specified, and BackupName is empty, Velero will restore + from the most recent successful backup created from this schedule. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the restore. + nullable: true + properties: + parallelFilesDownload: + description: ParallelFilesDownload is the concurrency number setting for restore. + type: integer + writeSparseFiles: + description: WriteSparseFiles is a flag to indicate whether write files sparsely or not. + nullable: true + type: boolean + type: object + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time the restore operation was completed. + Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: |- + Errors is a count of all error messages that were generated during + execution of the restore. The actual errors are stored in object storage. + type: integer + failureReason: + description: FailureReason is an error that caused the entire restore to fail. + type: string + hookStatus: + description: HookStatus contains information about the status of the hooks. + nullable: true + properties: + hooksAttempted: + description: |- + HooksAttempted is the total number of attempted hooks + Specifically, HooksAttempted represents the number of hooks that failed to execute + and the number of hooks that executed successfully. + type: integer + hooksFailed: + description: HooksFailed is the total number of hooks which ended with an error + type: integer + type: object + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Finalizing + - FinalizingPartiallyFailed + type: string + progress: + description: |- + Progress contains information about the restore's execution progress. Note + that this information is best-effort only -- if Velero fails to update it + during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: ItemsRestored is the number of items that have actually been restored so far + type: integer + totalItems: + description: |- + TotalItems is the total number of items to be restored. This number may change + throughout the execution of the restore due to plugins that return additional related + items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: |- + RestoreItemOperationsAttempted is the total number of attempted + async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: |- + RestoreItemOperationsCompleted is the total number of successfully completed + async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsFailed: + description: |- + RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an error. + type: integer + startTimestamp: + description: |- + StartTimestamp records the time the restore operation was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable) + items: + type: string + nullable: true + type: array + warnings: + description: |- + Warnings is a count of all warning messages that were generated during + execution of the restore. The actual warnings are stored in object storage. + type: integer + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: schedules.velero.io +spec: + group: velero.io + names: + kind: Schedule + listKind: ScheduleList + plural: schedules + singular: schedule + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: |- + Schedule is a Velero resource that represents a pre-scheduled or + periodic Backup that should be run. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: |- + Schedule is a Cron expression defining when to run + the Backup. + type: string + skipImmediately: + description: |- + SkipImmediately specifies whether to skip backup if schedule is due immediately from `schedule.status.lastBackup` timestamp when schedule is unpaused or if schedule is new. + If true, backup will be skipped immediately when schedule is unpaused if it is due based on .Status.LastBackupTimestamp or schedule is new, and will run at next schedule time. + If false, backup will not be skipped immediately when schedule is unpaused, but will run at next schedule time. + If empty, will follow server configuration (default: false). + type: boolean + template: + description: |- + Template is the definition of the Backup to be run + on the provided schedule + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. + + + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should behave if it encounters an error executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource policies that backup should follow + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: SnapshotMoveData specifies whether snapshot data should be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the uploader. + nullable: true + properties: + parallelFilesUpload: + description: ParallelFilesUpload is the number of files parallel uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + useOwnerReferencesInBackup: + description: |- + UseOwnerReferencesBackup specifies whether to use + OwnerReferences on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: |- + LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + lastSkipped: + description: LastSkipped is the last time a Schedule was skipped + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable) + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: serverstatusrequests.velero.io +spec: + group: velero.io + names: + kind: ServerStatusRequest + listKind: ServerStatusRequestList + plural: serverstatusrequests + shortNames: + - ssr + singular: serverstatusrequest + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ServerStatusRequest is a request to access current status information about + the Velero server. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: Plugins list information about the plugins running on the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: |- + ProcessedTimestamp is when the ServerStatusRequest was processed + by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: volumesnapshotlocations.velero.io +spec: + group: velero.io + names: + kind: VolumeSnapshotLocation + listKind: VolumeSnapshotLocationList + plural: volumesnapshotlocations + shortNames: + - vsl + singular: volumesnapshotlocation + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeSnapshotLocation is a location where Velero stores volume snapshots. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: VolumeSnapshotLocationSpec defines the specification for a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: VolumeSnapshotLocationStatus describes the current status of a Velero VolumeSnapshotLocation. + properties: + phase: + description: VolumeSnapshotLocationPhase is the lifecycle phase of a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-deployment.yaml new file mode 100644 index 000000000..a9de04d2c --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-deployment.yaml @@ -0,0 +1,178 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: application-mobility-velero-server + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility +subjects: + - kind: ServiceAccount + namespace: + name: application-mobility-velero-server-service-account +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: application-mobility-velero-server + namespace: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility +rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: application-mobility-velero-server + namespace: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility +subjects: + - kind: ServiceAccount + namespace: + name: application-mobility-velero-server-service-account +roleRef: + kind: Role + name: application-mobility-velero-server + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: application-mobility-velero-server-service-account + namespace: + annotations: + labels: + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility +--- +apiVersion: v1 +kind: Service +metadata: + name: application-mobility-velero-server + namespace: + annotations: + labels: + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility +spec: + type: ClusterIP + ports: + - name: http-monitoring + port: 8085 + targetPort: http-monitoring + selector: + name: velero + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: application-mobility-velero + namespace: + annotations: + labels: + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility + component: application-mobility-velero +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/instance: application-mobility + app.kubernetes.io/name: application-mobility-velero + template: + metadata: + labels: + name: application-mobility-velero + csm: + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8085" + prometheus.io/path: "/metrics" + spec: + restartPolicy: Always + serviceAccountName: application-mobility-velero-server-service-account + containers: + - name: application-mobility-velero + image: + imagePullPolicy: + ports: + - name: http-monitoring + containerPort: 8085 + command: + - /velero + args: + - server + - --uploader-type=restic + resources: + requests: + cpu: 500m + memory: 128Mi + limits: + cpu: 1000m + memory: 512Mi + volumeMounts: + - name: plugins + mountPath: /plugins + - name: cloud-credentials + mountPath: /credentials + - name: scratch + mountPath: /scratch + - name: tmpdir + mountPath: /tmp + env: + - name: VELERO_SCRATCH_DIR + value: /scratch + - name: VELERO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: LD_LIBRARY_PATH + value: /plugins + - name: AWS_SHARED_CREDENTIALS_FILE + value: /credentials/cloud + lifecycle: + dnsPolicy: ClusterFirst + initContainers: + - name: + image: + volumeMounts: + - mountPath: /target + name: plugins + - name: + image: + volumeMounts: + - mountPath: /target + name: plugins + volumes: + - name: cloud-credentials + secret: + secretName: + - name: plugins + emptyDir: {} + - name: scratch + emptyDir: {} + - name: tmpdir + emptyDir: {} + securityContext: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-secret.yaml new file mode 100644 index 000000000..97d3defde --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-secret.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: + namespace: + labels: + app.kubernetes.io/name: application-mobility-velero + app.kubernetes.io/instance: application-mobility +type: Opaque +stringData: + cloud: |- + [] + aws_access_key_id= + aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-volumesnapshotlocation.yaml new file mode 100644 index 000000000..f5c07a208 --- /dev/null +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/velero-volumesnapshotlocation.yaml @@ -0,0 +1,13 @@ +apiVersion: velero.io/v1 +kind: VolumeSnapshotLocation +metadata: + name: + namespace: + annotations: + labels: + app.kubernetes.io/name: velero + app.kubernetes.io/instance: application-mobility +spec: + provider: + config: + region: diff --git a/tests/config/driverconfig/powerflex/v2.13.0/controller.yaml b/tests/config/driverconfig/powerflex/v2.13.0/controller.yaml index feed1f957..f5a1c2417 100644 --- a/tests/config/driverconfig/powerflex/v2.13.0/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.13.0/controller.yaml @@ -209,7 +209,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 imagePullPolicy: IfNotPresent command: ["/csi-vxflexos.sh"] args: diff --git a/tests/config/driverconfig/powerflex/v2.13.0/node.yaml b/tests/config/driverconfig/powerflex/v2.13.0/node.yaml index 7803eb49d..76462edb6 100644 --- a/tests/config/driverconfig/powerflex/v2.13.0/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.13.0/node.yaml @@ -85,7 +85,7 @@ spec: allowPrivilegeEscalation: true capabilities: add: ["SYS_ADMIN"] - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 imagePullPolicy: IfNotPresent command: ["/csi-vxflexos.sh"] args: diff --git a/tests/config/driverconfig/powermax/v2.13.0/controller.yaml b/tests/config/driverconfig/powermax/v2.13.0/controller.yaml index e90a34c50..b73aa6a72 100644 --- a/tests/config/driverconfig/powermax/v2.13.0/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.13.0/controller.yaml @@ -229,7 +229,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: quay.io/dell/container-storage-modules/csi-powermax:v2.12.0 + image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 imagePullPolicy: IfNotPresent command: ["/csi-powermax.sh"] env: diff --git a/tests/config/driverconfig/powermax/v2.13.0/node.yaml b/tests/config/driverconfig/powermax/v2.13.0/node.yaml index 9f20cb7bf..27d433e83 100644 --- a/tests/config/driverconfig/powermax/v2.13.0/node.yaml +++ b/tests/config/driverconfig/powermax/v2.13.0/node.yaml @@ -87,7 +87,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/dell/container-storage-modules/csi-powermax:v2.12.0 + image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 imagePullPolicy: IfNotPresent env: - name: X_CSI_POWERMAX_DRIVER_NAME diff --git a/tests/config/driverconfig/powerscale/v2.13.0/controller.yaml b/tests/config/driverconfig/powerscale/v2.13.0/controller.yaml index c1d12b2a7..d35bd8c48 100644 --- a/tests/config/driverconfig/powerscale/v2.13.0/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.13.0/controller.yaml @@ -232,7 +232,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 + image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 imagePullPolicy: IfNotPresent command: ["/csi-isilon"] args: diff --git a/tests/config/driverconfig/powerscale/v2.13.0/node.yaml b/tests/config/driverconfig/powerscale/v2.13.0/node.yaml index 8eab733a9..c2905f252 100644 --- a/tests/config/driverconfig/powerscale/v2.13.0/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.13.0/node.yaml @@ -77,7 +77,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/dell/container-storage-modules/csi-isilon:v2.12.0 + image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 imagePullPolicy: IfNotPresent env: - name: CSI_ENDPOINT diff --git a/tests/config/driverconfig/powerstore/v2.13.0/controller.yaml b/tests/config/driverconfig/powerstore/v2.13.0/controller.yaml index 846255bb9..7886db647 100644 --- a/tests/config/driverconfig/powerstore/v2.13.0/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.13.0/controller.yaml @@ -223,7 +223,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0 + image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 imagePullPolicy: IfNotPresent command: ["/csi-powerstore"] args: diff --git a/tests/config/driverconfig/powerstore/v2.13.0/node.yaml b/tests/config/driverconfig/powerstore/v2.13.0/node.yaml index b595cd182..9243a13f1 100644 --- a/tests/config/driverconfig/powerstore/v2.13.0/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.13.0/node.yaml @@ -91,7 +91,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.12.0 + image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 imagePullPolicy: IfNotPresent command: ["/csi-powerstore"] args: diff --git a/tests/config/driverconfig/unity/v2.13.0/controller.yaml b/tests/config/driverconfig/unity/v2.13.0/controller.yaml index 5b85d3eda..72bd30ce2 100644 --- a/tests/config/driverconfig/unity/v2.13.0/controller.yaml +++ b/tests/config/driverconfig/unity/v2.13.0/controller.yaml @@ -211,7 +211,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: quay.io/dell/container-storage-modules/csi-unity:v2.12.0 + image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" From a0403a71a228a31f238322a3bf47382192f00704 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 04:29:11 -0500 Subject: [PATCH 10/31] updated app-mobility version --- pkg/modules/testdata/cr_application_mobility.yaml | 2 +- .../testdata/cr_application_mobility_custom_region.yaml | 2 +- .../csm_application_mobility_no_velero.yaml | 2 +- .../csm_application_mobility_vanilla.yaml | 2 +- .../csm_application_mobility_with_pflex.yaml | 4 ++-- .../csm_application_mobility_with_pflex_alt.yaml | 4 ++-- .../application-mobility-templates/powerflex_noAM.yaml | 4 ++-- .../minimal-testfiles/storage_csm_powerflex_auth_v1.yaml | 2 +- .../testfiles/minimal-testfiles/storage_csm_powerscale.yaml | 2 +- .../minimal-testfiles/storage_csm_powerscale_auth.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_auth.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml | 4 ++-- .../testfiles/storage_csm_powerflex_observability_auth.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax_authorization.yaml | 2 +- .../storage_csm_powermax_observability_authorization.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml | 2 +- .../storage_csm_powermax_reverseproxy_authorization.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_auth.yaml | 2 +- .../e2e/testfiles/storage_csm_powerscale_health_monitor.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_observability.yaml | 2 +- .../testfiles/storage_csm_powerscale_observability_auth.yaml | 2 +- .../storage_csm_powerscale_observability_top_custom_cert.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_replica.yaml | 2 +- 33 files changed, 37 insertions(+), 37 deletions(-) diff --git a/pkg/modules/testdata/cr_application_mobility.yaml b/pkg/modules/testdata/cr_application_mobility.yaml index 54fac0687..ddc4e63d1 100644 --- a/pkg/modules/testdata/cr_application_mobility.yaml +++ b/pkg/modules/testdata/cr_application_mobility.yaml @@ -9,7 +9,7 @@ spec: - name: application-mobility # enable: Enable/Disable app-mobility controller enabled: true - configVersion: v1.2.0 + configVersion: v1.3.0 forceRemoveModule: true components: - name: application-mobility-controller-manager diff --git a/pkg/modules/testdata/cr_application_mobility_custom_region.yaml b/pkg/modules/testdata/cr_application_mobility_custom_region.yaml index d3027b648..3c767230b 100644 --- a/pkg/modules/testdata/cr_application_mobility_custom_region.yaml +++ b/pkg/modules/testdata/cr_application_mobility_custom_region.yaml @@ -9,7 +9,7 @@ spec: - name: application-mobility # enable: Enable/Disable app-mobility controller enabled: true - configVersion: v1.2.0 + configVersion: v1.3.0 forceRemoveModule: true components: - name: application-mobility-controller-manager diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml index 493fc5a88..f0bad6b26 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml @@ -167,7 +167,7 @@ spec: - name: application-mobility # enable: Enable/Disable app-mobility controller enabled: true - configVersion: v1.2.0 + configVersion: v1.3.0 forceRemoveModule: true components: - name: application-mobility-controller-manager diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml index 73877bf90..f94aee5ce 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml @@ -9,7 +9,7 @@ spec: - name: application-mobility # enable: Enable/Disable app-mobility controller enabled: true - configVersion: v1.2.0 + configVersion: v1.3.0 forceRemoveModule: true components: - name: application-mobility-controller-manager diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml index ffd237e30..7716c2108 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -167,7 +167,7 @@ spec: - name: application-mobility # enable: Enable/Disable app-mobility controller enabled: true - configVersion: v1.2.0 + configVersion: v1.3.0 forceRemoveModule: true components: - name: application-mobility-controller-manager diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml index e0c77cf97..476afa4be 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -167,7 +167,7 @@ spec: - name: application-mobility # enable: Enable/Disable app-mobility controller enabled: true - configVersion: v1.2.0 + configVersion: v1.3.0 forceRemoveModule: true components: - name: application-mobility-controller-manager diff --git a/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml b/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml index 802731c8a..954157a4e 100644 --- a/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -158,7 +158,7 @@ spec: - name: application-mobility # enable: Enable/Disable app-mobility controller enabled: false - configVersion: v1.2.0 + configVersion: v1.3.0 forceRemoveModule: true components: - name: application-mobility-controller-manager diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth_v1.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth_v1.yaml index 70447855d..26bfe7236 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth_v1.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth_v1.yaml @@ -13,7 +13,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy envs: diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml index de5ef0885..b48a6c212 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml @@ -14,7 +14,7 @@ spec: # enable: Enable/Disable csm-authorization enabled: false # For Auth 2.0, use v2.0.0 as configVersion - configVersion: v1.12.0 + configVersion: v1.13.0 - name: resiliency enabled: false - name: replication diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml index 84f230979..7a9e86a8a 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml @@ -14,7 +14,7 @@ spec: # enable: Enable/Disable csm-authorization enabled: true # For Auth 2.0, use v2.0.0 as configVersion - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/storage_csm_powerflex.yaml index 3e69c5c71..a65f15fba 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex.yaml @@ -167,7 +167,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml index 2365186d7..b144d9627 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml @@ -156,7 +156,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml index 334446353..22cbcbab4 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml @@ -155,7 +155,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml index 96d7d0202..552818b77 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml @@ -155,7 +155,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml index 1066993b7..d0f0e4119 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml @@ -156,7 +156,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml index c399075af..9db5a5a9b 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml @@ -129,7 +129,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml index a68bfdca2..91a67432b 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.12.0 + configVersion: v2.13.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -158,7 +158,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml index c4f7837a6..f372182f1 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml @@ -129,7 +129,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml index b73cb5fbd..f7a363f12 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml @@ -32,7 +32,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml index 3ec92763e..54537e8d8 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml @@ -32,7 +32,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.12.0 + configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 diff --git a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml index efef50b63..aaf2df99c 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml @@ -32,7 +32,7 @@ spec: # false: disable storage capacity tracking storageCapacity: true # Config version for CSI PowerMax v2.10.1 driver - configVersion: v2.12.0 + configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 diff --git a/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml index 131e12545..af7f37b0c 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml @@ -32,7 +32,7 @@ spec: # false: disable storage capacity tracking storageCapacity: true # Config version for CSI PowerMax v2.10.1 driver - configVersion: v2.12.0 + configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 diff --git a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml index de7aebdf5..010e5e7e7 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml @@ -32,7 +32,7 @@ spec: # false: disable storage capacity tracking storageCapacity: true # Config version for CSI PowerMax v2.10.1 driver - configVersion: v2.12.0 + configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index 8f55132b6..8df6e1152 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -229,7 +229,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml index 85e45b1a2..b4c50b4a2 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml @@ -245,7 +245,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml index 266453ced..e15245c0a 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml @@ -229,7 +229,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml index 384ec0bcd..bbf1d60ef 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml @@ -229,7 +229,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml index a87d323b7..92c9d5d4a 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml @@ -221,7 +221,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml index 093002314..7c00ffa8a 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml @@ -222,7 +222,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index 330ed71af..da41d0e5c 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -222,7 +222,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml index 42d524a8f..933bb93d3 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml @@ -217,7 +217,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 5a28f7cae..7cbab56f1 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -222,7 +222,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml index 46c28cc95..fef3cad9d 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml @@ -222,7 +222,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly From c39402172480a9208230e430be443a34d177146a Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 05:11:54 -0500 Subject: [PATCH 11/31] updated version in common --- ...ll-csm-operator.clusterserviceversion.yaml | 16 ++++----- ...ll-csm-operator.clusterserviceversion.yaml | 2 +- config/samples/storage_v1_csm_powerflex.yaml | 2 +- config/samples/storage_v1_csm_powermax.yaml | 2 +- config/samples/storage_v1_csm_powerscale.yaml | 2 +- .../moduleconfig/common/version-values.yaml | 34 +++++++++---------- .../testdata/cr_powerflex_observability.yaml | 2 +- ...r_powerflex_observability_custom_cert.yaml | 2 +- ...observability_custom_cert_missing_key.yaml | 2 +- .../testdata/cr_powermax_observability.yaml | 2 +- .../testdata/cr_powerscale_observability.yaml | 2 +- samples/storage_csm_powerflex_v2130.yaml | 2 +- samples/storage_csm_powermax_v2130.yaml | 4 +-- samples/storage_csm_powerscale_v2130.yaml | 2 +- .../e2e/testfiles/storage_csm_powerflex.yaml | 2 +- .../storage_csm_powerflex_alt_vals_1.yaml | 2 +- .../storage_csm_powerflex_alt_vals_2.yaml | 2 +- .../storage_csm_powerflex_alt_vals_3.yaml | 2 +- .../storage_csm_powerflex_alt_vals_4.yaml | 2 +- .../storage_csm_powerflex_health_monitor.yaml | 2 +- .../storage_csm_powerflex_no_sdc.yaml | 2 +- .../storage_csm_powerflex_observability.yaml | 2 +- ...rage_csm_powerflex_observability_auth.yaml | 2 +- ...m_powerflex_observability_custom_cert.yaml | 2 +- ...erflex_observability_otel_custom_cert.yaml | 2 +- .../storage_csm_powermax_observability.yaml | 2 +- ..._powermax_observability_authorization.yaml | 2 +- .../e2e/testfiles/storage_csm_powerscale.yaml | 2 +- .../storage_csm_powerscale_alt_vals_1.yaml | 2 +- .../storage_csm_powerscale_alt_vals_2.yaml | 2 +- .../storage_csm_powerscale_alt_vals_3.yaml | 2 +- ...storage_csm_powerscale_health_monitor.yaml | 2 +- .../storage_csm_powerscale_observability.yaml | 2 +- ...age_csm_powerscale_observability_auth.yaml | 2 +- ...erscale_observability_top_custom_cert.yaml | 2 +- .../storage_csm_powerscale_replica.yaml | 2 +- 36 files changed, 60 insertions(+), 60 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index b8ff5a75c..da630b111 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -400,7 +400,7 @@ metadata: "name": "metrics-powerscale" } ], - "configVersion": "v1.10.0", + "configVersion": "v1.11.0", "enabled": false, "name": "observability" }, @@ -635,7 +635,7 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0", + "image": "quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0", "name": "csipowermax-reverseproxy" } ], @@ -788,7 +788,7 @@ metadata: "name": "metrics-powermax" } ], - "configVersion": "v1.10.0", + "configVersion": "v1.11.0", "enabled": false, "name": "observability" }, @@ -1397,7 +1397,7 @@ metadata: "name": "metrics-powerflex" } ], - "configVersion": "v1.10.0", + "configVersion": "v1.11.0", "enabled": false, "name": "observability" }, @@ -1444,7 +1444,7 @@ metadata: "name": "dell-replication-controller-manager" } ], - "configVersion": "v1.10.0", + "configVersion": "v1.11.0", "enabled": false, "name": "replication" }, @@ -4360,7 +4360,7 @@ spec: - name: RELATED_IMAGE_csi-powermax value: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 - name: RELATED_IMAGE_csipowermax-reverseproxy - value: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 + value: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 - name: RELATED_IMAGE_csi-powerstore value: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 - name: RELATED_IMAGE_csi-unity @@ -4480,7 +4480,7 @@ spec: name: csi-isilon - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 name: csi-powermax - - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 + - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 name: csipowermax-reverseproxy - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 name: csi-powerstore @@ -4535,5 +4535,5 @@ spec: - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 name: metadataretriever skips: - - dell-csm-operator.v1.7.0 + - dell-csm-operator.v1.8.0 version: 1.8.0 diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index 2b052bc52..1e075c66c 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1798,5 +1798,5 @@ spec: - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 name: metadataretriever skips: - - dell-csm-operator.v1.7.0 + - dell-csm-operator.v1.8.0 version: 1.8.0 diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index ee324a08e..125fc5a68 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -223,7 +223,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index 09e3ddde0..e2fe74ee4 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -323,7 +323,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index 7a23c7b39..cb26b5630 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -330,7 +330,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/operatorconfig/moduleconfig/common/version-values.yaml b/operatorconfig/moduleconfig/common/version-values.yaml index ff1036e2f..161e8e136 100644 --- a/operatorconfig/moduleconfig/common/version-values.yaml +++ b/operatorconfig/moduleconfig/common/version-values.yaml @@ -1,11 +1,6 @@ # Driver Type powerscale: # List of Driver versions and modules that supports the version - v2.10.1: - authorization: "v1.10.1" - replication: "v1.8.1" - observability: "v1.8.1" - resiliency: "v1.9.1" v2.11.0: authorization: "v1.11.0" replication: "v1.9.0" @@ -16,13 +11,13 @@ powerscale: replication: "v1.10.0" observability: "v1.10.0" resiliency: "v1.11.0" + v2.13.0: + authorization: "v1.13.0" + replication: "v1.11.0" + observability: "v1.11.0" + resiliency: "v1.12.0" powerflex: # List of Driver versions and modules that supports the version - v2.10.1: - authorization: "v1.10.1" - observability: "v1.8.1" - replication: "v1.8.1" - resiliency: "v1.9.1" v2.11.0: authorization: "v1.11.0" observability: "v1.9.0" @@ -33,21 +28,21 @@ powerflex: replication: "v1.10.0" observability: "v1.10.0" resiliency: "v1.11.0" + v2.13.0: + authorization: "v1.13.0" + replication: "v1.11.0" + observability: "v1.11.0" + resiliency: "v1.12.0" powerstore: # List of Driver versions and modules that supports the version - v2.10.1: - resiliency: "v1.9.1" v2.11.0: resiliency: "v1.10.0" v2.12.0: resiliency: "v1.11.0" + v2.13.0: + resiliency: "v1.12.0" powermax: # List of Driver versions and modules that supports the version - v2.10.1: - csireverseproxy: "v2.9.1" - authorization: "v1.10.1" - observability: "v1.8.1" - replication: "v1.8.1" v2.11.0: csireverseproxy: "v2.11.0" authorization: "v1.11.0" @@ -60,3 +55,8 @@ powermax: replication: "v1.10.0" observability: "v1.10.0" resiliency: "v1.11.0" + v2.13.0: + authorization: "v1.13.0" + replication: "v1.11.0" + observability: "v1.11.0" + resiliency: "v1.12.0" diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index b45b13c55..77515a1f5 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -127,7 +127,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml index a00a14120..169352499 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml @@ -171,7 +171,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml index d5ecd1c59..eae193282 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml @@ -171,7 +171,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/pkg/modules/testdata/cr_powermax_observability.yaml b/pkg/modules/testdata/cr_powermax_observability.yaml index c8800eddd..98d013754 100644 --- a/pkg/modules/testdata/cr_powermax_observability.yaml +++ b/pkg/modules/testdata/cr_powermax_observability.yaml @@ -17,7 +17,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/pkg/modules/testdata/cr_powerscale_observability.yaml b/pkg/modules/testdata/cr_powerscale_observability.yaml index ce3c045bc..ec30cb766 100644 --- a/pkg/modules/testdata/cr_powerscale_observability.yaml +++ b/pkg/modules/testdata/cr_powerscale_observability.yaml @@ -17,7 +17,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/samples/storage_csm_powerflex_v2130.yaml b/samples/storage_csm_powerflex_v2130.yaml index e57d32c44..8049b4935 100644 --- a/samples/storage_csm_powerflex_v2130.yaml +++ b/samples/storage_csm_powerflex_v2130.yaml @@ -223,7 +223,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/samples/storage_csm_powermax_v2130.yaml b/samples/storage_csm_powermax_v2130.yaml index 63498a460..b89c94a20 100644 --- a/samples/storage_csm_powermax_v2130.yaml +++ b/samples/storage_csm_powermax_v2130.yaml @@ -231,7 +231,7 @@ spec: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy # Default value: None - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 envs: # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key @@ -323,7 +323,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/samples/storage_csm_powerscale_v2130.yaml b/samples/storage_csm_powerscale_v2130.yaml index 12c109a29..e000f6831 100644 --- a/samples/storage_csm_powerscale_v2130.yaml +++ b/samples/storage_csm_powerscale_v2130.yaml @@ -330,7 +330,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/storage_csm_powerflex.yaml index a65f15fba..00d912ec2 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex.yaml @@ -182,7 +182,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml index b144d9627..780fbd70a 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml @@ -171,7 +171,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml index 22cbcbab4..9099c7ac4 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml @@ -170,7 +170,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml index 552818b77..0e0160148 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml @@ -170,7 +170,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml index d0f0e4119..8537c00a3 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml @@ -171,7 +171,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml index d07eb9516..1e01ddacb 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml @@ -171,7 +171,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml index 91a67432b..9731335ed 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml @@ -173,7 +173,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml index 8b0e853a1..2daf1c88f 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml @@ -129,7 +129,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml index f372182f1..f3acef7c3 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml @@ -144,7 +144,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml index 4b86449e7..f2a6f36ae 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml @@ -129,7 +129,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml index 07f2d3f74..fc8e82f92 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml @@ -129,7 +129,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index b88b4ff0b..340100524 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -236,7 +236,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml index 54537e8d8..2532f3124 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml @@ -259,7 +259,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index 8df6e1152..997a9bf40 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -304,7 +304,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml index b4c50b4a2..f9c1374b4 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml @@ -320,7 +320,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml index e15245c0a..853cc85a5 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml @@ -304,7 +304,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml index bbf1d60ef..832ecc17b 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml @@ -304,7 +304,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml index 7c00ffa8a..56bb2e996 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml @@ -297,7 +297,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index da41d0e5c..034d73c80 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -297,7 +297,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml index 933bb93d3..8bb8d4c07 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml @@ -232,7 +232,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 7cbab56f1..67ca3ec85 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -297,7 +297,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml index fef3cad9d..7fb268acb 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml @@ -297,7 +297,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.10.