dell · lukeatdell · Nov 20, 2024 · Nov 22, 2024 · Dec 9, 2024 · Dec 17, 2024
@@ -1,7 +1,7 @@
 apiVersion: v2
-appVersion: "2.13.0"
+appVersion: "2.14.0"
 name: csi-powermax
-version: 2.13.0
+version: 2.14.0
 description: |
   PowerMax CSI (Container Storage Interface) driver Kubernetes
   integration. This chart includes everything required to provision via CSI as
@@ -15,7 +15,7 @@ keywords:
   - storage
 dependencies:
   - name: csireverseproxy
-    version: 2.12.0
+    version: 2.13.0
     condition: required
 home: https://github.com/dell/csi-powermax
 icon: https://avatars1.githubusercontent.com/u/20958494?s=200&v=4

@@ -4,6 +4,6 @@ description: A Helm chart for CSI PowerMax ReverseProxy
 
 type: application
 
-version: 2.12.0
+version: 2.13.0
 
-appVersion: 2.12.0
+appVersion: 2.13.0
@@ -1,7 +1,17 @@
+{{- /*
+Deprecation notice: use of reverseproxy-config ConfigMap is deprecated and will
+be removed in a future release. The ConfigMap remains for backward compatibility
+usage only.
+*/}}
+{{- /*
+Use the ConfigMap only if the secretName value is empty or the key is not found
+*/}}
+{{- if or (not (hasKey .Values "secretName")) (empty .Values.secretName) }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ .Release.Name }}-reverseproxy-config
   namespace: {{ .Release.Namespace }}
 data:
 {{ tpl (.Files.Glob "conf/config.yaml").AsConfig . | indent 2 }}
+{{- end }}
@@ -20,31 +20,50 @@ spec:
           image: {{ required "Must provided an image for reverseproxy container." .Values.image }}
           imagePullPolicy: Always
           env:
+              {{- $useRevProxySecret := and (hasKey .Values "secretName") (not (empty .Values.secretName)) }}
+            - name: X_CSI_REVPROXY_USE_SECRET
+              value: {{ $useRevProxySecret | quote }}
+              {{- if $useRevProxySecret }}
+            - name: X_CSI_REVPROXY_SECRET_FILEPATH
+              value: "/etc/powermax/config"
+              {{- else }}
             - name: X_CSI_REVPROXY_CONFIG_DIR
               value: /etc/config/configmap
             - name: X_CSI_REVPROXY_CONFIG_FILE_NAME
               value: config.yaml
+              {{- end }}
             - name: X_CSI_REVRPOXY_IN_CLUSTER
               value: "true"
             - name: X_CSI_REVPROXY_TLS_CERT_DIR
               value: /app/tls
             - name: X_CSI_REVPROXY_WATCH_NAMESPACE
               value: {{ .Release.Namespace }}
           volumeMounts:
+              {{- if and (hasKey .Values "secretName") (not (empty .Values.secretName)) }}
+            - name: powermax-reverseproxy-secret
+              mountPath: /etc/powermax
+              {{- else }}
             - name: configmap-volume
               mountPath: /etc/config/configmap
+              {{- end }}
             - name: tls-secret
               mountPath: /app/tls
             - name: cert-dir
               mountPath: /app/certs
       volumes:
+          {{- if and (hasKey .Values "secretName") (not (empty .Values.secretName)) }}
+        - name: powermax-reverseproxy-secret
+          secret:
+            secretName: {{ .Values.secretName }}
+          {{- else }}
         - name: configmap-volume
           configMap:
             name: {{ .Release.Name }}-reverseproxy-config
             optional: true
+          {{- end }}
         - name: tls-secret
           secret:
             secretName: {{ .Values.tlsSecret }}
         - name: cert-dir
           emptyDir:
-{{- end }}
+{{- end }}
@@ -1,7 +1,14 @@
-image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0
+image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.13.0
 port: 2222
 
