diff --git a/Dockerfile b/Dockerfile index 4defd80e5..92fe414b5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ ARG BASEIMAGE ARG GOIMAGE -ARG VERSION="1.11.0" +ARG VERSION="1.11.1" FROM $GOIMAGE as builder ARG VERSION @@ -35,7 +35,7 @@ LABEL vendor="Dell Technologies" \ name="dell-csm-operator" \ summary="Operator for installing Dell CSI Drivers and Dell CSM Modules" \ description="Common Operator for installing various Dell CSI Drivers and Dell CSM Modules" \ - release="1.16.0" \ + release="1.16.1" \ version=$VERSION \ license="Dell CSM Operator Apache License" diff --git a/Makefile b/Makefile index 06a403d9e..8e7a1d915 100644 --- a/Makefile +++ b/Makefile @@ -1,11 +1,15 @@ # Copyright © 2026 Dell Inc. or its subsidiaries. All Rights Reserved. # # Dell Technologies, Dell and other trademarks are trademarks of Dell Inc. -# or its subsidiaries. Other trademarks may be trademarks of their respective +# or its subsidiaries. Other trademarks may be trademarks of their respective # owners. include images.mk +# Defaults for channels used in the bundle +CHANNELS ?= stable +DEFAULT_CHANNEL ?= stable + # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") # To re-generate a bundle for other specific channels without changing the standard setup, you can: diff --git a/PROJECT b/PROJECT index 1ba4adc2f..c41bf4e6d 100644 --- a/PROJECT +++ b/PROJECT @@ -1,19 +1,19 @@ domain: dell.com layout: -- go.kubebuilder.io/v3 + - go.kubebuilder.io/v4 plugins: manifests.sdk.operatorframework.io/v2: {} scorecard.sdk.operatorframework.io/v2: {} projectName: dell-csm-operator repo: github.com/dell/csm-operator resources: -- api: - crdVersion: v1 - namespaced: true - controller: true - domain: dell.com - group: storage - kind: ContainerStorageModule - path: github.com/dell/csm-operator/api/v1 - version: v1 + - api: + crdVersion: v1 + namespaced: true + controller: true + domain: dell.com + group: storage + kind: ContainerStorageModule + path: github.com/dell/csm-operator/api/v1 + version: v1 version: "3" diff --git a/bundle.Dockerfile b/bundle.Dockerfile index ec4c27a69..0c596fe39 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -1,6 +1,7 @@ ARG BASEIMAGE FROM $BASEIMAGE as final + # Core bundle labels. LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ @@ -8,9 +9,9 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=dell-csm-operator LABEL operators.operatorframework.io.bundle.channels.v1=stable LABEL operators.operatorframework.io.bundle.channel.default.v1=stable -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.37.0 +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.42.0 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 -LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v4 # Labels for testing. LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 2e01f2cca..a7bc0dfb2 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -24,7 +24,6 @@ metadata: "name": "cert-manager" }, { - "authorizationController": "quay.io/dell/container-storage-modules/csm-authorization-controller:v2.4.0", "authorizationControllerReplicas": 1, "certificate": "", "controllerReconcileInterval": "5m", @@ -32,30 +31,22 @@ metadata: "hostname": "csm-authorization.com", "leaderElection": true, "name": "proxy-server", - "opa": "docker.io/openpolicyagent/opa:0.70.0", - "opaKubeMgmt": "docker.io/openpolicyagent/kube-mgmt:9.3.0", "openTelemetryCollectorAddress": "", "privateKey": "", "proxyServerIngress": [ { "annotations": {}, - "hosts": [], + "hosts": null, "ingressClassName": "nginx" } ], - "proxyService": "quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.4.0", "proxyServiceReplicas": 1, - "roleService": "quay.io/dell/container-storage-modules/csm-authorization-role:v2.4.0", "roleServiceReplicas": 1, - "storageService": "quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0", "storageServiceReplicas": 1, - "tenantService": "quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.4.0", "tenantServiceReplicas": 1 }, { - "commander": "docker.io/rediscommander/redis-commander:latest", "name": "redis", - "redis": "redis:8.4.0-alpine", "redisCommander": "rediscommander", "redisName": "redis-csm", "redisReplicas": 5, @@ -88,12 +79,12 @@ metadata: } } ], - "configVersion": "v2.4.0", "enabled": true, "forceRemoveModule": true, "name": "authorization-proxy-server" } - ] + ], + "version": "v1.16.1" } }, { @@ -101,23 +92,15 @@ metadata: "kind": "ContainerStorageModule", "metadata": { "name": "cosi", - "namespace": "cosi" + "namespace": "dell-cosi" }, "spec": { "driver": { - "csiDriverType": "cosi", - "configVersion": "v1.0.0", - "replicas": 1, - "forceRemoveDriver": true, "common": { - "image": "quay.io/dell/container-storage-modules/cosi:v1.0.0", - "imagePullPolicy": "IfNotPresent", - "nodeSelector": {}, - "tolerations": [], "envs": [ { "name": "COSI_LOG_LEVEL", - "value": "info" + "value": "INFO" }, { "name": "COSI_LOG_FORMAT", @@ -127,13 +110,21 @@ metadata: "name": "OTEL_COLLECTOR_ADDRESS", "value": "" } - ] + ], + "image": "quay.io/dell/container-storage-modules/cosi:v1.0.0", + "imagePullPolicy": "IfNotPresent", + "nodeSelector": {}, + "tolerations": [] }, + "configVersion": "v1.0.0", + "csiDriverType": "cosi", + "forceRemoveDriver": true, + "replicas": 2, "sideCars": [ { - "name": "objectstorage-provisioner-sidecar", "image": "gcr.io/k8s-staging-sig-storage/objectstorage-sidecar:release-0.2", - "imagePullPolicy": "IfNotPresent" + "imagePullPolicy": "IfNotPresent", + "name": "objectstorage-provisioner-sidecar" } ] } @@ -472,7 +463,7 @@ metadata: "name": "resiliency" } ], - "version": "v1.16.0" + "version": "v1.16.1" } }, { @@ -826,7 +817,7 @@ metadata: "name": "resiliency" } ], - "version": "v1.16.0" + "version": "v1.16.1" } }, { @@ -1158,7 +1149,7 @@ metadata: "name": "observability" } ], - "version": "v1.16.0" + "version": "v1.16.1" } }, { @@ -1281,10 +1272,6 @@ metadata: "image": "registry.k8s.io/sig-storage/csi-snapshotter:v8.4.0", "name": "snapshotter" }, - { - "image": "quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.11.0", - "name": "csi-metadata-retriever" - }, { "args": [ "--monitor-interval=60s" @@ -1645,14 +1632,14 @@ metadata: "name": "resiliency" } ], - "version": "v1.16.0" + "version": "v1.16.1" } } ] capabilities: Seamless Upgrades categories: Storage - containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.0 - createdAt: "2025-09-05T13:18:42Z" + containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.1 + createdAt: "2026-02-05T22:08:07Z" description: Easily install and manage Dell’s CSI Drivers and CSM features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "false" @@ -1661,11 +1648,11 @@ metadata: features.operators.openshift.io/token-auth-aws: "false" features.operators.openshift.io/token-auth-azure: "false" features.operators.openshift.io/token-auth-gcp: "false" - operators.operatorframework.io/builder: operator-sdk-v1.37.0 - operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + operators.operatorframework.io/builder: operator-sdk-v1.42.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 repository: https://github.com/dell/csm-operator support: Dell Technologies - name: dell-csm-operator.v1.11.0 + name: dell-csm-operator.v1.11.1 namespace: placeholder spec: apiservicedefinitions: {} @@ -1713,9 +1700,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: driver.common.commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: driver.common.configSecretProviderClass - description: @@ -1762,10 +1749,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: driver.common.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: driver.common.nodeSelector - description: Opa is the image tag for the Container @@ -1820,9 +1806,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: driver.common.redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: driver.common.redisSecretProviderClass - description: @@ -1864,11 +1850,10 @@ spec: deployment displayName: Role Service Replicas path: driver.common.roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: driver.common.secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -1889,10 +1874,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: driver.common.secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: driver.common.secrets - description: Sentinel is the name of the sentinel statefulSet @@ -1925,7 +1910,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: driver.common.tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: driver.common.vaultConfigurations - description: Address is the address for this vault @@ -1987,9 +1974,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: driver.controller.commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: driver.controller.configSecretProviderClass - description: @@ -2036,10 +2023,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: driver.controller.