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology From 1e9fed73086f6dbb7636dbf4422a83715826d0be Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 05:31:13 -0500 Subject: [PATCH 12/31] version update for replication --- ...ll-csm-operator.clusterserviceversion.yaml | 38 +++++++++---------- .../testdata/cr_powerflex_observability.yaml | 2 +- ...r_powerflex_observability_custom_cert.yaml | 2 +- ...observability_custom_cert_missing_key.yaml | 2 +- .../testdata/cr_powerflex_replica.yaml | 4 +- .../testdata/cr_powermax_observability.yaml | 2 +- pkg/modules/testdata/cr_powermax_replica.yaml | 4 +- .../testdata/cr_powerscale_observability.yaml | 2 +- .../testdata/cr_powerscale_replica.yaml | 4 +- samples/storage_csm_powerflex_v2130.yaml | 6 +-- samples/storage_csm_powermax_v2130.yaml | 6 +-- samples/storage_csm_powerscale_v2130.yaml | 6 +-- 12 files changed, 39 insertions(+), 39 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index da630b111..71431c825 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -278,7 +278,7 @@ metadata: "value": "powerscale" } ], - "image": "quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0", + "image": "quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0", "name": "dell-csi-replicator" }, { @@ -304,7 +304,7 @@ metadata: "value": "5m" } ], - "image": "quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0", + "image": "quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0", "name": "dell-replication-controller-manager" } ], @@ -396,7 +396,7 @@ metadata: "value": "otel-collector:55680" } ], - "image": "quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0", + "image": "quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.8.0", "name": "metrics-powerscale" } ], @@ -678,7 +678,7 @@ metadata: "value": "powermax" } ], - "image": "quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0", + "image": "quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0", "name": "dell-csi-replicator" }, { @@ -704,7 +704,7 @@ metadata: "value": "5m" } ], - "image": "quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0", + "image": "quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0", "name": "dell-replication-controller-manager" } ], @@ -784,7 +784,7 @@ metadata: "value": "powermax-reverseproxy-config" } ], - "image": "quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0", + "image": "quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.6.0", "name": "metrics-powermax" } ], @@ -1393,7 +1393,7 @@ metadata: "value": "otel-collector:55680" } ], - "image": "quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0", + "image": "quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0", "name": "metrics-powerflex" } ], @@ -1414,7 +1414,7 @@ metadata: "value": "powerflex" } ], - "image": "quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0", + "image": "quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0", "name": "dell-csi-replicator" }, { @@ -1440,7 +1440,7 @@ metadata: "value": "5m" } ], - "image": "quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0", + "image": "quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0", "name": "dell-replication-controller-manager" } ], @@ -4382,19 +4382,19 @@ spec: - name: RELATED_IMAGE_csm-authorization-controller value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 - name: RELATED_IMAGE_dell-csi-replicator - value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 - name: RELATED_IMAGE_dell-replication-controller-manager - value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 - name: RELATED_IMAGE_topology value: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 - name: RELATED_IMAGE_otel-collector value: docker.io/otel/opentelemetry-collector:0.42.0 - name: RELATED_IMAGE_metrics-powerscale - value: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 + value: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.8.0 - name: RELATED_IMAGE_metrics-powermax - value: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 + value: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.6.0 - name: RELATED_IMAGE_metrics-powerflex - value: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + value: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 - name: RELATED_IMAGE_podmon-node value: quay.io/dell/container-storage-modules/podmon:v1.11.0 - name: RELATED_IMAGE_kube-rbac-proxy @@ -4502,19 +4502,19 @@ spec: name: csm-authorization-storage - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 name: csm-authorization-controller - - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 name: dell-csi-replicator - - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 name: dell-replication-controller-manager - image: quay.io/dell/container-storage-modules/csm-topology:v1.11.0 name: topology - image: docker.io/otel/opentelemetry-collector:0.42.0 name: otel-collector - - image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 + - image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.8.0 name: metrics-powerscale - - image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 + - image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.6.0 name: metrics-powermax - - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 name: metrics-powerflex - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 name: podmon-node diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index 77515a1f5..05342e9b9 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -176,7 +176,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: true # image: Defines PowerFlex metrics image. This shouldn't be changed - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml index 169352499..96d27876c 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml @@ -220,7 +220,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: true # image: Defines PowerFlex metrics image. This shouldn't be changed - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml index eae193282..fcb9bc1e5 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml @@ -220,7 +220,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: true # image: Defines PowerFlex metrics image. This shouldn't be changed - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/pkg/modules/testdata/cr_powerflex_replica.yaml b/pkg/modules/testdata/cr_powerflex_replica.yaml index c3c495e69..c998a7af7 100644 --- a/pkg/modules/testdata/cr_powerflex_replica.yaml +++ b/pkg/modules/testdata/cr_powerflex_replica.yaml @@ -21,14 +21,14 @@ spec: enabled: true components: - name: dell-csi-replicator - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 envs: - name: "X_CSI_REPLICATION_PREFIX" value: "replication.storage.dell.com" - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" value: "powerflex" - name: dell-replication-controller-manager - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 envs: - name: "TARGET_CLUSTERS_IDS" value: "test-target-cluster-1,test-target-cluster-2" diff --git a/pkg/modules/testdata/cr_powermax_observability.yaml b/pkg/modules/testdata/cr_powermax_observability.yaml index 98d013754..249dc1272 100644 --- a/pkg/modules/testdata/cr_powermax_observability.yaml +++ b/pkg/modules/testdata/cr_powermax_observability.yaml @@ -47,7 +47,7 @@ spec: # enabled: Enable/Disable PowerMax metrics enabled: true # image: Defines PowerMax metrics image. This shouldn't be changed - image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.6.0 envs: # POWERMAX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerMax # Allowed values: int diff --git a/pkg/modules/testdata/cr_powermax_replica.yaml b/pkg/modules/testdata/cr_powermax_replica.yaml index a41bc94e4..c0f06881b 100644 --- a/pkg/modules/testdata/cr_powermax_replica.yaml +++ b/pkg/modules/testdata/cr_powermax_replica.yaml @@ -29,14 +29,14 @@ spec: enabled: true components: - name: dell-csi-replicator - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 envs: - name: "X_CSI_REPLICATION_PREFIX" value: "replication.storage.dell.com/" - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" value: "powermax/" - name: dell-replication-controller-manager - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 envs: - name: "TARGET_CLUSTERS_IDS" value: "test-target-cluster-1,test-target-cluster-2" diff --git a/pkg/modules/testdata/cr_powerscale_observability.yaml b/pkg/modules/testdata/cr_powerscale_observability.yaml index ec30cb766..a608f62b1 100644 --- a/pkg/modules/testdata/cr_powerscale_observability.yaml +++ b/pkg/modules/testdata/cr_powerscale_observability.yaml @@ -48,7 +48,7 @@ spec: enabled: true # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.8.0 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int diff --git a/pkg/modules/testdata/cr_powerscale_replica.yaml b/pkg/modules/testdata/cr_powerscale_replica.yaml index d51367cf9..2dc5d2fa8 100644 --- a/pkg/modules/testdata/cr_powerscale_replica.yaml +++ b/pkg/modules/testdata/cr_powerscale_replica.yaml @@ -17,14 +17,14 @@ spec: enabled: true components: - name: dell-csi-replicator - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 envs: - name: "X_CSI_REPLICATION_PREFIX" value: "replication.storage.dell.com" - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" value: "powerscale" - name: dell-replication-controller-manager - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 envs: - name: "TARGET_CLUSTERS_IDS" value: "test-target-cluster-1,test-target-cluster-2" diff --git a/samples/storage_csm_powerflex_v2130.yaml b/samples/storage_csm_powerflex_v2130.yaml index 8049b4935..53aa0ce28 100644 --- a/samples/storage_csm_powerflex_v2130.yaml +++ b/samples/storage_csm_powerflex_v2130.yaml @@ -276,7 +276,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: false # image: Defines PowerFlex metrics image. This shouldn't be changed - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int @@ -343,7 +343,7 @@ spec: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -357,7 +357,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration diff --git a/samples/storage_csm_powermax_v2130.yaml b/samples/storage_csm_powermax_v2130.yaml index b89c94a20..473a634e5 100644 --- a/samples/storage_csm_powermax_v2130.yaml +++ b/samples/storage_csm_powermax_v2130.yaml @@ -278,7 +278,7 @@ spec: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -293,7 +293,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -376,7 +376,7 @@ spec: # enabled: Enable/Disable PowerMax metrics enabled: false # image: Defines PowerMax metrics image. This shouldn't be changed - image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.5.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powermax:v1.6.0 envs: # POWERMAX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerMax # Allowed values: int diff --git a/samples/storage_csm_powerscale_v2130.yaml b/samples/storage_csm_powerscale_v2130.yaml index e000f6831..507414114 100644 --- a/samples/storage_csm_powerscale_v2130.yaml +++ b/samples/storage_csm_powerscale_v2130.yaml @@ -285,7 +285,7 @@ spec: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -300,7 +300,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -384,7 +384,7 @@ spec: enabled: false # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.7.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:v1.8.0 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int From 504d3dc018901e9d53e7476de0fd76cb88eb077a Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 05:46:06 -0500 Subject: [PATCH 13/31] update podmon version --- ...ll-csm-operator.clusterserviceversion.yaml | 20 +++++++++---------- config/manager/manager.yaml | 2 +- ...ll-csm-operator.clusterserviceversion.yaml | 2 +- config/samples/storage_v1_csm_powerflex.yaml | 6 +++--- config/samples/storage_v1_csm_powermax.yaml | 6 +++--- config/samples/storage_v1_csm_powerscale.yaml | 6 +++--- config/samples/storage_v1_csm_powerstore.yaml | 6 +++--- deploy/operator.yaml | 2 +- .../container-powerflex-controller.yaml | 2 +- .../v1.12.0/container-powerflex-node.yaml | 2 +- .../container-powermax-controller.yaml | 2 +- .../v1.12.0/container-powermax-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.12.0/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.12.0/container-powerstore-node.yaml | 2 +- .../testdata/cr_powerflex_resiliency.yaml | 6 +++--- .../testdata/cr_powermax_resiliency.yaml | 4 ++-- .../testdata/cr_powerscale_resiliency.yaml | 6 +++--- samples/storage_csm_powerflex_v2130.yaml | 6 +++--- samples/storage_csm_powermax_v2130.yaml | 6 +++--- samples/storage_csm_powerscale_v2130.yaml | 6 +++--- samples/storage_csm_powerstore_v2130.yaml | 6 +++--- .../e2e/testfiles/storage_csm_powerflex.yaml | 2 +- .../storage_csm_powerflex_resiliency.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax.yaml | 2 +- .../storage_csm_powermax_resiliency.yaml | 2 +- .../e2e/testfiles/storage_csm_powerscale.yaml | 2 +- .../storage_csm_powerscale_observability.yaml | 2 +- ...erscale_observability_top_custom_cert.yaml | 2 +- .../storage_csm_powerscale_replica.yaml | 2 +- .../storage_csm_powerscale_resiliency.yaml | 2 +- .../e2e/testfiles/storage_csm_powerstore.yaml | 2 +- .../storage_csm_powerstore_resiliency.yaml | 2 +- 34 files changed, 64 insertions(+), 64 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 71431c825..75f542d87 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -419,7 +419,7 @@ metadata: "--driverPath=csi-isilon.dellemc.com", "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" ], - "image": "quay.io/dell/container-storage-modules/podmon:v1.11.0", + "image": "quay.io/dell/container-storage-modules/podmon:v1.12.0", "imagePullPolicy": "IfNotPresent", "name": "podmon-controller" }, @@ -441,7 +441,7 @@ metadata: "value": "8083" } ], - "image": "quay.io/dell/container-storage-modules/podmon:v1.11.0", + "image": "quay.io/dell/container-storage-modules/podmon:v1.12.0", "imagePullPolicy": "IfNotPresent", "name": "podmon-node" } @@ -807,7 +807,7 @@ metadata: "--driver-config-params=/powermax-config-params/driver-config-params.yaml", "--driverPath=csi-powermax.dellemc.com" ], - "image": "quay.io/dell/container-storage-modules/podmon:v1.11.0", + "image": "quay.io/dell/container-storage-modules/podmon:v1.12.0", "imagePullPolicy": "IfNotPresent", "name": "podmon-controller" }, @@ -829,7 +829,7 @@ metadata: "value": "8083" } ], - "image": "quay.io/dell/container-storage-modules/podmon:v1.11.0", + "image": "quay.io/dell/container-storage-modules/podmon:v1.12.0", "imagePullPolicy": "IfNotPresent", "name": "podmon-node" } @@ -973,7 +973,7 @@ metadata: "--driver-config-params=/powerstore-config-params/driver-config-params.yaml", "--driverPath=csi-powerstore.dellemc.com" ], - "image": "quay.io/dell/container-storage-modules/podmon:v1.11.0", + "image": "quay.io/dell/container-storage-modules/podmon:v1.12.0", "imagePullPolicy": "IfNotPresent", "name": "podmon-controller" }, @@ -995,7 +995,7 @@ metadata: "value": "8083" } ], - "image": "quay.io/dell/container-storage-modules/podmon:v1.11.0", + "image": "quay.io/dell/container-storage-modules/podmon:v1.12.0", "imagePullPolicy": "IfNotPresent", "name": "podmon-node" } @@ -1462,7 +1462,7 @@ metadata: "--mode=controller", "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" ], - "image": "quay.io/dell/container-storage-modules/podmon:v1.11.0", + "image": "quay.io/dell/container-storage-modules/podmon:v1.12.0", "imagePullPolicy": "IfNotPresent", "name": "podmon-controller" }, @@ -1483,7 +1483,7 @@ metadata: "value": "8083" } ], - "image": "quay.io/dell/container-storage-modules/podmon:v1.11.0", + "image": "quay.io/dell/container-storage-modules/podmon:v1.12.0", "imagePullPolicy": "IfNotPresent", "name": "podmon-node" } @@ -4396,7 +4396,7 @@ spec: - name: RELATED_IMAGE_metrics-powerflex value: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 - name: RELATED_IMAGE_podmon-node - value: quay.io/dell/container-storage-modules/podmon:v1.11.0 + value: quay.io/dell/container-storage-modules/podmon:v1.12.0 - name: RELATED_IMAGE_kube-rbac-proxy value: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9:v4.16.0-202409051837.p0.g8ea2c99.assembly.stream.el9 - name: RELATED_IMAGE_attacher @@ -4516,7 +4516,7 @@ spec: name: metrics-powermax - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 name: metrics-powerflex - - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + - image: quay.io/dell/container-storage-modules/podmon:v1.12.0 name: podmon-node - image: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9:v4.16.0-202409051837.p0.g8ea2c99.assembly.stream.el9 name: kube-rbac-proxy diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 16bd718bd..dc796bdf6 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -71,7 +71,7 @@ spec: name: RELATED_IMAGE_metrics-powermax - value: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 name: RELATED_IMAGE_metrics-powerflex - - value: quay.io/dell/container-storage-modules/podmon:v1.11.0 + - value: quay.io/dell/container-storage-modules/podmon:v1.12.0 name: RELATED_IMAGE_podmon-node - value: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9:v4.16.0-202409051837.p0.g8ea2c99.assembly.stream.el9 name: RELATED_IMAGE_kube-rbac-proxy diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index 1e075c66c..e2c0edb5c 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1779,7 +1779,7 @@ spec: name: metrics-powermax - image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 name: metrics-powerflex - - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + - image: quay.io/dell/container-storage-modules/podmon:v1.12.0 name: podmon-node - image: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9:v4.16.0-202409051837.p0.g8ea2c99.assembly.stream.el9 name: kube-rbac-proxy diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index 125fc5a68..fd403000a 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -390,10 +390,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-vxflexos" @@ -407,7 +407,7 @@ spec: - "--mode=controller" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index e2fe74ee4..d4048e257 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -428,10 +428,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-powermax" @@ -446,7 +446,7 @@ spec: - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" - "--driverPath=csi-powermax.dellemc.com" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index cb26b5630..f5794774d 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -453,10 +453,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-isilon" @@ -471,7 +471,7 @@ spec: - "--driverPath=csi-isilon.dellemc.com" - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/config/samples/storage_v1_csm_powerstore.yaml b/config/samples/storage_v1_csm_powerstore.yaml index 2a6c03df6..dd6e815a5 100644 --- a/config/samples/storage_v1_csm_powerstore.yaml +++ b/config/samples/storage_v1_csm_powerstore.yaml @@ -184,10 +184,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-powerstore" @@ -202,7 +202,7 @@ spec: - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - "--driverPath=csi-powerstore.dellemc.com" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/deploy/operator.yaml b/deploy/operator.yaml index d89af7241..20996dff9 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1355,7 +1355,7 @@ spec: - name: RELATED_IMAGE_metrics-powerflex value: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.11.0 - name: RELATED_IMAGE_podmon-node - value: quay.io/dell/container-storage-modules/podmon:v1.11.0 + value: quay.io/dell/container-storage-modules/podmon:v1.12.0 - name: RELATED_IMAGE_kube-rbac-proxy value: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9:v4.16.0-202409051837.p0.g8ea2c99.assembly.stream.el9 - name: RELATED_IMAGE_attacher diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml index 10a2e7e48..828d9e474 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: Always args: - "--labelvalue=csi-vxflexos" diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml index 5d105e965..99c42f85c 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: Always securityContext: privileged: true diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml index 466d6946d..4c95197b7 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: Always args: - "--labelvalue=csi-powermax" diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml index 24f9b1574..f7f9e25be 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml @@ -19,7 +19,7 @@ securityContext: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true -image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: Always args: - "--labelvalue=csi-powermax" diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml index a35c98d2d..83b59bf39 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: Always args: - "--labelvalue=csi-isilon" diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml index 52e785af4..a64ab7545 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: Always securityContext: privileged: true diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml index b471f4930..d44913469 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: Always args: - "--labelvalue=csi-powerstore" diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml index 790b82aca..62c36d35e 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml @@ -19,7 +19,7 @@ securityContext: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true -image: quay.io/dell/container-storage-modules/podmon:v1.11.0 +image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: Always args: - "--labelvalue=csi-powerstore" diff --git a/pkg/modules/testdata/cr_powerflex_resiliency.yaml b/pkg/modules/testdata/cr_powerflex_resiliency.yaml index a91eba1dc..edb250331 100644 --- a/pkg/modules/testdata/cr_powerflex_resiliency.yaml +++ b/pkg/modules/testdata/cr_powerflex_resiliency.yaml @@ -24,10 +24,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-vxflexos" @@ -41,7 +41,7 @@ spec: - "--mode=controller" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/pkg/modules/testdata/cr_powermax_resiliency.yaml b/pkg/modules/testdata/cr_powermax_resiliency.yaml index d9c3703a2..4817a05b9 100644 --- a/pkg/modules/testdata/cr_powermax_resiliency.yaml +++ b/pkg/modules/testdata/cr_powermax_resiliency.yaml @@ -18,7 +18,7 @@ spec: enabled: true components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-powermax" @@ -32,7 +32,7 @@ spec: - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" - "--driverPath=csi-powermax.dellemc.com" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/pkg/modules/testdata/cr_powerscale_resiliency.yaml b/pkg/modules/testdata/cr_powerscale_resiliency.yaml index a6e03100d..195ab2281 100644 --- a/pkg/modules/testdata/cr_powerscale_resiliency.yaml +++ b/pkg/modules/testdata/cr_powerscale_resiliency.yaml @@ -20,10 +20,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-isilon" @@ -38,7 +38,7 @@ spec: - "--driverPath=csi-isilon.dellemc.com" - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/samples/storage_csm_powerflex_v2130.yaml b/samples/storage_csm_powerflex_v2130.yaml index 53aa0ce28..cf5eca029 100644 --- a/samples/storage_csm_powerflex_v2130.yaml +++ b/samples/storage_csm_powerflex_v2130.yaml @@ -390,10 +390,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-vxflexos" @@ -407,7 +407,7 @@ spec: - "--mode=controller" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/samples/storage_csm_powermax_v2130.yaml b/samples/storage_csm_powermax_v2130.yaml index 473a634e5..98c1c736b 100644 --- a/samples/storage_csm_powermax_v2130.yaml +++ b/samples/storage_csm_powermax_v2130.yaml @@ -428,10 +428,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-powermax" @@ -446,7 +446,7 @@ spec: - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" - "--driverPath=csi-powermax.dellemc.com" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/samples/storage_csm_powerscale_v2130.yaml b/samples/storage_csm_powerscale_v2130.yaml index 507414114..1eb001287 100644 --- a/samples/storage_csm_powerscale_v2130.yaml +++ b/samples/storage_csm_powerscale_v2130.yaml @@ -453,10 +453,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-isilon" @@ -471,7 +471,7 @@ spec: - "--driverPath=csi-isilon.dellemc.com" - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/samples/storage_csm_powerstore_v2130.yaml b/samples/storage_csm_powerstore_v2130.yaml index d7da05b1c..9f5def2d7 100644 --- a/samples/storage_csm_powerstore_v2130.yaml +++ b/samples/storage_csm_powerstore_v2130.yaml @@ -184,10 +184,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-powerstore" @@ -202,7 +202,7 @@ spec: - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - "--driverPath=csi-powerstore.dellemc.com" - name: podmon-node - image: quay.io/dell/container-storage-modules/podmon:v1.11.0 + image: quay.io/dell/container-storage-modules/podmon:v1.12.0 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/tests/e2e/testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/storage_csm_powerflex.yaml index 00d912ec2..f32fd3f65 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex.yaml @@ -353,7 +353,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml index c4fbe0db5..e4c14341a 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml @@ -179,7 +179,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: true - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/storage_csm_powermax.yaml index 5b2f2a515..ac610eae7 100644 --- a/tests/e2e/testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax.yaml @@ -236,7 +236,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml index aaf2df99c..8c29699be 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml @@ -239,7 +239,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: true - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index 997a9bf40..4f1e3b772 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -427,7 +427,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index 034d73c80..16ac9f2dd 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -420,7 +420,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 67ca3ec85..003c40a87 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -420,7 +420,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml index 7fb268acb..e461f03d8 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml @@ -397,7 +397,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml index 9849a1cd8..e61a26a86 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml @@ -259,7 +259,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: true - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerstore.yaml b/tests/e2e/testfiles/storage_csm_powerstore.yaml index 3475d8123..08f4b25d2 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore.yaml @@ -147,7 +147,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml index 1ddedeeb9..f0ac79a17 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml @@ -147,7 +147,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: true - configVersion: v1.11.0 + configVersion: v1.12.0 components: - name: podmon-controller image: quay.io/dell/container-storage-modules/podmon:nightly From 5e2f1e1ad4f14f64530a1b4e83e306748dd2c4a5 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 06:26:51 -0500 Subject: [PATCH 14/31] updated authorizaion sidecar --- ...ll-csm-operator.clusterserviceversion.yaml | 28 +++++++++---------- .../driverconfig/common/default.yaml | 2 +- .../powerscale/v2.13.0/controller.yaml | 2 +- .../testdata/cr_powerflex_observability.yaml | 2 +- .../testdata/cr_powermax_resiliency.yaml | 2 +- .../testdata/cr_powermax_reverseproxy.yaml | 4 +-- pkg/modules/testdata/cr_powerscale_auth.yaml | 2 +- ...powerscale_auth_missing_skip_cert_env.yaml | 6 ++-- .../cr_powerscale_auth_validate_cert.yaml | 2 +- .../testdata/cr_powerscale_observability.yaml | 2 +- samples/storage_csm_powerflex_v2130.yaml | 6 ++-- samples/storage_csm_powermax_v2130.yaml | 6 ++-- samples/storage_csm_powerscale_v2130.yaml | 4 +-- samples/storage_csm_powerstore_v2130.yaml | 2 +- samples/storage_csm_unity_v2130.yaml | 2 +- .../csm_application_mobility_n_minus_1.yaml | 2 +- .../csm_application_mobility_n_minus_2.yaml | 4 +-- .../e2e/testfiles/storage_csm_powerflex.yaml | 2 +- .../storage_csm_powerflex_alt_vals_1.yaml | 2 +- .../storage_csm_powerflex_alt_vals_2.yaml | 2 +- .../storage_csm_powerflex_alt_vals_3.yaml | 2 +- .../storage_csm_powerflex_alt_vals_4.yaml | 2 +- .../testfiles/storage_csm_powerflex_auth.yaml | 2 +- .../storage_csm_powerflex_health_monitor.yaml | 4 +-- .../storage_csm_powerflex_no_sdc.yaml | 2 +- ...rage_csm_powerflex_observability_auth.yaml | 2 +- .../storage_csm_powermax_authorization.yaml | 4 +-- ..._powermax_observability_authorization.yaml | 4 +-- .../e2e/testfiles/storage_csm_powerscale.yaml | 2 +- .../storage_csm_powerscale_alt_vals_1.yaml | 2 +- .../storage_csm_powerscale_alt_vals_2.yaml | 2 +- .../storage_csm_powerscale_alt_vals_3.yaml | 2 +- .../storage_csm_powerscale_auth.yaml | 2 +- ...storage_csm_powerscale_health_monitor.yaml | 2 +- .../storage_csm_powerscale_observability.yaml | 2 +- ...age_csm_powerscale_observability_auth.yaml | 2 +- ...erscale_observability_top_custom_cert.yaml | 2 +- ...age_csm_powerscale_observability_val1.yaml | 2 +- ...age_csm_powerscale_observability_val2.yaml | 6 ++-- .../storage_csm_powerscale_replica.yaml | 2 +- 40 files changed, 67 insertions(+), 67 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 75f542d87..18ea0c816 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -230,7 +230,7 @@ metadata: "name": "snapshotter" }, { - "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0", + "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0", "name": "csi-metadata-retriever" }, { @@ -261,7 +261,7 @@ metadata: "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.12.0", + "configVersion": "v1.13.0", "enabled": false, "name": "authorization" }, @@ -446,7 +446,7 @@ metadata: "name": "podmon-node" } ], - "configVersion": "v1.11.0", + "configVersion": "v1.12.0", "enabled": false, "name": "resiliency" } @@ -600,7 +600,7 @@ metadata: "name": "snapshotter" }, { - "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0", + "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0", "name": "csi-metadata-retriever" }, { @@ -661,7 +661,7 @@ metadata: "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.12.0", + "configVersion": "v1.13.0", "enabled": false, "name": "authorization" }, @@ -834,7 +834,7 @@ metadata: "name": "podmon-node" } ], - "configVersion": "v1.11.0", + "configVersion": "v1.12.0", "enabled": false, "name": "resiliency" } @@ -944,7 +944,7 @@ metadata: "name": "snapshotter" }, { - "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0", + "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0", "name": "csi-metadata-retriever" }, { @@ -1000,7 +1000,7 @@ metadata: "name": "podmon-node" } ], - "configVersion": "v1.11.0", + "configVersion": "v1.12.0", "enabled": false, "name": "resiliency" } @@ -1121,7 +1121,7 @@ metadata: "name": "snapshotter" }, { - "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0", + "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0", "name": "csi-metadata-retriever" }, { @@ -1267,7 +1267,7 @@ metadata: "name": "snapshotter" }, { - "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0", + "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0", "name": "csi-metadata-retriever" }, { @@ -1313,7 +1313,7 @@ metadata: "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.12.0", + "configVersion": "v1.13.0", "enabled": false, "name": "authorization" }, @@ -1488,7 +1488,7 @@ metadata: "name": "podmon-node" } ], - "configVersion": "v1.11.0", + "configVersion": "v1.12.0", "enabled": false, "name": "resiliency" } @@ -4412,7 +4412,7 @@ spec: - name: RELATED_IMAGE_externalhealthmonitorcontroller value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 - name: RELATED_IMAGE_metadataretriever - value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.8.0 imagePullPolicy: Always livenessProbe: @@ -4532,7 +4532,7 @@ spec: name: resizer - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 name: externalhealthmonitorcontroller - - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 name: metadataretriever skips: - dell-csm-operator.v1.8.0 diff --git a/operatorconfig/driverconfig/common/default.yaml b/operatorconfig/driverconfig/common/default.yaml index 8a57e0b94..0587bf710 100644 --- a/operatorconfig/driverconfig/common/default.yaml +++ b/operatorconfig/driverconfig/common/default.yaml @@ -20,4 +20,4 @@ images: # "images.sdcmonitor" defines the container images used to monitor sdc container sdcmonitor: docker.io/dellemc/sdc:4.5.2.1 # "images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + metadataretriever: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 diff --git a/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml index f96c66736..1f674abbe 100644 --- a/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml @@ -238,7 +238,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 imagePullPolicy: Always args: - "--csi-address=$(ADDRESS)" diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index 05342e9b9..29162047e 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -233,7 +233,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powermax_resiliency.yaml b/pkg/modules/testdata/cr_powermax_resiliency.yaml index 4817a05b9..2cb56d30b 100644 --- a/pkg/modules/testdata/cr_powermax_resiliency.yaml +++ b/pkg/modules/testdata/cr_powermax_resiliency.yaml @@ -14,7 +14,7 @@ spec: imagePullPolicy: IfNotPresent modules: - name: resiliency - configVersion: "v1.11.0" + configVersion: "v1.12.0" enabled: true components: - name: podmon-controller diff --git a/pkg/modules/testdata/cr_powermax_reverseproxy.yaml b/pkg/modules/testdata/cr_powermax_reverseproxy.yaml index 8966b3599..7cd7861ce 100644 --- a/pkg/modules/testdata/cr_powermax_reverseproxy.yaml +++ b/pkg/modules/testdata/cr_powermax_reverseproxy.yaml @@ -29,7 +29,7 @@ spec: - name: "csireverseproxy" # enabled: Always set to true enabled: true - configVersion: v2.11.0 + configVersion: v2.12.0 components: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy @@ -53,7 +53,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth.yaml b/pkg/modules/testdata/cr_powerscale_auth.yaml index 734d2101c..1c981a797 100644 --- a/pkg/modules/testdata/cr_powerscale_auth.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth.yaml @@ -18,7 +18,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml b/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml index 32cada074..cfed4e998 100644 --- a/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.12.0 + configVersion: v2.13.0 authSecret: isilon-creds-custom replicas: 1 common: - image: "quay.io/dell/container-storage-modules/csi-isilon:v2.12.0" + image: "quay.io/dell/container-storage-modules/csi-isilon:v2.13.0" imagePullPolicy: IfNotPresent modules: - name: authorization @@ -18,7 +18,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml b/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml index 162ee9a91..87bf01c5d 100644 --- a/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml @@ -18,7 +18,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_observability.yaml b/pkg/modules/testdata/cr_powerscale_observability.yaml index a608f62b1..cfcfbe4aa 100644 --- a/pkg/modules/testdata/cr_powerscale_observability.yaml +++ b/pkg/modules/testdata/cr_powerscale_observability.yaml @@ -114,7 +114,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/samples/storage_csm_powerflex_v2130.yaml b/samples/storage_csm_powerflex_v2130.yaml index cf5eca029..3fa5a579d 100644 --- a/samples/storage_csm_powerflex_v2130.yaml +++ b/samples/storage_csm_powerflex_v2130.yaml @@ -62,7 +62,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false @@ -207,11 +207,11 @@ spec: enabled: false # For PowerFlex Tech-Preview v2.0.0-alpha use v1.11.0 as configVersion. # Do not change the configVersion to v2.0.0-alpha - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 for Authorization v2.0.0 - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/samples/storage_csm_powermax_v2130.yaml b/samples/storage_csm_powermax_v2130.yaml index 98c1c736b..1c84cd252 100644 --- a/samples/storage_csm_powermax_v2130.yaml +++ b/samples/storage_csm_powermax_v2130.yaml @@ -212,7 +212,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false @@ -252,10 +252,10 @@ spec: - name: authorization # enabled: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/samples/storage_csm_powerscale_v2130.yaml b/samples/storage_csm_powerscale_v2130.yaml index 1eb001287..1a0096821 100644 --- a/samples/storage_csm_powerscale_v2130.yaml +++ b/samples/storage_csm_powerscale_v2130.yaml @@ -259,10 +259,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/samples/storage_csm_powerstore_v2130.yaml b/samples/storage_csm_powerstore_v2130.yaml index 9f5def2d7..dd6e815a5 100644 --- a/samples/storage_csm_powerstore_v2130.yaml +++ b/samples/storage_csm_powerstore_v2130.yaml @@ -71,7 +71,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false diff --git a/samples/storage_csm_unity_v2130.yaml b/samples/storage_csm_unity_v2130.yaml index cce151c13..7da8659b0 100644 --- a/samples/storage_csm_unity_v2130.yaml +++ b/samples/storage_csm_unity_v2130.yaml @@ -96,7 +96,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml index 39c18a1ee..610867a20 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml @@ -158,7 +158,7 @@ spec: - name: application-mobility # enable: Enable/Disable app-mobility controller enabled: true - configVersion: v1.1.0 + configVersion: v1.2.0 forceRemoveModule: true components: - name: application-mobility-controller-manager diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_2.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_2.yaml index f9f12701c..1c86a4e37 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_2.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_2.yaml @@ -158,13 +158,13 @@ spec: - name: application-mobility # enable: Enable/Disable app-mobility controller enabled: true - configVersion: v1.0.3 + configVersion: v1.1.0 forceRemoveModule: true components: - name: application-mobility-controller-manager # enable: Enable/Disable application mobility controller-manager enabled: true - image: dellemc/csm-application-mobility-controller:v1.0.3 + image: quay.io/dell/container-storage-modules/csm-application-mobility-controller:v1.1.0 imagePullPolicy: IfNotPresent envs: # Replica count for application mobility diff --git a/tests/e2e/testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/storage_csm_powerflex.yaml index f32fd3f65..cc162ece4 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex.yaml @@ -170,7 +170,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml index 780fbd70a..b84c89d70 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml @@ -159,7 +159,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml index 9099c7ac4..10a41a967 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml @@ -158,7 +158,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml index 0e0160148..30dc98b5f 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml @@ -158,7 +158,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml index 8537c00a3..2884ae57d 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml @@ -159,7 +159,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml index 9db5a5a9b..7a157af71 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml @@ -132,7 +132,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml index 1e01ddacb..e8ee47578 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml @@ -156,10 +156,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.11.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml index 9731335ed..848e380b7 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml @@ -161,7 +161,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml index f3acef7c3..3de9f6365 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml @@ -132,7 +132,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml index f7a363f12..39a061cce 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml @@ -244,10 +244,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.11.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml index 2532f3124..7a3add385 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml @@ -244,10 +244,10 @@ spec: - name: authorization # enabled: Enable/Disable csm-authorization enabled: true - configVersion: v1.11.