 # TLS secret which is used for setting up the proxy HTTPS server
 # Don't change this value unless really necessary
 # If this value is modified, then the installation script will have to be modified
 tlsSecret: "csirevproxy-tls-secret"
+
+# Name of the reverseproxy secret as a Kubernetes resource, containing
+# details required for connecting the csi-powermax driver to Unisphere for
+# PowerMax endpoints.
+# Default value: ""
+# Example: "powermax-reverseproxy-secret"
+secretName: ""
@@ -414,6 +414,7 @@ spec:
               value: /var/run/csi/csi.sock
             - name: X_CSI_MODE
               value: controller
+              {{- if or (not (hasKey .Values.csireverseproxy "secretName")) (empty .Values.csireverseproxy.secretName) }}
             - name: X_CSI_POWERMAX_USER
               valueFrom:
                 secretKeyRef:
@@ -424,10 +425,18 @@ spec:
                 secretKeyRef:
                   name: {{ .Values.global.defaultCredentialsSecret }}
                   key: password
+              {{- end }}
             - name: X_CSI_POWERMAX_CONFIG_PATH
               value: /powermax-config-params/driver-config-params.yaml
             - name: X_CSI_POWERMAX_ARRAY_CONFIG_PATH
               value: /powermax-array-config/powermax-array-config.yaml
+              {{- $useRevProxySecret := and (hasKey .Values.csireverseproxy "secretName") (not (empty .Values.csireverseproxy.secretName)) }}
+            - name: X_CSI_REVPROXY_USE_SECRET
+              value: {{ $useRevProxySecret | quote }}
+              {{- if $useRevProxySecret }}
+            - name: X_CSI_REVPROXY_SECRET_FILEPATH
+              value: "/etc/powermax/config"
+              {{- end }}
             - name: X_CSI_POWERMAX_DEBUG
               value: {{ .Values.powerMaxDebug | default "false" | lower | quote }}
             - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION
@@ -509,26 +518,43 @@ spec:
               mountPath: /powermax-config-params
             - name: powermax-array-config
               mountPath: /powermax-array-config
+              {{- if and (hasKey .Values.csireverseproxy "secretName") (not (empty .Values.csireverseproxy.secretName)) }}
+            - name: powermax-reverseproxy-secret
+              mountPath: /etc/powermax
+              {{- end }}
             - name: tls-secret
               mountPath: /app/tls
         {{- if eq .Values.csireverseproxy.deployAsSidecar true }}
         - name: reverseproxy
           image: {{ required "Must provided an image for reverseproxy container." .Values.images.csireverseproxy.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           env:
+              {{- $useRevProxySecret := and (hasKey .Values.csireverseproxy "secretName") (not (empty .Values.csireverseproxy.secretName)) }}
+            - name: X_CSI_REVPROXY_USE_SECRET
+              value: {{ $useRevProxySecret | quote }}
+              {{- if $useRevProxySecret }}
+            - name: X_CSI_REVPROXY_SECRET_FILEPATH
+              value: "/etc/powermax/config"
+              {{- else }}
             - name: X_CSI_REVPROXY_CONFIG_DIR
               value: /etc/config/configmap
             - name: X_CSI_REVPROXY_CONFIG_FILE_NAME
               value: config.yaml
+              {{- end }}
             - name: X_CSI_REVRPOXY_IN_CLUSTER
               value: "true"
             - name: X_CSI_REVPROXY_TLS_CERT_DIR
               value: /app/tls
             - name: X_CSI_REVPROXY_WATCH_NAMESPACE
               value: {{ .Release.Namespace }}
           volumeMounts:
+              {{- if and (hasKey .Values.csireverseproxy "secretName") (not (empty .Values.csireverseproxy.secretName)) }}
+            - name: powermax-reverseproxy-secret
+              mountPath: /etc/powermax
+              {{- else }}
             - name: configmap-volume
               mountPath: /etc/config/configmap
+              {{- end }}
             - name: tls-secret
               mountPath: /app/tls
             - name: cert-dir
@@ -541,10 +567,16 @@ spec:
           secret:
               secretName: {{ .Release.Name }}-certs
               optional: true
+          {{- if and (hasKey .Values.csireverseproxy "secretName") (not (empty .Values.csireverseproxy.secretName)) }}
+        - name: powermax-reverseproxy-secret
+          secret:
+            secretName: {{ .Values.csireverseproxy.secretName }}
+          {{- else }}
         - name: configmap-volume
           configMap:
             name: {{ .Release.Name }}-reverseproxy-config
             optional: true
+          {{- end }}
         - name: tls-secret
           secret:
             secretName: {{ .Values.csireverseproxy.tlsSecret }}