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: driver.controller.nodeSelector - description: Opa is the image tag for the Container @@ -2094,9 +2080,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: driver.controller.redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: driver.controller.redisSecretProviderClass - description: @@ -2138,11 +2124,10 @@ spec: deployment displayName: Role Service Replicas path: driver.controller.roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: driver.controller.secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -2163,10 +2148,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: driver.controller.secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: driver.controller.secrets - description: Sentinel is the name of the sentinel statefulSet @@ -2199,7 +2184,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: driver.controller.tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: driver.controller.vaultConfigurations - description: Address is the address for this vault @@ -2271,9 +2258,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: driver.initContainers[0].commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: driver.initContainers[0].configSecretProviderClass - description: @@ -2320,10 +2307,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: driver.initContainers[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: driver.initContainers[0].nodeSelector - description: Opa is the image tag for the Container @@ -2378,9 +2364,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: driver.initContainers[0].redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: driver.initContainers[0].redisSecretProviderClass - description: @@ -2422,11 +2408,10 @@ spec: deployment displayName: Role Service Replicas path: driver.initContainers[0].roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: driver.initContainers[0].secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -2447,10 +2432,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: driver.initContainers[0].secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: driver.initContainers[0].secrets - description: Sentinel is the name of the sentinel statefulSet @@ -2483,7 +2468,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: driver.initContainers[0].tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: driver.initContainers[0].vaultConfigurations - description: Address is the address for this vault @@ -2542,9 +2529,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: driver.node.commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: driver.node.configSecretProviderClass - description: @@ -2591,10 +2578,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: driver.node.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: driver.node.nodeSelector - description: Opa is the image tag for the Container @@ -2649,9 +2635,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: driver.node.redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: driver.node.redisSecretProviderClass - description: @@ -2693,11 +2679,10 @@ spec: deployment displayName: Role Service Replicas path: driver.node.roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: driver.node.secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -2718,10 +2703,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: driver.node.secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: driver.node.secrets - description: Sentinel is the name of the sentinel statefulSet @@ -2754,7 +2739,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: driver.node.tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: driver.node.vaultConfigurations - description: Address is the address for this vault @@ -2816,9 +2803,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: driver.sideCars[0].commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: driver.sideCars[0].configSecretProviderClass - description: @@ -2865,10 +2852,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: driver.sideCars[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: driver.sideCars[0].nodeSelector - description: Opa is the image tag for the Container @@ -2923,9 +2909,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: driver.sideCars[0].redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: driver.sideCars[0].redisSecretProviderClass - description: @@ -2967,11 +2953,10 @@ spec: deployment displayName: Role Service Replicas path: driver.sideCars[0].roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: driver.sideCars[0].secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -2992,10 +2977,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: driver.sideCars[0].secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: driver.sideCars[0].secrets - description: Sentinel is the name of the sentinel statefulSet @@ -3028,7 +3013,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: driver.sideCars[0].tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: driver.sideCars[0].vaultConfigurations - description: Address is the address for this vault @@ -3101,9 +3088,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: modules[0].components[0].commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: modules[0].components[0].configSecretProviderClass - description: @@ -3150,10 +3137,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: modules[0].components[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: modules[0].components[0].nodeSelector - description: Opa is the image tag for the Container @@ -3208,9 +3194,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: modules[0].components[0].redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: modules[0].components[0].redisSecretProviderClass - description: @@ -3252,11 +3238,10 @@ spec: deployment displayName: Role Service Replicas path: modules[0].components[0].roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: modules[0].components[0].secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -3277,10 +3262,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: modules[0].components[0].secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: modules[0].components[0].secrets - description: Sentinel is the name of the sentinel statefulSet @@ -3313,7 +3298,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: modules[0].components[0].tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: modules[0].components[0].vaultConfigurations - description: Address is the address for this vault @@ -3380,9 +3367,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: modules[0].initContainer[0].commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: modules[0].initContainer[0].configSecretProviderClass - description: @@ -3429,10 +3416,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: modules[0].initContainer[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: modules[0].initContainer[0].nodeSelector - description: Opa is the image tag for the Container @@ -3487,9 +3473,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: modules[0].initContainer[0].redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: modules[0].initContainer[0].redisSecretProviderClass - description: @@ -3531,11 +3517,10 @@ spec: deployment displayName: Role Service Replicas path: modules[0].initContainer[0].roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: modules[0].initContainer[0].secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -3556,10 +3541,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: modules[0].initContainer[0].secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: modules[0].initContainer[0].secrets - description: Sentinel is the name of the sentinel statefulSet @@ -3592,7 +3577,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: modules[0].initContainer[0].tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: modules[0].initContainer[0].vaultConfigurations - description: Address is the address for this vault @@ -3627,7 +3614,8 @@ spec: - description: Name is name of ContainerStorageModule modules displayName: Name path: modules[0].name - - description: RetainImageRegistryPath is the boolean flag used to retain image + - description: + RetainImageRegistryPath is the boolean flag used to retain image registry path displayName: Retain Image Registry Path path: retainImageRegistryPath @@ -4149,6 +4137,18 @@ spec: - get - list - watch + - apiGroups: + - dr.storage.dell.com + resources: + - volumejournals + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - gateway.networking.k8s.io resources: @@ -4214,6 +4214,24 @@ spec: - list - update - watch + - apiGroups: + - objectstorage.k8s.io + resources: + - bucketaccessclasses + - bucketaccessclasses/status + - bucketaccesses + - bucketaccesses/status + - bucketclaims + - bucketclaims/status + - buckets + - buckets/status + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - rbac.authorization.k8s.io resources: @@ -4390,7 +4408,7 @@ spec: template: metadata: annotations: - storage.dell.com/CSMVersion: v1.16.0 + storage.dell.com/CSMVersion: v1.16.1 labels: control-plane: controller-manager spec: @@ -4417,7 +4435,7 @@ spec: - name: REFRESH_INTERVAL_MINUTES value: "60" - name: RELATED_IMAGE_dell-csm-operator - value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.0 + value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.1 - name: RELATED_IMAGE_csi-isilon value: quay.io/dell/container-storage-modules/csi-isilon:v2.16.0 - name: RELATED_IMAGE_csi-powermax @@ -4430,6 +4448,8 @@ spec: value: quay.io/dell/container-storage-modules/csi-unity:v2.16.0 - name: RELATED_IMAGE_csi-vxflexos value: quay.io/dell/container-storage-modules/csi-vxflexos:v2.16.0 + - name: RELATED_IMAGE_cosi + value: quay.io/dell/container-storage-modules/cosi:v1.0.0 - name: RELATED_IMAGE_sdc value: quay.io/dell/storage/powerflex/sdc:5.0 - name: RELATED_IMAGE_karavi-authorization-proxy @@ -4475,7 +4495,7 @@ spec: - name: RELATED_IMAGE_externalhealthmonitorcontroller value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.16.0 - name: RELATED_IMAGE_metadataretriever - value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.11.0 + value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.13.0 - name: RELATED_IMAGE_nginx value: quay.io/nginx/nginx-unprivileged:1.27 - name: RELATED_IMAGE_redis-commander @@ -4483,8 +4503,10 @@ spec: - name: RELATED_IMAGE_opa value: docker.io/openpolicyagent/opa:0.70.0 - name: RELATED_IMAGE_kube-mgmt - value: docker.io/openpolicyagent/kube-mgmt:9.3.0 - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.0 + value: docker.io/openpolicyagent/kube-mgmt:9.2.1 + - name: RELATED_IMAGE_objectstorage-provisioner-sidecar + value: gcr.io/k8s-staging-sig-storage/objectstorage-sidecar:release-0.2 + image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -4510,6 +4532,8 @@ spec: allowPrivilegeEscalation: false securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: dell-csm-operator-manager-service-account terminationGracePeriodSeconds: 10 strategy: deployment @@ -4530,6 +4554,7 @@ spec: - Powerscale - Powerstore - Unity + - Cosi - Authorization - Observability - Replication @@ -4545,7 +4570,7 @@ spec: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.0 + - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.1 name: dell-csm-operator - image: quay.io/dell/container-storage-modules/csi-isilon:v2.16.0 name: csi-isilon @@ -4559,6 +4584,8 @@ spec: name: csi-unity - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.16.0 name: csi-vxflexos + - image: quay.io/dell/container-storage-modules/cosi:v1.0.0 + name: cosi - image: quay.io/dell/storage/powerflex/sdc:5.0 name: sdc - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.4.0 @@ -4611,6 +4638,8 @@ spec: name: redis-commander - image: docker.io/openpolicyagent/opa:0.70.0 name: opa - - image: docker.io/openpolicyagent/kube-mgmt:9.3.0 + - image: docker.io/openpolicyagent/kube-mgmt:9.2.1 name: kube-mgmt - version: 1.11.0 + - image: gcr.io/k8s-staging-sig-storage/objectstorage-sidecar:release-0.2 + name: objectstorage-provisioner-sidecar + version: 1.11.1 diff --git a/bundle/manifests/storage.dell.com_containerstoragemodules.yaml b/bundle/manifests/storage.dell.com_containerstoragemodules.yaml index 6aca9e364..c3a807a36 100644 --- a/bundle/manifests/storage.dell.com_containerstoragemodules.yaml +++ b/bundle/manifests/storage.dell.com_containerstoragemodules.yaml @@ -4132,13 +4132,6 @@ spec: '!(has(self.version) && self.version != "" && has(self.modules) && self.modules.exists(m, has(m.components) && m.components.exists(c, has(c.image) && c.image != "")))' - - message: - spec.modules[*].configVersion is forbidden when spec.version - is set - rule: - '!(has(self.version) && self.version != "" && has(self.modules) - && self.modules.exists(m, has(m.configVersion) && m.configVersion - != ""))' - message: spec.customRegistry is forbidden when spec.version is empty rule: '!(has(self.customRegistry) && self.customRegistry != "" && !(has(self.version) diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index fca8b297c..b10d17117 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -6,9 +6,9 @@ annotations: operators.operatorframework.io.bundle.package.v1: dell-csm-operator operators.operatorframework.io.bundle.channels.v1: stable operators.operatorframework.io.bundle.channel.default.v1: stable - operators.operatorframework.io.metrics.builder: operator-sdk-v1.37.0 + operators.operatorframework.io.metrics.builder: operator-sdk-v1.42.0 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 - operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 # Annotations for testing. operators.operatorframework.io.test.mediatype.v1: scorecard+v1 diff --git a/config/install/kustomization.yaml b/config/install/kustomization.yaml index f84e8a116..99f3397cf 100644 --- a/config/install/kustomization.yaml +++ b/config/install/kustomization.yaml @@ -11,4 +11,4 @@ bases: images: - name: controller newName: quay.io/dell/container-storage-modules/dell-csm-operator - newTag: v1.11.0 + newTag: v1.11.1 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index abd7ad671..92fcfea73 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -11,4 +11,4 @@ kind: Kustomization images: - name: controller newName: quay.io/dell/container-storage-modules/dell-csm-operator - newTag: v1.11.0 + newTag: v1.11.1 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index fe2d0f23f..77939b221 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -15,7 +15,7 @@ spec: labels: control-plane: controller-manager annotations: - storage.dell.com/CSMVersion: v1.16.0 + storage.dell.com/CSMVersion: v1.16.1 spec: serviceAccountName: manager-service-account securityContext: @@ -33,7 +33,7 @@ spec: env: - name: REFRESH_INTERVAL_MINUTES value: "60" - - value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.0 + - value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.1 name: RELATED_IMAGE_dell-csm-operator - value: quay.io/dell/container-storage-modules/csi-isilon:v2.16.0 name: RELATED_IMAGE_csi-isilon @@ -93,7 +93,7 @@ spec: name: RELATED_IMAGE_resizer - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.16.0 name: RELATED_IMAGE_externalhealthmonitorcontroller - - value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.11.0 + - value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.13.0 name: RELATED_IMAGE_metadataretriever - value: quay.io/nginx/nginx-unprivileged:1.27 name: RELATED_IMAGE_nginx @@ -101,8 +101,10 @@ spec: name: RELATED_IMAGE_redis-commander - value: docker.io/openpolicyagent/opa:0.70.0 name: RELATED_IMAGE_opa - - value: docker.io/openpolicyagent/kube-mgmt:9.3.0 + - value: docker.io/openpolicyagent/kube-mgmt:9.2.1 name: RELATED_IMAGE_kube-mgmt + - value: gcr.io/k8s-staging-sig-storage/objectstorage-sidecar:release-0.2 + name: RELATED_IMAGE_objectstorage-provisioner-sidecar securityContext: allowPrivilegeEscalation: false livenessProbe: diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index 33ac34be4..54416bf0e 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -5,7 +5,7 @@ metadata: alm-examples: "[]" capabilities: Seamless Upgrades categories: Storage - containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.0 + containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.1 createdAt: "2022-03-29T11:59:59Z" description: Easily install and manage Dell’s CSI Drivers and CSM features.operators.openshift.io/disconnected: "true" @@ -17,7 +17,7 @@ metadata: features.operators.openshift.io/token-auth-gcp: "false" repository: https://github.com/dell/csm-operator support: Dell Technologies - name: dell-csm-operator.v1.11.0 + name: dell-csm-operator.v1.11.1 namespace: placeholder spec: apiservicedefinitions: {} @@ -65,9 +65,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: driver.common.commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: driver.common.configSecretProviderClass - description: @@ -114,10 +114,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: driver.common.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: driver.common.nodeSelector - description: Opa is the image tag for the Container @@ -172,9 +171,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: driver.common.redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: driver.common.redisSecretProviderClass - description: @@ -216,11 +215,10 @@ spec: deployment displayName: Role Service Replicas path: driver.common.roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: driver.common.secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -241,10 +239,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: driver.common.secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: driver.common.secrets - description: Sentinel is the name of the sentinel statefulSet @@ -277,7 +275,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: driver.common.tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: driver.common.vaultConfigurations - description: Address is the address for this vault @@ -339,9 +339,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: driver.controller.commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: driver.controller.configSecretProviderClass - description: @@ -388,10 +388,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: driver.controller.