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index 4f1e3b772..e78038282 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -232,7 +232,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml index f9c1374b4..214998e75 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml @@ -248,7 +248,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml index 853cc85a5..d3931cf27 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml @@ -232,7 +232,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml index 832ecc17b..06575c51a 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml @@ -232,7 +232,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml index 92c9d5d4a..b0ab0b168 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml @@ -224,7 +224,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml index 56bb2e996..4b6283df4 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index 16ac9f2dd..dc30ef747 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml index 8bb8d4c07..80506a95f 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml @@ -220,7 +220,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 003c40a87..26e8246cb 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml index c973a988f..eab8ceab5 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml index 03ab944ab..3e05001e8 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.11.0 + configVersion: v2.13.0 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -222,10 +222,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.11.0 + configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml index e461f03d8..b0e784f74 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" From 000e5008f01cb24a778984d68ecab2fe7c3feebf Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 06:43:19 -0500 Subject: [PATCH 15/31] removed n-3 versions --- .../driverconfig/common/k8s-1.32-values.yaml | 23 + .../authorization/v1.10.1/cert-manager.yaml | 1100 ----------------- .../authorization/v1.10.1/container.yaml | 27 - .../authorization/v1.10.1/custom-cert.yaml | 11 - .../authorization/v1.10.1/deployment.yaml | 458 ------- .../v1.10.1/local-provisioner.yaml | 21 - .../v1.10.1/nginx-ingress-controller.yaml | 663 ---------- .../authorization/v1.10.1/policies.yaml | 265 ---- .../authorization/v1.10.1/upgrade-path.yaml | 1 - .../authorization/v1.10.1/volumes.yaml | 6 - .../csireverseproxy/v2.9.1/container.yaml | 21 - .../csireverseproxy/v2.9.1/controller.yaml | 105 -- .../csireverseproxy/v2.9.1/service.yaml | 13 - .../observability/v1.8.1/custom-cert.yaml | 48 - .../v1.8.1/karavi-metrics-powerflex.yaml | 144 --- .../v1.8.1/karavi-metrics-powermax.yaml | 151 --- .../v1.8.1/karavi-metrics-powerscale.yaml | 145 --- .../v1.8.1/karavi-otel-collector.yaml | 148 --- .../observability/v1.8.1/karavi-topology.yaml | 112 -- .../observability/v1.8.1/selfsigned-cert.yaml | 35 - .../replication/v1.8.1/container.yaml | 24 - .../replication/v1.8.1/controller.yaml | 293 ----- .../dell-replication-controller-config.yaml | 10 - .../v1.8.1/replicationcrds.all.yaml | 240 ---- .../replication/v1.8.1/rules.yaml | 9 - .../container-powerflex-controller.yaml | 36 - .../v1.9.1/container-powerflex-node.yaml | 58 - .../container-powerscale-controller.yaml | 36 - .../v1.9.1/container-powerscale-node.yaml | 61 - .../container-powerstore-controller.yaml | 36 - .../v1.9.1/container-powerstore-node.yaml | 61 - .../resiliency/v1.9.1/controller-roles.yaml | 24 - .../resiliency/v1.9.1/node-roles.yaml | 21 - 33 files changed, 23 insertions(+), 4383 deletions(-) create mode 100644 operatorconfig/driverconfig/common/k8s-1.32-values.yaml delete mode 100644 operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml delete mode 100644 operatorconfig/moduleconfig/authorization/v1.10.1/container.yaml delete mode 100644 operatorconfig/moduleconfig/authorization/v1.10.1/custom-cert.yaml delete mode 100644 operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml delete mode 100644 operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml delete mode 100644 operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml delete mode 100644 operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml delete mode 100644 operatorconfig/moduleconfig/authorization/v1.10.1/upgrade-path.yaml delete mode 100644 operatorconfig/moduleconfig/authorization/v1.10.1/volumes.yaml delete mode 100644 operatorconfig/moduleconfig/csireverseproxy/v2.9.1/container.yaml delete mode 100644 operatorconfig/moduleconfig/csireverseproxy/v2.9.1/controller.yaml delete mode 100644 operatorconfig/moduleconfig/csireverseproxy/v2.9.1/service.yaml delete mode 100644 operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml delete mode 100644 operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml delete mode 100644 operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml delete mode 100644 operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml delete mode 100644 operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml delete mode 100644 operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml delete mode 100644 operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml delete mode 100644 operatorconfig/moduleconfig/replication/v1.8.1/container.yaml delete mode 100644 operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml delete mode 100644 operatorconfig/moduleconfig/replication/v1.8.1/dell-replication-controller-config.yaml delete mode 100644 operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml delete mode 100644 operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml delete mode 100644 operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml delete mode 100644 operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml delete mode 100644 operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml delete mode 100644 operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml delete mode 100644 operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml delete mode 100644 operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml delete mode 100644 operatorconfig/moduleconfig/resiliency/v1.9.1/controller-roles.yaml delete mode 100644 operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml diff --git a/operatorconfig/driverconfig/common/k8s-1.32-values.yaml b/operatorconfig/driverconfig/common/k8s-1.32-values.yaml new file mode 100644 index 000000000..f91dea24d --- /dev/null +++ b/operatorconfig/driverconfig/common/k8s-1.32-values.yaml @@ -0,0 +1,23 @@ +# IT IS RECOMMENDED YOU DO NOT CHANGE THE IMAGES TO BE DOWNLOADED. +images: + # "images.attacher" defines the container images used for the csi attacher + # container. + attacher: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 + # "images.provisioner" defines the container images used for the csi provisioner + # container. + provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 + # "images.snapshotter" defines the container image used for the csi snapshotter + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + # "images.registrar" defines the container images used for the csi registrar + # container. + registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 + # "images.resizer" defines the container images used for the csi resizer + # container. + resizer: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 + # "images.externalhealthmonitorcontroller" defines the container images used for the csi external health monitor controller + # container. + externalhealthmonitorcontroller: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 + # "images.sdcmonitor" defines the container images used to monitor sdc container + sdcmonitor: dellemc/sdc:4.5.2.1 + # "images.metadataretriever" defines the container images used for csi metadata retriever + metadataretriever: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml deleted file mode 100644 index a1e2ed289..000000000 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml +++ /dev/null @@ -1,1100 +0,0 @@ -# Copyright 2021 The cert-manager Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Source: cert-manager/templates/cainjector-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: -cert-manager-cainjector - namespace: "" - labels: - app: cainjector - app.kubernetes.io/name: cainjector - app.kubernetes.io/instance: - app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.6.1" ---- -# Source: cert-manager/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: -cert-manager - namespace: "" - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" ---- -# Source: cert-manager/templates/webhook-serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: -cert-manager-webhook - namespace: "" - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.6.1" ---- -# Source: cert-manager/templates/cainjector-rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-cainjector - labels: - app: cainjector - app.kubernetes.io/name: cainjector - app.kubernetes.io/instance: - app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.6.1" -rules: - - apiGroups: ["cert-manager.io"] - resources: ["certificates"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "create", "update", "patch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["apiregistration.k8s.io"] - resources: ["apiservices"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["auditregistration.k8s.io"] - resources: ["auditsinks"] - verbs: ["get", "list", "watch", "update"] ---- -# Source: cert-manager/templates/rbac.yaml -# Issuer controller role -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-controller-issuers - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -rules: - - apiGroups: ["cert-manager.io"] - resources: ["issuers", "issuers/status"] - verbs: ["update"] - - apiGroups: ["cert-manager.io"] - resources: ["issuers"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "create", "update", "delete"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] ---- -# Source: cert-manager/templates/rbac.yaml -# ClusterIssuer controller role -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-controller-clusterissuers - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -rules: - - apiGroups: ["cert-manager.io"] - resources: ["clusterissuers", "clusterissuers/status"] - verbs: ["update"] - - apiGroups: ["cert-manager.io"] - resources: ["clusterissuers"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "create", "update", "delete"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] ---- -# Source: cert-manager/templates/rbac.yaml -# Certificates controller role -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-controller-certificates - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -rules: - - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] - verbs: ["update"] - - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] - verbs: ["get", "list", "watch"] - # We require these rules to support users with the OwnerReferencesPermissionEnforcement - # admission controller enabled: - # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement - - apiGroups: ["cert-manager.io"] - resources: ["certificates/finalizers", "certificaterequests/finalizers"] - verbs: ["update"] - - apiGroups: ["acme.cert-manager.io"] - resources: ["orders"] - verbs: ["create", "delete", "get", "list", "watch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "create", "update", "delete"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] ---- -# Source: cert-manager/templates/rbac.yaml -# Orders controller role -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-controller-orders - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -rules: - - apiGroups: ["acme.cert-manager.io"] - resources: ["orders", "orders/status"] - verbs: ["update"] - - apiGroups: ["acme.cert-manager.io"] - resources: ["orders", "challenges"] - verbs: ["get", "list", "watch"] - - apiGroups: ["cert-manager.io"] - resources: ["clusterissuers", "issuers"] - verbs: ["get", "list", "watch"] - - apiGroups: ["acme.cert-manager.io"] - resources: ["challenges"] - verbs: ["create", "delete"] - # We require these rules to support users with the OwnerReferencesPermissionEnforcement - # admission controller enabled: - # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement - - apiGroups: ["acme.cert-manager.io"] - resources: ["orders/finalizers"] - verbs: ["update"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] ---- -# Source: cert-manager/templates/rbac.yaml -# Challenges controller role -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-controller-challenges - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -rules: - # Use to update challenge resource status - - apiGroups: ["acme.cert-manager.io"] - resources: ["challenges", "challenges/status"] - verbs: ["update"] - # Used to watch challenge resources - - apiGroups: ["acme.cert-manager.io"] - resources: ["challenges"] - verbs: ["get", "list", "watch"] - # Used to watch challenges, issuer and clusterissuer resources - - apiGroups: ["cert-manager.io"] - resources: ["issuers", "clusterissuers"] - verbs: ["get", "list", "watch"] - # Need to be able to retrieve ACME account private key to complete challenges - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - # Used to create events - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - # HTTP01 rules - - apiGroups: [""] - resources: ["pods", "services"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["networking.x-k8s.io"] - resources: ["httproutes"] - verbs: ["get", "list", "watch", "create", "delete", "update"] - # We require the ability to specify a custom hostname when we are creating - # new ingress resources. - # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148 - - apiGroups: ["route.openshift.io"] - resources: ["routes/custom-host"] - verbs: ["create"] - # We require these rules to support users with the OwnerReferencesPermissionEnforcement - # admission controller enabled: - # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement - - apiGroups: ["acme.cert-manager.io"] - resources: ["challenges/finalizers"] - verbs: ["update"] - # DNS01 rules (duplicated above) - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] ---- -# Source: cert-manager/templates/rbac.yaml -# ingress-shim controller role -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-controller-ingress-shim - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -rules: - - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests"] - verbs: ["create", "update", "delete"] - - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - # We require these rules to support users with the OwnerReferencesPermissionEnforcement - # admission controller enabled: - # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses/finalizers"] - verbs: ["update"] - - apiGroups: ["networking.x-k8s.io"] - resources: ["gateways", "httproutes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.x-k8s.io"] - resources: ["gateways/finalizers", "httproutes/finalizers"] - verbs: ["update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] ---- -# Source: cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-view - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" - rbac.authorization.k8s.io/aggregate-to-view: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: - - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers"] - verbs: ["get", "list", "watch"] - - apiGroups: ["acme.cert-manager.io"] - resources: ["challenges", "orders"] - verbs: ["get", "list", "watch"] ---- -# Source: cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-edit - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: - - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers"] - verbs: ["create", "delete", "deletecollection", "patch", "update"] - - apiGroups: ["acme.cert-manager.io"] - resources: ["challenges", "orders"] - verbs: ["create", "delete", "deletecollection", "patch", "update"] ---- -# Source: cert-manager/templates/rbac.yaml -# Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-controller-approve:cert-manager-io - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.6.1" -rules: - - apiGroups: ["cert-manager.io"] - resources: ["signers"] - verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] ---- -# Source: cert-manager/templates/rbac.yaml -# Permission to: -# - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers -# - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-controller-certificatesigningrequests - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.6.1" -rules: - - apiGroups: ["certificates.k8s.io"] - resources: ["certificatesigningrequests"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["certificates.k8s.io"] - resources: ["certificatesigningrequests/status"] - verbs: ["update"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] - verbs: ["sign"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] ---- -# Source: cert-manager/templates/webhook-rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -cert-manager-webhook:subjectaccessreviews - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.6.1" -rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] ---- -# Source: cert-manager/templates/cainjector-rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -cert-manager-cainjector - labels: - app: cainjector - app.kubernetes.io/name: cainjector - app.kubernetes.io/instance: - app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -cert-manager-cainjector -subjects: - - name: -cert-manager-cainjector - namespace: "" - kind: ServiceAccount ---- -# Source: cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -cert-manager-controller-issuers - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -cert-manager-controller-issuers -subjects: - - name: -cert-manager - namespace: "" - kind: ServiceAccount ---- -# Source: cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -cert-manager-controller-clusterissuers - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -cert-manager-controller-clusterissuers -subjects: - - name: -cert-manager - namespace: "" - kind: ServiceAccount ---- -# Source: -cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -cert-manager-controller-certificates - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -cert-manager-controller-certificates -subjects: - - name: -cert-manager - namespace: "" - kind: ServiceAccount ---- -# Source: cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -cert-manager-controller-orders - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -cert-manager-controller-orders -subjects: - - name: -cert-manager - namespace: "" - kind: ServiceAccount ---- -# Source: cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -cert-manager-controller-challenges - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -cert-manager-controller-challenges -subjects: - - name: -cert-manager - namespace: "" - kind: ServiceAccount ---- -# Source: cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -cert-manager-controller-ingress-shim - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -cert-manager-controller-ingress-shim -subjects: - - name: -cert-manager - namespace: "" - kind: ServiceAccount ---- -# Source: cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -cert-manager-controller-approve:cert-manager-io - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -cert-manager-controller-approve:cert-manager-io -subjects: - - name: -cert-manager - namespace: "" - kind: ServiceAccount ---- -# Source: cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -cert-manager-controller-certificatesigningrequests - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -cert-manager-controller-certificatesigningrequests -subjects: - - name: -cert-manager - namespace: "" - kind: ServiceAccount ---- -# Source: cert-manager/templates/webhook-rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: -cert-manager-webhook:subjectaccessreviews - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -cert-manager-webhook:subjectaccessreviews -subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: ---- -# Source: cert-manager/templates/cainjector-rbac.yaml -# leader election rules -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: -cert-manager-cainjector:leaderelection - namespace: kube-system - labels: - app: cainjector - app.kubernetes.io/name: cainjector - app.kubernetes.io/instance: - app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.6.1" -rules: - # Used for leader election by the controller - # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller - # see cmd/cainjector/start.go#L113 - # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller - # see cmd/cainjector/start.go#L137 - # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] - verbs: ["get", "update", "patch"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] - verbs: ["get", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["create"] ---- -# Source: cert-manager/templates/rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: -cert-manager:leaderelection - namespace: kube-system - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -rules: - # Used for leader election by the controller - # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cert-manager-controller"] - verbs: ["get", "update", "patch"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - resourceNames: ["cert-manager-controller"] - verbs: ["get", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["create"] ---- -# Source: cert-manager/templates/webhook-rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: -cert-manager-webhook:dynamic-serving - namespace: - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.6.1" -rules: - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] - # It's not possible to grant CREATE permission on a single resourceName. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] ---- -# Source: cert-manager/templates/cainjector-rbac.yaml -# grant cert-manager permission to manage the leaderelection configmap in the -# leader election namespace -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: -cert-manager-cainjector:leaderelection - namespace: kube-system - labels: - app: cainjector - app.kubernetes.io/name: cainjector - app.kubernetes.io/instance: - app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: -cert-manager-cainjector:leaderelection -subjects: - - kind: ServiceAccount - name: -cert-manager-cainjector - namespace: ---- -# Source: cert-manager/templates/rbac.yaml -# grant cert-manager permission to manage the leaderelection configmap in the -# leader election namespace -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: -cert-manager:leaderelection - namespace: kube-system - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: -cert-manager:leaderelection -subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager - namespace: ---- -# Source: cert-manager/templates/webhook-rbac.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: -cert-manager-webhook:dynamic-serving - namespace: "" - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.6.1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: -cert-manager-webhook:dynamic-serving -subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: ---- -# Source: cert-manager/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: -cert-manager - namespace: "" - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -spec: - type: ClusterIP - ports: - - protocol: TCP - port: 9402 - name: tcp-prometheus-servicemonitor - targetPort: 9402 - selector: - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" ---- -# Source: cert-manager/templates/webhook-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: -cert-manager-webhook - namespace: "" - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.6.1" -spec: - type: ClusterIP - ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 - selector: - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" ---- -# Source: cert-manager/templates/cainjector-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: -cert-manager-cainjector - namespace: "" - labels: - app: cainjector - app.kubernetes.io/name: cainjector - app.kubernetes.io/instance: - app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.6.1" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: cainjector - app.kubernetes.io/instance: - app.kubernetes.io/component: "cainjector" - template: - metadata: - labels: - app: cainjector - app.kubernetes.io/name: cainjector - app.kubernetes.io/instance: - app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.6.1" - spec: - serviceAccountName: -cert-manager-cainjector - securityContext: - runAsNonRoot: true - containers: - - name: cert-manager - image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" - imagePullPolicy: IfNotPresent - args: - - --v=2 - - --leader-election-namespace=kube-system - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} ---- -# Source: cert-manager/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: -cert-manager - namespace: "" - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - template: - metadata: - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.6.1" - annotations: - prometheus.io/path: "/metrics" - prometheus.io/scrape: 'true' - prometheus.io/port: '9402' - spec: - serviceAccountName: -cert-manager - securityContext: - runAsNonRoot: true - containers: - - name: cert-manager - image: "quay.io/jetstack/cert-manager-controller:v1.6.1" - imagePullPolicy: IfNotPresent - args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - ports: - - containerPort: 9402 - protocol: TCP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} ---- -# Source: cert-manager/templates/webhook-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: -cert-manager-webhook - namespace: "" - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.6.1" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - template: - metadata: - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.6.1" - spec: - serviceAccountName: -cert-manager-webhook - securityContext: - runAsNonRoot: true - containers: - - name: cert-manager - image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" - imagePullPolicy: IfNotPresent - args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc - ports: - - name: https - protocol: TCP - containerPort: 10250 - livenessProbe: - httpGet: - path: /livez - port: 6080 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /healthz - port: 6080 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} ---- -# Source: cert-manager/templates/webhook-mutating-webhook.yaml -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: -cert-manager-webhook - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.6.1" - annotations: - cert-manager.io/inject-ca-from-secret: "/cert-manager-webhook-ca" -webhooks: - - name: webhook.cert-manager.io - rules: - - apiGroups: - - "cert-manager.io" - - "acme.cert-manager.io" - apiVersions: - - "v1" - operations: - - CREATE - - UPDATE - resources: - - "*/*" - # We don't actually support `v1beta1` but is listed here as it is a - # required value for - # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025). - # The API server reads the supported versions in order, so _should always_ - # attempt a `v1` request which is understood by the cert-manager webhook. - # Any `v1beta1` request will return an error and fail closed for that - # resource (the whole object request is rejected). When we no longer - # support v1.16 we can remove `v1beta1` from this list. - admissionReviewVersions: ["v1", "v1beta1"] - # This webhook only accepts v1 cert-manager resources. - # Equivalent matchPolicy ensures that non-v1 resource requests are sent to - # this webhook (after the resources have been converted to v1). - matchPolicy: Equivalent - timeoutSeconds: 10 - failurePolicy: Fail - # Only include 'sideEffects' field in Kubernetes 1.12+ - sideEffects: None - clientConfig: - service: - name: -cert-manager-webhook - namespace: "" - path: /mutate ---- -# Source: cert-manager/templates/webhook-validating-webhook.yaml -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: -cert-manager-webhook - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.6.1" - annotations: - cert-manager.io/inject-ca-from-secret: "/cert-manager-webhook-ca" -webhooks: - - name: webhook.cert-manager.io - namespaceSelector: - matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager - rules: - - apiGroups: - - "cert-manager.io" - - "acme.cert-manager.io" - apiVersions: - - "v1" - operations: - - CREATE - - UPDATE - resources: - - "*/*" - # We don't actually support `v1beta1` but is listed here as it is a - # required value for - # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025). - # The API server reads the supported versions in order, so _should always_ - # attempt a `v1` request which is understood by the cert-manager webhook. - # Any `v1beta1` request will return an error and fail closed for that - # resource (the whole object request is rejected). When we no longer - # support v1.16 we can remove `v1beta1` from this list. - admissionReviewVersions: ["v1", "v1beta1"] - # This webhook only accepts v1 cert-manager resources. - # Equivalent matchPolicy ensures that non-v1 resource requests are sent to - # this webhook (after the resources have been converted to v1). - matchPolicy: Equivalent - timeoutSeconds: 10 - failurePolicy: Fail - sideEffects: None - clientConfig: - service: - name: -cert-manager-webhook - namespace: "" - path: /validate diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/container.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/container.yaml deleted file mode 100644 index 3db560e5c..000000000 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/container.yaml +++ /dev/null @@ -1,27 +0,0 @@ -name: karavi-authorization-proxy -imagePullPolicy: IfNotPresent -image: dellemc/csm-authorization-sidecar:v1.10.1 -env: - - name: PROXY_HOST - value: "" - - name: INSECURE - value: "true" - - name: PLUGIN_IDENTIFIER - value: - - name: ACCESS_TOKEN - valueFrom: - secretKeyRef: - name: proxy-authz-tokens - key: access - - name: REFRESH_TOKEN - valueFrom: - secretKeyRef: - name: proxy-authz-tokens - key: refresh -volumeMounts: - - name: karavi-authorization-config - mountPath: /etc/karavi-authorization/config - - name: proxy-server-root-certificate - mountPath: /etc/karavi-authorization/root-certificates - - name: - mountPath: /etc/karavi-authorization diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/custom-cert.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/custom-cert.yaml deleted file mode 100644 index e3a89dd86..000000000 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/custom-cert.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -data: - # replace with actual base64-encoded certificate - tls.crt: - # replace with actual base64-encoded private key - tls.key: -kind: Secret -type: kubernetes.io/tls -metadata: - name: user-provided-tls - namespace: diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml deleted file mode 100644 index 6592680d4..000000000 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml +++ /dev/null @@ -1,458 +0,0 @@ -# Proxy service -apiVersion: apps/v1 -kind: Deployment -metadata: - name: proxy-server - namespace: - labels: - app: proxy-server -spec: - replicas: 1 - selector: - matchLabels: - app: proxy-server - template: - metadata: - labels: - csm: - app: proxy-server - spec: - containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: storage-volume - mountPath: /etc/karavi-authorization/storage - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: storage-volume - secret: - secretName: karavi-storage-secret - - name: csm-config-params - configMap: - name: csm-config-params ---- -apiVersion: v1 -kind: Service -metadata: - name: proxy-server - namespace: -spec: - selector: - app: proxy-server - ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 ---- -# Tenant Service -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tenant-service - namespace: - labels: - app: tenant-service -spec: - replicas: 1 - selector: - matchLabels: - app: tenant-service - template: - metadata: - labels: - csm: - app: tenant-service - spec: - containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: csm-config-params - configMap: - name: csm-config-params ---- -apiVersion: v1 -kind: Service -metadata: - name: tenant-service - namespace: -spec: - selector: - app: tenant-service - ports: - - port: 50051 - targetPort: 50051 - name: grpc ---- -# Role Service -apiVersion: v1 -kind: ServiceAccount -metadata: - name: role-service - namespace: ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: role-service -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: role-service -subjects: - - kind: ServiceAccount - name: role-service - namespace: -roleRef: - kind: ClusterRole - name: role-service - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: role-service - namespace: - labels: - app: role-service -spec: - replicas: 1 - selector: - matchLabels: - app: role-service - template: - metadata: - labels: - csm: - app: role-service - spec: - serviceAccountName: role-service - containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: - - name: csm-config-params - configMap: - name: csm-config-params ---- -apiVersion: v1 -kind: Service -metadata: - name: role-service - namespace: -spec: - selector: - app: role-service - ports: - - port: 50051 - targetPort: 50051 - name: grpc ---- -# Storage service -apiVersion: v1 -kind: ServiceAccount -metadata: - name: storage-service - namespace: ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: storage-service -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "patch", "post"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: storage-service -subjects: - - kind: ServiceAccount - name: storage-service - namespace: -roleRef: - kind: ClusterRole - name: storage-service - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Service -metadata: - name: storage-service - namespace: -spec: - selector: - app: storage-service - ports: - - port: 50051 - targetPort: 50051 - name: grpc ---- -# Redis -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis-primary - namespace: - labels: - app: redis -spec: - selector: - matchLabels: - app: redis - role: primary - tier: backend - replicas: 1 - template: - metadata: - labels: - csm: - app: redis - role: primary - tier: backend - spec: - containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data - volumes: - - name: redis-primary-volume - persistentVolumeClaim: - claimName: redis-primary-pv-claim ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: redis-primary-pv-claim - namespace: - labels: - app: redis-primary -spec: - accessModes: - - ReadWriteOnce - storageClassName: - resources: - requests: - storage: 8Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis-commander - namespace: -spec: - replicas: 1 - selector: - matchLabels: - app: redis-commander - template: - metadata: - labels: - csm: - app: redis-commander - tier: backend - spec: - containers: - - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL ---- -apiVersion: v1 -kind: Service -metadata: - name: redis - namespace: -spec: - selector: - app: redis - ports: - - protocol: TCP - port: 6379 - targetPort: 6379 ---- -apiVersion: v1 -kind: Service -metadata: - name: redis-commander - namespace: -spec: - selector: - app: redis-commander - ports: - - protocol: TCP - port: 8081 - targetPort: 8081 ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: auth-resource-reader -rules: - - apiGroups: [""] - resources: ["secrets", "configmaps", "pods"] - verbs: ["get", "watch", "list", "patch", "create", "update", "delete"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - resourceNames: ["ingress-controller-leader"] - verbs: ["get", "update"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: system:serviceaccounts: -subjects: - - kind: Group - name: system:serviceaccounts: - namespace: -roleRef: - kind: ClusterRole - name: auth-resource-reader - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: view ---- -# Grant OPA/kube-mgmt read-only access to resources. This lets kube-mgmt -# list configmaps to be loaded into OPA as policies. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: opa-viewer -roleRef: - kind: ClusterRole - name: view - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io ---- -# Define role for OPA/kube-mgmt to update configmaps with policy status. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: - name: configmap-modifier -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] ---- -# Grant OPA/kube-mgmt role defined above. -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: - name: opa-configmap-modifier -roleRef: - kind: Role - name: configmap-modifier - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml deleted file mode 100644 index 507372537..000000000 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: csm-authorization-local-storage -provisioner: kubernetes.io/no-provisioner -volumeBindingMode: WaitForFirstConsumer ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: csm-authorization-redis -spec: - capacity: - storage: 8Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Recycle - storageClassName: csm-authorization-local-storage - hostPath: - path: /csm-authorization/redis diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml deleted file mode 100644 index e26676c99..000000000 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml +++ /dev/null @@ -1,663 +0,0 @@ -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx - namespace: ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-admission - namespace: ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx - namespace: -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-admission - namespace: -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx -rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-admission -rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx - namespace: -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: -ingress-nginx -subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-admission - namespace: -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: -ingress-nginx-admission -subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -ingress-nginx -subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: -ingress-nginx-admission -subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: ---- -apiVersion: v1 -data: - allow-snippet-annotations: "true" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-controller - namespace: ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-controller - namespace: -spec: - externalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-controller-admission - namespace: -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-controller - namespace: -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - csm: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - spec: - containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: -ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-admission-create - namespace: -spec: - ttlSecondsAfterFinished: 10 - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: -ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-admission-patch - namespace: -spec: - ttlSecondsAfterFinished: 10 - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: -ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.1.3 - name: -ingress-nginx-admission -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml deleted file mode 100644 index 323503c8e..000000000 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml +++ /dev/null @@ -1,265 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: common - namespace: -data: - common.rego: | - package karavi.common - default roles = {} - roles = {} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: volumes-create - namespace: -data: - volumes-create.rego: | - package karavi.volumes.create - - import data.karavi.common - default allow = false - - allow { - count(permitted_roles) != 0 - count(deny) == 0 - } - - deny[msg] { - common.roles == {} - msg := sprintf("no configured roles", []) - } - - deny[msg] { - count(permitted_roles) == 0 - msg := sprintf("no roles in [%s] allow the %s Kb request on %s/%s/%s", - [input.claims.roles, - input.request.volumeSizeInKb, - input.systemtype, - input.storagesystemid, - input.storagepool]) - } - - permitted_roles[v] = y { - claimed_roles := split(input.claims.roles, ",") - - some i - a := claimed_roles[i] - common.roles[a] - - v := claimed_roles[i] - common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] >= to_number(input.request.volumeSizeInKb) - y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) - } - - permitted_roles[v] = y { - claimed_roles := split(input.claims.roles, ",") - - some i - a := claimed_roles[i] - common.roles[a] - - v := claimed_roles[i] - common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] == 0 - y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) - } ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: volumes-delete - namespace: -data: - volumes-delete.rego: | - package karavi.volumes.delete - - import data.karavi.common - - default response = { - "allowed": true - } - response = { - "allowed": false, - "status": { - "reason": reason, - }, - } { - reason = concat(", ", deny) - reason != "" - } - - deny[msg] { - common.roles == {} - msg := sprintf("no role data found", []) - } - - default claims = {} - claims = input.claims - deny[msg] { - claims == {} - msg := sprintf("missing claims", []) - } ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: volumes-map - namespace: -data: - volumes-map.rego: | - package karavi.volumes.map - - import data.karavi.common - - default response = { - "allowed": true - } - response = { - "allowed": false, - "status": { - "reason": reason, - }, - } { - reason = concat(", ", deny) - reason != "" - } - - deny[msg] { - common.roles == {} - msg := sprintf("no role data found", []) - } - - default claims = {} - claims = input.claims - deny[msg] { - claims == {} - msg := sprintf("missing claims", []) - } ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: powermax-volumes-create - namespace: -data: - volumes-powermax-create.rego: | - package karavi.volumes.powermax.create - - import data.karavi.common - - default allow = false - - allow { - count(permitted_roles) != 0 - count(deny) == 0 - } - - deny[msg] { - common.roles == {} - msg := sprintf("no configured roles", []) - } - - deny[msg] { - count(permitted_roles) == 0 - msg := sprintf("no roles in [%s] allow the %v Kb request on %s/%s/%s", - [input.claims.roles, - input.request.volumeSizeInKb, - input.systemtype, - input.storagesystemid, - input.storagepool]) - } - - permitted_roles[v] = y { - claimed_roles := split(input.claims.roles, ",") - - some i - a := claimed_roles[i] - common.roles[a] - - v := claimed_roles[i] - common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] >= to_number(input.request.volumeSizeInKb) - y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) - } - - permitted_roles[v] = y { - claimed_roles := split(input.claims.roles, ",") - - some i - a := claimed_roles[i] - common.roles[a] - - v := claimed_roles[i] - common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] == 0 - y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) - } ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: volumes-unmap - namespace: -data: - volumes-unmap.rego: | - package karavi.volumes.unmap - - import data.karavi.common - - default response = { - "allowed": true - } - response = { - "allowed": false, - "status": { - "reason": reason, - }, - } { - reason = concat(", ", deny) - reason != "" - } - - deny[msg] { - common.roles == {} - msg := sprintf("no role data found", []) - } - - default claims = {} - claims = input.claims - deny[msg] { - claims == {} - msg := sprintf("missing claims", []) - } ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: sdc-approve - namespace: -data: - sdc-approve.rego: |- - package karavi.sdc.approve - - import data.karavi.common - - # Allow requests by default. - default allow = true - - default response = { - "allowed": true - } - response = { - "allowed": false, - "status": { - "reason": reason, - }, - } { - reason = concat(", ", deny) - reason != "" - } - - default claims = {} - claims = input.claims - deny[msg] { - claims == {} - msg := sprintf("missing claims", []) - } diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/upgrade-path.