@@ -95,8 +95,8 @@ metadata:
   {{- if eq .Values.authorization.enabled true }}
   annotations:
     com.dell.karavi-authorization-proxy: "true"
-  {{ end }}
-  {{ end }}
+  {{- end }}
+  {{- end }}
 spec:
   selector:
     matchLabels:
@@ -112,14 +112,14 @@ spec:
         {{- end }}
     spec:
       serviceAccountName: {{ .Release.Name }}-node
-      {{ if .Values.node.nodeSelector }}
+      {{- if .Values.node.nodeSelector }}
       nodeSelector:
       {{- toYaml .Values.node.nodeSelector | nindent 8 }}
-      {{ end }}
-      {{ if .Values.node.tolerations }}
+      {{- end }}
+      {{- if .Values.node.tolerations }}
       tolerations:
       {{- toYaml .Values.node.tolerations | nindent 6 }}
-      {{ end }}
+      {{- end }}
       hostIPC: true
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
@@ -153,15 +153,13 @@ spec:
               value: "{{ .Values.maxPowerMaxVolumesPerNode }}"
             - name: X_CSI_PRIVATE_MOUNT_DIR
               value: "{{ .Values.kubeletConfigDir }}/plugins/powermax.emc.dell.com/disks"
-            {{- $managementServer := first .Values.global.managementServers }}
-            - name: X_CSI_POWERMAX_ENDPOINT
-              value: {{ required "Must provide a Unisphere HTTPS endpoint." $managementServer.endpoint }}
             - name: X_CSI_POWERMAX_DEBUG
               value: {{ .Values.powerMaxDebug | default "false" | lower | quote }}
             - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION
               value: {{ .Values.skipCertificateValidation | default "true" | lower | quote }}
             - name: X_CSI_K8S_CLUSTER_PREFIX
               value:  {{ required "Must provide a Cluster Prefix." .Values.clusterPrefix }}
+              {{- if or (not (hasKey .Values.csireverseproxy "secretName")) (empty .Values.csireverseproxy.secretName) }}
             - name: X_CSI_POWERMAX_USER
               valueFrom:
                 secretKeyRef:
@@ -172,11 +170,19 @@ spec:
                 secretKeyRef:
                   name: {{ .Values.global.defaultCredentialsSecret }}
                   key: password
+              {{- end }}
             - name: X_CSI_POWERMAX_NODENAME
               valueFrom:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: spec.nodeName
+              {{- $useRevProxySecret := and (hasKey .Values.csireverseproxy "secretName") (not (empty .Values.csireverseproxy.secretName)) }}
+            - name: X_CSI_REVPROXY_USE_SECRET
+              value: {{ $useRevProxySecret | quote }}
+              {{- if $useRevProxySecret }}
+            - name: X_CSI_REVPROXY_SECRET_FILEPATH
+              value: "/etc/powermax/config"
+              {{- end }}
             {{- if eq .Values.enableCHAP  true }}
             - name: X_CSI_POWERMAX_ISCSI_ENABLE_CHAP
               value: "true"
@@ -287,6 +293,10 @@ spec:
               mountPath: /node-topology-config
             {{- end }}
             {{- end }}
+              {{- if and (hasKey .Values.csireverseproxy "secretName") (not (empty .Values.csireverseproxy.secretName)) }}
+            - name: powermax-reverseproxy-secret
+              mountPath: /etc/powermax
+              {{- end }}
             - name: tls-secret
               mountPath: /app/tls
         - name: registrar
@@ -479,6 +489,11 @@ spec:
         - name: powermax-array-config
           configMap:
             name: {{ .Release.Name }}-array-config
+          {{- if and (hasKey .Values.csireverseproxy "secretName") (not (empty .Values.csireverseproxy.secretName)) }}
+        - name: powermax-reverseproxy-secret
+          secret:
+            secretName: {{ .Values.csireverseproxy.secretName }}
+          {{- end }}
         - name: certs
           secret:
             secretName: {{ .Release.Name }}-certs