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: driver.controller.nodeSelector - description: Opa is the image tag for the Container @@ -446,9 +445,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: driver.controller.redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: driver.controller.redisSecretProviderClass - description: @@ -490,11 +489,10 @@ spec: deployment displayName: Role Service Replicas path: driver.controller.roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: driver.controller.secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -515,10 +513,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: driver.controller.secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: driver.controller.secrets - description: Sentinel is the name of the sentinel statefulSet @@ -551,7 +549,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: driver.controller.tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: driver.controller.vaultConfigurations - description: Address is the address for this vault @@ -623,9 +623,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: driver.initContainers[0].commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: driver.initContainers[0].configSecretProviderClass - description: @@ -672,10 +672,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: driver.initContainers[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: driver.initContainers[0].nodeSelector - description: Opa is the image tag for the Container @@ -730,9 +729,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: driver.initContainers[0].redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: driver.initContainers[0].redisSecretProviderClass - description: @@ -774,11 +773,10 @@ spec: deployment displayName: Role Service Replicas path: driver.initContainers[0].roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: driver.initContainers[0].secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -799,10 +797,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: driver.initContainers[0].secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: driver.initContainers[0].secrets - description: Sentinel is the name of the sentinel statefulSet @@ -835,7 +833,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: driver.initContainers[0].tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: driver.initContainers[0].vaultConfigurations - description: Address is the address for this vault @@ -894,9 +894,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: driver.node.commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: driver.node.configSecretProviderClass - description: @@ -943,10 +943,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: driver.node.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: driver.node.nodeSelector - description: Opa is the image tag for the Container @@ -1001,9 +1000,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: driver.node.redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: driver.node.redisSecretProviderClass - description: @@ -1045,11 +1044,10 @@ spec: deployment displayName: Role Service Replicas path: driver.node.roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: driver.node.secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -1070,10 +1068,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: driver.node.secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: driver.node.secrets - description: Sentinel is the name of the sentinel statefulSet @@ -1106,7 +1104,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: driver.node.tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: driver.node.vaultConfigurations - description: Address is the address for this vault @@ -1168,9 +1168,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: driver.sideCars[0].commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: driver.sideCars[0].configSecretProviderClass - description: @@ -1217,10 +1217,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: driver.sideCars[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: driver.sideCars[0].nodeSelector - description: Opa is the image tag for the Container @@ -1275,9 +1274,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: driver.sideCars[0].redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: driver.sideCars[0].redisSecretProviderClass - description: @@ -1319,11 +1318,10 @@ spec: deployment displayName: Role Service Replicas path: driver.sideCars[0].roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: driver.sideCars[0].secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -1344,10 +1342,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: driver.sideCars[0].secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: driver.sideCars[0].secrets - description: Sentinel is the name of the sentinel statefulSet @@ -1380,7 +1378,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: driver.sideCars[0].tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: driver.sideCars[0].vaultConfigurations - description: Address is the address for this vault @@ -1453,9 +1453,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: modules[0].components[0].commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: modules[0].components[0].configSecretProviderClass - description: @@ -1502,10 +1502,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: modules[0].components[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: modules[0].components[0].nodeSelector - description: Opa is the image tag for the Container @@ -1560,9 +1559,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: modules[0].components[0].redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: modules[0].components[0].redisSecretProviderClass - description: @@ -1604,11 +1603,10 @@ spec: deployment displayName: Role Service Replicas path: modules[0].components[0].roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: modules[0].components[0].secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -1629,10 +1627,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: modules[0].components[0].secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: modules[0].components[0].secrets - description: Sentinel is the name of the sentinel statefulSet @@ -1665,7 +1663,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: modules[0].components[0].tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: modules[0].components[0].vaultConfigurations - description: Address is the address for this vault @@ -1732,9 +1732,9 @@ spec: - description: Commander is the image tag for the Container displayName: Authorization Commander Container Image path: modules[0].initContainer[0].commander - - description: - ConfigSecretProviderClass is the SecretProviderClass Object details - for config secret Applicable from CSM v1.15 onwards + - description: |- + ConfigSecretProviderClass is the SecretProviderClass Object details for config secret + Applicable from CSM v1.15 onwards displayName: Config SecretProviderClass details path: modules[0].initContainer[0].configSecretProviderClass - description: @@ -1781,10 +1781,9 @@ spec: - description: Name is the name of Container displayName: Container Name path: modules[0].initContainer[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. + - description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. displayName: NodeSelector path: modules[0].initContainer[0].nodeSelector - description: Opa is the image tag for the Container @@ -1839,9 +1838,9 @@ spec: - description: RedisReplicas is the number of replicas for the redis deployment displayName: Redis Deployment Replicas path: modules[0].initContainer[0].redisReplicas - - description: - RedisSecretProviderClass is the SecretProviderClass Object details - for redis Applicable from CSM v1.15 onwards + - description: |- + RedisSecretProviderClass is the SecretProviderClass Object details for redis + Applicable from CSM v1.15 onwards displayName: Redis SecretProviderClass details path: modules[0].initContainer[0].redisSecretProviderClass - description: @@ -1883,11 +1882,10 @@ spec: deployment displayName: Role Service Replicas path: modules[0].initContainer[0].roleServiceReplicas - - description: - SecretProviderClasses is a collection of secret provider classes - for retrieving secrets from external providers for storage system credentials - Applicable from CSM v1.15 onwards Only one of SecretProviderClasses or Secrets - must be specified (mutually exclusive) + - description: |- + SecretProviderClasses is a collection of secret provider classes for retrieving secrets from external providers for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secret Provider Classes path: modules[0].initContainer[0].secretProviderClasses - description: Conjur is the list SecretProviderClass names provided by Conjur @@ -1908,10 +1906,10 @@ spec: - description: Vault is the list SecretProviderClass names provided by Vault displayName: Vault SecretProviderClass Names path: modules[0].initContainer[0].secretProviderClasses.vault - - description: - Secrets is a collection of kubernetes secrets for storage system - credentials Applicable from CSM v1.15 onwards Only one of SecretProviderClasses - or Secrets must be specified (mutually exclusive) + - description: |- + Secrets is a collection of kubernetes secrets for storage system