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/upgrade-path.yaml deleted file mode 100644 index 9c28fced3..000000000 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/upgrade-path.yaml +++ /dev/null @@ -1 +0,0 @@ -minUpgradePath: v1.8.0 diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/volumes.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/volumes.yaml deleted file mode 100644 index ec4a5b445..000000000 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/volumes.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- name: karavi-authorization-config - secret: - secretName: karavi-authorization-config -- name: proxy-server-root-certificate - secret: - secretName: proxy-server-root-certificate diff --git a/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/container.yaml b/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/container.yaml deleted file mode 100644 index 7ae583ac3..000000000 --- a/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/container.yaml +++ /dev/null @@ -1,21 +0,0 @@ -name: reverseproxy -image: dellemc/csipowermax-reverseproxy:v2.9.1 -imagePullPolicy: IfNotPresent -env: - - name: X_CSI_REVPROXY_CONFIG_DIR - value: /etc/config/configmap - - name: X_CSI_REVPROXY_CONFIG_FILE_NAME - value: config.yaml - - name: X_CSI_REVRPOXY_IN_CLUSTER - value: "true" - - name: X_CSI_REVPROXY_TLS_CERT_DIR - value: /app/tls - - name: X_CSI_REVPROXY_WATCH_NAMESPACE - value: -volumeMounts: - - name: configmap-volume - mountPath: /etc/config/configmap - - name: tls-secret - mountPath: /app/tls - - name: cert-dir - mountPath: /app/certs diff --git a/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/controller.yaml b/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/controller.yaml deleted file mode 100644 index dbb2044b4..000000000 --- a/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/controller.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csipowermax-reverseproxy - namespace: ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csipowermax-reverseproxy - namespace: -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["list", "watch", "get"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csipowermax-reverseproxy - namespace: -subjects: - - kind: ServiceAccount - name: csipowermax-reverseproxy - namespace: -roleRef: - kind: Role - name: csipowermax-reverseproxy - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Service -metadata: - name: csipowermax-reverseproxy - namespace: -spec: - ports: - - port: - protocol: TCP - targetPort: 2222 - selector: - name: csipowermax-reverseproxy - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: csipowermax-reverseproxy - namespace: -spec: - replicas: 1 - selector: - matchLabels: - name: csipowermax-reverseproxy - template: - metadata: - labels: - name: csipowermax-reverseproxy - spec: - serviceAccountName: csipowermax-reverseproxy - containers: - - name: csipowermax-reverseproxy - # Replace this with the built image name - image: - imagePullPolicy: Always - env: - - name: X_CSI_REVPROXY_CONFIG_DIR - value: /etc/config/configmap - - name: X_CSI_REVPROXY_CONFIG_FILE_NAME - value: config.yaml - - name: X_CSI_REVRPOXY_IN_CLUSTER - value: "true" - - name: X_CSI_REVPROXY_TLS_CERT_DIR - value: /app/tls - - name: X_CSI_REVPROXY_WATCH_NAMESPACE - value: # Change this to the namespace where proxy will be installed - volumeMounts: - - name: configmap-volume - mountPath: /etc/config/configmap - - name: tls-secret - mountPath: /app/tls - - name: cert-dir - mountPath: /app/certs - volumes: - - name: configmap-volume - configMap: - name: - optional: true - - name: tls-secret - secret: - secretName: - - name: cert-dir - emptyDir: diff --git a/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/service.yaml b/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/service.yaml deleted file mode 100644 index 24e108a36..000000000 --- a/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: csipowermax-reverseproxy - namespace: -spec: - ports: - - port: - protocol: TCP - targetPort: 2222 - selector: - app: -controller - type: ClusterIP diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml deleted file mode 100644 index 6e90f65fa..000000000 --- a/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: -secret - namespace: karavi -data: - # replace with actual base64-encoded certificate - tls.crt: - # replace with actual base64-encoded private key - tls.key: ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: -issuer - namespace: karavi -spec: - ca: - secretName: -secret ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: - namespace: karavi -spec: - secretName: -tls - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - dell - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - usages: - - server auth - - client auth - dnsNames: - - - - .karavi.svc.kubernetes.local - issuerRef: - name: -issuer - kind: Issuer - group: cert-manager.io diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml deleted file mode 100644 index 34dd99961..000000000 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml +++ /dev/null @@ -1,144 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: karavi-metrics-powerflex-controller - namespace: karavi ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: karavi-metrics-powerflex-controller -rules: - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes", "storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes", "nodes"] - verbs: ["list"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: karavi-metrics-powerflex-controller -subjects: - - kind: ServiceAccount - name: karavi-metrics-powerflex-controller - namespace: karavi -roleRef: - kind: ClusterRole - name: karavi-metrics-powerflex-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: karavi-metrics-powerflex - app.kubernetes.io/instance: karavi - name: karavi-metrics-powerflex - namespace: karavi -spec: - type: ClusterIP - ports: - - name: karavi-metrics-powerflex - port: 2222 - targetPort: 2222 - selector: - app.kubernetes.io/name: karavi-metrics-powerflex - app.kubernetes.io/instance: karavi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: karavi-metrics-powerflex-configmap - namespace: karavi -data: - karavi-metrics-powerflex.yaml: | - COLLECTOR_ADDR: - PROVISIONER_NAMES: csi-vxflexos.dellemc.com - POWERFLEX_SDC_METRICS_ENABLED: - POWERFLEX_SDC_IO_POLL_FREQUENCY: - POWERFLEX_VOLUME_IO_POLL_FREQUENCY: - POWERFLEX_VOLUME_METRICS_ENABLED: - POWERFLEX_STORAGE_POOL_METRICS_ENABLED: - POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: - POWERFLEX_MAX_CONCURRENT_QUERIES: - LOG_LEVEL: - LOG_FORMAT: ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: -config-params - namespace: karavi -data: - driver-config-params.yaml: | - CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: karavi-metrics-powerflex - namespace: karavi - labels: - app.kubernetes.io/name: karavi-metrics-powerflex - app.kubernetes.io/instance: karavi -spec: - selector: - matchLabels: - app.kubernetes.io/name: karavi-metrics-powerflex - app.kubernetes.io/instance: karavi - replicas: 1 - strategy: {} - template: - metadata: - labels: - app.kubernetes.io/name: karavi-metrics-powerflex - app.kubernetes.io/instance: karavi - csm: - csmNamespace: - spec: - serviceAccount: karavi-metrics-powerflex-controller - containers: - - name: karavi-metrics-powerflex - image: dellemc/csm-metrics-powerflex:v1.8.1 - resources: {} - env: - - name: POWERFLEX_METRICS_ENDPOINT - value: "karavi-metrics-powerflex" - - name: POWERFLEX_METRICS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TLS_ENABLED - value: "true" - volumeMounts: - - name: vxflexos-config - mountPath: /vxflexos-config - - name: tls-secret - mountPath: /etc/ssl/certs - readOnly: true - - name: karavi-metrics-powerflex-configmap - mountPath: /etc/config - volumes: - - name: vxflexos-config - secret: - secretName: -config - - name: tls-secret - secret: - secretName: otel-collector-tls - items: - - key: tls.crt - path: cert.crt - - name: karavi-metrics-powerflex-configmap - configMap: - name: karavi-metrics-powerflex-configmap - - name: vxflexos-config-params - configMap: - name: -config-params - restartPolicy: Always -status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml deleted file mode 100644 index 3ef479f80..000000000 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: karavi-metrics-powermax-controller - namespace: karavi ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: karavi-metrics-powermax-controller -rules: - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes", "storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes", "nodes"] - verbs: ["list"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["list", "watch", "get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: karavi-metrics-powermax-controller -subjects: - - kind: ServiceAccount - name: karavi-metrics-powermax-controller - namespace: karavi -roleRef: - kind: ClusterRole - name: karavi-metrics-powermax-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: karavi-metrics-powermax - app.kubernetes.io/instance: karavi - name: karavi-metrics-powermax - namespace: karavi -spec: - type: ClusterIP - ports: - - name: karavi-metrics-powermax - port: 8081 - targetPort: 8081 - selector: - app.kubernetes.io/name: karavi-metrics-powermax - app.kubernetes.io/instance: karavi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: karavi-metrics-powermax-configmap - namespace: karavi -data: - karavi-metrics-powermax.yaml: | - COLLECTOR_ADDR: - PROVISIONER_NAMES: csi-powermax.dellemc.com - POWERMAX_CAPACITY_METRICS_ENABLED: - POWERMAX_CAPACITY_POLL_FREQUENCY: - POWERMAX_PERFORMANCE_METRICS_ENABLED: - POWERMAX_PERFORMANCE_POLL_FREQUENCY: - POWERMAX_MAX_CONCURRENT_QUERIES: - LOG_LEVEL: - LOG_FORMAT: ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: -config-params - namespace: karavi -data: - driver-config-params.yaml: | - CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: karavi-metrics-powermax - namespace: karavi - labels: - app.kubernetes.io/name: karavi-metrics-powermax - app.kubernetes.io/instance: karavi -spec: - selector: - matchLabels: - app.kubernetes.io/name: karavi-metrics-powermax - app.kubernetes.io/instance: karavi - replicas: 1 - strategy: {} - template: - metadata: - labels: - app.kubernetes.io/name: karavi-metrics-powermax - app.kubernetes.io/instance: karavi - csm: - csmNamespace: - spec: - serviceAccountName: karavi-metrics-powermax-controller - containers: - - name: karavi-metrics-powermax - image: dellemc/csm-metrics-powermax:v1.3.1 - resources: {} - env: - - name: POWERMAX_METRICS_ENDPOINT - value: "karavi-metrics-powermax" - - name: POWERMAX_METRICS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TLS_ENABLED - value: "true" - - name: SSL_CERT_DIR - value: /certs - volumeMounts: - - name: - mountPath: /etc/reverseproxy - - name: tls-secret - mountPath: /etc/ssl/certs - readOnly: true - - name: karavi-metrics-powermax-configmap - mountPath: /etc/config - - name: certs - mountPath: /certs - volumes: - - name: certs - emptyDir: {} - - name: - configMap: - name: - - name: tls-secret - secret: - secretName: otel-collector-tls - items: - - key: tls.crt - path: cert.crt - - name: karavi-metrics-powermax-configmap - configMap: - name: karavi-metrics-powermax-configmap - - name: powermax-config-params - configMap: - name: -config-params - restartPolicy: Always -status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml deleted file mode 100644 index 614966295..000000000 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: karavi-metrics-powerscale-controller - namespace: karavi ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: karavi-metrics-powerscale-controller -rules: - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes", "storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumes", "nodes"] - verbs: ["list"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: karavi-metrics-powerscale-controller -subjects: - - kind: ServiceAccount - name: karavi-metrics-powerscale-controller - namespace: karavi -roleRef: - kind: ClusterRole - name: karavi-metrics-powerscale-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: karavi-metrics-powerscale - app.kubernetes.io/instance: karavi - name: karavi-metrics-powerscale - namespace: karavi -spec: - type: ClusterIP - ports: - - name: karavi-metrics-powerscale - port: 8080 - targetPort: 8080 - selector: - app.kubernetes.io/name: karavi-metrics-powerscale - app.kubernetes.io/instance: karavi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: karavi-metrics-powerscale-configmap - namespace: karavi -data: - karavi-metrics-powerscale.yaml: | - COLLECTOR_ADDR: - PROVISIONER_NAMES: csi-isilon.dellemc.com - POWERSCALE_MAX_CONCURRENT_QUERIES: - POWERSCALE_CAPACITY_METRICS_ENABLED: - POWERSCALE_PERFORMANCE_METRICS_ENABLED: - POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: - POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: - POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: - POWERSCALE_ISICLIENT_INSECURE: - POWERSCALE_ISICLIENT_AUTH_TYPE: - POWERSCALE_ISICLIENT_VERBOSE: - LOG_LEVEL: - LOG_FORMAT: ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: -config-params - namespace: karavi -data: - driver-config-params.yaml: | - CSI_LOG_LEVEL: debug ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: karavi-metrics-powerscale - namespace: karavi - labels: - app.kubernetes.io/name: karavi-metrics-powerscale - app.kubernetes.io/instance: karavi -spec: - selector: - matchLabels: - app.kubernetes.io/name: karavi-metrics-powerscale - app.kubernetes.io/instance: karavi - replicas: 1 - strategy: {} - template: - metadata: - labels: - app.kubernetes.io/name: karavi-metrics-powerscale - app.kubernetes.io/instance: karavi - csm: - csmNamespace: - spec: - serviceAccount: karavi-metrics-powerscale-controller - containers: - - name: karavi-metrics-powerscale - image: dellemc/csm-metrics-powerscale:v1.5.1 - resources: {} - env: - - name: POWERSCALE_METRICS_ENDPOINT - value: "karavi-metrics-powerscale" - - name: POWERSCALE_METRICS_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TLS_ENABLED - value: "true" - volumeMounts: - - name: isilon-creds - mountPath: /isilon-creds - - name: tls-secret - mountPath: /etc/ssl/certs - readOnly: true - - name: karavi-metrics-powerscale-configmap - mountPath: /etc/config - volumes: - - name: isilon-creds - secret: - secretName: -creds - - name: tls-secret - secret: - secretName: otel-collector-tls - items: - - key: tls.crt - path: cert.crt - - name: karavi-metrics-powerscale-configmap - configMap: - name: karavi-metrics-powerscale-configmap - - name: csi-isilon-config-params - configMap: - name: -config-params - restartPolicy: Always -status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml deleted file mode 100644 index 066f858f7..000000000 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: v1 -data: - otel-collector-config.yaml: |- - receivers: - otlp: - protocols: - grpc: - endpoint: 0.0.0.0:55680 - tls: - cert_file: /etc/ssl/certs/tls.crt - key_file: /etc/ssl/certs/tls.key - - exporters: - prometheus: - endpoint: 0.0.0.0:8889 - logging: - - extensions: - health_check: {} - - service: - extensions: [health_check] - pipelines: - metrics: - receivers: [otlp] - processors: [] - exporters: [logging,prometheus] -kind: ConfigMap -metadata: - name: otel-collector-config - namespace: karavi ---- -apiVersion: v1 -data: - nginx.conf: |- - worker_processes 1; - events { - worker_connections 1024; - } - - pid /tmp/nginx.pid; - - http { - include mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - server { - listen 8443 ssl; - server_name localhost; - ssl_certificate /etc/ssl/certs/tls.crt; - ssl_certificate_key /etc/ssl/certs/tls.key; - ssl_protocols TLSv1.2; - ssl_ciphers AESGCM:-aNULL:-DH:-kRSA:@STRENGTH; - ssl_prefer_server_ciphers on; - location / { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_pass http://127.0.0.1:8889/; - } - } - } -kind: ConfigMap -metadata: - name: nginx-config - namespace: karavi ---- -apiVersion: v1 -kind: Service -metadata: - name: otel-collector - namespace: karavi - labels: - app.kubernetes.io/name: otel-collector - app.kubernetes.io/instance: karavi-observability -spec: - type: ClusterIP - ports: - - port: 55680 - targetPort: 55680 - name: receiver - - port: 8443 - targetPort: 8443 - name: exporter-https - selector: - app.kubernetes.io/name: otel-collector - app.kubernetes.io/instance: karavi-observability ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: otel-collector - namespace: karavi - labels: - app.kubernetes.io/name: otel-collector - app.kubernetes.io/instance: karavi-observability -spec: - selector: - matchLabels: - app.kubernetes.io/name: otel-collector - app.kubernetes.io/instance: karavi-observability - replicas: 1 - strategy: {} - template: - metadata: - labels: - app.kubernetes.io/name: otel-collector - app.kubernetes.io/instance: karavi-observability - csm: - csmNamespace: - spec: - volumes: - - name: tls-secret - secret: - secretName: otel-collector-tls - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - name: nginx-config - configMap: - name: nginx-config - - name: otel-collector-config - configMap: - name: otel-collector-config - containers: - - name: nginx-proxy - image: - volumeMounts: - - name: tls-secret - mountPath: /etc/ssl/certs - - name: nginx-config - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: otel-collector - image: - args: - - --config=/etc/otel-collector-config.yaml - resources: {} - volumeMounts: - - name: otel-collector-config - mountPath: /etc/otel-collector-config.yaml - subPath: otel-collector-config.yaml - - name: tls-secret - mountPath: /etc/ssl/certs - restartPolicy: Always -status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml deleted file mode 100644 index 941a8b7d0..000000000 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: karavi-topology-configmap - namespace: karavi -data: - karavi-topology.yaml: | - PROVISIONER_NAMES: csi-isilon.dellemc.com,csi-vxflexos.dellemc.com, csi-powermax.dellemc.com - LOG_LEVEL: - LOG_FORMAT: text - ZIPKIN_URI: "" - ZIPKIN_SERVICE_NAME: karavi-topology - ZIPKIN_PROBABILITY: 0.0 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: karavi-observability-topology-controller - namespace: karavi ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: karavi-observability-topology-controller -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: karavi-observability-topology-controller -subjects: - - kind: ServiceAccount - name: karavi-observability-topology-controller - namespace: karavi -roleRef: - kind: ClusterRole - name: karavi-observability-topology-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: karavi-topology - app.kubernetes.io/instance: karavi-observability - name: karavi-topology - namespace: karavi -spec: - type: ClusterIP - ports: - - name: karavi-topology - port: 8443 - targetPort: 8443 - selector: - app.kubernetes.io/name: karavi-topology - app.kubernetes.io/instance: karavi-observability ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: karavi-topology - namespace: karavi - labels: - app.kubernetes.io/name: karavi-topology - app.kubernetes.io/instance: karavi-observability -spec: - selector: - matchLabels: - app.kubernetes.io/name: karavi-topology - app.kubernetes.io/instance: karavi-observability - replicas: 1 - strategy: {} - template: - metadata: - labels: - app.kubernetes.io/name: karavi-topology - app.kubernetes.io/instance: karavi-observability - csm: - csmNamespace: - spec: - volumes: - - name: karavi-topology-secret-volume - secret: - secretName: karavi-topology-tls - items: - - key: tls.crt - path: localhost.crt - - key: tls.key - path: localhost.key - - name: karavi-topology-configmap - configMap: - name: karavi-topology-configmap - serviceAccount: karavi-observability-topology-controller - containers: - - name: karavi-topology - image: dellemc/csm-topology:v1.8.1 - resources: {} - env: - - name: PORT - value: "8443" - - name: DEBUG - value: "false" - volumeMounts: - - name: karavi-topology-secret-volume - mountPath: "/certs" - - name: karavi-topology-configmap - mountPath: "/etc/config" - restartPolicy: Always -status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml deleted file mode 100644 index 72e5ffa7f..000000000 --- a/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: karavi -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: - namespace: karavi -spec: - secretName: -tls - duration: 2160h # 90d - renewBefore: 360h # 15d - subject: - organizations: - - dell - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - usages: - - server auth - - client auth - dnsNames: - - - - .karavi.svc.kubernetes.local - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/container.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/container.yaml deleted file mode 100644 index bb75eb537..000000000 --- a/operatorconfig/moduleconfig/replication/v1.8.1/container.yaml +++ /dev/null @@ -1,24 +0,0 @@ -name: dell-csi-replicator -image: dellemc/dell-csi-replicator:v1.8.1 -imagePullPolicy: IfNotPresent -args: - - "--csi-address=$(ADDRESS)" - - "--leader-election=true" - - "--worker-threads=2" - - "--retry-interval-start=1s" - - "--retry-interval-max=300s" - - "--timeout=300s" - - "--context-prefix=" - - "--prefix=" -env: - - name: ADDRESS - value: /var/run/csi/csi.sock - - name: X_CSI_REPLICATION_CONFIG_DIR - value: / - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: driver-config-params.yaml -volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - - name: - mountPath: / diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml deleted file mode 100644 index c050fe66c..000000000 --- a/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml +++ /dev/null @@ -1,293 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: dell-replication-controller ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dell-replication-controller-sa - namespace: dell-replication-controller -secrets: - - name: replication-secret ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: dell-replication-manager-role -rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dell-replication-metrics-reader -rules: - - nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dell-replication-proxy-role -rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: v1 -kind: Secret -metadata: - name: replication-secret - namespace: dell-replication-controller - annotations: - kubernetes.io/service-account.name: dell-replication-controller-sa - kubernetes.io/service-account.namespace: dell-replication-controller -type: kubernetes.io/service-account-token ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: dell-replication-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dell-replication-manager-role -subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: dell-replication-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dell-replication-proxy-role -subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller ---- -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: dell-replication-controller-manager-metrics-service - namespace: dell-replication-controller -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - control-plane: controller-manager - name: dell-replication-controller-manager - namespace: dell-replication-controller -spec: - replicas: - selector: - matchLabels: - control-plane: controller-manager - template: - metadata: - labels: - control-plane: controller-manager - spec: - serviceAccountName: dell-replication-controller-sa - containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: dellemc/dell-replication-controller:v1.8.1 - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/dell-replication-controller-config.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/dell-replication-controller-config.yaml deleted file mode 100644 index 69599f19f..000000000 --- a/operatorconfig/moduleconfig/replication/v1.8.1/dell-replication-controller-config.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: dell-replication-controller-config - namespace: dell-replication-controller -data: - config.yaml: | - clusterId: "" - targets: [] - CSI_LOG_LEVEL: "debug" diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml deleted file mode 100644 index e3e6bc07e..000000000 --- a/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml +++ /dev/null @@ -1,240 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: dellcsimigrationgroups.replication.storage.dell.com -spec: - group: replication.storage.dell.com - names: - kind: DellCSIMigrationGroup - listKind: DellCSIMigrationGroupList - plural: dellcsimigrationgroups - shortNames: - - mg - singular: dellcsimigrationgroup - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: - type: string - migrationGroupAttributes: - additionalProperties: - type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: DellCSIMigrationGroupStatus defines the observed state of DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null - name: dellcsireplicationgroups.replication.storage.dell.com -spec: - group: replication.storage.dell.com - names: - kind: DellCSIReplicationGroup - listKind: DellCSIReplicationGroupList - plural: dellcsireplicationgroups - shortNames: - - rg - singular: dellcsireplicationgroup - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIReplicationGroupSpec defines the desired state of DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: - type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: - type: string - type: object - remoteProtectionGroupId: - type: string - requestParametersClass: - type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: DellCSIReplicationGroupStatus defines the observed state of DellCSIReplicationGroup - properties: - conditions: - items: - description: LastAction - Stores the last updated action - properties: - condition: - description: Condition is the last known condition of the Custom Resource - type: string - errorMessage: - description: ErrorMessage is the last error message associated with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: - type: string - type: object - type: object - type: array - lastAction: - description: LastAction - Stores the last updated action - properties: - condition: - description: Condition is the last known condition of the Custom Resource - type: string - errorMessage: - description: ErrorMessage is the last error message associated with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: - type: string - type: object - type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: ErrorMessage is the last error message associated with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: LastSuccessfulUpdate is the time stamp for the last state update - format: date-time - type: string - state: - description: State is the last reported state of the Replication Link - type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml deleted file mode 100644 index 790f60de3..000000000 --- a/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml deleted file mode 100644 index a1fe3b165..000000000 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -name: podmon -image: dellemc/podmon:v1.9.1 -imagePullPolicy: IfNotPresent -env: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - - name: vxflexos-config-params - mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml deleted file mode 100644 index 7c0621795..000000000 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# -# -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -name: podmon -image: dellemc/podmon:v1.9.1 -imagePullPolicy: IfNotPresent -securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true -env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: X_CSI_PRIVATE_MOUNT_DIR - value: /var/lib/kubelet - - name: MY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -volumeMounts: - - name: kubelet-pods - mountPath: /pods - mountPropagation: "Bidirectional" - - name: driver-path - mountPath: /plugins/vxflexos.emc.dell.com - mountPropagation: "Bidirectional" - - name: dev - mountPath: /dev - - name: usr-bin - mountPath: /usr-bin - - name: var-run - mountPath: /var/run - - name: vxflexos-config-params - mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml deleted file mode 100644 index b22871254..000000000 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -name: podmon -image: dellemc/podmon:v1.9.1 -imagePullPolicy: IfNotPresent -env: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml deleted file mode 100644 index 9e5b94583..000000000 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -name: podmon -image: dellemc/podmon:v1.9.1 -imagePullPolicy: IfNotPresent -securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true -env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: X_CSI_PRIVATE_MOUNT_DIR - value: /var/lib/kubelet - - name: MY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -volumeMounts: - - name: kubelet-pods - mountPath: /pods - mountPropagation: "Bidirectional" - - name: driver-path - mountPath: /plugins/csi-isilon - mountPropagation: "Bidirectional" - - name: csi-path - mountPath: /plugins/kubernetes.io/csi - mountPropagation: "Bidirectional" - - name: dev - mountPath: /dev - - name: usr-bin - mountPath: /usr-bin - - name: var-run - mountPath: /var/run - - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml deleted file mode 100644 index cdaccb84f..000000000 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -name: podmon -image: dellemc/podmon:v1.9.1 -imagePullPolicy: IfNotPresent -env: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -volumeMounts: - - name: socket-dir - mountPath: /var/run/csi - - name: powerstore-config-params - mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml deleted file mode 100644 index 218cdb621..000000000 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# -# -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -name: podmon -securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true -image: dellemc/podmon:v1.9.1 -imagePullPolicy: IfNotPresent -env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: X_CSI_PRIVATE_MOUNT_DIR - value: /var/lib/kubelet - - name: MY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -volumeMounts: - - name: kubelet-pods - mountPath: /pods - mountPropagation: "Bidirectional" - - name: driver-path - mountPath: /plugins/csi-powerstore.dellemc.com - mountPropagation: "Bidirectional" - - name: csi-path - mountPath: /plugins/kubernetes.io/csi - mountPropagation: "Bidirectional" - - name: dev - mountPath: /dev - - name: usr-bin - mountPath: /usr-bin - - name: var-run - mountPath: /var/run - - name: powerstore-config-params - mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/controller-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/controller-roles.yaml deleted file mode 100644 index 10abf39ec..000000000 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/controller-roles.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# -# -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch", "patch"] -- apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch", "delete"] -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "update", "delete"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml deleted file mode 100644 index f5f8cbbc0..000000000 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# -# -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "update", "delete"] -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] From fbf71d4e48a7c22485e8135c26af77bce379e998 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 07:47:16 -0500 Subject: [PATCH 16/31] fix: resolve lint issue --- tests/e2e/testfiles/storage_csm_powerflex.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_auth.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml | 2 +- .../e2e/testfiles/storage_csm_powerflex_observability_auth.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax_authorization.yaml | 2 +- .../storage_csm_powermax_observability_authorization.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_auth.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_observability.yaml | 2 +- .../testfiles/storage_csm_powerscale_observability_auth.yaml | 2 +- .../storage_csm_powerscale_observability_top_custom_cert.yaml | 2 +- .../testfiles/storage_csm_powerscale_observability_val1.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_replica.yaml | 2 +- 21 files changed, 21 insertions(+), 21 deletions(-) diff --git a/tests/e2e/testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/storage_csm_powerflex.yaml index cc162ece4..c576cf956 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex.yaml @@ -170,7 +170,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml index b84c89d70..68aac7dc1 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml @@ -159,7 +159,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml index 30dc98b5f..28887baf4 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml @@ -158,7 +158,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml index 2884ae57d..b2f11d799 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml @@ -159,7 +159,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml index 7a157af71..695782767 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml @@ -132,7 +132,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml index e8ee47578..bf912cf63 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml @@ -159,7 +159,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml index 848e380b7..bed349c17 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml @@ -161,7 +161,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml index 3de9f6365..44d62d5af 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml @@ -132,7 +132,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml index 39a061cce..9fe88b3bb 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml @@ -247,7 +247,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml index 7a3add385..ca42f3825 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml @@ -247,7 +247,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index e78038282..f9cd060b3 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -232,7 +232,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml index 214998e75..3dd7f3d4b 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml @@ -248,7 +248,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml index d3931cf27..e7035709e 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml @@ -232,7 +232,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml index 06575c51a..2b8f2608a 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml @@ -232,7 +232,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml index b0ab0b168..493b3d874 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml @@ -224,7 +224,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml index 4b6283df4..4553d0336 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index dc30ef747..c2db1a88b 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml index 80506a95f..caa9e9700 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml @@ -220,7 +220,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 26e8246cb..6fdeff344 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml index eab8ceab5..b6cf0c6e8 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml index b0e784f74..3e4494415 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" From 58239b85ca7c17ce011101c247175d12ca442c62 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 07:51:37 -0500 Subject: [PATCH 17/31] fix: removed trailing spaces --- pkg/modules/testdata/cr_powerflex_observability.yaml | 2 +- pkg/modules/testdata/cr_powermax_reverseproxy.yaml | 2 +- pkg/modules/testdata/cr_powerscale_auth.yaml | 2 +- .../testdata/cr_powerscale_auth_missing_skip_cert_env.yaml | 2 +- pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml | 2 +- pkg/modules/testdata/cr_powerscale_observability.