diff --git a/charts/csi-powermax/Chart.yaml b/charts/csi-powermax/Chart.yaml index b65c3e6b..58026c94 100644 --- a/charts/csi-powermax/Chart.yaml +++ b/charts/csi-powermax/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 -appVersion: "2.13.0" +appVersion: "2.14.0" name: csi-powermax -version: 2.13.0 +version: 2.14.0 description: | PowerMax CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as @@ -15,7 +15,7 @@ keywords: - storage dependencies: - name: csireverseproxy - version: 2.12.0 + version: 2.13.0 condition: required home: https://github.com/dell/csi-powermax icon: https://avatars1.githubusercontent.com/u/20958494?s=200&v=4 diff --git a/charts/csi-powermax/charts/csireverseproxy/Chart.yaml b/charts/csi-powermax/charts/csireverseproxy/Chart.yaml index 4c172dda..757223bd 100644 --- a/charts/csi-powermax/charts/csireverseproxy/Chart.yaml +++ b/charts/csi-powermax/charts/csireverseproxy/Chart.yaml @@ -4,6 +4,6 @@ description: A Helm chart for CSI PowerMax ReverseProxy type: application -version: 2.12.0 +version: 2.13.0 -appVersion: 2.12.0 +appVersion: 2.13.0 diff --git a/charts/csi-powermax/charts/csireverseproxy/templates/configmap.yaml b/charts/csi-powermax/charts/csireverseproxy/templates/configmap.yaml index 27938ea4..2bacd050 100644 --- a/charts/csi-powermax/charts/csireverseproxy/templates/configmap.yaml +++ b/charts/csi-powermax/charts/csireverseproxy/templates/configmap.yaml @@ -1,3 +1,12 @@ +{{- /* +Deprecation notice: use of reverseproxy-config ConfigMap is deprecated and will +be removed in a future release. The ConfigMap remains for backward compatibility +usage only. +*/}} +{{- /* +Use the ConfigMap only if the useSecret value is empty or the key is not found +*/}} +{{- if or (not (hasKey .Values "useSecret")) (empty .Values.useSecret) }} apiVersion: v1 kind: ConfigMap metadata: @@ -5,3 +14,4 @@ metadata: namespace: {{ .Release.Namespace }} data: {{ tpl (.Files.Glob "conf/config.yaml").AsConfig . | indent 2 }} +{{- end }} diff --git a/charts/csi-powermax/charts/csireverseproxy/templates/reverseproxy.yaml b/charts/csi-powermax/charts/csireverseproxy/templates/reverseproxy.yaml index 53d291ca..a30ae2e9 100644 --- a/charts/csi-powermax/charts/csireverseproxy/templates/reverseproxy.yaml +++ b/charts/csi-powermax/charts/csireverseproxy/templates/reverseproxy.yaml @@ -20,10 +20,18 @@ spec: image: {{ required "Must provided an image for reverseproxy container." .Values.image }} imagePullPolicy: Always env: + {{- $useRevProxySecret := and (hasKey .Values "useSecret") (.Values.useSecret | default false) }} + - name: X_CSI_REVPROXY_USE_SECRET + value: {{ $useRevProxySecret | quote }} + {{- if $useRevProxySecret }} + - name: X_CSI_REVPROXY_SECRET_FILEPATH + value: "/etc/powermax/config" + {{- else }} - name: X_CSI_REVPROXY_CONFIG_DIR value: /etc/config/configmap - name: X_CSI_REVPROXY_CONFIG_FILE_NAME value: config.yaml + {{- end }} - name: X_CSI_REVRPOXY_IN_CLUSTER value: "true" - name: X_CSI_REVPROXY_TLS_CERT_DIR @@ -31,20 +39,31 @@ spec: - name: X_CSI_REVPROXY_WATCH_NAMESPACE value: {{ .Release.Namespace }} volumeMounts: + {{- if and (hasKey .Values "useSecret") (.Values.useSecret | default false) }} + - name: powermax-reverseproxy-secret + mountPath: /etc/powermax + {{- else }} - name: configmap-volume mountPath: /etc/config/configmap + {{- end }} - name: tls-secret mountPath: /app/tls - name: cert-dir mountPath: /app/certs volumes: + {{- if and (hasKey .Values "useSecret") (.Values.useSecret | default false) }} + - name: powermax-reverseproxy-secret + secret: + secretName: {{ required "Must provide defaultCredentialsSecret secret name." .Values.global.defaultCredentialsSecret }} + {{- else }} - name: configmap-volume configMap: name: {{ .Release.Name }}-reverseproxy-config optional: true + {{- end }} - name: tls-secret secret: secretName: {{ .Values.tlsSecret }} - name: cert-dir emptyDir: -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/csi-powermax/charts/csireverseproxy/values.yaml