credentials + Applicable from CSM v1.15 onwards + Only one of SecretProviderClasses or Secrets must be specified (mutually exclusive) displayName: Secrets path: modules[0].initContainer[0].secrets - description: Sentinel is the name of the sentinel statefulSet @@ -1944,7 +1942,9 @@ spec: - description: Tolerations is the list of tolerations for the driver pods displayName: Tolerations path: modules[0].initContainer[0].tolerations - - description: Vaults are the vault configurations Applicable till CSM v1.14 + - description: |- + Vaults are the vault configurations + Applicable till CSM v1.14 displayName: Vault Configurations path: modules[0].initContainer[0].vaultConfigurations - description: Address is the address for this vault @@ -1979,7 +1979,8 @@ spec: - description: Name is name of ContainerStorageModule modules displayName: Name path: modules[0].name - - description: RetainImageRegistryPath is the boolean flag used to retain image + - description: + RetainImageRegistryPath is the boolean flag used to retain image registry path displayName: Retain Image Registry Path path: retainImageRegistryPath @@ -2078,6 +2079,7 @@ spec: - Powerscale - Powerstore - Unity + - Cosi - Authorization - Observability - Replication @@ -2093,7 +2095,7 @@ spec: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.0 + - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.1 name: dell-csm-operator - image: quay.io/dell/container-storage-modules/csi-isilon:v2.16.0 name: csi-isilon @@ -2107,6 +2109,8 @@ spec: name: csi-unity - image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.16.0 name: csi-vxflexos + - image: quay.io/dell/container-storage-modules/cosi:v1.0.0 + name: cosi - image: quay.io/dell/storage/powerflex/sdc:5.0 name: sdc - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.4.0 @@ -2151,6 +2155,8 @@ spec: name: resizer - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.16.0 name: externalhealthmonitorcontroller - - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.11.0 + - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.13.0 name: metadataretriever - version: 1.11.0 + - image: gcr.io/k8s-staging-sig-storage/objectstorage-sidecar:release-0.2 + name: objectstorage-provisioner-sidecar + version: 1.11.1 diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 31226c84e..21de60c03 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -5,5 +5,6 @@ resources: - storage_v1_csm_powerstore.yaml - storage_v1_csm_unity.yaml - storage_v1_csm_powermax.yaml + - storage_v1_csm_cosi.yaml - storage_v1_csm_authorization_v2.yaml # +kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/storage_v1_csm_authorization_v2.yaml b/config/samples/storage_v1_csm_authorization_v2.yaml index 4315fb86b..fb0b179f4 100644 --- a/config/samples/storage_v1_csm_authorization_v2.yaml +++ b/config/samples/storage_v1_csm_authorization_v2.yaml @@ -4,12 +4,12 @@ metadata: name: authorization namespace: authorization spec: + version: v1.16.1 modules: # Authorization: enable csm-authorization proxy server for RBAC - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v2.4.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -30,17 +30,10 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.4.0 proxyServiceReplicas: 1 - tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.4.0 tenantServiceReplicas: 1 - roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.4.0 roleServiceReplicas: 1 - storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 storageServiceReplicas: 1 - opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 - authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.4.0 authorizationControllerReplicas: 1 leaderElection: true # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. @@ -61,7 +54,7 @@ spec: proxyServerIngress: - ingressClassName: nginx # additional host rules for the proxy-server ingress - hosts: [] + hosts: # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local # additional annotations for the proxy-server ingress @@ -85,12 +78,11 @@ spec: # conjur: # usernamePath: secrets/redis-username # passwordPath: secrets/redis-password - redis: redis:8.4.0-alpine - commander: docker.io/rediscommander/redis-commander:latest redisName: redis-csm redisCommander: rediscommander sentinel: sentinel redisReplicas: 5 + - name: config # Optional: # Config secret configuration for JWT signing secret: @@ -105,6 +97,7 @@ spec: # Path for Conjur secret that stores the config secret. # conjur: # secretPath: secrets/config-object + # Comment and uncomment the appropriate sections below to use the desired method. # Storage system credentials can be provided in one of two ways: # 1. Using a SecretProviderClass (for dynamic secrets from external providers) @@ -115,20 +108,20 @@ spec: vault: - secret-provider-class-1 - secret-provider-class-2 - # conjur: - # - name: secret-provider-class-3 - # paths: - # - usernamePath: secrets/username1 - # passwordPath: secrets/password1 - # - usernamePath: secrets/username2 - # passwordPath: secrets/password2 - # - name: secret-provider-class-4 - # paths: - # - usernamePath: secrets/username3 - # passwordPath: secrets/password3 + # conjur: + # - name: secret-provider-class-3 + # paths: + # - usernamePath: secrets/username1 + # passwordPath: secrets/password1 + # - usernamePath: secrets/username2 + # passwordPath: secrets/password2 + # - name: secret-provider-class-4 + # paths: + # - usernamePath: secrets/username3 + # passwordPath: secrets/password3 # secrets: - # - secret-1 - # - secret-2 + # - secret-1 + # - secret-2 --- apiVersion: v1 kind: ConfigMap diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index 3f6737821..c581661a7 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -4,7 +4,7 @@ metadata: name: vxflexos namespace: vxflexos spec: - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "powerflex" csiDriverSpec: diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index 068928478..f3fbe2a9c 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -19,7 +19,7 @@ metadata: namespace: powermax spec: # Add fields here - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "powermax" csiDriverSpec: diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index 47d1cfac6..2d7a3ad9c 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -4,7 +4,7 @@ metadata: name: isilon namespace: isilon spec: - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "isilon" csiDriverSpec: diff --git a/config/samples/storage_v1_csm_powerstore.yaml b/config/samples/storage_v1_csm_powerstore.yaml index 7a766b6b0..212d99ea5 100644 --- a/config/samples/storage_v1_csm_powerstore.yaml +++ b/config/samples/storage_v1_csm_powerstore.yaml @@ -19,7 +19,7 @@ metadata: name: powerstore namespace: powerstore spec: - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "powerstore" csiDriverSpec: diff --git a/config/samples/storage_v1_csm_unity.yaml b/config/samples/storage_v1_csm_unity.yaml index c8251055a..da7a8c575 100644 --- a/config/samples/storage_v1_csm_unity.yaml +++ b/config/samples/storage_v1_csm_unity.yaml @@ -103,8 +103,6 @@ spec: image: registry.k8s.io/sig-storage/csi-resizer:v2.0.0 - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.4.0 - - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.13.0 # health monitor is disabled by default, refer to driver documentation before enabling it # Default monitor-interval: 60s - name: external-health-monitor diff --git a/controllers/csm_controller.go b/controllers/csm_controller.go index 7b25bff18..a7bc62db3 100644 --- a/controllers/csm_controller.go +++ b/controllers/csm_controller.go @@ -97,7 +97,7 @@ const ( CSMFinalizerName = "finalizer.dell.emc.com" // CSMVersion - - CSMVersion = "v1.16.0" + CSMVersion = "v1.16.1" // RefreshEnvVar - environment variable name for watcher timed refreshes RefreshEnvVar = "REFRESH_INTERVAL_MINUTES" @@ -821,7 +821,7 @@ func (r *ContainerStorageModuleReconciler) SyncCSM(ctx context.Context, cr csmv1 if cr.GetDriverType() == csmv1.PowerMax { if !modules.IsReverseProxySidecar() { - log.Infof("DeployAsSidar is false...csi-reverseproxy should be present as deployement\n") + log.Infof("DeployAsSidar is false...csi-reverseproxy should be present as deployment\n") log.Infof("adding proxy service name...