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index 29162047e..935de7250 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -233,7 +233,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powermax_reverseproxy.yaml b/pkg/modules/testdata/cr_powermax_reverseproxy.yaml index 7cd7861ce..9e76dcaaa 100644 --- a/pkg/modules/testdata/cr_powermax_reverseproxy.yaml +++ b/pkg/modules/testdata/cr_powermax_reverseproxy.yaml @@ -53,7 +53,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth.yaml b/pkg/modules/testdata/cr_powerscale_auth.yaml index 1c981a797..2912aebf2 100644 --- a/pkg/modules/testdata/cr_powerscale_auth.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth.yaml @@ -18,7 +18,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml b/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml index cfed4e998..7bee9aaa5 100644 --- a/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml @@ -18,7 +18,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml b/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml index 87bf01c5d..e3b97263f 100644 --- a/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml @@ -18,7 +18,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_observability.yaml b/pkg/modules/testdata/cr_powerscale_observability.yaml index cfcfbe4aa..e8ad15524 100644 --- a/pkg/modules/testdata/cr_powerscale_observability.yaml +++ b/pkg/modules/testdata/cr_powerscale_observability.yaml @@ -114,7 +114,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" From 5ab7e32a0ef248ac16f92363cbd9787a8fcf3b33 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 07:56:19 -0500 Subject: [PATCH 18/31] removed blank lines --- .../driverconfig/powerflex/v2.13.0/upgrade-path.yaml | 4 +--- .../driverconfig/powermax/v2.13.0/upgrade-path.yaml | 4 +--- .../driverconfig/powerscale/v2.13.0/upgrade-path.yaml | 4 +--- .../driverconfig/powerstore/v2.13.0/upgrade-path.yaml | 4 +--- operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml | 4 +--- 5 files changed, 5 insertions(+), 15 deletions(-) diff --git a/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml index 1264a1da5..a7bcf2003 100644 --- a/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml @@ -1,3 +1 @@ - - minUpgradePath: v2.12.0 - +minUpgradePath: v2.12.0 diff --git a/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml index 1264a1da5..a7bcf2003 100644 --- a/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml @@ -1,3 +1 @@ - - minUpgradePath: v2.12.0 - +minUpgradePath: v2.12.0 diff --git a/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml index 1264a1da5..a7bcf2003 100644 --- a/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml @@ -1,3 +1 @@ - - minUpgradePath: v2.12.0 - +minUpgradePath: v2.12.0 diff --git a/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml index 1264a1da5..a7bcf2003 100644 --- a/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml @@ -1,3 +1 @@ - - minUpgradePath: v2.12.0 - +minUpgradePath: v2.12.0 diff --git a/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml index 1264a1da5..a7bcf2003 100644 --- a/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml @@ -1,3 +1 @@ - - minUpgradePath: v2.12.0 - +minUpgradePath: v2.12.0 From 1e0af7dc88171b6b03fc4bec440154f49763609a Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 09:38:18 -0500 Subject: [PATCH 19/31] updated minimal samples --- .../{powerflex.yaml => powerflex_v2120.yaml} | 2 +- samples/minimal-samples/powerflex_v2130.yaml | 50 +++++++++++++++++++ samples/minimal-samples/powermax_v2120.yaml | 44 ++++++++++++++++ .../{powermax.yaml => powermax_v2130.yaml} | 2 +- ...{powerscale.yaml => powerscale_v2120.yaml} | 2 +- samples/minimal-samples/powerscale_v2130.yaml | 49 ++++++++++++++++++ samples/minimal-samples/powerstore_v2120.yaml | 18 +++++++ ...{powerstore.yaml => powerstore_v2130.yaml} | 0 samples/minimal-samples/unity_v2120.yaml | 10 ++++ .../{unity.yaml => unity_v2130.yaml} | 0 10 files changed, 174 insertions(+), 3 deletions(-) rename samples/minimal-samples/{powerflex.yaml => powerflex_v2120.yaml} (98%) create mode 100644 samples/minimal-samples/powerflex_v2130.yaml create mode 100644 samples/minimal-samples/powermax_v2120.yaml rename samples/minimal-samples/{powermax.yaml => powermax_v2130.yaml} (98%) rename samples/minimal-samples/{powerscale.yaml => powerscale_v2120.yaml} (98%) create mode 100644 samples/minimal-samples/powerscale_v2130.yaml create mode 100644 samples/minimal-samples/powerstore_v2120.yaml rename samples/minimal-samples/{powerstore.yaml => powerstore_v2130.yaml} (100%) create mode 100644 samples/minimal-samples/unity_v2120.yaml rename samples/minimal-samples/{unity.yaml => unity_v2130.yaml} (100%) diff --git a/samples/minimal-samples/powerflex.yaml b/samples/minimal-samples/powerflex_v2120.yaml similarity index 98% rename from samples/minimal-samples/powerflex.yaml rename to samples/minimal-samples/powerflex_v2120.yaml index 753afd209..6683f7819 100644 --- a/samples/minimal-samples/powerflex.yaml +++ b/samples/minimal-samples/powerflex_v2120.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powerflex" - configVersion: v2.13.0 + configVersion: v2.12.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/samples/minimal-samples/powerflex_v2130.yaml b/samples/minimal-samples/powerflex_v2130.yaml new file mode 100644 index 000000000..9267823bd --- /dev/null +++ b/samples/minimal-samples/powerflex_v2130.yaml @@ -0,0 +1,50 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: vxflexos + namespace: vxflexos +spec: + driver: + csiDriverType: "powerflex" + configVersion: v2.13.0 + forceRemoveDriver: true + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + # For Auth 2.0, use v2.0.0 as configVersion + configVersion: v1.13.0 + components: + - name: karavi-authorization-proxy + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + - name: replication + enabled: false + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: false + components: + - name: topology + enabled: true + - name: otel-collector + enabled: true + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + - name: metrics-powerflex + enabled: true diff --git a/samples/minimal-samples/powermax_v2120.yaml b/samples/minimal-samples/powermax_v2120.yaml new file mode 100644 index 000000000..9d3ce8a9b --- /dev/null +++ b/samples/minimal-samples/powermax_v2120.yaml @@ -0,0 +1,44 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: powermax + namespace: powermax +spec: + driver: + csiDriverType: "powermax" + configVersion: v2.12.0 + forceRemoveDriver: true + # These are the modules which are optional and can be enabled by specifying to enable/disable. + modules: + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + # For Auth 2.0, use v2.0.0 as configVersion + configVersion: v1.12.0 + components: + - name: karavi-authorization-proxy + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: resiliency + enabled: false + - name: replication + enabled: false + - name: observability + # enabled: Enable/Disable observability + enabled: false + components: + - name: topology + enabled: true + - name: otel-collector + enabled: true + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + - name: metrics-powermax + enabled: true diff --git a/samples/minimal-samples/powermax.yaml b/samples/minimal-samples/powermax_v2130.yaml similarity index 98% rename from samples/minimal-samples/powermax.yaml rename to samples/minimal-samples/powermax_v2130.yaml index 4a0cda4f2..d7e65beeb 100644 --- a/samples/minimal-samples/powermax.yaml +++ b/samples/minimal-samples/powermax_v2130.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.12.0 + configVersion: v2.13.0 forceRemoveDriver: true # These are the modules which are optional and can be enabled by specifying to enable/disable. modules: diff --git a/samples/minimal-samples/powerscale.yaml b/samples/minimal-samples/powerscale_v2120.yaml similarity index 98% rename from samples/minimal-samples/powerscale.yaml rename to samples/minimal-samples/powerscale_v2120.yaml index 4934a211c..6f21e84c0 100644 --- a/samples/minimal-samples/powerscale.yaml +++ b/samples/minimal-samples/powerscale_v2120.yaml @@ -6,7 +6,7 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.13.0 + configVersion: v2.12.0 forceRemoveDriver: true modules: # Authorization: enable csm-authorization for RBAC diff --git a/samples/minimal-samples/powerscale_v2130.yaml b/samples/minimal-samples/powerscale_v2130.yaml new file mode 100644 index 000000000..dfb062ebd --- /dev/null +++ b/samples/minimal-samples/powerscale_v2130.yaml @@ -0,0 +1,49 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: isilon + namespace: isilon +spec: + driver: + csiDriverType: "isilon" + configVersion: v2.13.0 + forceRemoveDriver: true + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + # For Auth 2.0, use v2.0.0 as configVersion + configVersion: v1.13.0 + components: + - name: karavi-authorization-proxy + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + - name: replication + enabled: false + - name: observability + # enabled: Enable/Disable observability + enabled: false + components: + - name: topology + enabled: true + - name: otel-collector + enabled: true + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + - name: metrics-powerscale + enabled: true diff --git a/samples/minimal-samples/powerstore_v2120.yaml b/samples/minimal-samples/powerstore_v2120.yaml new file mode 100644 index 000000000..28b698493 --- /dev/null +++ b/samples/minimal-samples/powerstore_v2120.yaml @@ -0,0 +1,18 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: powerstore + namespace: powerstore +spec: + driver: + csiDriverType: "powerstore" + configVersion: v2.12.0 + forceRemoveDriver: true + modules: + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false diff --git a/samples/minimal-samples/powerstore.yaml b/samples/minimal-samples/powerstore_v2130.yaml similarity index 100% rename from samples/minimal-samples/powerstore.yaml rename to samples/minimal-samples/powerstore_v2130.yaml diff --git a/samples/minimal-samples/unity_v2120.yaml b/samples/minimal-samples/unity_v2120.yaml new file mode 100644 index 000000000..a7fe55cc0 --- /dev/null +++ b/samples/minimal-samples/unity_v2120.yaml @@ -0,0 +1,10 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: unity + namespace: unity +spec: + driver: + csiDriverType: "unity" + configVersion: v2.12.0 + forceRemoveDriver: true diff --git a/samples/minimal-samples/unity.yaml b/samples/minimal-samples/unity_v2130.yaml similarity index 100% rename from samples/minimal-samples/unity.yaml rename to samples/minimal-samples/unity_v2130.yaml From 1fb492eaac54a5781db4547a878e671da2065f16 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 5 Dec 2024 10:09:28 -0500 Subject: [PATCH 20/31] fix: updated skips version --- .../bases/dell-csm-operator.clusterserviceversion.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index e2c0edb5c..d7ce47651 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1798,5 +1798,5 @@ spec: - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 name: metadataretriever skips: - - dell-csm-operator.v1.8.0 + - dell-csm-operator.v1.7.0 version: 1.8.0 From ac1b5d002e8826dac28ac27b545fdce03bc9918c Mon Sep 17 00:00:00 2001 From: mgandharva Date: Fri, 6 Dec 2024 02:41:12 -0500 Subject: [PATCH 21/31] update auth image to nightly --- tests/e2e/testfiles/storage_csm_powerflex.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_auth.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml | 2 +- .../e2e/testfiles/storage_csm_powerflex_observability_auth.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax_authorization.yaml | 2 +- .../storage_csm_powermax_observability_authorization.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_auth.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_observability.yaml | 2 +- .../testfiles/storage_csm_powerscale_observability_auth.yaml | 2 +- .../storage_csm_powerscale_observability_top_custom_cert.yaml | 2 +- .../testfiles/storage_csm_powerscale_observability_val1.yaml | 2 +- .../testfiles/storage_csm_powerscale_observability_val2.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerscale_replica.yaml | 2 +- 23 files changed, 23 insertions(+), 23 deletions(-) diff --git a/tests/e2e/testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/storage_csm_powerflex.yaml index c576cf956..f32fd3f65 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex.yaml @@ -170,7 +170,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml index 68aac7dc1..780fbd70a 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml @@ -159,7 +159,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml index 10a41a967..9099c7ac4 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml @@ -158,7 +158,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml index 28887baf4..0e0160148 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml @@ -158,7 +158,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml index b2f11d799..8537c00a3 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml @@ -159,7 +159,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml index 695782767..9db5a5a9b 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml @@ -132,7 +132,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml index bf912cf63..92fd0a507 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml @@ -159,7 +159,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml index bed349c17..9731335ed 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml @@ -161,7 +161,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml index 44d62d5af..f3acef7c3 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml @@ -132,7 +132,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml index 9fe88b3bb..5b1c7ec06 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml @@ -247,7 +247,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml index ca42f3825..280962a54 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml @@ -247,7 +247,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index f9cd060b3..4f1e3b772 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -232,7 +232,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml index 3dd7f3d4b..f9c1374b4 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml @@ -248,7 +248,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml index e7035709e..853cc85a5 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml @@ -232,7 +232,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml index 2b8f2608a..832ecc17b 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml @@ -232,7 +232,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml index 493b3d874..92c9d5d4a 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml @@ -224,7 +224,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml index 4553d0336..56bb2e996 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index c2db1a88b..16ac9f2dd 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml index caa9e9700..8bb8d4c07 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml @@ -220,7 +220,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 6fdeff344..003c40a87 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml index b6cf0c6e8..c973a988f 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml index 3e05001e8..7e82cf154 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml index 3e4494415..e461f03d8 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml @@ -225,7 +225,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" From 0f786f4a6a285ea3aa5bb2e130826ddddd915121 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Fri, 6 Dec 2024 02:46:59 -0500 Subject: [PATCH 22/31] updated tag to nightly --- tests/e2e/testfiles/storage_csm_powermax.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax_observability.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/e2e/testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/storage_csm_powermax.yaml index ac610eae7..593a518cd 100644 --- a/tests/e2e/testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax.yaml @@ -45,7 +45,7 @@ spec: forceRemoveDriver: true common: # Image for CSI PowerMax driver v2.12.0 - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-powermax:nightly # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index 340100524..2f03a1a6f 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -45,7 +45,7 @@ spec: forceRemoveDriver: true common: # Image for CSI PowerMax driver v2.12.0 - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-powermax:nightly # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. From 8124043543747b8ba6d791dd9362b0825b7920ff Mon Sep 17 00:00:00 2001 From: mgandharva Date: Fri, 6 Dec 2024 05:08:09 -0500 Subject: [PATCH 23/31] updated auth2.0 --- ...ll-csm-operator.clusterserviceversion.yaml | 42 +- config/manager/manager.yaml | 12 +- ...ll-csm-operator.clusterserviceversion.yaml | 12 +- .../storage_v1_csm_authorization_v2.yaml | 12 +- config/samples/storage_v1_csm_powerflex.yaml | 2 +- deploy/operator.yaml | 12 +- .../v2.1.0/authorization-crds.yaml | 445 +++++++ .../authorization/v2.1.0/cert-manager.yaml | 1100 +++++++++++++++++ .../authorization/v2.1.0/container.yaml | 27 + .../authorization/v2.1.0/custom-cert.yaml | 11 + .../authorization/v2.1.0/deployment.yaml | 884 +++++++++++++ .../v2.1.0/local-provisioner.yaml | 21 + .../v2.1.0/nginx-ingress-controller.yaml | 663 ++++++++++ .../authorization/v2.1.0/policies.yaml | 382 ++++++ .../authorization/v2.1.0/upgrade-path.yaml | 1 + .../authorization/v2.1.0/volumes.yaml | 6 + ...csm_authorization_proxy_server_v1130.yaml} | 14 +- .../csm_authorization_proxy_server_v210.yaml | 114 ++ samples/minimal-samples/powerflex_v2130.yaml | 2 +- samples/minimal-samples/powermax_v2130.yaml | 2 +- samples/minimal-samples/powerscale_v2130.yaml | 2 +- samples/storage_csm_powerflex_v2130.yaml | 2 +- samples/storage_csm_powermax_v2130.yaml | 2 +- ..._csm_authorization_v2_multiple_vaults.yaml | 12 +- ...age_csm_authorization_v2_proxy_server.yaml | 12 +- ...ization_v2_proxy_server_default_redis.yaml | 12 +- .../storage_csm_powerflex.yaml | 4 +- .../storage_csm_powerflex_auth.yaml | 2 +- ...owermax_reverseproxy_authorization_v2.yaml | 2 +- .../storage_csm_powerscale.yaml | 2 +- .../storage_csm_powerscale_auth.yaml | 2 +- .../storage_csm_powerscale_auth2.0.yaml | 4 +- .../storage_csm_powerscale_observability.yaml | 4 +- ...erscale_observability_top_custom_cert.yaml | 4 +- .../storage_csm_powerscale_replica.yaml | 4 +- .../storage_csm_powerscale_resiliency.yaml | 4 +- 36 files changed, 3746 insertions(+), 92 deletions(-) create mode 100644 operatorconfig/moduleconfig/authorization/v2.1.0/authorization-crds.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v2.1.0/cert-manager.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v2.1.0/container.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v2.1.0/custom-cert.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v2.1.0/deployment.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v2.1.0/local-provisioner.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v2.1.0/nginx-ingress-controller.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v2.1.0/policies.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v2.1.0/upgrade-path.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v2.1.0/volumes.yaml rename samples/authorization/{csm_authorization_proxy_server_v1101.yaml => csm_authorization_proxy_server_v1130.yaml} (85%) create mode 100644 samples/authorization/csm_authorization_proxy_server_v210.yaml diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 18ea0c816..4850d8c27 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -24,7 +24,7 @@ metadata: "name": "cert-manager" }, { - "authorizationController": "quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0", + "authorizationController": "quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0", "authorizationControllerReplicas": 1, "certificate": "", "controllerReconcileInterval": "5m", @@ -43,13 +43,13 @@ metadata: "ingressClassName": "nginx" } ], - "proxyService": "quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0", + "proxyService": "quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0", "proxyServiceReplicas": 1, - "roleService": "quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0", + "roleService": "quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0", "roleServiceReplicas": 1, - "storageService": "quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0", + "storageService": "quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0", "storageServiceReplicas": 1, - "tenantService": "quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0", + "tenantService": "quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0", "tenantServiceReplicas": 1 }, { @@ -76,7 +76,7 @@ metadata: ] } ], - "configVersion": "v2.0.0", + "configVersion": "v2.1.0", "enabled": true, "forceRemoveModule": true, "name": "authorization-proxy-server" @@ -257,7 +257,7 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0", + "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0", "name": "karavi-authorization-proxy" } ], @@ -657,7 +657,7 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0", + "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0", "name": "karavi-authorization-proxy" } ], @@ -1309,7 +1309,7 @@ metadata: "value": "true" } ], - "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0", + "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0", "name": "karavi-authorization-proxy" } ], @@ -4370,17 +4370,17 @@ spec: - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - name: RELATED_IMAGE_karavi-authorization-proxy - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 - name: RELATED_IMAGE_csm-authorization-proxy - value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 - name: RELATED_IMAGE_csm-authorization-tenant - value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 - name: RELATED_IMAGE_csm-authorization-role - value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 - name: RELATED_IMAGE_csm-authorization-storage - value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 - name: RELATED_IMAGE_csm-authorization-controller - value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 - name: RELATED_IMAGE_dell-csi-replicator value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 - name: RELATED_IMAGE_dell-replication-controller-manager @@ -4490,17 +4490,17 @@ spec: name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.2.1 name: sdc - - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 name: karavi-authorization-proxy - - image: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 name: csm-authorization-proxy - - image: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 name: csm-authorization-tenant - - image: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 name: csm-authorization-role - - image: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 name: csm-authorization-storage - - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 name: csm-authorization-controller - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 name: dell-csi-replicator diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index dc796bdf6..150f240a1 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -46,17 +46,17 @@ spec: - value: docker.io/dellemc/sdc:4.5.2.1 name: RELATED_IMAGE_sdc - name: RELATED_IMAGE_karavi-authorization-proxy - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 - name: RELATED_IMAGE_csm-authorization-proxy - value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 - name: RELATED_IMAGE_csm-authorization-tenant - value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 - name: RELATED_IMAGE_csm-authorization-role - value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 - name: RELATED_IMAGE_csm-authorization-storage - value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 - name: RELATED_IMAGE_csm-authorization-controller - value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 - value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 name: RELATED_IMAGE_dell-csi-replicator - value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index d7ce47651..f7f755f58 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1753,17 +1753,17 @@ spec: name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.2.1 name: sdc - - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 name: karavi-authorization-proxy - - image: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 name: csm-authorization-proxy - - image: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 name: csm-authorization-tenant - - image: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 name: csm-authorization-role - - image: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 name: csm-authorization-storage - - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 name: csm-authorization-controller - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 name: dell-csi-replicator diff --git a/config/samples/storage_v1_csm_authorization_v2.yaml b/config/samples/storage_v1_csm_authorization_v2.yaml index 95b141cf1..46b05fda5 100644 --- a/config/samples/storage_v1_csm_authorization_v2.yaml +++ b/config/samples/storage_v1_csm_authorization_v2.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v2.0.0 + configVersion: v2.1.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -30,17 +30,17 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 proxyServiceReplicas: 1 - tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 tenantServiceReplicas: 1 - roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 roleServiceReplicas: 1 - storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:latest opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.10 - authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 authorizationControllerReplicas: 1 leaderElection: true # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index fd403000a..fea296146 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -210,7 +210,7 @@ spec: configVersion: v1.12.0 components: - name: karavi-authorization-proxy - # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 for Authorization v2.0.0 + # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 for Authorization v2.1.0 image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 20996dff9..397c548d3 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1329,17 +1329,17 @@ spec: - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.2.1 - name: RELATED_IMAGE_karavi-authorization-proxy - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 - name: RELATED_IMAGE_csm-authorization-proxy - value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 - name: RELATED_IMAGE_csm-authorization-tenant - value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 - name: RELATED_IMAGE_csm-authorization-role - value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 - name: RELATED_IMAGE_csm-authorization-storage - value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 - name: RELATED_IMAGE_csm-authorization-controller - value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 - name: RELATED_IMAGE_dell-csi-replicator value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 - name: RELATED_IMAGE_dell-replication-controller-manager diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/authorization-crds.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/authorization-crds.yaml new file mode 100644 index 000000000..424b23d86 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/authorization-crds.yaml @@ -0,0 +1,445 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: csmroles.csm-authorization.storage.dell.com +spec: + group: csm-authorization.storage.dell.com + names: + kind: CSMRole + listKind: CSMRoleList + plural: csmroles + singular: csmrole + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: CSMRole is the Schema for the csmroles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CSMRoleSpec defines the desired state of CSMRole + properties: + pool: + description: Pool is the storage pool name + type: string + quota: + description: Quota is the total provision capacity for a given role + type: string + systemID: + description: SystemID is the system ID of the storage array + type: string + systemType: + description: |- + SystemType is the type of the storage array + Example powerflex, powermax, powerscale + type: string + type: object + status: + description: CSMRoleStatus defines the observed state of CSMRole + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + Role.status.conditions.type are: "Available", "NotAvailable", and "UnKnown" + items: + description: + "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: csmtenants.csm-authorization.storage.dell.com +spec: + group: csm-authorization.storage.dell.com + names: + kind: CSMTenant + listKind: CSMTenantList + plural: csmtenants + singular: csmtenant + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: CSMTenant is the Schema for the csmtenants API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CSMTenantSpec defines the desired state of CSMTenant + properties: + approveSdc: + description: |- + ApproveSdc is a boolean to indicate whether approveSDC is enabled + Default value is false + type: boolean + revoke: + description: Revoke is a boolean to indicate whether tenant is revoked + type: boolean + roles: + description: |- + Roles defines the roles for this tenant + Comma separated list + type: string + volumePrefix: + description: + VolumePrefix is the prefix added for each new volume + provisioned by the tenant + maxLength: 3 + minLength: 1 + type: string + required: + - approveSdc + - revoke + type: object + status: + description: CSMTenantStatus defines the observed state of CSMTenant + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + items: + description: + "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: storages.csm-authorization.storage.dell.com +spec: + group: csm-authorization.storage.dell.com + names: + kind: Storage + listKind: StorageList + plural: storages + singular: storage + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Storage is the Schema for the storages API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: StorageSpec defines the desired state of Storage + properties: + endpoint: + description: EndPoint is the storage array endpoint + type: string + isiPath: + description: |- + IsiPath the base path for the volumes to be created on PowerScale cluster + Needed only for PowerScale + type: string + pollInterval: + description: PollInterval is the interval to poll the storage array + type: string + skipCertificateValidation: + description: + SkipCertificateValidation is the flag to skip certificate + validation + type: boolean + systemID: + description: SystemID is the storage array system ID + type: string + type: + description: Type is the storage array type + type: string + vault: + description: |- + Vault is the credential manager for storage arrays + Currently support only Hashicorp Vault + properties: + identifier: + type: string + kvEngine: + type: string + path: + type: string + type: object + required: + - skipCertificateValidation + type: object + status: + description: StorageStatus defines the observed state of Storage + properties: + conditions: + description: + 'Storage.status.conditions.type are: "Available", "NotAvailable", + and "UnKnown"' + items: + description: + "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/cert-manager.yaml new file mode 100644 index 000000000..a1e2ed289 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/cert-manager.yaml @@ -0,0 +1,1100 @@ +# Copyright 2021 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Source: cert-manager/templates/cainjector-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager-cainjector + namespace: "" + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/webhook-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-cainjector + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "create", "update", "patch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiregistration.k8s.io"] + resources: ["apiservices"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["auditregistration.k8s.io"] + resources: ["auditsinks"] + verbs: ["get", "list", "watch", "update"] +--- +# Source: cert-manager/templates/rbac.yaml +# Issuer controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-issuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["issuers", "issuers/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# ClusterIssuer controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-clusterissuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers", "clusterissuers/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Certificates controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-certificates + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + verbs: ["get", "list", "watch"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["cert-manager.io"] + resources: ["certificates/finalizers", "certificaterequests/finalizers"] + verbs: ["update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders"] + verbs: ["create", "delete", "get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Orders controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-orders + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders", "orders/status"] + verbs: ["update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders", "challenges"] + verbs: ["get", "list", "watch"] + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers", "issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["create", "delete"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders/finalizers"] + verbs: ["update"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Challenges controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-challenges + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + # Use to update challenge resource status + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "challenges/status"] + verbs: ["update"] + # Used to watch challenge resources + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["get", "list", "watch"] + # Used to watch challenges, issuer and clusterissuer resources + - apiGroups: ["cert-manager.io"] + resources: ["issuers", "clusterissuers"] + verbs: ["get", "list", "watch"] + # Need to be able to retrieve ACME account private key to complete challenges + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + # Used to create events + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + # HTTP01 rules + - apiGroups: [""] + resources: ["pods", "services"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: ["networking.x-k8s.io"] + resources: ["httproutes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + # We require the ability to specify a custom hostname when we are creating + # new ingress resources. + # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148 + - apiGroups: ["route.openshift.io"] + resources: ["routes/custom-host"] + verbs: ["create"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges/finalizers"] + verbs: ["update"] + # DNS01 rules (duplicated above) + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] +--- +# Source: cert-manager/templates/rbac.yaml +# ingress-shim controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-ingress-shim + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests"] + verbs: ["create", "update", "delete"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses/finalizers"] + verbs: ["update"] + - apiGroups: ["networking.x-k8s.io"] + resources: ["gateways", "httproutes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.x-k8s.io"] + resources: ["gateways/finalizers", "httproutes/finalizers"] + verbs: ["update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-view + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "orders"] + verbs: ["get", "list", "watch"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-edit + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "orders"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +# Source: cert-manager/templates/rbac.yaml +# Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-approve:cert-manager-io + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["signers"] + verbs: ["approve"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] +--- +# Source: cert-manager/templates/rbac.yaml +# Permission to: +# - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers +# - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-certificatesigningrequests + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests/status"] + verbs: ["update"] + - apiGroups: ["certificates.k8s.io"] + resources: ["signers"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + verbs: ["sign"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-webhook:subjectaccessreviews + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-cainjector + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-cainjector +subjects: + - name: -cert-manager-cainjector + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-issuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-issuers +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-clusterissuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-clusterissuers +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: -cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-certificates + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-certificates +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-orders + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-orders +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-challenges + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-challenges +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-ingress-shim + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-ingress-shim +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-approve:cert-manager-io + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-approve:cert-manager-io +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-certificatesigningrequests + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-certificatesigningrequests +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-webhook:subjectaccessreviews + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-webhook:subjectaccessreviews +subjects: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +# leader election rules +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager-cainjector:leaderelection + namespace: kube-system + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +rules: + # Used for leader election by the controller + # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller + # see cmd/cainjector/start.go#L113 + # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller + # see cmd/cainjector/start.go#L137 + # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + verbs: ["get", "update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + verbs: ["get", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager:leaderelection + namespace: kube-system + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + # Used for leader election by the controller + # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["cert-manager-controller"] + verbs: ["get", "update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["cert-manager-controller"] + verbs: ["get", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create"] +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager-webhook:dynamic-serving + namespace: + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +# grant cert-manager permission to manage the leaderelection configmap in the +# leader election namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager-cainjector:leaderelection + namespace: kube-system + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager-cainjector:leaderelection +subjects: + - kind: ServiceAccount + name: -cert-manager-cainjector + namespace: +--- +# Source: cert-manager/templates/rbac.yaml +# grant cert-manager permission to manage the leaderelection configmap in the +# leader election namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager:leaderelection + namespace: kube-system + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager:leaderelection +subjects: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager + namespace: +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager-webhook:dynamic-serving + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager-webhook:dynamic-serving +subjects: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: +--- +# Source: cert-manager/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +spec: + type: ClusterIP + ports: + - protocol: TCP + port: 9402 + name: tcp-prometheus-servicemonitor + targetPort: 9402 + selector: + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" +--- +# Source: cert-manager/templates/webhook-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +spec: + type: ClusterIP + ports: + - name: https + port: 443 + protocol: TCP + targetPort: 10250 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" +--- +# Source: cert-manager/templates/cainjector-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager-cainjector + namespace: "" + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + template: + metadata: + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" + spec: + serviceAccountName: -cert-manager-cainjector + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --leader-election-namespace=kube-system + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} +--- +# Source: cert-manager/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + template: + metadata: + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + annotations: + prometheus.io/path: "/metrics" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' + spec: + serviceAccountName: -cert-manager + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-controller:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + ports: + - containerPort: 9402 + protocol: TCP + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} +--- +# Source: cert-manager/templates/webhook-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + template: + metadata: + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + spec: + serviceAccountName: -cert-manager-webhook + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + ports: + - name: https + protocol: TCP + containerPort: 10250 + livenessProbe: + httpGet: + path: /livez + port: 6080 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /healthz + port: 6080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} +--- +# Source: cert-manager/templates/webhook-mutating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: -cert-manager-webhook + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + annotations: + cert-manager.io/inject-ca-from-secret: "/cert-manager-webhook-ca" +webhooks: + - name: webhook.cert-manager.io + rules: + - apiGroups: + - "cert-manager.io" + - "acme.cert-manager.io" + apiVersions: + - "v1" + operations: + - CREATE + - UPDATE + resources: + - "*/*" + # We don't actually support `v1beta1` but is listed here as it is a + # required value for + # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025). + # The API server reads the supported versions in order, so _should always_ + # attempt a `v1` request which is understood by the cert-manager webhook. + # Any `v1beta1` request will return an error and fail closed for that + # resource (the whole object request is rejected). When we no longer + # support v1.16 we can remove `v1beta1` from this list. + admissionReviewVersions: ["v1", "v1beta1"] + # This webhook only accepts v1 cert-manager resources. + # Equivalent matchPolicy ensures that non-v1 resource requests are sent to + # this webhook (after the resources have been converted to v1). + matchPolicy: Equivalent + timeoutSeconds: 10 + failurePolicy: Fail + # Only include 'sideEffects' field in Kubernetes 1.12+ + sideEffects: None + clientConfig: + service: + name: -cert-manager-webhook + namespace: "" + path: /mutate +--- +# Source: cert-manager/templates/webhook-validating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: -cert-manager-webhook + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + annotations: + cert-manager.io/inject-ca-from-secret: "/cert-manager-webhook-ca" +webhooks: + - name: webhook.cert-manager.io + namespaceSelector: + matchExpressions: + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager + rules: + - apiGroups: + - "cert-manager.io" + - "acme.cert-manager.io" + apiVersions: + - "v1" + operations: + - CREATE + - UPDATE + resources: + - "*/*" + # We don't actually support `v1beta1` but is listed here as it is a + # required value for + # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025). + # The API server reads the supported versions in order, so _should always_ + # attempt a `v1` request which is understood by the cert-manager webhook. + # Any `v1beta1` request will return an error and fail closed for that + # resource (the whole object request is rejected). When we no longer + # support v1.16 we can remove `v1beta1` from this list. + admissionReviewVersions: ["v1", "v1beta1"] + # This webhook only accepts v1 cert-manager resources. + # Equivalent matchPolicy ensures that non-v1 resource requests are sent to + # this webhook (after the resources have been converted to v1). + matchPolicy: Equivalent + timeoutSeconds: 10 + failurePolicy: Fail + sideEffects: None + clientConfig: + service: + name: -cert-manager-webhook + namespace: "" + path: /validate diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/container.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/container.yaml new file mode 100644 index 000000000..5116885da --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/container.yaml @@ -0,0 +1,27 @@ +name: karavi-authorization-proxy +imagePullPolicy: Always +image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 +env: + - name: PROXY_HOST + value: "" + - name: INSECURE + value: "true" + - name: PLUGIN_IDENTIFIER + value: + - name: ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: proxy-authz-tokens + key: access + - name: REFRESH_TOKEN + valueFrom: + secretKeyRef: + name: proxy-authz-tokens + key: refresh +volumeMounts: + - name: karavi-authorization-config + mountPath: /etc/karavi-authorization/config + - name: proxy-server-root-certificate + mountPath: /etc/karavi-authorization/root-certificates + - name: + mountPath: /etc/karavi-authorization diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/custom-cert.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/custom-cert.yaml new file mode 100644 index 000000000..e3a89dd86 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/custom-cert.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + # replace with actual base64-encoded certificate + tls.crt: + # replace with actual base64-encoded private key + tls.key: +kind: Secret +type: kubernetes.io/tls +metadata: + name: user-provided-tls + namespace: diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/deployment.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/deployment.yaml new file mode 100644 index 000000000..cd1ed0beb --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/deployment.yaml @@ -0,0 +1,884 @@ +apiVersion: v1 +kind: Secret +metadata: + name: redis-csm-secret + namespace: +type: kubernetes.io/basic-auth +stringData: + password: K@ravi123! + commander_user: dev +--- +# Proxy service +apiVersion: v1 +kind: ServiceAccount +metadata: + name: proxy-server + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csm-auth-proxy-server +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["watch"] + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["storages", "csmtenants"] + verbs: ["get", "list"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: proxy-server +subjects: + - kind: ServiceAccount + name: proxy-server + namespace: +roleRef: + kind: ClusterRole + name: csm-auth-proxy-server + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: proxy-server + namespace: + labels: + app: proxy-server +spec: + replicas: + selector: + matchLabels: + app: proxy-server + template: + metadata: + labels: + csm: + app: proxy-server + spec: + serviceAccountName: proxy-server + containers: + - name: proxy-server + image: + imagePullPolicy: Always + env: + - name: SENTINELS + value: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + args: + - "--redis-sentinel=$(SENTINELS)" + - "--redis-password=$(REDIS_PASSWORD)" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--namespaces=" + - "--enable-data" + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: proxy-server + namespace: +spec: + selector: + app: proxy-server + ports: + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 +--- +# Tenant Service +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tenant-service + namespace: + labels: + app: tenant-service +spec: + replicas: + selector: + matchLabels: + app: tenant-service + template: + metadata: + labels: + csm: + app: tenant-service + spec: + containers: + - name: tenant-service + image: + imagePullPolicy: Always + env: + - name: SENTINELS + value: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + args: + - "--redis-sentinel=$(SENTINELS)" + - "--redis-password=$(REDIS_PASSWORD)" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: tenant-service + namespace: +spec: + selector: + app: tenant-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Role Service +apiVersion: v1 +kind: ServiceAccount +metadata: + name: role-service + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csm-auth-role-service +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: role-service +subjects: + - kind: ServiceAccount + name: role-service + namespace: +roleRef: + kind: ClusterRole + name: csm-auth-role-service + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: role-service + namespace: + labels: + app: role-service +spec: + replicas: + selector: + matchLabels: + app: role-service + template: + metadata: + labels: + csm: + app: role-service + spec: + serviceAccountName: role-service + containers: + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: role-service + namespace: +spec: + selector: + app: role-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Storage service +apiVersion: v1 +kind: ServiceAccount +metadata: + name: storage-service + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csm-auth-storage-service +rules: + - apiGroups: [""] + resources: ["secrets", "events"] + verbs: ["get", "patch", "post", create] + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["storages", "csmtenants", "csmroles"] + verbs: ["get", "list"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create", "update", "get", "list"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: storage-service +subjects: + - kind: ServiceAccount + name: storage-service + namespace: +roleRef: + kind: ClusterRole + name: csm-auth-storage-service + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: storage-service-tokenreview-binding + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: + - kind: ServiceAccount + name: storage-service + namespace: +--- +apiVersion: v1 +kind: Service +metadata: + name: storage-service + namespace: +spec: + selector: + app: storage-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc + - port: 2112 + targetPort: 2112 + name: promhttp +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: storage-service-selfsigned + namespace: +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: storage-service-selfsigned + namespace: +spec: + secretName: storage-service-selfsigned-tls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - dellemc + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - client auth + dnsNames: + - csm-authorization-storage-service + issuerRef: + name: storage-service-selfsigned + kind: Issuer + group: cert-manager.io +--- +# Controller +apiVersion: v1 +kind: ServiceAccount +metadata: + name: authorization-controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csm-auth-authorization-controller +rules: + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["csmroles"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["csmroles/status"] + verbs: ["get", "update", "patch"] + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["csmroles/finalizers"] + verbs: ["update"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["csmtenants"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["csmtenants/status"] + verbs: ["get", "update", "patch"] + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["csmtenants/finalizers"] + verbs: ["update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["storages"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["storages/status"] + verbs: ["get", "update", "patch"] + - apiGroups: ["csm-authorization.storage.dell.com"] + resources: ["storages/finalizers"] + verbs: ["update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create", "update", "get", "delete", "list"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: authorization-controller +subjects: + - kind: ServiceAccount + name: authorization-controller + namespace: +roleRef: + kind: ClusterRole + name: csm-auth-authorization-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: authorization-controller + namespace: + labels: + app: authorization-controller +spec: + replicas: + selector: + matchLabels: + app: authorization-controller + template: + metadata: + labels: + csm: + app: authorization-controller + spec: + serviceAccountName: authorization-controller + containers: + - name: authorization-controller + image: + imagePullPolicy: Always + args: + - "--authorization-namespace=" + - "--health-probe-bind-address=:8081" + - "--leader-elect=" + - "--tenant-service-address=tenant-service..svc.cluster.local:50051" + - "--storage-service-address=storage-service..svc.cluster.local:50051" + - "--role-service-address=role-service..svc.cluster.local:50051" + - "--controller-reconcile-interval=" + env: + - name: NAMESPACE + value: + ports: + - containerPort: 50052 + name: grpc +--- +apiVersion: v1 +kind: Service +metadata: + name: authorization-controller + namespace: +spec: + selector: + app: authorization-controller + ports: + - port: 50052 + targetPort: 50052 + name: grpc +--- +# Redis +apiVersion: v1 +kind: Service +metadata: + name: + namespace: +spec: + type: + clusterIP: None + selector: + app: + ports: + - protocol: TCP + port: 6379 + targetPort: 6379 + name: +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: + namespace: +spec: + serviceName: + replicas: + selector: + matchLabels: + app: + template: + metadata: + labels: + csm: + app: + spec: + initContainers: + - name: config + image: + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + command: ["sh", "-c"] + args: + - | + cp /csm-auth-redis-cm/redis.conf /etc/redis/redis.conf + + echo "masterauth $REDIS_PASSWORD" >> /etc/redis/redis.conf + echo "requirepass $REDIS_PASSWORD" >> /etc/redis/redis.conf + + echo "Finding master..." + MASTER_FDQN=`hostname -f | sed -e 's/redis-csm-[0-9]\./redis-csm-0./'` + echo "Master at " $MASTER_FQDN + if [ "$(redis-cli -h sentinel -p 5000 ping)" != "PONG" ]; then + echo "No sentinel found." + + if [ "$(hostname)" = "redis-csm-0" ]; then + echo "This is redis master, not updating config..." + else + echo "This is redis slave, updating redis.conf..." + echo "replicaof $MASTER_FDQN 6379" >> /etc/redis/redis.conf + fi + else + echo "Sentinel found, finding master" + MASTER="$(redis-cli -h sentinel -p 5000 sentinel get-master-addr-by-name mymaster | grep -E '(^redis-csm-\d{1,})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})')" + echo "replicaof $MASTER_FDQN 6379" >> /etc/redis/redis.conf + fi + volumeMounts: + - name: redis-primary-volume + mountPath: /data + - name: configmap + mountPath: /csm-auth-redis-cm/ + - name: config + mountPath: /etc/redis/ + containers: + - name: + image: + command: ["redis-server"] + args: ["/etc/redis/redis.conf"] + ports: + - containerPort: 6379 + name: + volumeMounts: + - name: redis-primary-volume + mountPath: /data + - name: configmap + mountPath: /csm-auth-redis-cm/ + - name: config + mountPath: /etc/redis/ + volumes: + - name: redis-primary-volume + emptyDir: {} + - name: config + emptyDir: {} + - name: configmap + configMap: + name: redis-csm-cm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: + namespace: +spec: + replicas: 1 + selector: + matchLabels: + app: + template: + metadata: + labels: + csm: + app: + tier: backend + spec: + containers: + - name: + image: + imagePullPolicy: IfNotPresent + env: + - name: SENTINELS + value: + - name: K8S_SIGTERM + value: "1" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + - name: SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + - name: HTTP_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + - name: HTTP_USER + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: commander_user + ports: + - name: + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +--- +apiVersion: v1 +kind: Service +metadata: + name: + namespace: +spec: + selector: + app: + ports: + - protocol: TCP + port: 8081 + targetPort: 8081 +--- +# Sentinel +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: + namespace: +spec: + serviceName: + replicas: + selector: + matchLabels: + app: + template: + metadata: + labels: + csm: + app: + spec: + initContainers: + - name: config + image: + command: ["sh", "-c"] + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + args: + - | + replicas=$( expr $(()) - 1) + for i in $(seq 0 $replicas) + do + node=$( echo "-$i." ) + nodes=$( echo "$nodes*$node" ) + done + loop=$(echo $nodes | sed -e "s/"*"/\n/g") + + foundMaster=false + + while [ "$foundMaster" = "false" ] + do + for i in $loop + do + echo "Finding master at $i" + ROLE=$(redis-cli --no-auth-warning --raw -h $i -a $REDIS_PASSWORD info replication | awk '{print $1}' | grep role | cut -d ":" -f2) + if [ "$ROLE" = "master" ]; then + MASTER=$i.authorization.svc.cluster.local + echo "Master found at $MASTER..." + foundMaster=true + break + else + MASTER=$(redis-cli --no-auth-warning --raw -h $i -a $REDIS_PASSWORD info replication | awk '{print $1}' | grep master_host: | cut -d ":" -f2) + if [ "$MASTER" = "" ]; then + echo "Master not found..." + echo "Waiting 5 seconds for redis pods to come up..." + sleep 5 + MASTER= + else + echo "Master found at $MASTER..." + foundMaster=true + break + fi + fi + done + + if [ "$foundMaster" = "true" ]; then + break + else + echo "Master not found, wait for 30s before attempting again" + sleep 30 + fi + done + + echo "sentinel monitor mymaster $MASTER 6379 2" >> /tmp/master + echo "port 5000 + sentinel resolve-hostnames yes + sentinel announce-hostnames yes + $(cat /tmp/master) + sentinel down-after-milliseconds mymaster 5000 + sentinel failover-timeout mymaster 60000 + sentinel parallel-syncs mymaster 2 + sentinel auth-pass mymaster $REDIS_PASSWORD + " > /etc/redis/sentinel.conf + cat /etc/redis/sentinel.conf + volumeMounts: + - name: redis-config + mountPath: /etc/redis/ + containers: + - name: + image: + command: ["redis-sentinel"] + args: ["/etc/redis/sentinel.conf"] + ports: + - containerPort: 5000 + name: + volumeMounts: + - name: redis-config + mountPath: /etc/redis/ + - name: data + mountPath: /data + volumes: + - name: redis-config + emptyDir: {} + - name: data + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: + namespace: +spec: + clusterIP: None + ports: + - port: 5000 + targetPort: 5000 + name: + selector: + app: +--- +apiVersion: v1 +kind: Service +metadata: + name: -svc + namespace: +spec: + type: NodePort + ports: + - port: 5000 + targetPort: 5000 + name: -svc + selector: + app: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csm-auth-resource-reader +rules: + - apiGroups: [""] + resources: ["secrets", "configmaps", "pods"] + verbs: ["get", "watch", "list", "patch", "create", "update", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["ingress-controller-leader"] + verbs: ["get", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:serviceaccounts: +subjects: + - kind: Group + name: system:serviceaccounts: + namespace: +roleRef: + kind: ClusterRole + name: csm-auth-resource-reader + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: csm-auth-view +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +# Grant OPA/kube-mgmt read-only access to resources. This lets kube-mgmt +# list configmaps to be loaded into OPA as policies. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: opa-viewer +roleRef: + kind: ClusterRole + name: csm-auth-view + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io +--- +# Define role for OPA/kube-mgmt to update configmaps with policy status. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: + name: configmap-modifier +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] +--- +# Grant OPA/kube-mgmt role defined above. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: + name: opa-configmap-modifier +roleRef: + kind: Role + name: configmap-modifier + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: proxy-server +subjects: + - kind: ServiceAccount + name: proxy-server + namespace: +roleRef: + kind: ClusterRole + name: csm-auth-proxy-server + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/local-provisioner.yaml new file mode 100644 index 000000000..507372537 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/local-provisioner.yaml @@ -0,0 +1,21 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: csm-authorization-local-storage +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: WaitForFirstConsumer +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: csm-authorization-redis +spec: + capacity: + storage: 8Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Recycle + storageClassName: csm-authorization-local-storage + hostPath: + path: /csm-authorization/redis diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/nginx-ingress-controller.yaml new file mode 100644 index 000000000..e26676c99 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/nginx-ingress-controller.yaml @@ -0,0 +1,663 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -ingress-nginx +subjects: + - kind: ServiceAccount + name: -ingress-nginx + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -ingress-nginx +subjects: + - kind: ServiceAccount + name: -ingress-nginx + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: +--- +apiVersion: v1 +data: + allow-snippet-annotations: "true" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +spec: + externalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller-admission + namespace: +spec: + ports: + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +spec: + minReadySeconds: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + template: + metadata: + labels: + csm: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + spec: + containers: + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true + dnsPolicy: ClusterFirst + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: -ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-create + namespace: +spec: + ttlSecondsAfterFinished: 10 + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-create + spec: + containers: + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: -ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-patch + namespace: +spec: + ttlSecondsAfterFinished: 10 + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-patch + spec: + containers: + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: -ingress-nginx-admission +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/policies.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/policies.yaml new file mode 100644 index 000000000..7d8aac562 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/policies.yaml @@ -0,0 +1,382 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: common + namespace: + labels: + openpolicyagent.org/policy: rego +data: + common.rego: | + package karavi.common + default roles = {} + roles = {} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-create + namespace: + labels: + openpolicyagent.org/policy: rego +data: + volumes-create.rego: | + package karavi.volumes.create + + import data.karavi.common + default allow = false + + allow { + count(permitted_roles) != 0 + count(deny) == 0 + } + + deny[msg] { + common.roles == {} + msg := sprintf("no configured roles", []) + } + + deny[msg] { + count(permitted_roles) == 0 + msg := sprintf("no roles in [%s] allow the %s Kb request on %s/%s/%s", + [input.claims.roles, + input.request.volumeSizeInKb, + input.systemtype, + input.storagesystemid, + input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] >= to_number(input.request.volumeSizeInKb) + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] == 0 + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-delete + namespace: + labels: + openpolicyagent.org/policy: rego +data: + volumes-delete.rego: | + package karavi.volumes.delete + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-map + namespace: + labels: + openpolicyagent.org/policy: rego +data: + volumes-map.rego: | + package karavi.volumes.map + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: powermax-volumes-create + namespace: + labels: + openpolicyagent.org/policy: rego +data: + volumes-powermax-create.rego: | + package karavi.volumes.powermax.create + + import data.karavi.common + + default allow = false + + allow { + count(permitted_roles) != 0 + count(deny) == 0 + } + + deny[msg] { + common.roles == {} + msg := sprintf("no configured roles", []) + } + + deny[msg] { + count(permitted_roles) == 0 + msg := sprintf("no roles in [%s] allow the %v Kb request on %s/%s/%s", + [input.claims.roles, + input.request.volumeSizeInKb, + input.systemtype, + input.storagesystemid, + input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] >= to_number(input.request.volumeSizeInKb) + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] == 0 + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-unmap + namespace: + labels: + openpolicyagent.org/policy: rego +data: + volumes-unmap.rego: | + package karavi.volumes.unmap + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sdc-approve + namespace: + labels: + openpolicyagent.org/policy: rego +data: + sdc-approve.rego: | + package karavi.sdc.approve + + import data.karavi.common + + # Allow requests by default. + default allow = true + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: redis-csm-cm + namespace: + labels: + openpolicyagent.org/policy: rego +data: + redis.conf: "" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: snapshot-create + namespace: + labels: + openpolicyagent.org/policy: rego +data: + snapshot-create.rego: |- + package karavi.snapshot.create + + import data.karavi.common + + default allow := false + + allow { + count(permitted_roles) == count(input.request) + count(deny) == 0 + } + + # Deny if there are no roles found. + deny[msg] { + common.roles == {} + msg := sprintf("no configured roles", []) + } + + # Deny if claimed roles has no match for the request. + deny[msg] { + count(permitted_roles) != count(input.request) + + unpermitted_requests := [req | + element := input.request[_] + + not permitted_roles[element.name] + + req := element + ] + + msg := sprintf( + "no roles in [%s] allow the %s Kb request on %s/%s/%s for %s", + [ + input.claims.roles, + unpermitted_requests[_].volumeSizeInKb, + input.systemtype, + input.storagesystemid, + unpermitted_requests[_].storagepool, + unpermitted_requests[_].name, + ], + ) + } + + # No OR in OPA, multiple rules are needed. + size_is_valid(a, b) { + to_number(a) >= to_number(b) + } + + # No OR in OPA, multiple rules are needed. + size_is_valid(a, _) { + to_number(a) == 0 + } + + # Create a list of permitted roles. + permitted_roles[snapshot] := roles { + # Split the claimed roles by comma into an array. + claimed_roles := split(input.claims.roles, ",") + + # Iterate through the requests. + req := input.request[_] + + roles := [role | + sp := req.storagepool + size := req.volumeSizeInKb + + # Iterate through the roles in the request. + c_role := claimed_roles[_] + common.roles[c_role] + + system_ids := common.roles[c_role].system_types[input.systemtype].system_ids[input.storagesystemid] + pool_quota := system_ids.pool_quotas[sp] + + # Validate that the pool quota is valid. + size_is_valid(pool_quota, size) + + role := {"size": to_number(pool_quota), "storagepool": sp, "role": c_role} + ] + + # Ensure that the role list is not empty. + count(roles) != 0 + + # Set the snapshot name which creates an entry in the list. + snapshot := req.name + } diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/upgrade-path.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/upgrade-path.yaml new file mode 100644 index 000000000..b09a08f7d --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.0.0-alpha diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/volumes.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/volumes.yaml new file mode 100644 index 000000000..ec4a5b445 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/volumes.yaml @@ -0,0 +1,6 @@ +- name: karavi-authorization-config + secret: + secretName: karavi-authorization-config +- name: proxy-server-root-certificate + secret: + secretName: proxy-server-root-certificate diff --git a/samples/authorization/csm_authorization_proxy_server_v1101.yaml b/samples/authorization/csm_authorization_proxy_server_v1130.yaml similarity index 85% rename from samples/authorization/csm_authorization_proxy_server_v1101.yaml rename to samples/authorization/csm_authorization_proxy_server_v1130.yaml index bb7289df3..c36338bcc 100644 --- a/samples/authorization/csm_authorization_proxy_server_v1101.yaml +++ b/samples/authorization/csm_authorization_proxy_server_v1130.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.1 + configVersion: v1.13.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -30,12 +30,12 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: docker.io/dellemc/csm-authorization-proxy:v1.10.1 - tenantService: docker.io/dellemc/csm-authorization-tenant:v1.10.1 - roleService: docker.io/dellemc/csm-authorization-role:v1.10.1 - storageService: docker.io/dellemc/csm-authorization-storage:v1.10.1 + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v1.13.0 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v1.13.0 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v1.13.0 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v1.13.0 opa: docker.io/openpolicyagent/opa:latest - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:0.11 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.7 # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -58,7 +58,7 @@ spec: # additional annotations for the proxy-server ingress annotations: {} - name: redis - redis: docker.io/redis:6.0.8-alpine + redis: docker.io/redis:7.4.0-alpine commander: docker.io/rediscommander/redis-commander:latest # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis # to use a different storage class for redis, specify the name of the storage class diff --git a/samples/authorization/csm_authorization_proxy_server_v210.yaml b/samples/authorization/csm_authorization_proxy_server_v210.yaml new file mode 100644 index 000000000..5f2aec279 --- /dev/null +++ b/samples/authorization/csm_authorization_proxy_server_v210.yaml @@ -0,0 +1,114 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: authorization + namespace: authorization +spec: + modules: + # Authorization: enable csm-authorization proxy server for RBAC + - name: authorization-proxy-server + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v2.1.0 + forceRemoveModule: true + components: + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 + proxyServiceReplicas: 1 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 + tenantServiceReplicas: 1 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 + roleServiceReplicas: 1 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 + storageServiceReplicas: 1 + opa: docker.io/openpolicyagent/opa:latest + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.7 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 + authorizationControllerReplicas: 1 + leaderElection: true + # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. + controllerReconcileInterval: 5m + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + # proxy-server ingress will use this hostname + # NOTE: an additional hostname can be configured in proxyServerIngress.hosts + # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required + hostname: "csm-authorization.com" + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx + # additional host rules for the proxy-server ingress + hosts: [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local + + # additional annotations for the proxy-server ingress + annotations: {} + # openTelemetryCollectorAddress: the OTLP receiving endpoint using gRPC + openTelemetryCollectorAddress: "" + - name: redis + redis: docker.io/redis:7.4.0-alpine + commander: docker.io/rediscommander/redis-commander:latest + redisName: redis-csm + redisCommander: rediscommander + sentinel: sentinel + redisReplicas: 5 + - name: vault + vaultConfigurations: + - identifier: vault0 + address: https://10.0.0.1:8400 + role: csm-authorization + skipCertificateValidation: true + # clientCertificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientCertificate: "" + # clientKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientKey: "" + # certificateAuthority: base64-encoded certificate authority for validating vault server certificate -- add certificate authority here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificateAuthority: "" +# - identifier: vault0 +# address: https://10.0.0.1:8400 +# role: csm-authorization +# skipCertificateValidation: true +# clientCertificate: +# clientKey: +# certificateAuthority: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: csm-config-params + namespace: authorization +data: + csm-config-params.yaml: |- + CONCURRENT_POWERFLEX_REQUESTS: 10 + CONCURRENT_POWERSCALE_REQUESTS: 10 + LOG_LEVEL: debug + STORAGE_CAPACITY_POLL_INTERVAL: 5m diff --git a/samples/minimal-samples/powerflex_v2130.yaml b/samples/minimal-samples/powerflex_v2130.yaml index 9267823bd..509ca7ecb 100644 --- a/samples/minimal-samples/powerflex_v2130.yaml +++ b/samples/minimal-samples/powerflex_v2130.yaml @@ -13,7 +13,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - # For Auth 2.0, use v2.0.0 as configVersion + # For Auth 2.0, use v2.1.0 as configVersion configVersion: v1.13.0 components: - name: karavi-authorization-proxy diff --git a/samples/minimal-samples/powermax_v2130.yaml b/samples/minimal-samples/powermax_v2130.yaml index d7e65beeb..240955adc 100644 --- a/samples/minimal-samples/powermax_v2130.yaml +++ b/samples/minimal-samples/powermax_v2130.yaml @@ -13,7 +13,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - # For Auth 2.0, use v2.0.0 as configVersion + # For Auth 2.0, use v2.1.0 as configVersion configVersion: v1.13.0 components: - name: karavi-authorization-proxy diff --git a/samples/minimal-samples/powerscale_v2130.yaml b/samples/minimal-samples/powerscale_v2130.yaml index dfb062ebd..a867be0e9 100644 --- a/samples/minimal-samples/powerscale_v2130.yaml +++ b/samples/minimal-samples/powerscale_v2130.yaml @@ -13,7 +13,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - # For Auth 2.0, use v2.0.0 as configVersion + # For Auth 2.0, use v2.1.0 as configVersion configVersion: v1.13.0 components: - name: karavi-authorization-proxy diff --git a/samples/storage_csm_powerflex_v2130.yaml b/samples/storage_csm_powerflex_v2130.yaml index 3fa5a579d..59f316c5f 100644 --- a/samples/storage_csm_powerflex_v2130.yaml +++ b/samples/storage_csm_powerflex_v2130.yaml @@ -210,7 +210,7 @@ spec: configVersion: v1.13.0 components: - name: karavi-authorization-proxy - # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 for Authorization v2.0.0 + # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 for Authorization v2.1.0 image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 envs: # proxyHost: hostname of the csm-authorization server diff --git a/samples/storage_csm_powermax_v2130.yaml b/samples/storage_csm_powermax_v2130.yaml index 1c84cd252..65c7693a4 100644 --- a/samples/storage_csm_powermax_v2130.yaml +++ b/samples/storage_csm_powermax_v2130.yaml @@ -226,7 +226,7 @@ spec: modules: # CSI Powermax Reverseproxy is a mandatory module for Powermax - name: csireverseproxy - configVersion: v2.11.0 + configVersion: v2.12.0 components: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_multiple_vaults.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_multiple_vaults.yaml index 2b54d15d5..d5676a942 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_multiple_vaults.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_multiple_vaults.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v2.0.0 + configVersion: v2.1.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -30,17 +30,17 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 proxyServiceReplicas: 1 - tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 tenantServiceReplicas: 1 - roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 roleServiceReplicas: 1 - storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 storageServiceReplicas: 1 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:8.5.7 - authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 authorizationControllerReplicas: 1 leaderElection: true # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml index eb3439520..debabe7d6 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v2.0.0 + configVersion: v2.1.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -30,17 +30,17 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 proxyServiceReplicas: 1 - tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 tenantServiceReplicas: 1 - roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 roleServiceReplicas: 1 - storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 storageServiceReplicas: 1 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:8.5.7 - authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 authorizationControllerReplicas: 1 leaderElection: true # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml index bd66b3d37..f3c7ecf21 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v2.0.0 + configVersion: v2.1.