b/charts/csi-powermax/charts/csireverseproxy/values.yaml index f3cf87b0..b3a19c8a 100644 --- a/charts/csi-powermax/charts/csireverseproxy/values.yaml +++ b/charts/csi-powermax/charts/csireverseproxy/values.yaml @@ -1,7 +1,17 @@ -image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 +image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:nightly port: 2222 # TLS secret which is used for setting up the proxy HTTPS server # Don't change this value unless really necessary # If this value is modified, then the installation script will have to be modified tlsSecret: "csirevproxy-tls-secret" + +# useSecret +# Defines if the reverseproxy Secret should be used instead of the +# deprecated powermax-reverseproxy-config ConfigMap. If set to true, the contents +# of the secret specified by global.defaultCredentialsSecret will be used, +# in the new format, to specify Unisphere for PowerMax endpoints, array IDs, +# and login credentials. If set to false, the deprecated ConfigMap will be used. +# Default value: true +# Example: false +useSecret: diff --git a/charts/csi-powermax/templates/controller.yaml b/charts/csi-powermax/templates/controller.yaml index fc96b1b9..b30de6e5 100644 --- a/charts/csi-powermax/templates/controller.yaml +++ b/charts/csi-powermax/templates/controller.yaml @@ -414,6 +414,7 @@ spec: value: /var/run/csi/csi.sock - name: X_CSI_MODE value: controller + {{- if or (not (hasKey .Values.csireverseproxy "useSecret")) (empty .Values.csireverseproxy.useSecret) }} - name: X_CSI_POWERMAX_USER valueFrom: secretKeyRef: @@ -424,10 +425,18 @@ spec: secretKeyRef: name: {{ .Values.global.defaultCredentialsSecret }} key: password + {{- end }} - name: X_CSI_POWERMAX_CONFIG_PATH value: /powermax-config-params/driver-config-params.yaml - name: X_CSI_POWERMAX_ARRAY_CONFIG_PATH value: /powermax-array-config/powermax-array-config.yaml + {{- $useRevProxySecret := and (hasKey .Values.csireverseproxy "useSecret") (.Values.csireverseproxy.useSecret | default false) }} + - name: X_CSI_REVPROXY_USE_SECRET + value: {{ $useRevProxySecret | quote }} + {{- if $useRevProxySecret }} + - name: X_CSI_REVPROXY_SECRET_FILEPATH + value: "/etc/powermax/config" + {{- end }} - name: X_CSI_POWERMAX_DEBUG value: {{ .Values.powerMaxDebug | default "false" | lower | quote }} - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION @@ -509,6 +518,10 @@ spec: mountPath: /powermax-config-params - name: powermax-array-config mountPath: /powermax-array-config + {{- if and (hasKey .Values.csireverseproxy "useSecret") (.Values.csireverseproxy.useSecret | default false) }} + - name: powermax-reverseproxy-secret + mountPath: /etc/powermax + {{- end }} - name: tls-secret mountPath: /app/tls {{- if eq .Values.csireverseproxy.deployAsSidecar true }} @@ -516,10 +529,18 @@ spec: image: {{ required "Must provided an image for reverseproxy container." .Values.images.csireverseproxy.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: + {{- $useRevProxySecret := and (hasKey .Values.csireverseproxy "useSecret") (.Values.csireverseproxy.useSecret | default false) }} + - name: X_CSI_REVPROXY_USE_SECRET + value: {{ $useRevProxySecret | quote }} + {{- if $useRevProxySecret }} + - name: X_CSI_REVPROXY_SECRET_FILEPATH + value: "/etc/powermax/config" + {{- else }} - name: X_CSI_REVPROXY_CONFIG_DIR value: /etc/config/configmap - name: X_CSI_REVPROXY_CONFIG_FILE_NAME value: config.yaml + {{- end }} - name: X_CSI_REVRPOXY_IN_CLUSTER value: "true" - name: X_CSI_REVPROXY_TLS_CERT_DIR @@ -527,8 +548,13 @@ spec: - name: X_CSI_REVPROXY_WATCH_NAMESPACE value: {{ .Release.Namespace }} volumeMounts: + {{- if and (hasKey .Values.csireverseproxy "useSecret") (.Values.csireverseproxy.useSecret | default false) }} + - name: powermax-reverseproxy-secret + mountPath: /etc/powermax + {{- else }} - name: configmap-volume mountPath: /etc/config/configmap + {{- end }} - name: tls-secret mountPath: /app/tls - name: cert-dir @@ -541,10 +567,16 @@ spec: secret: secretName: {{ .Release.Name }}-certs optional: true + {{- if and (hasKey .Values.csireverseproxy "useSecret") (.Values.csireverseproxy.useSecret | default false) }} + - name: powermax-reverseproxy-secret + secret: + secretName: {{ required "Must provide defaultCredentialsSecret secret name." .Values.global.defaultCredentialsSecret }} + {{- else }} - name: configmap-volume configMap: name: {{ .Release.Name }}-reverseproxy-config optional: true + {{- end }} - name: tls-secret secret: secretName: {{ .Values.csireverseproxy.tlsSecret }} diff --git a/charts/csi-powermax/templates/node.yaml b/charts/csi-powermax/templates/node.yaml index f753aec0..b4171e35 100644 --- a/charts/csi-powermax/templates/node.yaml +++ b/charts/csi-powermax/templates/node.yaml @@ -95,8 +95,8 @@ metadata: {{- if eq .Values.authorization.enabled true }} annotations: com.dell.karavi-authorization-proxy: "true" - {{ end }} - {{ end }} + {{- end }} + {{- end }} spec: selector: matchLabels: @@ -112,14 +112,14 @@ spec: {{- end }} spec: serviceAccountName: {{ .Release.Name }}-node - {{ if .Values.node.nodeSelector }} + {{- if .Values.node.nodeSelector }} nodeSelector: {{- toYaml .Values.node.nodeSelector | nindent 8 }} - {{ end }} - {{ if .Values.node.tolerations }} + {{- end }} + {{- if .Values.node.tolerations }} tolerations: {{- toYaml .Values.node.tolerations | nindent 6 }} - {{ end }} + {{- end }} hostIPC: true hostNetwork: true dnsPolicy: ClusterFirstWithHostNet @@ -153,15 +153,13 @@ spec: value: "{{ .Values.maxPowerMaxVolumesPerNode }}" - name: X_CSI_PRIVATE_MOUNT_DIR value: "{{ .Values.kubeletConfigDir }}/plugins/powermax.emc.dell.com/disks" - {{- $managementServer := first .Values.global.managementServers }} - - name: X_CSI_POWERMAX_ENDPOINT - value: {{ required "Must provide a Unisphere HTTPS endpoint." $managementServer.endpoint }} - name: X_CSI_POWERMAX_DEBUG value: {{ .Values.powerMaxDebug | default "false" | lower | quote }} - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION value: {{ .Values.skipCertificateValidation | default "true" | lower | quote }} - name: X_CSI_K8S_CLUSTER_PREFIX value: {{ required "Must provide a Cluster Prefix." .Values.clusterPrefix }} + {{- if or (not (hasKey .Values.csireverseproxy "useSecret")) (empty .Values.csireverseproxy.useSecret) }} - name: X_CSI_POWERMAX_USER valueFrom: secretKeyRef: @@ -172,11 +170,19 @@ spec: secretKeyRef: name: {{ .Values.global.defaultCredentialsSecret }} key: password + {{- end }} - name: X_CSI_POWERMAX_NODENAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName + {{- $useRevProxySecret := and (hasKey .Values.csireverseproxy "useSecret") (.Values.csireverseproxy.useSecret | default false) }} + - name: X_CSI_REVPROXY_USE_SECRET + value: {{ $useRevProxySecret | quote }} + {{- if $useRevProxySecret }} + - name: X_CSI_REVPROXY_SECRET_FILEPATH + value: "/etc/powermax/config" + {{- end }} {{- if eq .Values.enableCHAP true }} - name: X_CSI_POWERMAX_ISCSI_ENABLE_CHAP value: "true" @@ -287,6 +293,10 @@ spec: mountPath: /node-topology-config {{- end }} {{- end }} + {{- if and (hasKey .Values.csireverseproxy "useSecret") (.Values.csireverseproxy.useSecret | default false) }} + - name: powermax-reverseproxy-secret + mountPath: /etc/powermax + {{- end }} - name: tls-secret mountPath: /app/tls - name: registrar @@ -479,6 +489,11 @@ spec: - name: powermax-array-config configMap: name: {{ .Release.Name }}-array-config + {{- if and (hasKey .Values.csireverseproxy "useSecret") (.Values.csireverseproxy.useSecret | default false) }} + - name: powermax-reverseproxy-secret + secret: + secretName: {{ required "Must provide defaultCredentialsSecret secret name." .Values.global.defaultCredentialsSecret }} + {{- end }} - name: certs secret: secretName: {{ .Release.Name }}-certs diff --git a/charts/csi-powermax/templates/powermax-array-config.yaml b/charts/csi-powermax/templates/powermax-array-config.yaml index 12904f5b..78b33bd5 100644 --- a/charts/csi-powermax/templates/powermax-array-config.yaml +++ b/charts/csi-powermax/templates/powermax-array-config.yaml @@ -7,8 +7,4 @@ data: powermax-array-config.yaml: | X_CSI_POWERMAX_PORTGROUPS: {{ .Values.global.portGroups | toYaml | default "" }} X_CSI_TRANSPORT_PROTOCOL: {{ .Values.global.transportProtocol | toYaml | default "" }} - {{- $_ := first .Values.global.storageArrays }} - {{- range $index, $value := .Values.global.storageArrays }} - X_CSI_POWERMAX_ENDPOINT: {{ $value.endpoint | toYaml | default "" }} - {{- end }} - X_CSI_MANAGED_ARRAYS: {{ .Values.global.managedArrays | toYaml | default "" }} \ No newline at end of file + X_CSI_MANAGED_ARRAYS: {{ .Values.global.managedArrays | toYaml | default "" }} diff --git a/charts/csi-powermax/values.yaml b/charts/csi-powermax/values.yaml index 72fe6d0d..17680adf 100644 --- a/charts/csi-powermax/values.yaml +++ b/charts/csi-powermax/values.yaml @@ -19,8 +19,12 @@ global: # Default value: None # Examples: "000000000001", "000000000002" managedArrays: "000000000001,000000000002" + # defaultCredentialsSecret - defaultCredentialsSecret: powermax-creds + # The name of the Kubernetes Secret containing the details of the PowerMax arrays, + # their Unisphere endpoints and their login credentials. + # Default: "powermax-config" + defaultCredentialsSecret: "powermax-config" # portGroups: Define the set of existing port groups that the driver will use. # It is a comma separated list of portgroup names. # Required only in case of iSCSI port groups @@ -37,6 +41,11 @@ global: # "" - Automatic selection of transport protocol # Default value: "" transportProtocol: "" + + # DEPRECATION NOTICE: The storageArrays parameter has been deprecated in this helm chart + # and will be removed in a future release. It remains for backward compatibility only. + # storageArrays have been migrated to the 'secret' format. Please refer to the official + # documentation website for further details. storageArrays: - storageArrayId: "000000000001" endpoint: https://primary-1.unisphe.re:8443 @@ -44,6 +53,11 @@ global: # - storageArrayId: "000000000002" # endpoint: https://primary-2.unisphe.re:8443 # backupEndpoint: https://backup-2.unisphe.re:8443 + + # DEPRECATION NOTICE: The managementServers parameter has been deprecated in this helm chart + # and will be removed in a future release. It remains for backward compatibility only. + # managementServers have been migrated to the 'secret' format. Please refer to the official + # documentation website for further details. managementServers: - endpoint: https://primary-1.unisphe.re:8443 credentialsSecret: primary-1-secret @@ -67,16 +81,16 @@ global: # Current version of the driver # Don't modify this value as this value will be used by the install script -version: "v2.13.0" +version: "v2.14.0" # "images" defines every container images used for the driver and its sidecars. # To use your own images, or a private registry, change the values here. images: # "driver" defines the container image, used for the driver container. driver: - image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0 + image: quay.io/dell/container-storage-modules/csi-powermax:nightly csireverseproxy: - image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:nightly # CSI sidecars attacher: image: registry.k8s.io/sig-storage/csi-attacher:v4.8.0 @@ -323,6 +337,15 @@ csireverseproxy: # Default value: None # Examples: "1111", "8080" port: 2222 + # useSecret + # Defines if the reverseproxy Secret should be used instead of the + # deprecated powermax-reverseproxy-config ConfigMap. If set to true, the contents + # of the secret specified by global.defaultCredentialsSecret will be used, + # in the new format, to specify Unisphere for PowerMax endpoints, array IDs, + # and login credentials. If set to false, the deprecated ConfigMap will be used. + # Default value: true + # Example: false + useSecret: true # Auto-create TLS certificate for csi-reverseproxy certManager: # Set selfSignedCert to use a self-signed certificate