\n") modules.AddReverseProxyServiceName(&controller.Deployment) diff --git a/deploy/olm/operator_community.yaml b/deploy/olm/operator_community.yaml index 3c4cb572d..36296e27f 100644 --- a/deploy/olm/operator_community.yaml +++ b/deploy/olm/operator_community.yaml @@ -5,7 +5,7 @@ metadata: namespace: test-csm-operator-olm spec: sourceType: grpc - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.0 + image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.1 --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup diff --git a/deploy/operator.yaml b/deploy/operator.yaml index c094997a3..c32c3ac6e 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -903,7 +903,7 @@ spec: template: metadata: annotations: - storage.dell.com/CSMVersion: v1.16.0 + storage.dell.com/CSMVersion: v1.16.1 labels: control-plane: controller-manager spec: @@ -916,7 +916,7 @@ spec: - name: REFRESH_INTERVAL_MINUTES value: "60" - name: RELATED_IMAGE_dell-csm-operator - value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.0 + value: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.1 - name: RELATED_IMAGE_csi-isilon value: quay.io/dell/container-storage-modules/csi-isilon:v2.16.0 - name: RELATED_IMAGE_csi-powermax @@ -976,7 +976,7 @@ spec: - name: RELATED_IMAGE_externalhealthmonitorcontroller value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.16.0 - name: RELATED_IMAGE_metadataretriever - value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.11.0 + value: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.13.0 - name: RELATED_IMAGE_nginx value: quay.io/nginx/nginx-unprivileged:1.27 - name: RELATED_IMAGE_redis-commander @@ -984,8 +984,10 @@ spec: - name: RELATED_IMAGE_opa value: docker.io/openpolicyagent/opa:0.70.0 - name: RELATED_IMAGE_kube-mgmt - value: docker.io/openpolicyagent/kube-mgmt:9.3.0 - image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.0 + value: docker.io/openpolicyagent/kube-mgmt:9.2.1 + - name: RELATED_IMAGE_objectstorage-provisioner-sidecar + value: gcr.io/k8s-staging-sig-storage/objectstorage-sidecar:release-0.2 + image: quay.io/dell/container-storage-modules/dell-csm-operator:v1.11.1 imagePullPolicy: Always livenessProbe: httpGet: diff --git a/helper.mk b/helper.mk index fb9b2394f..c3e47f568 100644 --- a/helper.mk +++ b/helper.mk @@ -9,7 +9,7 @@ gen-semver: go run core/semver/semver.go -f mk > semver.mk download-csm-common: - git clone --depth 1 git@github.com:CSM/csm.git temp-repo + git clone --depth 1 git@github.com:dell/csm.git temp-repo cp temp-repo/config/csm-common.mk . rm -rf temp-repo diff --git a/images.mk b/images.mk index d1256cb27..b747a0aa5 100644 --- a/images.mk +++ b/images.mk @@ -1,7 +1,7 @@ # Copyright © 2026 Dell Inc. or its subsidiaries. All Rights Reserved. # # Dell Technologies, Dell and other trademarks are trademarks of Dell Inc. -# or its subsidiaries. Other trademarks may be trademarks of their respective +# or its subsidiaries. Other trademarks may be trademarks of their respective # owners. include overrides.mk @@ -14,10 +14,16 @@ BUNDLE_IMAGE_TAG_BASE_COMMUNITY ?= dell-csm-community-operator-bundle CATALOG_IMAGE_TAG_BASE_COMMUNITY ?= dell-csm-community-operator-catalog # Bundle Version is the semantic version(required by operator-sdk) -BUNDLE_VERSION ?= 1.11.0 +BUNDLE_VERSION ?= 1.11.1 + +# Registry where images will be pushed (use by operator-sdk to set the newName) +REGISTRY ?= quay.io/dell/container-storage-modules + +# Image tag base (use by operator-sdk to set the newName) +IMAGE_TAG_BASE ?= dell-csm-operator # Operator Version is the semantic version(required by operator-sdk) -VERSION ?= v1.11.0 +VERSION ?= v1.11.1 # Operator image name IMG ?= "$(REGISTRY)/$(IMAGE_TAG_BASE):$(VERSION)" diff --git a/operatorconfig/common/csm-version-mapping.yaml b/operatorconfig/common/csm-version-mapping.yaml index d0397b5eb..f7ffb144d 100644 --- a/operatorconfig/common/csm-version-mapping.yaml +++ b/operatorconfig/common/csm-version-mapping.yaml @@ -1,4 +1,5 @@ powerflex: + v1.16.1: "v2.16.0" v1.16.0: "v2.16.0" v1.15.1: "v2.15.1" v1.15.0: "v2.15.0" @@ -6,6 +7,7 @@ powerflex: v1.14.0: "v2.14.0" powermax: + v1.16.1: "v2.16.0" v1.16.0: "v2.16.0" v1.15.1: "v2.15.1" v1.15.0: "v2.15.0" @@ -13,12 +15,14 @@ powermax: v1.14.0: "v2.14.0" powerscale: + v1.16.1: "v2.16.0" v1.16.0: "v2.16.0" v1.15.1: "v2.15.1" v1.15.0: "v2.15.0" v1.14.0: "v2.14.0" powerstore: + v1.16.1: "v2.16.0" v1.16.0: "v2.16.0" v1.15.1: "v2.15.1" v1.15.0: "v2.15.0" @@ -26,11 +30,13 @@ powerstore: v1.14.0: "v2.14.0" unity: + v1.16.1: "v2.16.0" v1.16.0: "v2.16.0" v1.15.0: "v2.15.0" v1.14.0: "v2.14.0" authorization-proxy-server: + v1.16.1: "v2.4.0" v1.16.0: "v2.4.0" v1.15.1: "v2.3.0" v1.15.0: "v2.3.0" diff --git a/pkg/drivers/commonconfig.go b/pkg/drivers/commonconfig.go index 035c663b6..144460066 100644 --- a/pkg/drivers/commonconfig.go +++ b/pkg/drivers/commonconfig.go @@ -1,4 +1,4 @@ -// Copyright © 2022 Dell Inc. or its subsidiaries. All Rights Reserved. +// Copyright © 2022-2026 Dell Inc. or its subsidiaries. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -197,15 +197,6 @@ func GetController(ctx context.Context, cr csmv1.ContainerStorageModule, operato if !removeContainer { operatorutils.ReplaceAllContainerImageApply(operatorConfig.K8sVersion, &c) operatorutils.UpdateSideCarApply(ctx, cr.Spec.Driver.SideCars, &c, cr, matched) - if len(cr.Spec.Driver.SideCars) == 0 { - if matched.Version != "" { - if img := matched.Images[*containers[i].Name]; img != "" { - *c.Image = img - } - } else if cr.Spec.CustomRegistry != "" { - *c.Image = operatorutils.ResolveImage(ctx, string(*c.Image), cr) - } - } newcontainers = append(newcontainers, c) } @@ -398,15 +389,6 @@ func GetNode(ctx context.Context, cr csmv1.ContainerStorageModule, operatorConfi if !removeContainer { operatorutils.ReplaceAllContainerImageApply(operatorConfig.K8sVersion, &containers[i]) operatorutils.UpdateSideCarApply(ctx, cr.Spec.Driver.SideCars, &containers[i], cr, matched) - if len(cr.Spec.Driver.SideCars) == 0 { - if matched.Version != "" { - if img := matched.Images[*containers[i].Name]; img != "" { - *c.Image = img - } - } else if cr.Spec.CustomRegistry != "" { - *c.Image = operatorutils.ResolveImage(ctx, string(*c.Image), cr) - } - } newcontainers = append(newcontainers, c) } } diff --git a/pkg/modules/authorization.go b/pkg/modules/authorization.go index fe33042bf..385b3a439 100644 --- a/pkg/modules/authorization.go +++ b/pkg/modules/authorization.go @@ -102,7 +102,7 @@ const ( // Auth default images DefaultProxyServerImage = "quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.4.0" DefaultOpaImage = "docker.io/openpolicyagent/opa:0.70.0" - DefaultOpaKubeMgmtImage = "docker.io/openpolicyagent/kube-mgmt:9.3.0" + DefaultOpaKubeMgmtImage = "docker.io/openpolicyagent/kube-mgmt:9.2.1" DefaultTenantServiceImage = "quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.4.0" DefaultRoleServiceImage = "quay.io/dell/container-storage-modules/csm-authorization-role:v2.4.0" DefaultStorageServiceImage = "quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0" diff --git a/pkg/modules/testdata/cr_auth_proxy.yaml b/pkg/modules/testdata/cr_auth_proxy.yaml index e44cd3c00..15d24623e 100644 --- a/pkg/modules/testdata/cr_auth_proxy.yaml +++ b/pkg/modules/testdata/cr_auth_proxy.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.2.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.2.0 authorizationControllerReplicas: 1 leaderElection: true diff --git a/pkg/modules/testdata/cr_auth_proxy_bad_vault_ca.yaml b/pkg/modules/testdata/cr_auth_proxy_bad_vault_ca.yaml index 6adff3206..e1cc03c00 100644 --- a/pkg/modules/testdata/cr_auth_proxy_bad_vault_ca.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_bad_vault_ca.yaml @@ -35,7 +35,7 @@ spec: roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. controllerReconcileInterval: 5m # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates diff --git a/pkg/modules/testdata/cr_auth_proxy_bad_vault_cert.yaml b/pkg/modules/testdata/cr_auth_proxy_bad_vault_cert.yaml index cc0d076bc..9a6c1fd53 100644 --- a/pkg/modules/testdata/cr_auth_proxy_bad_vault_cert.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_bad_vault_cert.yaml @@ -35,7 +35,7 @@ spec: roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. controllerReconcileInterval: 5m # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates diff --git a/pkg/modules/testdata/cr_auth_proxy_bad_vault_key.yaml b/pkg/modules/testdata/cr_auth_proxy_bad_vault_key.yaml index b2a6988b3..4c30d0220 100644 --- a/pkg/modules/testdata/cr_auth_proxy_bad_vault_key.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_bad_vault_key.yaml @@ -35,7 +35,7 @@ spec: roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. controllerReconcileInterval: 5m # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates diff --git a/pkg/modules/testdata/cr_auth_proxy_certs.yaml b/pkg/modules/testdata/cr_auth_proxy_certs.yaml index e685660b6..e758d2aa0 100644 --- a/pkg/modules/testdata/cr_auth_proxy_certs.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_certs.yaml @@ -35,7 +35,7 @@ spec: roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.4.0 storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. controllerReconcileInterval: 5m # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates diff --git a/pkg/modules/testdata/cr_auth_proxy_certs_missing_key.yaml b/pkg/modules/testdata/cr_auth_proxy_certs_missing_key.yaml index 7f6fbac44..7c1df3ae0 100644 --- a/pkg/modules/testdata/cr_auth_proxy_certs_missing_key.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_certs_missing_key.yaml @@ -35,7 +35,7 @@ spec: roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.4.0 storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. controllerReconcileInterval: 5m # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates diff --git a/pkg/modules/testdata/cr_auth_proxy_custom_registry.yaml b/pkg/modules/testdata/cr_auth_proxy_custom_registry.yaml index c6ae0e7c1..7bc8e7c55 100644 --- a/pkg/modules/testdata/cr_auth_proxy_custom_registry.