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -30,17 +30,17 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 proxyServiceReplicas: 1 - tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 tenantServiceReplicas: 1 - roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 roleServiceReplicas: 1 - storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 storageServiceReplicas: 1 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:8.5.7 - authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 authorizationControllerReplicas: 1 leaderElection: true # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex.yaml index 2af76112a..6e277ef9e 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex.yaml @@ -13,8 +13,8 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - # For Auth 2.0, use v2.0.0 as configVersion - configVersion: v1.11.0 + # For Auth 2.0, use v2.1.0 as configVersion + configVersion: v1.13.0 - name: resiliency # enabled: Enable/Disable Resiliency feature # Allowed values: diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth.yaml index d5d8b041a..3cd971f90 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerflex_auth.yaml @@ -13,7 +13,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v2.0.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy envs: diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization_v2.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization_v2.yaml index 6ccfc70ae..1f7eca2ed 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization_v2.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powermax_reverseproxy_authorization_v2.yaml @@ -14,7 +14,7 @@ spec: modules: - name: authorization enabled: true - configVersion: v2.0.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml index b48a6c212..d8ab8793b 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml @@ -13,7 +13,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - # For Auth 2.0, use v2.0.0 as configVersion + # For Auth 2.0, use v2.1.0 as configVersion configVersion: v1.13.0 - name: resiliency enabled: false diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml index 7a9e86a8a..5d7e6c231 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth.yaml @@ -13,7 +13,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - # For Auth 2.0, use v2.0.0 as configVersion + # For Auth 2.0, use v2.1.0 as configVersion configVersion: v1.13.0 components: - name: karavi-authorization-proxy diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth2.0.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth2.0.yaml index a2fb98fe8..b22f0d402 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth2.0.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_auth2.0.yaml @@ -16,8 +16,8 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - # For Auth 2.0, use v2.0.0 as configVersion - configVersion: v2.0.0 + # For Auth 2.0, use v2.1.0 as configVersion + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml index d1eeb693e..1d30ef23b 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml @@ -12,8 +12,8 @@ spec: # Authorization: enable csm-authorization for RBAC - name: authorization enabled: false - # For Auth 2.0, use v2.0.0 as configVersion - configVersion: v1.11.0 + # For Auth 2.0, use v2.1.0 as configVersion + configVersion: v1.13.0 - name: resiliency enabled: false - name: replication diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 65dd91779..641b431db 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -12,8 +12,8 @@ spec: # Authorization: enable csm-authorization for RBAC - name: authorization enabled: false - # For Auth 2.0, use v2.0.0 as configVersion - configVersion: v1.11.0 + # For Auth 2.0, use v2.1.0 as configVersion + configVersion: v1.13.0 - name: resiliency enabled: false - name: replication diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml index d3926efd6..6a8ed9b14 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml @@ -11,8 +11,8 @@ spec: modules: - name: authorization enabled: false - # For Auth 2.0, use v2.0.0 as configVersion - configVersion: v1.11.0 + # For Auth 2.0, use v2.1.0 as configVersion + configVersion: v1.13.0 - name: resiliency enabled: false - name: replication diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml index dd29465fb..7af9679a3 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml @@ -13,7 +13,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - # For Auth 2.0, use v2.0.0 as configVersion - configVersion: v1.11.0 + # For Auth 2.0, use v2.1.0 as configVersion + configVersion: v1.13.0 - name: resiliency enabled: true From 6f7895e8fb8c406f5ee15db8320b816d4fe7436a Mon Sep 17 00:00:00 2001 From: mgandharva Date: Fri, 6 Dec 2024 05:15:47 -0500 Subject: [PATCH 24/31] updated skips version --- bundle/manifests/dell-csm-operator.clusterserviceversion.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 4850d8c27..c6f1a4484 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -4535,5 +4535,5 @@ spec: - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 name: metadataretriever skips: - - dell-csm-operator.v1.8.0 + - dell-csm-operator.v1.7.0 version: 1.8.0 From e4bf68c0f20af87f42c4ded9ec0e79472282445e Mon Sep 17 00:00:00 2001 From: mgandharva Date: Mon, 9 Dec 2024 03:34:15 -0500 Subject: [PATCH 25/31] image tag changed to nightly --- operatorconfig/driverconfig/common/k8s-1.32-values.yaml | 2 +- operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml | 2 +- operatorconfig/driverconfig/powerflex/v2.13.0/node.yaml | 2 +- operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml | 2 +- operatorconfig/driverconfig/powermax/v2.13.0/node.yaml | 2 +- operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml | 2 +- operatorconfig/driverconfig/powerscale/v2.13.0/node.yaml | 2 +- operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml | 2 +- operatorconfig/driverconfig/powerstore/v2.13.0/node.yaml | 2 +- operatorconfig/driverconfig/unity/v2.13.0/controller.yaml | 2 +- operatorconfig/driverconfig/unity/v2.13.0/node.yaml | 2 +- .../moduleconfig/authorization/v1.13.0/container.yaml | 2 +- operatorconfig/moduleconfig/replication/v1.11.0/container.yaml | 2 +- operatorconfig/moduleconfig/replication/v1.11.0/controller.yaml | 2 +- .../resiliency/v1.12.0/container-powerflex-controller.yaml | 2 +- .../resiliency/v1.12.0/container-powerflex-node.yaml | 2 +- .../resiliency/v1.12.0/container-powermax-controller.yaml | 2 +- .../resiliency/v1.12.0/container-powermax-node.yaml | 2 +- .../resiliency/v1.12.0/container-powerscale-controller.yaml | 2 +- .../resiliency/v1.12.0/container-powerscale-node.yaml | 2 +- .../resiliency/v1.12.0/container-powerstore-controller.yaml | 2 +- .../resiliency/v1.12.0/container-powerstore-node.yaml | 2 +- 22 files changed, 22 insertions(+), 22 deletions(-) diff --git a/operatorconfig/driverconfig/common/k8s-1.32-values.yaml b/operatorconfig/driverconfig/common/k8s-1.32-values.yaml index f91dea24d..58639caba 100644 --- a/operatorconfig/driverconfig/common/k8s-1.32-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.32-values.yaml @@ -20,4 +20,4 @@ images: # "images.sdcmonitor" defines the container images used to monitor sdc container sdcmonitor: dellemc/sdc:4.5.2.1 # "images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 + metadataretriever: quay.io/dell/container-storage-modules/csi-metadata-retriever:nightly diff --git a/operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml index 9aad92428..6f1f2635d 100644 --- a/operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml @@ -216,7 +216,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-vxflexos:nightly imagePullPolicy: Always command: ["/csi-vxflexos.sh"] args: diff --git a/operatorconfig/driverconfig/powerflex/v2.13.0/node.yaml b/operatorconfig/driverconfig/powerflex/v2.13.0/node.yaml index 224fed8b0..b6e6f937f 100644 --- a/operatorconfig/driverconfig/powerflex/v2.13.0/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.13.0/node.yaml @@ -87,7 +87,7 @@ spec: allowPrivilegeEscalation: true capabilities: add: ["SYS_ADMIN"] - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-vxflexos:nightly imagePullPolicy: Always command: ["/csi-vxflexos.sh"] args: diff --git a/operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml b/operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml index f5d9c57de..133cb63d5 100644 --- a/operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml @@ -235,7 +235,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-powermax:nightly imagePullPolicy: Always command: ["/csi-powermax.sh"] env: diff --git a/operatorconfig/driverconfig/powermax/v2.13.0/node.yaml b/operatorconfig/driverconfig/powermax/v2.13.0/node.yaml index e55e93c46..def19a08a 100644 --- a/operatorconfig/driverconfig/powermax/v2.13.0/node.yaml +++ b/operatorconfig/driverconfig/powermax/v2.13.0/node.yaml @@ -89,7 +89,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-powermax:nightly imagePullPolicy: Always env: - name: X_CSI_POWERMAX_DRIVER_NAME diff --git a/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml index 1f674abbe..524846af8 100644 --- a/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml @@ -258,7 +258,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-isilon:nightly imagePullPolicy: Always command: ["/csi-isilon"] args: diff --git a/operatorconfig/driverconfig/powerscale/v2.13.0/node.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/node.yaml index a11856e90..b6ad0bd12 100644 --- a/operatorconfig/driverconfig/powerscale/v2.13.0/node.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/node.yaml @@ -79,7 +79,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/dell/container-storage-modules/csi-isilon:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-isilon:nightly imagePullPolicy: Always env: - name: CSI_ENDPOINT diff --git a/operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml index c4f803a95..bd18f5393 100644 --- a/operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml @@ -225,7 +225,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-powerstore:nightly imagePullPolicy: Always command: ["/csi-powerstore"] args: diff --git a/operatorconfig/driverconfig/powerstore/v2.13.0/node.yaml b/operatorconfig/driverconfig/powerstore/v2.13.0/node.yaml index fbf7600ed..373efcdda 100644 --- a/operatorconfig/driverconfig/powerstore/v2.13.0/node.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.13.0/node.yaml @@ -93,7 +93,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/dell/container-storage-modules/csi-powerstore:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-powerstore:nightly imagePullPolicy: Always command: ["/csi-powerstore"] args: diff --git a/operatorconfig/driverconfig/unity/v2.13.0/controller.yaml b/operatorconfig/driverconfig/unity/v2.13.0/controller.yaml index 34d3826d8..406e8d53a 100644 --- a/operatorconfig/driverconfig/unity/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.13.0/controller.yaml @@ -213,7 +213,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-unity:nightly args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/unity/v2.13.0/node.yaml b/operatorconfig/driverconfig/unity/v2.13.0/node.yaml index 864cda39a..bbad13c71 100644 --- a/operatorconfig/driverconfig/unity/v2.13.0/node.yaml +++ b/operatorconfig/driverconfig/unity/v2.13.0/node.yaml @@ -77,7 +77,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/dell/container-storage-modules/csi-unity:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-unity:nightly imagePullPolicy: Always args: - "--driver-name=csi-unity.dellemc.com" diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/container.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/container.yaml index afcc8be59..78aa55182 100644 --- a/operatorconfig/moduleconfig/authorization/v1.13.0/container.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/container.yaml @@ -1,6 +1,6 @@ name: karavi-authorization-proxy imagePullPolicy: Always -image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 +image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly env: - name: PROXY_HOST value: "" diff --git a/operatorconfig/moduleconfig/replication/v1.11.0/container.yaml b/operatorconfig/moduleconfig/replication/v1.11.0/container.yaml index b92188d63..17b3a58a6 100644 --- a/operatorconfig/moduleconfig/replication/v1.11.0/container.yaml +++ b/operatorconfig/moduleconfig/replication/v1.11.0/container.yaml @@ -1,5 +1,5 @@ name: dell-csi-replicator -image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.11.0 +image: quay.io/dell/container-storage-modules/dell-csi-replicator:nightly imagePullPolicy: Always args: - "--csi-address=$(ADDRESS)" diff --git a/operatorconfig/moduleconfig/replication/v1.11.0/controller.yaml b/operatorconfig/moduleconfig/replication/v1.11.0/controller.yaml index 343953bd2..0a19fb594 100644 --- a/operatorconfig/moduleconfig/replication/v1.11.0/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.11.0/controller.yaml @@ -271,7 +271,7 @@ spec: value: /app/certs - name: X_CSI_REPLICATION_CONFIG_FILE_NAME value: config - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.11.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:nightly imagePullPolicy: Always name: manager resources: diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml index 828d9e474..af21ec57b 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-controller.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.12.0 +image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: Always args: - "--labelvalue=csi-vxflexos" diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml index 99c42f85c..aea864ac2 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerflex-node.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.12.0 +image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: Always securityContext: privileged: true diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml index 4c95197b7..3bd0a22fb 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-controller.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.12.0 +image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: Always args: - "--labelvalue=csi-powermax" diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml index f7f9e25be..886dbcceb 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powermax-node.yaml @@ -19,7 +19,7 @@ securityContext: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true -image: quay.io/dell/container-storage-modules/podmon:v1.12.0 +image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: Always args: - "--labelvalue=csi-powermax" diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml index 83b59bf39..cbeb0133f 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-controller.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.12.0 +image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: Always args: - "--labelvalue=csi-isilon" diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml index a64ab7545..49ef5649e 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerscale-node.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.12.0 +image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: Always securityContext: privileged: true diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml index d44913469..0175605a1 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-controller.yaml @@ -14,7 +14,7 @@ # # name: podmon -image: quay.io/dell/container-storage-modules/podmon:v1.12.0 +image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: Always args: - "--labelvalue=csi-powerstore" diff --git a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml index 62c36d35e..d0d5dc4a6 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.12.0/container-powerstore-node.yaml @@ -19,7 +19,7 @@ securityContext: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true -image: quay.io/dell/container-storage-modules/podmon:v1.12.0 +image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: Always args: - "--labelvalue=csi-powerstore" From d3c21f0e08e3365d04560c0ce75cfab9cdd1f9df Mon Sep 17 00:00:00 2001 From: mgandharva Date: Tue, 10 Dec 2024 02:54:53 -0500 Subject: [PATCH 26/31] tag updated to nightly --- operatorconfig/driverconfig/common/default.yaml | 2 +- operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/operatorconfig/driverconfig/common/default.yaml b/operatorconfig/driverconfig/common/default.yaml index 0587bf710..cdcd78ec3 100644 --- a/operatorconfig/driverconfig/common/default.yaml +++ b/operatorconfig/driverconfig/common/default.yaml @@ -20,4 +20,4 @@ images: # "images.sdcmonitor" defines the container images used to monitor sdc container sdcmonitor: docker.io/dellemc/sdc:4.5.2.1 # "images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 + metadataretriever: quay.io/dell/container-storage-modules/csi-metadata-retriever:nightly diff --git a/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml index 524846af8..0bcb7fff2 100644 --- a/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml @@ -238,7 +238,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:nightly imagePullPolicy: Always args: - "--csi-address=$(ADDRESS)" From 6da15e4b4b7d5970a383e8d80b21887907a310be Mon Sep 17 00:00:00 2001 From: mgandharva Date: Tue, 10 Dec 2024 04:36:42 -0500 Subject: [PATCH 27/31] auth tag updated to nightly --- .../moduleconfig/authorization/v2.1.0/container.yaml | 2 +- .../storage_csm_authorization_v2_multiple_vaults.yaml | 10 +++++----- .../storage_csm_authorization_v2_proxy_server.yaml | 10 +++++----- ...sm_authorization_v2_proxy_server_default_redis.yaml | 10 +++++----- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/operatorconfig/moduleconfig/authorization/v2.1.0/container.yaml b/operatorconfig/moduleconfig/authorization/v2.1.0/container.yaml index 5116885da..78aa55182 100644 --- a/operatorconfig/moduleconfig/authorization/v2.1.0/container.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.1.0/container.yaml @@ -1,6 +1,6 @@ name: karavi-authorization-proxy imagePullPolicy: Always -image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 +image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly env: - name: PROXY_HOST value: "" diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_multiple_vaults.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_multiple_vaults.yaml index d5676a942..22cbf20ef 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_multiple_vaults.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_multiple_vaults.yaml @@ -30,17 +30,17 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:nightly proxyServiceReplicas: 1 - tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:nightly tenantServiceReplicas: 1 - roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:nightly roleServiceReplicas: 1 - storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:nightly storageServiceReplicas: 1 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:8.5.7 - authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:nightly authorizationControllerReplicas: 1 leaderElection: true # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml index debabe7d6..2f2f1f8df 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml @@ -30,17 +30,17 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:nightly proxyServiceReplicas: 1 - tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:nightly tenantServiceReplicas: 1 - roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:nightly roleServiceReplicas: 1 - storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:nightly storageServiceReplicas: 1 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:8.5.7 - authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:nightly authorizationControllerReplicas: 1 leaderElection: true # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml index f3c7ecf21..1b92db44f 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml @@ -30,17 +30,17 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.1.0 + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:nightly proxyServiceReplicas: 1 - tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.1.0 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:nightly tenantServiceReplicas: 1 - roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.1.0 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:nightly roleServiceReplicas: 1 - storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.1.0 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:nightly storageServiceReplicas: 1 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:8.5.7 - authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.1.0 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:nightly authorizationControllerReplicas: 1 leaderElection: true # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. From 658b511248f686e99e13ca7c6aa59c6a806abe30 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Thu, 12 Dec 2024 07:59:51 -0500 Subject: [PATCH 28/31] csi-snapshotter version update --- .../dell-csm-operator.clusterserviceversion.yaml | 14 +++++++------- config/manager/manager.yaml | 2 +- .../dell-csm-operator.clusterserviceversion.yaml | 2 +- config/samples/storage_v1_csm_powerflex.yaml | 2 +- config/samples/storage_v1_csm_powermax.yaml | 2 +- config/samples/storage_v1_csm_powerscale.yaml | 2 +- config/samples/storage_v1_csm_powerstore.yaml | 2 +- config/samples/storage_v1_csm_unity.yaml | 2 +- deploy/operator.yaml | 2 +- operatorconfig/driverconfig/common/default.yaml | 2 +- .../driverconfig/common/k8s-1.24-values.yaml | 2 +- .../driverconfig/common/k8s-1.25-values.yaml | 2 +- .../driverconfig/common/k8s-1.26-values.yaml | 2 +- .../driverconfig/common/k8s-1.27-values.yaml | 2 +- .../driverconfig/common/k8s-1.28-values.yaml | 2 +- .../driverconfig/common/k8s-1.29-values.yaml | 2 +- .../driverconfig/common/k8s-1.30-values.yaml | 2 +- .../driverconfig/common/k8s-1.31-values.yaml | 2 +- .../driverconfig/common/k8s-1.32-values.yaml | 2 +- .../driverconfig/powerflex/v2.13.0/controller.yaml | 2 +- .../driverconfig/powermax/v2.13.0/controller.yaml | 2 +- .../powerscale/v2.13.0/controller.yaml | 2 +- .../powerstore/v2.13.0/controller.yaml | 2 +- .../driverconfig/unity/v2.13.0/controller.yaml | 2 +- samples/storage_csm_powerflex_v2130.yaml | 2 +- samples/storage_csm_powermax_v2130.yaml | 2 +- samples/storage_csm_powerscale_v2130.yaml | 2 +- samples/storage_csm_powerstore_v2130.yaml | 2 +- samples/storage_csm_unity_v2130.yaml | 2 +- .../driverconfig/powerflex/v2.13.0/controller.yaml | 2 +- .../driverconfig/powermax/v2.13.0/controller.yaml | 2 +- .../powerscale/v2.13.0/controller.yaml | 2 +- .../powerstore/v2.13.0/controller.yaml | 2 +- .../driverconfig/unity/v2.13.0/controller.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax.yaml | 2 +- .../storage_csm_powermax_authorization.yaml | 2 +- .../storage_csm_powermax_observability.yaml | 2 +- ...e_csm_powermax_observability_authorization.yaml | 2 +- .../testfiles/storage_csm_powermax_resiliency.yaml | 2 +- .../testfiles/storage_csm_powermax_sidecar.yaml | 2 +- 40 files changed, 46 insertions(+), 46 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index abd8f49e3..3cfe63d99 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -226,7 +226,7 @@ metadata: "name": "resizer" }, { - "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0", + "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0", "name": "snapshotter" }, { @@ -595,7 +595,7 @@ metadata: "name": "resizer" }, { - "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0", + "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0", "name": "snapshotter" }, { @@ -938,7 +938,7 @@ metadata: "name": "resizer" }, { - "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0", + "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0", "name": "snapshotter" }, { @@ -1114,7 +1114,7 @@ metadata: "name": "resizer" }, { - "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0", + "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0", "name": "snapshotter" }, { @@ -1259,7 +1259,7 @@ metadata: "name": "resizer" }, { - "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0", + "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0", "name": "snapshotter" }, { @@ -4395,7 +4395,7 @@ spec: - name: RELATED_IMAGE_provisioner value: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 - name: RELATED_IMAGE_snapshotter - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + value: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: RELATED_IMAGE_registrar value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 - name: RELATED_IMAGE_resizer @@ -4515,7 +4515,7 @@ spec: name: attacher - image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 name: provisioner - - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 name: snapshotter - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 name: registrar diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 150f240a1..4cb2b3d93 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -79,7 +79,7 @@ spec: name: RELATED_IMAGE_attacher - value: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 name: RELATED_IMAGE_provisioner - - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 name: RELATED_IMAGE_snapshotter - value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 name: RELATED_IMAGE_registrar diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index c492f659c..6ae3bdc14 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -1782,7 +1782,7 @@ spec: name: attacher - image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 name: provisioner - - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 name: snapshotter - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 name: registrar diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index d889f75b1..103079a0e 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -59,7 +59,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # sdc-monitor is disabled by default, due to high CPU usage diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index a57ee1d45..4a9101aef 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -209,7 +209,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index f5794774d..2d3e06455 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -241,7 +241,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/config/samples/storage_v1_csm_powerstore.yaml b/config/samples/storage_v1_csm_powerstore.yaml index 924b91d51..3360c9b45 100644 --- a/config/samples/storage_v1_csm_powerstore.yaml +++ b/config/samples/storage_v1_csm_powerstore.yaml @@ -68,7 +68,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/config/samples/storage_v1_csm_unity.yaml b/config/samples/storage_v1_csm_unity.yaml index 23df1f820..8b32f381d 100644 --- a/config/samples/storage_v1_csm_unity.yaml +++ b/config/samples/storage_v1_csm_unity.yaml @@ -93,7 +93,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 397c548d3..2b5ecb33a 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1363,7 +1363,7 @@ spec: - name: RELATED_IMAGE_provisioner value: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 - name: RELATED_IMAGE_snapshotter - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + value: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: RELATED_IMAGE_registrar value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 - name: RELATED_IMAGE_resizer diff --git a/operatorconfig/driverconfig/common/default.yaml b/operatorconfig/driverconfig/common/default.yaml index cdcd78ec3..e7b46b1dd 100644 --- a/operatorconfig/driverconfig/common/default.yaml +++ b/operatorconfig/driverconfig/common/default.yaml @@ -7,7 +7,7 @@ images: # container. provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 # "images.snapshotter" defines the container image used for the csi snapshotter - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 # "images.registrar" defines the container images used for the csi registrar # container. registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 diff --git a/operatorconfig/driverconfig/common/k8s-1.24-values.yaml b/operatorconfig/driverconfig/common/k8s-1.24-values.yaml index c818ce290..282c4349c 100644 --- a/operatorconfig/driverconfig/common/k8s-1.24-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.24-values.yaml @@ -7,7 +7,7 @@ images: # container. provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 # "images.snapshotter" defines the container image used for the csi snapshotter - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 # "images.registrar" defines the container images used for the csi registrar # container. registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 diff --git a/operatorconfig/driverconfig/common/k8s-1.25-values.yaml b/operatorconfig/driverconfig/common/k8s-1.25-values.yaml index c818ce290..282c4349c 100644 --- a/operatorconfig/driverconfig/common/k8s-1.25-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.25-values.yaml @@ -7,7 +7,7 @@ images: # container. provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 # "images.snapshotter" defines the container image used for the csi snapshotter - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 # "images.registrar" defines the container images used for the csi registrar # container. registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 diff --git a/operatorconfig/driverconfig/common/k8s-1.26-values.yaml b/operatorconfig/driverconfig/common/k8s-1.26-values.yaml index c818ce290..282c4349c 100644 --- a/operatorconfig/driverconfig/common/k8s-1.26-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.26-values.yaml @@ -7,7 +7,7 @@ images: # container. provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 # "images.snapshotter" defines the container image used for the csi snapshotter - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 # "images.registrar" defines the container images used for the csi registrar # container. registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 diff --git a/operatorconfig/driverconfig/common/k8s-1.27-values.yaml b/operatorconfig/driverconfig/common/k8s-1.27-values.yaml index c818ce290..282c4349c 100644 --- a/operatorconfig/driverconfig/common/k8s-1.27-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.27-values.yaml @@ -7,7 +7,7 @@ images: # container. provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 # "images.snapshotter" defines the container image used for the csi snapshotter - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 # "images.registrar" defines the container images used for the csi registrar # container. registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 diff --git a/operatorconfig/driverconfig/common/k8s-1.28-values.yaml b/operatorconfig/driverconfig/common/k8s-1.28-values.yaml index ee928e8e6..a2960e160 100644 --- a/operatorconfig/driverconfig/common/k8s-1.28-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.28-values.yaml @@ -7,7 +7,7 @@ images: # container. provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 # "images.snapshotter" defines the container image used for the csi snapshotter - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 # "images.registrar" defines the container images used for the csi registrar # container. registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 diff --git a/operatorconfig/driverconfig/common/k8s-1.29-values.yaml b/operatorconfig/driverconfig/common/k8s-1.29-values.yaml index ee928e8e6..a2960e160 100644 --- a/operatorconfig/driverconfig/common/k8s-1.29-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.29-values.yaml @@ -7,7 +7,7 @@ images: # container. provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 # "images.snapshotter" defines the container image used for the csi snapshotter - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 # "images.registrar" defines the container images used for the csi registrar # container. registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 diff --git a/operatorconfig/driverconfig/common/k8s-1.30-values.yaml b/operatorconfig/driverconfig/common/k8s-1.30-values.yaml index ee928e8e6..a2960e160 100644 --- a/operatorconfig/driverconfig/common/k8s-1.30-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.30-values.yaml @@ -7,7 +7,7 @@ images: # container. provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 # "images.snapshotter" defines the container image used for the csi snapshotter - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 # "images.registrar" defines the container images used for the csi registrar # container. registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 diff --git a/operatorconfig/driverconfig/common/k8s-1.31-values.yaml b/operatorconfig/driverconfig/common/k8s-1.31-values.yaml index e36ae5172..662fbe820 100644 --- a/operatorconfig/driverconfig/common/k8s-1.31-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.31-values.yaml @@ -7,7 +7,7 @@ images: # container. provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 # "images.snapshotter" defines the container image used for the csi snapshotter - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 # "images.registrar" defines the container images used for the csi registrar # container. registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 diff --git a/operatorconfig/driverconfig/common/k8s-1.32-values.yaml b/operatorconfig/driverconfig/common/k8s-1.32-values.yaml index 58639caba..b81b4b38b 100644 --- a/operatorconfig/driverconfig/common/k8s-1.32-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.32-values.yaml @@ -7,7 +7,7 @@ images: # container. provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 # "images.snapshotter" defines the container image used for the csi snapshotter - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 # "images.registrar" defines the container images used for the csi registrar # container. registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 diff --git a/operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml index 6f1f2635d..7e2cd6b7a 100644 --- a/operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.13.0/controller.yaml @@ -189,7 +189,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml b/operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml index 133cb63d5..162aa79f8 100644 --- a/operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.13.0/controller.yaml @@ -219,7 +219,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml index 0bcb7fff2..8dd9b97ca 100644 --- a/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/controller.yaml @@ -220,7 +220,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml index bd18f5393..e4066dce8 100644 --- a/operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.13.0/controller.yaml @@ -191,7 +191,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/operatorconfig/driverconfig/unity/v2.13.0/controller.yaml b/operatorconfig/driverconfig/unity/v2.13.0/controller.yaml index 406e8d53a..f9db43bf7 100644 --- a/operatorconfig/driverconfig/unity/v2.13.0/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.13.0/controller.yaml @@ -167,7 +167,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/samples/storage_csm_powerflex_v2130.yaml b/samples/storage_csm_powerflex_v2130.yaml index 6553beb0e..c376e5887 100644 --- a/samples/storage_csm_powerflex_v2130.yaml +++ b/samples/storage_csm_powerflex_v2130.yaml @@ -59,7 +59,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # sdc-monitor is disabled by default, due to high CPU usage diff --git a/samples/storage_csm_powermax_v2130.yaml b/samples/storage_csm_powermax_v2130.yaml index a33021525..ba5563521 100644 --- a/samples/storage_csm_powermax_v2130.yaml +++ b/samples/storage_csm_powermax_v2130.yaml @@ -210,7 +210,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/samples/storage_csm_powerscale_v2130.yaml b/samples/storage_csm_powerscale_v2130.yaml index 74ab34c81..5a9b90994 100644 --- a/samples/storage_csm_powerscale_v2130.yaml +++ b/samples/storage_csm_powerscale_v2130.yaml @@ -244,7 +244,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.9.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/samples/storage_csm_powerstore_v2130.yaml b/samples/storage_csm_powerstore_v2130.yaml index 6a13a57de..430a80760 100644 --- a/samples/storage_csm_powerstore_v2130.yaml +++ b/samples/storage_csm_powerstore_v2130.yaml @@ -70,7 +70,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/samples/storage_csm_unity_v2130.yaml b/samples/storage_csm_unity_v2130.yaml index 9d2554c09..346ce5f4b 100644 --- a/samples/storage_csm_unity_v2130.yaml +++ b/samples/storage_csm_unity_v2130.yaml @@ -95,7 +95,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/tests/config/driverconfig/powerflex/v2.13.0/controller.yaml b/tests/config/driverconfig/powerflex/v2.13.0/controller.yaml index f5a1c2417..497543a79 100644 --- a/tests/config/driverconfig/powerflex/v2.13.0/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.13.0/controller.yaml @@ -182,7 +182,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/tests/config/driverconfig/powermax/v2.13.0/controller.yaml b/tests/config/driverconfig/powermax/v2.13.0/controller.yaml index b73aa6a72..e0abbe138 100644 --- a/tests/config/driverconfig/powermax/v2.13.0/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.13.0/controller.yaml @@ -213,7 +213,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/tests/config/driverconfig/powerscale/v2.13.0/controller.yaml b/tests/config/driverconfig/powerscale/v2.13.0/controller.yaml index d35bd8c48..054cf44da 100644 --- a/tests/config/driverconfig/powerscale/v2.13.0/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.13.0/controller.yaml @@ -214,7 +214,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/tests/config/driverconfig/powerstore/v2.13.0/controller.yaml b/tests/config/driverconfig/powerstore/v2.13.0/controller.yaml index 7886db647..df269219a 100644 --- a/tests/config/driverconfig/powerstore/v2.13.0/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.13.0/controller.yaml @@ -189,7 +189,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/tests/config/driverconfig/unity/v2.13.0/controller.yaml b/tests/config/driverconfig/unity/v2.13.0/controller.yaml index 72bd30ce2..56c512ad3 100644 --- a/tests/config/driverconfig/unity/v2.13.0/controller.yaml +++ b/tests/config/driverconfig/unity/v2.13.0/controller.yaml @@ -165,7 +165,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/tests/e2e/testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/storage_csm_powermax.yaml index beb952119..c9d63c812 100644 --- a/tests/e2e/testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax.yaml @@ -189,7 +189,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml index 7e51dfe9a..fbcbd62c0 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml @@ -198,7 +198,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index 75d47a6d6..6d445940b 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -189,7 +189,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml index c05d9b5c0..c8c6a0fc3 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml @@ -198,7 +198,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: dellemc/csi-metadata-retriever:v1.8.