@@ -7,8 +7,4 @@ data:
   powermax-array-config.yaml: |
     X_CSI_POWERMAX_PORTGROUPS: {{ .Values.global.portGroups | toYaml | default "" }}
     X_CSI_TRANSPORT_PROTOCOL: {{ .Values.global.transportProtocol | toYaml | default "" }}
-    {{- $_ := first .Values.global.storageArrays }}
-    {{- range $index, $value := .Values.global.storageArrays }}
-    X_CSI_POWERMAX_ENDPOINT: {{ $value.endpoint | toYaml | default "" }}
-    {{- end }}
-    X_CSI_MANAGED_ARRAYS: {{ .Values.global.managedArrays | toYaml | default "" }}
+    X_CSI_MANAGED_ARRAYS: {{ .Values.global.managedArrays | toYaml | default "" }}
@@ -19,7 +19,12 @@ global:
   # Default value: None
   # Examples: "000000000001", "000000000002"
   managedArrays: "000000000001,000000000002"
+
   # defaultCredentialsSecret
+  # DEPRECATION NOTICE: The defaultCredentials parameter has been deprecated and will be
+  # removed in a future release. It remains for backward compatibility only.
+  # Please see use the parameter .csireverseproxy.secretName below and refer to the official
+  # documentation website for further details.
   defaultCredentialsSecret: powermax-creds
   # portGroups: Define the set of existing port groups that the driver will use.
   # It is a comma separated list of portgroup names.
@@ -37,13 +42,23 @@ global:
   #   ""      - Automatic selection of transport protocol
   # Default value: "" <empty>
   transportProtocol: ""
+
+  # DEPRECATION NOTICE: The storageArrays parameter has been deprecated in this helm chart
+  # and will be removed in a future release. It remains for backward compatibility only.
+  # storageArrays have been migrated to the 'secret' format. Please refer to the official
+  # documentation website for further details.
   storageArrays:
     - storageArrayId: "000000000001"
       endpoint: https://primary-1.unisphe.re:8443
       backupEndpoint: https://backup-1.unisphe.re:8443
   # - storageArrayId: "000000000002"
   #   endpoint: https://primary-2.unisphe.re:8443
   #   backupEndpoint: https://backup-2.unisphe.re:8443
+
+  # DEPRECATION NOTICE: The managementServers parameter has been deprecated in this helm chart
+  # and will be removed in a future release. It remains for backward compatibility only.
+  # managementServers have been migrated to the 'secret' format. Please refer to the official
+  # documentation website for further details.
   managementServers:
     - endpoint: https://primary-1.unisphe.re:8443
       credentialsSecret: primary-1-secret
@@ -67,16 +82,16 @@ global:
 
 # Current version of the driver
 # Don't modify this value as this value will be used by the install script
-version: "v2.13.0"
+version: "v2.14.0"
 
 # "images" defines every container images used for the driver and its sidecars.
 #  To use your own images, or a private registry, change the values here.
 images:
   # "driver" defines the container image, used for the driver container.
   driver:
-    image: quay.io/dell/container-storage-modules/csi-powermax:v2.13.0
+    image: quay.io/dell/container-storage-modules/csi-powermax:v2.14.0
   csireverseproxy:
-    image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.12.0
+    image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.13.0
   # CSI sidecars
   attacher:
     image: registry.k8s.io/sig-storage/csi-attacher:v4.8.0
@@ -323,6 +338,12 @@ csireverseproxy:
   # Default value: None
   # Examples: "1111", "8080"
   port: 2222
+  # Name of the reverseproxy secret as a Kubernetes resource, containing
+  # details required for connecting the csi-powermax driver to Unisphere for
+  # PowerMax endpoints.
+  # Default value: ""
+  # Example: "powermax-reverseproxy-secret"
+  secretName: ""
   # Auto-create TLS certificate for csi-reverseproxy
   certManager:
     # Set selfSignedCert to use a self-signed certificate