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_custom_registry.yaml @@ -42,7 +42,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.2.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.2.0 authorizationControllerReplicas: 1 leaderElection: true diff --git a/pkg/modules/testdata/cr_auth_proxy_k8s_secret.yaml b/pkg/modules/testdata/cr_auth_proxy_k8s_secret.yaml index 095f238e6..85b23d536 100644 --- a/pkg/modules/testdata/cr_auth_proxy_k8s_secret.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_k8s_secret.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.4.0 authorizationControllerReplicas: 1 leaderElection: true diff --git a/pkg/modules/testdata/cr_auth_proxy_k8s_secret_and_secret_provider_class.yaml b/pkg/modules/testdata/cr_auth_proxy_k8s_secret_and_secret_provider_class.yaml index 75854d357..ac250ddda 100644 --- a/pkg/modules/testdata/cr_auth_proxy_k8s_secret_and_secret_provider_class.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_k8s_secret_and_secret_provider_class.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.4.0 authorizationControllerReplicas: 1 leaderElection: true diff --git a/pkg/modules/testdata/cr_auth_proxy_multiple_vaults.yaml b/pkg/modules/testdata/cr_auth_proxy_multiple_vaults.yaml index dad16bdd2..7feeaa4ba 100644 --- a/pkg/modules/testdata/cr_auth_proxy_multiple_vaults.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_multiple_vaults.yaml @@ -38,7 +38,7 @@ spec: roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. controllerReconcileInterval: 5m diff --git a/pkg/modules/testdata/cr_auth_proxy_no_k8s_secret_and_secret_provider_class.yaml b/pkg/modules/testdata/cr_auth_proxy_no_k8s_secret_and_secret_provider_class.yaml index aa07b674f..8054a686f 100644 --- a/pkg/modules/testdata/cr_auth_proxy_no_k8s_secret_and_secret_provider_class.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_no_k8s_secret_and_secret_provider_class.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.4.0 authorizationControllerReplicas: 1 leaderElection: true diff --git a/pkg/modules/testdata/cr_auth_proxy_no_redis.yaml b/pkg/modules/testdata/cr_auth_proxy_no_redis.yaml index 099df65c6..6440bc084 100644 --- a/pkg/modules/testdata/cr_auth_proxy_no_redis.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_no_redis.yaml @@ -35,7 +35,7 @@ spec: roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.4.0 storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. controllerReconcileInterval: 5m # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates diff --git a/pkg/modules/testdata/cr_auth_proxy_openshift.yaml b/pkg/modules/testdata/cr_auth_proxy_openshift.yaml index 5c550ffca..706aa4ed5 100644 --- a/pkg/modules/testdata/cr_auth_proxy_openshift.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_openshift.yaml @@ -35,7 +35,7 @@ spec: roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.4.0 storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. controllerReconcileInterval: 5m # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates diff --git a/pkg/modules/testdata/cr_auth_proxy_secret_provider_class.yaml b/pkg/modules/testdata/cr_auth_proxy_secret_provider_class.yaml index 5cc0ddce9..69e5122ed 100644 --- a/pkg/modules/testdata/cr_auth_proxy_secret_provider_class.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_secret_provider_class.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.4.0 authorizationControllerReplicas: 1 leaderElection: true diff --git a/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_config_conjur.yaml b/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_config_conjur.yaml index a525a3ee1..3534522a5 100644 --- a/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_config_conjur.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_config_conjur.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.4.0 authorizationControllerReplicas: 1 leaderElection: true diff --git a/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_conjur.yaml b/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_conjur.yaml index d67725288..0ff951c5a 100644 --- a/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_conjur.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_conjur.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.4.0 authorizationControllerReplicas: 1 leaderElection: true diff --git a/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_redis_conjur.yaml b/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_redis_conjur.yaml index c2d99a15f..ffe55009c 100644 --- a/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_redis_conjur.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_secret_provider_class_redis_conjur.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.4.0 authorizationControllerReplicas: 1 leaderElection: true diff --git a/pkg/modules/testdata/cr_auth_proxy_vault_ca.yaml b/pkg/modules/testdata/cr_auth_proxy_vault_ca.yaml index 5dbaba1b0..a5be6a343 100644 --- a/pkg/modules/testdata/cr_auth_proxy_vault_ca.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_vault_ca.yaml @@ -38,7 +38,7 @@ spec: roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. controllerReconcileInterval: 5m diff --git a/pkg/modules/testdata/cr_auth_proxy_vault_cert.yaml b/pkg/modules/testdata/cr_auth_proxy_vault_cert.yaml index 0dbc24a3e..9147d3f64 100644 --- a/pkg/modules/testdata/cr_auth_proxy_vault_cert.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_vault_cert.yaml @@ -35,7 +35,7 @@ spec: roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. controllerReconcileInterval: 5m # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates diff --git a/pkg/operatorutils/utils.go b/pkg/operatorutils/utils.go index 53bc577d6..4790c2f72 100644 --- a/pkg/operatorutils/utils.go +++ b/pkg/operatorutils/utils.go @@ -1,4 +1,4 @@ -// Copyright © 2021 - 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +// Copyright © 2021 - 2026 Dell Inc. or its subsidiaries. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -212,8 +212,12 @@ func UpdateSideCarApply(ctx context.Context, sideCars []csmv1.ContainerTemplate, } func UpdateContainerApply(ctx context.Context, toBeApplied []csmv1.ContainerTemplate, c *acorev1.ContainerApplyConfiguration, cr csmv1.ContainerStorageModule, matched VersionSpec) { + sidecarInSpec := false + // Apples to sidecars referenced in the spec for _, ctr := range toBeApplied { if *c.Name == ctr.Name { + sidecarInSpec = true + if matched.Version != "" { if img := matched.Images[ctr.Name]; img != "" { if *c.Name == ctr.Name { @@ -236,6 +240,18 @@ func UpdateContainerApply(ctx context.Context, toBeApplied []csmv1.ContainerTemp c.Args = ReplaceAllArgs(c.Args, ctr.Args) } } + + // Update all other csi sidecar images that are not referenced in cr.Spec.Driver.SideCars + if !sidecarInSpec { + if matched.Version != "" { + img := matched.Images[*c.Name] + if img != "" { + *c.Image = img + } + } else if cr.Spec.CustomRegistry != "" { + *c.Image = ResolveImage(ctx, string(*c.Image), cr) + } + } } // ReplaceAllContainerImageApply - diff --git a/pkg/operatorutils/utils_test.go b/pkg/operatorutils/utils_test.go index e02b6453e..747a10e19 100644 --- a/pkg/operatorutils/utils_test.go +++ b/pkg/operatorutils/utils_test.go @@ -1,4 +1,4 @@ -// Copyright © 2024 - 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +// Copyright © 2024 - 2026 Dell Inc. or its subsidiaries. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -831,6 +831,43 @@ func TestUpdateSideCarApply(t *testing.T) { assert.Equal(t, expectedContainer3, container) + // Use spec.version with a sidecar not in the CR + container2 := acorev1.Container(). + WithName("sidecarX"). + WithImage("old-image"). + WithImagePullPolicy("Always") + + // Matrix contains an entry for "sidecarX" + matched := VersionSpec{ + Version: "vMatrix", + Images: map[string]string{ + "sidecarX": "matrix-sidecarX-image", + }, + } + + UpdateSideCarApply(ctx, sideCars, container2, csmv1.ContainerStorageModule{}, matched) + + expectedContainer4 := acorev1.Container(). + WithName("sidecarX"). + WithImage("matrix-sidecarX-image"). + WithImagePullPolicy("Always") // pull policy unchanged since no template matched + + assert.Equal(t, expectedContainer4, container2, "should apply matrix.Image even when no CR sidecar template matches") + + // Use spec.customRegistry with a sidecar not in the CR + UpdateSideCarApply(ctx, sideCars, container2, csmv1.ContainerStorageModule{ + Spec: csmv1.ContainerStorageModuleSpec{ + CustomRegistry: "test-custom-registry", + }, + }, VersionSpec{}) + + expectedContainer5 := acorev1.Container(). + WithName("sidecarX"). + WithImage("test-custom-registry/matrix-sidecarX-image"). + WithImagePullPolicy("Always") // pull policy unchanged since no template matched + + assert.Equal(t, expectedContainer5, container2, "should apply customRegistry even when no CR sidecar template matches") + // repeat the test with the other function that uses the child function // very minor code coverage gain, 0.1% UpdateInitContainerApply(ctx, sideCars, container, csmv1.ContainerStorageModule{}, VersionSpec{}) diff --git a/samples/authorization/csm_authorization_proxy_server_v240.yaml