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml index 79d1ab11c..b8f01cdd6 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml @@ -189,7 +189,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it diff --git a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml index c16557416..5ffc0f533 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml @@ -189,7 +189,7 @@ spec: - name: resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 - name: csi-metadata-retriever image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.10.0 # health monitor is disabled by default, refer to driver documentation before enabling it From d07b5cdcb05329398d10274f55eeb67895c4c36c Mon Sep 17 00:00:00 2001 From: mgandharva Date: Fri, 13 Dec 2024 04:52:06 -0500 Subject: [PATCH 29/31] update authV1 to authV2 --- ...ll-csm-operator.clusterserviceversion.yaml | 6 ++--- config/samples/storage_v1_csm_powerflex.yaml | 4 ++-- config/samples/storage_v1_csm_powermax.yaml | 4 ++-- config/samples/storage_v1_csm_powerscale.yaml | 4 ++-- .../authorization/v1.12.0/upgrade-path.yaml | 2 +- .../authorization/v1.13.0/upgrade-path.yaml | 2 +- .../moduleconfig/common/version-values.yaml | 6 ++--- .../testdata/cr_powerflex_observability.yaml | 2 +- .../testdata/cr_powermax_reverseproxy.yaml | 4 ++-- pkg/modules/testdata/cr_powerscale_auth.yaml | 2 +- ...powerscale_auth_missing_skip_cert_env.yaml | 2 +- .../cr_powerscale_auth_validate_cert.yaml | 2 +- .../testdata/cr_powerscale_observability.yaml | 2 +- samples/minimal-samples/powerflex_v2130.yaml | 2 +- samples/minimal-samples/powermax_v2130.yaml | 2 +- samples/minimal-samples/powerscale_v2130.yaml | 2 +- samples/storage_csm_powerflex_v2130.yaml | 4 ++-- samples/storage_csm_powermax_v2130.yaml | 4 ++-- samples/storage_csm_powerscale_v2130.yaml | 4 ++-- ..._authorization_v1_proxy_server_alt_ns.yaml | 18 +++++++------- ...thorization_v1_proxy_server_n_minus_1.yaml | 10 ++++---- ...authorization_v1_proxy_server_no_cert.yaml | 18 +++++++------- .../storage_csm_powerscale.yaml | 2 +- .../storage_csm_powerscale_observability.yaml | 2 +- .../storage_csm_powerscale_replica.yaml | 2 +- .../storage_csm_powerscale_resiliency.yaml | 2 +- .../e2e/testfiles/storage_csm_powerflex.yaml | 2 +- .../storage_csm_powerflex_alt_vals_1.yaml | 2 +- .../storage_csm_powerflex_alt_vals_2.yaml | 2 +- .../storage_csm_powerflex_alt_vals_3.yaml | 2 +- .../storage_csm_powerflex_alt_vals_4.yaml | 2 +- .../testfiles/storage_csm_powerflex_auth.yaml | 2 +- .../storage_csm_powerflex_auth_n_minus_1.yaml | 15 ++++++------ .../storage_csm_powerflex_health_monitor.yaml | 2 +- .../storage_csm_powerflex_no_sdc.yaml | 2 +- ...rage_csm_powerflex_observability_auth.yaml | 2 +- .../storage_csm_powermax_authorization.yaml | 2 +- ..._powermax_observability_authorization.yaml | 2 +- .../e2e/testfiles/storage_csm_powerscale.yaml | 2 +- .../storage_csm_powerscale_alt_vals_1.yaml | 2 +- .../storage_csm_powerscale_alt_vals_2.yaml | 2 +- .../storage_csm_powerscale_alt_vals_3.yaml | 2 +- .../storage_csm_powerscale_auth.yaml | 2 +- ...storage_csm_powerscale_health_monitor.yaml | 2 +- .../storage_csm_powerscale_observability.yaml | 2 +- ...age_csm_powerscale_observability_auth.yaml | 2 +- ...erscale_observability_top_custom_cert.yaml | 2 +- ...age_csm_powerscale_observability_val1.yaml | 24 +++++++++---------- ...age_csm_powerscale_observability_val2.yaml | 22 ++++++++--------- .../storage_csm_powerscale_replica.yaml | 2 +- 50 files changed, 108 insertions(+), 109 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 3cfe63d99..57c3bffdb 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -261,7 +261,7 @@ metadata: "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.13.0", + "configVersion": "v2.1.0", "enabled": false, "name": "authorization" }, @@ -660,7 +660,7 @@ metadata: "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.13.0", + "configVersion": "v2.1.0", "enabled": false, "name": "authorization" }, @@ -1309,7 +1309,7 @@ metadata: "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.13.0", + "configVersion": "v2.1.0", "enabled": false, "name": "authorization" }, diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index 103079a0e..04f103a3a 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -206,11 +206,11 @@ spec: enabled: false # For PowerFlex Tech-Preview v2.0.0-alpha use v1.11.0 as configVersion. # Do not change the configVersion to v2.0.0-alpha - configVersion: v1.12.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 for Authorization v2.1.0 - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index 4a9101aef..c21f2ab1e 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -251,10 +251,10 @@ spec: - name: authorization # enabled: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index 2d3e06455..fb4a44580 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -259,10 +259,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.12.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/operatorconfig/moduleconfig/authorization/v1.12.0/upgrade-path.yaml b/operatorconfig/moduleconfig/authorization/v1.12.0/upgrade-path.yaml index ea2066e2d..0366e2d81 100644 --- a/operatorconfig/moduleconfig/authorization/v1.12.0/upgrade-path.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.12.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v1.10.1 +minUpgradePath: v1.11.0 diff --git a/operatorconfig/moduleconfig/authorization/v1.13.0/upgrade-path.yaml b/operatorconfig/moduleconfig/authorization/v1.13.0/upgrade-path.yaml index ea2066e2d..0366e2d81 100644 --- a/operatorconfig/moduleconfig/authorization/v1.13.0/upgrade-path.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.13.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v1.10.1 +minUpgradePath: v1.11.0 diff --git a/operatorconfig/moduleconfig/common/version-values.yaml b/operatorconfig/moduleconfig/common/version-values.yaml index 161e8e136..26a884ca3 100644 --- a/operatorconfig/moduleconfig/common/version-values.yaml +++ b/operatorconfig/moduleconfig/common/version-values.yaml @@ -12,7 +12,7 @@ powerscale: observability: "v1.10.0" resiliency: "v1.11.0" v2.13.0: - authorization: "v1.13.0" + authorization: "v2.1.0" replication: "v1.11.0" observability: "v1.11.0" resiliency: "v1.12.0" @@ -29,7 +29,7 @@ powerflex: observability: "v1.10.0" resiliency: "v1.11.0" v2.13.0: - authorization: "v1.13.0" + authorization: "v2.1.0" replication: "v1.11.0" observability: "v1.11.0" resiliency: "v1.12.0" @@ -56,7 +56,7 @@ powermax: observability: "v1.10.0" resiliency: "v1.11.0" v2.13.0: - authorization: "v1.13.0" + authorization: "v2.1.0" replication: "v1.11.0" observability: "v1.11.0" resiliency: "v1.12.0" diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index 06b04425a..575e6a1cd 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -232,7 +232,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powermax_reverseproxy.yaml b/pkg/modules/testdata/cr_powermax_reverseproxy.yaml index 9e76dcaaa..626eebe23 100644 --- a/pkg/modules/testdata/cr_powermax_reverseproxy.yaml +++ b/pkg/modules/testdata/cr_powermax_reverseproxy.yaml @@ -34,7 +34,7 @@ spec: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy # Default value: None - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 envs: # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key @@ -53,7 +53,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth.yaml b/pkg/modules/testdata/cr_powerscale_auth.yaml index 2912aebf2..78510a279 100644 --- a/pkg/modules/testdata/cr_powerscale_auth.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth.yaml @@ -18,7 +18,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml b/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml index 7bee9aaa5..5912d6fd8 100644 --- a/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth_missing_skip_cert_env.yaml @@ -18,7 +18,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml b/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml index e3b97263f..09419187d 100644 --- a/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml @@ -18,7 +18,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_observability.yaml b/pkg/modules/testdata/cr_powerscale_observability.yaml index e8ad15524..89ce97da5 100644 --- a/pkg/modules/testdata/cr_powerscale_observability.yaml +++ b/pkg/modules/testdata/cr_powerscale_observability.yaml @@ -114,7 +114,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/samples/minimal-samples/powerflex_v2130.yaml b/samples/minimal-samples/powerflex_v2130.yaml index 509ca7ecb..c5f871a7c 100644 --- a/samples/minimal-samples/powerflex_v2130.yaml +++ b/samples/minimal-samples/powerflex_v2130.yaml @@ -14,7 +14,7 @@ spec: # enable: Enable/Disable csm-authorization enabled: false # For Auth 2.0, use v2.1.0 as configVersion - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy envs: diff --git a/samples/minimal-samples/powermax_v2130.yaml b/samples/minimal-samples/powermax_v2130.yaml index 240955adc..b1365aeae 100644 --- a/samples/minimal-samples/powermax_v2130.yaml +++ b/samples/minimal-samples/powermax_v2130.yaml @@ -14,7 +14,7 @@ spec: # enable: Enable/Disable csm-authorization enabled: false # For Auth 2.0, use v2.1.0 as configVersion - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy envs: diff --git a/samples/minimal-samples/powerscale_v2130.yaml b/samples/minimal-samples/powerscale_v2130.yaml index a867be0e9..944e4cebe 100644 --- a/samples/minimal-samples/powerscale_v2130.yaml +++ b/samples/minimal-samples/powerscale_v2130.yaml @@ -14,7 +14,7 @@ spec: # enable: Enable/Disable csm-authorization enabled: false # For Auth 2.0, use v2.1.0 as configVersion - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy envs: diff --git a/samples/storage_csm_powerflex_v2130.yaml b/samples/storage_csm_powerflex_v2130.yaml index c376e5887..6ba9b4bd5 100644 --- a/samples/storage_csm_powerflex_v2130.yaml +++ b/samples/storage_csm_powerflex_v2130.yaml @@ -207,11 +207,11 @@ spec: enabled: false # For PowerFlex Tech-Preview v2.0.0-alpha use v1.11.0 as configVersion. # Do not change the configVersion to v2.0.0-alpha - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 for Authorization v2.1.0 - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server # Default value: none diff --git a/samples/storage_csm_powermax_v2130.yaml b/samples/storage_csm_powermax_v2130.yaml index ba5563521..6477609d0 100644 --- a/samples/storage_csm_powermax_v2130.yaml +++ b/samples/storage_csm_powermax_v2130.yaml @@ -254,10 +254,10 @@ spec: # enabled: Enable/Disable csm-authorization # Default value: false enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server # Default value: none diff --git a/samples/storage_csm_powerscale_v2130.yaml b/samples/storage_csm_powerscale_v2130.yaml index 5a9b90994..f870fc03e 100644 --- a/samples/storage_csm_powerscale_v2130.yaml +++ b/samples/storage_csm_powerscale_v2130.yaml @@ -264,10 +264,10 @@ spec: # enable: Enable/Disable csm-authorization # Default value: false enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.13.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.1.0 envs: # proxyHost: hostname of the csm-authorization server # Default value: none diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_alt_ns.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_alt_ns.yaml index c0b8c427b..b33553862 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_alt_ns.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_alt_ns.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.11.0 + configVersion: v1.13.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -30,12 +30,12 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.11.0 - tenantService: dellemc/csm-authorization-tenant:v1.11.0 - roleService: dellemc/csm-authorization-role:v1.11.0 - storageService: dellemc/csm-authorization-storage:v1.11.0 - opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:nightly + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:nightly + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:nightly + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:nightly + opa: docker.io/openpolicyagent/opa:latest + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.7 # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -58,8 +58,8 @@ spec: # additional annotations for the proxy-server ingress annotations: {} - name: redis - redis: redis:6.0.8-alpine - commander: rediscommander/redis-commander:latest + redis: docker.io/redis:7.4.0-alpine + commander: docker.io/rediscommander/redis-commander:latest # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis # to use a different storage class for redis, specify the name of the storage class # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_n_minus_1.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_n_minus_1.yaml index 3f703f6c2..bced5a7c7 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_n_minus_1.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_n_minus_1.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.1 + configVersion: v1.12.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -30,10 +30,10 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.10.1 - tenantService: dellemc/csm-authorization-tenant:v1.10.1 - roleService: dellemc/csm-authorization-role:v1.10.1 - storageService: dellemc/csm-authorization-storage:v1.10.1 + proxyService: dellemc/csm-authorization-proxy:v1.12.0 + tenantService: dellemc/csm-authorization-tenant:v1.12.0 + roleService: dellemc/csm-authorization-role:v1.12.0 + storageService: dellemc/csm-authorization-storage:v1.12.0 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_no_cert.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_no_cert.yaml index ea3ba6166..d0fd7194b 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_no_cert.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server_no_cert.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.11.0 + configVersion: v1.13.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -30,12 +30,12 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.11.0 - tenantService: dellemc/csm-authorization-tenant:v1.11.0 - roleService: dellemc/csm-authorization-role:v1.11.0 - storageService: dellemc/csm-authorization-storage:v1.11.0 - opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v1.13.0 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v1.13.0 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v1.13.0 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v1.13.0 + opa: docker.io/openpolicyagent/opa:latest + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.7 # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -57,8 +57,8 @@ spec: # additional annotations for the proxy-server ingress annotations: {} - name: redis - redis: redis:6.0.8-alpine - commander: rediscommander/redis-commander:latest + redis: docker.io/redis:7.4.0-alpine + commander: docker.io/rediscommander/redis-commander:latest # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis # to use a different storage class for redis, specify the name of the storage class # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml index d8ab8793b..046d26379 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale.yaml @@ -14,7 +14,7 @@ spec: # enable: Enable/Disable csm-authorization enabled: false # For Auth 2.0, use v2.1.0 as configVersion - configVersion: v1.13.0 + configVersion: v2.1.0 - name: resiliency enabled: false - name: replication diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml index 1d30ef23b..37339546b 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_observability.yaml @@ -13,7 +13,7 @@ spec: - name: authorization enabled: false # For Auth 2.0, use v2.1.0 as configVersion - configVersion: v1.13.0 + configVersion: v2.1.0 - name: resiliency enabled: false - name: replication diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml index 6a8ed9b14..74950c41d 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_replica.yaml @@ -12,7 +12,7 @@ spec: - name: authorization enabled: false # For Auth 2.0, use v2.1.0 as configVersion - configVersion: v1.13.0 + configVersion: v2.1.0 - name: resiliency enabled: false - name: replication diff --git a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml index 7af9679a3..f5d2bfd4b 100644 --- a/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml +++ b/tests/e2e/testfiles/minimal-testfiles/storage_csm_powerscale_resiliency.yaml @@ -14,6 +14,6 @@ spec: # enable: Enable/Disable csm-authorization enabled: false # For Auth 2.0, use v2.1.0 as configVersion - configVersion: v1.13.0 + configVersion: v2.1.0 - name: resiliency enabled: true diff --git a/tests/e2e/testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/storage_csm_powerflex.yaml index a1cf9fc7d..4770fe3cc 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex.yaml @@ -166,7 +166,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml index c8515b583..fafa1a1e4 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml @@ -155,7 +155,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml index b7e85f00a..77f1b7e1f 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml @@ -154,7 +154,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml index 095a8df6a..dac23da89 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml @@ -154,7 +154,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml index 413df32d9..a0c2acd89 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml @@ -155,7 +155,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml index d25182ac4..49e6b9952 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml @@ -128,7 +128,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml index 2318ba756..5e5e724fd 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml @@ -11,12 +11,12 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.1 + configVersion: v2.12.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceRemoveDriver: true common: - image: "dellemc/csi-vxflexos:v2.10.1" + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0 imagePullPolicy: Always envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -44,8 +44,8 @@ spec: value: "1" - name: MDM value: "10.x.x.x,10.x.x.x" # provide MDM value - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -122,21 +122,20 @@ spec: name: sdc envs: - name: MDM - value: "10.225.109.64,10.225.109.65" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.1 + configVersion: v2.0.0 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.1 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - name: "SKIP_CERTIFICATE_VALIDATION" value: "true" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml index f300e846d..4c81b91e2 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml @@ -155,7 +155,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml index cfaaad1d4..560269534 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_no_sdc.yaml @@ -157,7 +157,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml index 5b7bf904a..b7daed8f0 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml @@ -128,7 +128,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml index fbcbd62c0..0270f27c4 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml @@ -243,7 +243,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml index c8c6a0fc3..135803c4e 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability_authorization.yaml @@ -243,7 +243,7 @@ spec: - name: authorization # enabled: Enable/Disable csm-authorization enabled: true - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index 4f1e3b772..3f1a0e4e0 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -229,7 +229,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml index f9c1374b4..6e73d7b37 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml @@ -245,7 +245,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml index 853cc85a5..08c4e2c71 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml @@ -229,7 +229,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml index 832ecc17b..2286d3ac7 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml @@ -229,7 +229,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml index f44bf5a26..edada724b 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml @@ -220,7 +220,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml index 56bb2e996..67b508a77 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml @@ -222,7 +222,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index 16ac9f2dd..f4fcf8ba2 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -222,7 +222,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml index 8bb8d4c07..a1ee011e1 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml @@ -217,7 +217,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 003c40a87..9342f7041 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -222,7 +222,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml index c973a988f..bd35310df 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml @@ -11,14 +11,14 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.12.0 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet # Uninstall CSI Driver and/or modules when CR is deleted forceRemoveDriver: true common: - image: "dellemc/csi-isilon:v2.10.1" + image: "quay.io/dell/container-storage-modules/csi-isilon:v2.12.0" imagePullPolicy: IfNotPresent envs: # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs @@ -222,7 +222,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.1 + configVersion: v2.0.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly @@ -242,13 +242,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.9.0 + configVersion: v1.10.0 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.9.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:nightly envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -263,7 +263,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.9.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:nightly envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -297,14 +297,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: quay.io/dell/container-storage-modules/csm-topology:nightly # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -351,7 +351,7 @@ spec: enabled: true # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:v1.5.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:nightly envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int @@ -420,10 +420,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.10.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: dellemc/podmon:nightly + image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: IfNotPresent args: - "--csisock=unix:/var/run/csi/csi.sock" @@ -436,7 +436,7 @@ spec: - "--driverPodLabelValue=dell-storage" - "--ignoreVolumelessPods=false" - name: podmon-node - image: dellemc/podmon:nightly + image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml index 7e82cf154..f4fcf8ba2 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml @@ -18,7 +18,7 @@ spec: # Uninstall CSI Driver and/or modules when CR is deleted forceRemoveDriver: true common: - image: "dellemc/csi-isilon:nightly" + image: "quay.io/dell/container-storage-modules/csi-isilon:nightly" imagePullPolicy: IfNotPresent envs: # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs @@ -222,7 +222,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly @@ -242,13 +242,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.9.0 + configVersion: v1.10.0 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.9.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:nightly envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -263,7 +263,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.9.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:nightly envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -297,14 +297,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.9.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:nightly + image: quay.io/dell/container-storage-modules/csm-topology:nightly # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -351,7 +351,7 @@ spec: enabled: true # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:nightly + image: quay.io/dell/container-storage-modules/csm-metrics-powerscale:nightly envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int @@ -420,10 +420,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.10.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: dellemc/podmon:nightly + image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: IfNotPresent args: - "--csisock=unix:/var/run/csi/csi.sock" @@ -436,7 +436,7 @@ spec: - "--driverPodLabelValue=dell-storage" - "--ignoreVolumelessPods=false" - name: podmon-node - image: dellemc/podmon:nightly + image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml index e461f03d8..41bc8d1ee 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml @@ -222,7 +222,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.13.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly From fbe7d62e173245264d3c199935243eb8af9cc0a9 Mon Sep 17 00:00:00 2001 From: mgandharva Date: Fri, 13 Dec 2024 05:06:29 -0500 Subject: [PATCH 30/31] updated upgrade-path --- operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml | 2 +- operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml | 2 +- .../driverconfig/powerscale/v2.13.0/upgrade-path.yaml | 2 +- .../driverconfig/powerstore/v2.13.0/upgrade-path.yaml | 2 +- operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml | 2 +- .../moduleconfig/application-mobility/v1.3.0/upgrade-path.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml index a7bcf2003..83c3643d9 100644 --- a/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.13.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.12.0 +minUpgradePath: v2.11.0 diff --git a/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml index a7bcf2003..83c3643d9 100644 --- a/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/powermax/v2.13.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.12.0 +minUpgradePath: v2.11.0 diff --git a/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml index a7bcf2003..83c3643d9 100644 --- a/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.13.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.12.0 +minUpgradePath: v2.11.0 diff --git a/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml index a7bcf2003..83c3643d9 100644 --- a/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.13.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.12.0 +minUpgradePath: v2.11.0 diff --git a/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml b/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml index a7bcf2003..83c3643d9 100644 --- a/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/unity/v2.13.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.12.0 +minUpgradePath: v2.11.0 diff --git a/operatorconfig/moduleconfig/application-mobility/v1.3.0/upgrade-path.yaml b/operatorconfig/moduleconfig/application-mobility/v1.3.0/upgrade-path.yaml index 354ccfa7c..3d754d998 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.3.0/upgrade-path.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.3.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v1.0.3 +minUpgradePath: v1.1.0 From 46eda6938646458bbd9fc570f09990d5661d961d Mon Sep 17 00:00:00 2001 From: mgandharva Date: Sat, 14 Dec 2024 00:12:26 -0500 Subject: [PATCH 31/31] updated testfiles --- .../powerflex/v2.13.0/upgrade-path.yaml | 2 +- .../powermax/v2.13.0/upgrade-path.yaml | 2 +- .../powerscale/v2.13.0/upgrade-path.yaml | 2 +- .../powerstore/v2.13.0/upgrade-path.yaml | 2 +- .../unity/v2.13.0/upgrade-path.yaml | 2 +- .../testfiles/powerflex_alt_vals_1_values.csv | 1 - .../storage_csm_powerflex_downgrade.yaml | 128 ++++++++---------- tests/e2e/testfiles/storage_csm_powermax.yaml | 2 +- .../storage_csm_powermax_observability.yaml | 2 +- .../storage_csm_powermax_resiliency.yaml | 2 +- ...m_powermax_reverseproxy_authorization.yaml | 2 +- .../storage_csm_powermax_sidecar.yaml | 2 +- 12 files changed, 68 insertions(+), 81 deletions(-) diff --git a/tests/config/driverconfig/powerflex/v2.13.0/upgrade-path.yaml b/tests/config/driverconfig/powerflex/v2.13.0/upgrade-path.yaml index 91b27e540..83c3643d9 100644 --- a/tests/config/driverconfig/powerflex/v2.13.0/upgrade-path.yaml +++ b/tests/config/driverconfig/powerflex/v2.13.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.10.1 +minUpgradePath: v2.11.0 diff --git a/tests/config/driverconfig/powermax/v2.13.0/upgrade-path.yaml b/tests/config/driverconfig/powermax/v2.13.0/upgrade-path.yaml index 91b27e540..83c3643d9 100644 --- a/tests/config/driverconfig/powermax/v2.13.0/upgrade-path.yaml +++ b/tests/config/driverconfig/powermax/v2.13.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.10.1 +minUpgradePath: v2.11.0 diff --git a/tests/config/driverconfig/powerscale/v2.13.0/upgrade-path.yaml b/tests/config/driverconfig/powerscale/v2.13.0/upgrade-path.yaml index 91b27e540..83c3643d9 100644 --- a/tests/config/driverconfig/powerscale/v2.13.0/upgrade-path.yaml +++ b/tests/config/driverconfig/powerscale/v2.13.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.10.1 +minUpgradePath: v2.11.0 diff --git a/tests/config/driverconfig/powerstore/v2.13.0/upgrade-path.yaml b/tests/config/driverconfig/powerstore/v2.13.0/upgrade-path.yaml index e3b7b449a..bdc40f75d 100644 --- a/tests/config/driverconfig/powerstore/v2.13.0/upgrade-path.yaml +++ b/tests/config/driverconfig/powerstore/v2.13.0/upgrade-path.yaml @@ -13,4 +13,4 @@ # limitations under the License. # # -minUpgradePath: v2.10.1 +minUpgradePath: v2.11.0 diff --git a/tests/config/driverconfig/unity/v2.13.0/upgrade-path.yaml b/tests/config/driverconfig/unity/v2.13.0/upgrade-path.yaml index 91b27e540..83c3643d9 100644 --- a/tests/config/driverconfig/unity/v2.13.0/upgrade-path.yaml +++ b/tests/config/driverconfig/unity/v2.13.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.10.1 +minUpgradePath: v2.11.0 diff --git a/tests/e2e/testfiles/powerflex_alt_vals_1_values.csv b/tests/e2e/testfiles/powerflex_alt_vals_1_values.csv index 476ae8a32..6f5a736ef 100644 --- a/tests/e2e/testfiles/powerflex_alt_vals_1_values.csv +++ b/tests/e2e/testfiles/powerflex_alt_vals_1_values.csv @@ -4,7 +4,6 @@ Namespace,,dell,controller,1 F S Group Policy,,ReadWriteOnceWithFSType,csm,1 Replicas,,2,csm,1 Dns Policy,,ClusterFirstWithHostNet,csm,1 -Force Update,,true,csm,1 Force Remove Driver,,true,csm,1 Image Pull Policy,,Always,csm,2 X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT,,true,controller,1 diff --git a/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml b/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml index 0831de7ad..8d74fd3a7 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml @@ -16,12 +16,12 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.10.1 + configVersion: v2.12.0 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceRemoveDriver: true common: - image: "dellemc/csi-vxflexos:v2.10.1" + image: "quay.io/dell/container-storage-modules/csi-vxflexos:v2.12.0" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -30,9 +30,11 @@ spec: value: "false" - name: X_CSI_DEBUG value: "true" + - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS + value: "false" # Specify kubelet config dir path. # Ensure that the config.yaml file is present at this path. - # Default value: /var/lib/kubelet + # Default value: None - name: KUBELET_CONFIG_DIR value: "/var/lib/kubelet" - name: "CERT_SECRET_COUNT" @@ -40,20 +42,17 @@ spec: - name: X_CSI_QUOTA_ENABLED value: "false" sideCars: - # 'k8s' represents a string prepended to each volume created by the CSI driver - - name: provisioner - args: ["--volume-name-prefix=k8s"] - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false - image: dellemc/sdc:3.6.1 + image: dellemc/sdc:4.5.2.1 envs: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + value: "10.x.x.x,10.x.x.x" # provide MDM value + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -77,6 +76,8 @@ spec: # Leave as blank to use all nodes # Allowed values: map of key-value pairs # Default value: None + # Examples: + # node-role.kubernetes.io/control-plane: "" nodeSelector: # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint # node-role.kubernetes.io/master: "" @@ -97,6 +98,13 @@ spec: # effect: "NoSchedule" node: envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval # Allowed values: # true: enable SDC approval @@ -111,23 +119,23 @@ spec: # Default value: false - name: X_CSI_RENAME_SDC_ENABLED value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" # X_CSI_RENAME_SDC_PREFIX: defines a string for prefix of the SDC name. # "prefix" + "worker_node_hostname" should not exceed 31 chars. # Default value: none # Examples: "rhel-sdc", "sdc-test" - name: X_CSI_RENAME_SDC_PREFIX value: "" - # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node - # Allowed values: Any value greater than or equal to 0 - # If value is zero Container Orchestrator shall decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'maxVxflexosVolumesPerNode' is not set. - # Default value: "0" - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset # Leave as blank to use all nodes # Allowed values: map of key-value pairs # Default value: None + # Examples: + # node-role.kubernetes.io/control-plane: "" nodeSelector: # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint # node-role.kubernetes.io/master: "" @@ -146,45 +154,26 @@ spec: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" - # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled - # - key: "offline.vxflexos.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "vxflexos.podmon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "offline.unity.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "unity.podmon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "offline.isilon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "isilon.podmon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" initContainers: - image: dellemc/sdc:4.5.2.1 imagePullPolicy: IfNotPresent name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v2.1.0 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:nightly envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" - value: "csm-authorization.com" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - name: "SKIP_CERTIFICATE_VALIDATION" value: "true" @@ -192,14 +181,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.7.0 + configVersion: v1.11.0 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.7.0 + image: quay.io/dell/container-storage-modules/csm-topology:nightly # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -234,18 +223,18 @@ spec: # Default value: "nginxinc/nginx-unprivileged:1.27" - name: "NGINX_PROXY_IMAGE" value: "nginxinc/nginx-unprivileged:1.27" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - name: cert-manager - enabled: false + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + enabled: true - name: metrics-powerflex # enabled: Enable/Disable PowerFlex metrics enabled: false # image: Defines PowerFlex metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powerflex:v1.7.0 + image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:nightly envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int @@ -306,13 +295,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.7.0 + configVersion: v1.10.0 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.7.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:nightly envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -326,13 +315,13 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.7.0 + image: quay.io/dell/container-storage-modules/dell-replication-controller:nightly envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration # Allowed values: string - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" + value: "self" # Replication log level # Allowed values: "error", "warn"/"warning", "info", "debug" # Default value: "debug" @@ -352,31 +341,32 @@ spec: # Allowed values: time - name: "RETRY_INTERVAL_MAX" value: "5m" + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-init:v1.0.0 - name: resiliency # enabled: Enable/Disable Resiliency feature # Allowed values: - # true: enable Resiliency feature(deploy podmon sidecar) - # false: disable Resiliency feature(do not deploy podmon sidecar) + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.12.0 components: - name: podmon-controller - image: dellemc/podmon:v1.8.0 + image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: IfNotPresent args: + - "--csisock=unix:/var/run/csi/csi.sock" - "--labelvalue=csi-vxflexos" + - "--mode=controller" - "--skipArrayConnectionValidation=false" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - "--driverPodLabelValue=dell-storage" - "--ignoreVolumelessPods=false" - - "--arrayConnectivityPollRate=5" - - "--arrayConnectivityConnectionLossThreshold=3" - # Below 3 args should not be modified. - - "--csisock=unix:/var/run/csi/csi.sock" - - "--mode=controller" - - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - name: podmon-node - image: dellemc/podmon:v1.8.0 + image: quay.io/dell/container-storage-modules/podmon:nightly imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster @@ -385,12 +375,10 @@ spec: - name: "X_CSI_PODMON_API_PORT" value: "8083" args: + - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" - "--labelvalue=csi-vxflexos" + - "--mode=node" - "--leaderelection=false" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - "--driverPodLabelValue=dell-storage" - "--ignoreVolumelessPods=false" - - "--arrayConnectivityPollRate=5" - # Below 3 args should not be modified. - - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" - - "--mode=node" - - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/tests/e2e/testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/storage_csm_powermax.yaml index c9d63c812..f5e9c2a4e 100644 --- a/tests/e2e/testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax.yaml @@ -31,7 +31,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.10.1 driver + # Config version for CSI PowerMax v2.13.0 driver configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index 6d445940b..84b180035 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -31,7 +31,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.10.1 driver + # Config version for CSI PowerMax v2.13.0 driver configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release diff --git a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml index b8f01cdd6..b4c5e7245 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml @@ -31,7 +31,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.10.1 driver + # Config version for CSI PowerMax v2.13.0 driver configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release diff --git a/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml index 4ff73850e..c7223f6a0 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml @@ -31,7 +31,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.10.1 driver + # Config version for CSI PowerMax v2.13.0 driver configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release diff --git a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml index 5ffc0f533..aa77f9d03 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml @@ -31,7 +31,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.10.1 driver + # Config version for CSI PowerMax v2.13.0 driver configVersion: v2.13.0 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release