b/samples/authorization/csm_authorization_proxy_server_v240.yaml index 7e7c45a36..fb0b179f4 100644 --- a/samples/authorization/csm_authorization_proxy_server_v240.yaml +++ b/samples/authorization/csm_authorization_proxy_server_v240.yaml @@ -4,7 +4,7 @@ metadata: name: authorization namespace: authorization spec: - version: v1.16.0 + version: v1.16.1 modules: # Authorization: enable csm-authorization proxy server for RBAC - name: authorization-proxy-server @@ -55,7 +55,6 @@ spec: - ingressClassName: nginx # additional host rules for the proxy-server ingress hosts: - - authorization-ingress-nginx-controller.authorization.svc.cluster.local # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local # additional annotations for the proxy-server ingress diff --git a/samples/ocp/1.10.1/storage_csm_unity_v2151.yaml b/samples/ocp/1.10.1/storage_csm_unity_v2151.yaml index 3ebd028b3..29ab6a467 100644 --- a/samples/ocp/1.10.1/storage_csm_unity_v2151.yaml +++ b/samples/ocp/1.10.1/storage_csm_unity_v2151.yaml @@ -115,8 +115,6 @@ spec: image: registry.k8s.io/sig-storage/csi-resizer@sha256:5e7cbb63fd497fa913caa21fee1a69f727c220c6fa83c5f8bb0995e2ad73a474 - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:bc7be893ecc3ad524194aa6573b2f5c06cd469bdf21a500ab6c99c2ba1c4d64d - - name: csi-metadata-retriever - image: registry.connect.redhat.com/dell-emc/dell-csm-metadata-retriever@sha256:6de94d91a17a401b5f2e5cdf7bb50cd053521deaf1e189340d21c4249e8c4bf1 # health monitor is disabled by default, refer to driver documentation before enabling it # Default monitor-interval: 60s - name: external-health-monitor diff --git a/samples/v2.16.0/minimal-samples/powerflex_v2160.yaml b/samples/v2.16.0/minimal-samples/powerflex_v2160.yaml index 53dc401a5..48ac6b6ed 100644 --- a/samples/v2.16.0/minimal-samples/powerflex_v2160.yaml +++ b/samples/v2.16.0/minimal-samples/powerflex_v2160.yaml @@ -4,7 +4,7 @@ metadata: name: vxflexos namespace: vxflexos spec: - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "powerflex" forceRemoveDriver: true diff --git a/samples/v2.16.0/minimal-samples/powermax_v2160.yaml b/samples/v2.16.0/minimal-samples/powermax_v2160.yaml index 87ae15c86..419ad6224 100644 --- a/samples/v2.16.0/minimal-samples/powermax_v2160.yaml +++ b/samples/v2.16.0/minimal-samples/powermax_v2160.yaml @@ -4,7 +4,7 @@ metadata: name: powermax namespace: powermax spec: - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "powermax" forceRemoveDriver: true diff --git a/samples/v2.16.0/minimal-samples/powerscale_v2160.yaml b/samples/v2.16.0/minimal-samples/powerscale_v2160.yaml index a42672596..56437c468 100644 --- a/samples/v2.16.0/minimal-samples/powerscale_v2160.yaml +++ b/samples/v2.16.0/minimal-samples/powerscale_v2160.yaml @@ -4,7 +4,7 @@ metadata: name: isilon namespace: isilon spec: - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "isilon" forceRemoveDriver: true diff --git a/samples/v2.16.0/minimal-samples/powerstore_v2160.yaml b/samples/v2.16.0/minimal-samples/powerstore_v2160.yaml index e59f8c0f4..ce540dc7a 100644 --- a/samples/v2.16.0/minimal-samples/powerstore_v2160.yaml +++ b/samples/v2.16.0/minimal-samples/powerstore_v2160.yaml @@ -4,7 +4,7 @@ metadata: name: powerstore namespace: powerstore spec: - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "powerstore" forceRemoveDriver: true diff --git a/samples/v2.16.0/storage_csm_powerflex_v2160.yaml b/samples/v2.16.0/storage_csm_powerflex_v2160.yaml index 3f6737821..c581661a7 100644 --- a/samples/v2.16.0/storage_csm_powerflex_v2160.yaml +++ b/samples/v2.16.0/storage_csm_powerflex_v2160.yaml @@ -4,7 +4,7 @@ metadata: name: vxflexos namespace: vxflexos spec: - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "powerflex" csiDriverSpec: diff --git a/samples/v2.16.0/storage_csm_powermax_v2160.yaml b/samples/v2.16.0/storage_csm_powermax_v2160.yaml index 068928478..f3fbe2a9c 100644 --- a/samples/v2.16.0/storage_csm_powermax_v2160.yaml +++ b/samples/v2.16.0/storage_csm_powermax_v2160.yaml @@ -19,7 +19,7 @@ metadata: namespace: powermax spec: # Add fields here - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "powermax" csiDriverSpec: diff --git a/samples/v2.16.0/storage_csm_powerscale_v2160.yaml b/samples/v2.16.0/storage_csm_powerscale_v2160.yaml index 47d1cfac6..2d7a3ad9c 100644 --- a/samples/v2.16.0/storage_csm_powerscale_v2160.yaml +++ b/samples/v2.16.0/storage_csm_powerscale_v2160.yaml @@ -4,7 +4,7 @@ metadata: name: isilon namespace: isilon spec: - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "isilon" csiDriverSpec: diff --git a/samples/v2.16.0/storage_csm_powerstore_v2160.yaml b/samples/v2.16.0/storage_csm_powerstore_v2160.yaml index 7a766b6b0..212d99ea5 100644 --- a/samples/v2.16.0/storage_csm_powerstore_v2160.yaml +++ b/samples/v2.16.0/storage_csm_powerstore_v2160.yaml @@ -19,7 +19,7 @@ metadata: name: powerstore namespace: powerstore spec: - version: v1.16.0 + version: v1.16.1 driver: csiDriverType: "powerstore" csiDriverSpec: diff --git a/samples/v2.16.0/storage_csm_unity_v2160.yaml b/samples/v2.16.0/storage_csm_unity_v2160.yaml index c8251055a..da7a8c575 100644 --- a/samples/v2.16.0/storage_csm_unity_v2160.yaml +++ b/samples/v2.16.0/storage_csm_unity_v2160.yaml @@ -103,8 +103,6 @@ spec: image: registry.k8s.io/sig-storage/csi-resizer:v2.0.0 - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v8.4.0 - - name: csi-metadata-retriever - image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.13.0 # health monitor is disabled by default, refer to driver documentation before enabling it # Default monitor-interval: 60s - name: external-health-monitor diff --git a/testdata/default.yaml b/testdata/default.yaml index 42ceb8e6e..c36a30980 100644 --- a/testdata/default.yaml +++ b/testdata/default.yaml @@ -20,4 +20,4 @@ images: # "images.sdcmonitor" defines the container images used to monitor sdc container sdcmonitor: quay.io/dell/storage/powerflex/sdc:5.0 # "images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.11.0 + metadataretriever: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.13.0 diff --git a/tests/e2e/testfiles/authorization-templates/csm-images.yaml b/tests/e2e/testfiles/authorization-templates/csm-images.yaml index ababbad29..0843342e3 100644 --- a/tests/e2e/testfiles/authorization-templates/csm-images.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm-images.yaml @@ -31,7 +31,7 @@ data: role-service: quay.io/dell/container-storage-modules/csm-authorization-role:nightly storage-service: quay.io/dell/container-storage-modules/csm-authorization-storage:nightly opa: docker.io/openpolicyagent/opa:0.70.0 - opa-kube-mgmt: docker.io/openpolicyagent/kube-mgmt:9.3.0 + opa-kube-mgmt: docker.io/openpolicyagent/kube-mgmt:9.2.1 redis: redis:8.4.0-alpine commander: docker.io/rediscommander/redis-commander:latest attacher: registry.k8s.io/sig-storage/csi-attacher:v4.10.0 diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml index 63c363f05..6e2959d1e 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:nightly storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:nightly authorizationControllerReplicas: 1 leaderElection: true diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_conjur.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_conjur.yaml index 645ca411f..503a157b6 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_conjur.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_conjur.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:nightly storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:nightly authorizationControllerReplicas: 1 leaderElection: true diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml index 4312a613e..c120e09dc 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_default_redis.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:nightly storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:nightly authorizationControllerReplicas: 1 leaderElection: true diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_k8s_secret.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_k8s_secret.yaml index 5bfab2699..cab251e18 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_k8s_secret.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_k8s_secret.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:nightly storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:nightly authorizationControllerReplicas: 1 leaderElection: true diff --git a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_vault.yaml b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_vault.yaml index 257e59c1d..f5d175e54 100644 --- a/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_vault.yaml +++ b/tests/e2e/testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server_vault.yaml @@ -39,7 +39,7 @@ spec: storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.4.0 storageServiceReplicas: 1 opa: docker.io/openpolicyagent/opa:0.70.0 - opaKubeMgmt: openpolicyagent/kube-mgmt:9.3.0 + opaKubeMgmt: openpolicyagent/kube-mgmt:9.2.1 authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.4.0 authorizationControllerReplicas: 1 leaderElection: true