From 90f88fa65d419cc39af789abf8c2c79963500197 Mon Sep 17 00:00:00 2001 From: jack <62025739+1602077@users.noreply.github.com> Date: Thu, 6 Jun 2024 15:44:59 +0200 Subject: [PATCH 1/6] deploy: /etc/krb5.conf.d/crypto-policies configurable via helm rather than being baked into dockerfile (#17) * move crypto-policies to be configurable via helm --- deployments/docker/Dockerfile | 4 --- deployments/docker/crypto-policies | 6 ---- deployments/helm/eosxd-csi/values.yaml | 41 ++++++++++++++++++++------ 3 files changed, 32 insertions(+), 19 deletions(-) delete mode 100644 deployments/docker/crypto-policies diff --git a/deployments/docker/Dockerfile b/deployments/docker/Dockerfile index 2743779..b0efca1 100644 --- a/deployments/docker/Dockerfile +++ b/deployments/docker/Dockerfile @@ -46,10 +46,6 @@ LABEL description="EOSxd CSI Plugin" \ org.opencontainers.image.base.digest="" \ org.opencontainers.image.base.name="" -# Override the default list of accepted KRB ciphers by adding "arcfour-hmac-md5" -# to retain support for tickets created by cc7 clients. -COPY deployments/docker/crypto-policies /etc/krb5.conf.d/crypto-policies - COPY bin/linux-${TARGETARCH}/csi-driver /csi-driver COPY bin/linux-${TARGETARCH}/automount-runner /automount-runner COPY bin/linux-${TARGETARCH}/mount-reconciler /mount-reconciler diff --git a/deployments/docker/crypto-policies b/deployments/docker/crypto-policies deleted file mode 100644 index bb6d4d6..0000000 --- a/deployments/docker/crypto-policies +++ /dev/null @@ -1,6 +0,0 @@ -# Added by EOSxd CSI driver. -# Overrides the default list of accepted KRB ciphers by adding "arcfour-hmac-md5" -# to retain support for tickets created by cc7 clients. - -[libdefaults] -permitted_enctypes = arcfour-hmac-md5 aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes128-cts-hmac-sha1-96 diff --git a/deployments/helm/eosxd-csi/values.yaml b/deployments/helm/eosxd-csi/values.yaml index 54a1a33..f30602f 100644 --- a/deployments/helm/eosxd-csi/values.yaml +++ b/deployments/helm/eosxd-csi/values.yaml @@ -11,6 +11,19 @@ extraSecrets: # These can be used e.g. when defining eosxd client configuration. # ConfigMap data supports go-template expressions. extraConfigMaps: + # /etc/krb5.conf.d/crypto-policies + # + # Required to override the default list of accepted KRB ciphers by adding + # "arcfour-hmac-md5" to retain support for tickets created by cc7 clients. + eos-csi-dir-etc-krb5-conf: + crypto-policies: | + # Added by EOSxd CSI driver. + # Overrides the default list of accepted KRB ciphers by adding "arcfour-hmac-md5" + # to retain support for tickets created by cc7 clients. + + [libdefaults] + permitted_enctypes = arcfour-hmac-md5 aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes128-cts-hmac-sha1-96 + eos-csi-dir-etc-auto-master-d: # /etc/auto.master.d/eos.autofs eos.autofs: | @@ -152,7 +165,6 @@ extraConfigMaps: # Node plugin handles node-local operations, e.g. mounting and unmounting # eosxd repositories. nodeplugin: - # Component name. Used as `component` label value # and to generate DaemonSet name. name: nodeplugin @@ -172,6 +184,9 @@ nodeplugin: secret: secretName: eos-csi-file-etc-eos-keytab defaultMode: 0400 + - name: eos-csi-dir-etc-krb5-conf + configMap: + name: eos-csi-dir-etc-krb5-conf # eosxd CSI image and container resources specs. plugin: @@ -182,7 +197,9 @@ nodeplugin: resources: {} # Extra volume mounts to append to nodeplugin's # Pod.spec.containers[name="nodeplugin"].volumeMounts. - extraVolumeMounts: [] + extraVolumeMounts: + - name: eos-csi-dir-etc-krb5-conf + mountPath: /etc/krb5.conf.d # eosxd CSI image and container resources specs. automount: @@ -203,6 +220,8 @@ nodeplugin: - name: etc-eos-keytab mountPath: /etc/eos.keytab subPath: eos.keytab + - name: eos-csi-dir-etc-krb5-conf + mountPath: /etc/krb5.conf.d mountreconciler: image: @@ -212,7 +231,9 @@ nodeplugin: resources: {} # Extra volume mounts to append to nodeplugin's # Pod.spec.containers[name="mountreconciler"].volumeMounts. - extraVolumeMounts: [] + extraVolumeMounts: + - name: eos-csi-dir-etc-krb5-conf + mountPath: /etc/krb5.conf.d # csi-node-driver-registrar image and container resources specs. registrar: @@ -259,11 +280,10 @@ nodeplugin: dnsPolicy: ClusterFirstWithHostNet # CSI Controller plugin Deployment configuration. -# eosxd CSI supports volume provisioning, however the provisioned volumes only fulfill the role +# eosxd CSI supports volume provisioning, however the provisioned volumes only fulfil the role # of a reference to eosxd repositories used inside the CO (e.g. Kubernetes), and are not modifying # the eosxd store in any way. controllerplugin: - # Component name. Used as `component` label value # and to generate DaemonSet name. name: controllerplugin @@ -271,7 +291,10 @@ controllerplugin: # Number of Deployment replicas. In general, one is sufficient. replicas: 1 - extraVolumes: [] + extraVolumes: + - name: eos-csi-dir-etc-krb5-conf + configMap: + name: eos-csi-dir-etc-krb5-conf # eosxd CSI image and container resources specs. plugin: @@ -280,7 +303,9 @@ controllerplugin: tag: v1.1.1 pullPolicy: IfNotPresent resources: {} - extraVolumeMounts: [] + extraVolumeMounts: + - name: eos-csi-dir-etc-krb5-conf + mountPath: /etc/krb5.conf.d # CSI external-provisioner image and container resources specs. provisioner: @@ -313,7 +338,6 @@ controllerplugin: # ServiceAccount to use with Controller plugin Deployment. serviceAccount: - # Name of the ServiceAccount (to use and/or create). # If no name is provided, Helm chart will generate one. serviceAccountName: "" @@ -324,7 +348,6 @@ controllerplugin: # RBAC rules assigned to the ServiceAccount defined above. rbac: - # Whether to create RBACs in the eosxd CSI namespace. # If not, it is expected they are already present. create: true From 55f404bfa8c6d2b1a804c620e971b0ba25f5e05b Mon Sep 17 00:00:00 2001 From: jack <62025739+1602077@users.noreply.github.com> Date: Wed, 12 Jun 2024 10:26:14 +0200 Subject: [PATCH 2/6] build(ci): add basic go ci to test and lint codebase (#14) * build: add basic go ci --- .github/workflows/ci-test-go.yaml | 66 +++++++++++++++++++++++++++++++ Makefile | 7 ++++ go.sum | 45 --------------------- 3 files changed, 73 insertions(+), 45 deletions(-) create mode 100644 .github/workflows/ci-test-go.yaml diff --git a/.github/workflows/ci-test-go.yaml b/.github/workflows/ci-test-go.yaml new file mode 100644 index 0000000..25d0929 --- /dev/null +++ b/.github/workflows/ci-test-go.yaml @@ -0,0 +1,66 @@ +name: ci-test-golang +on: + push: + branches: + - "*" + - "!master" + pull_request: + branches: + - "master" + # Allows for manual triggers using the `gh` CLI. + workflow_dispatch: +env: + GO_VERSION: "1.22" + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Install dependencies + run: go mod download + + - name: Run go vet + run: go vet ./... + + - name: Run go test + run: go test ./... -json > test-results.json + + - name: Publish test results + uses: actions/upload-artifact@v4 + with: + name: go-results + path: test-results.json + + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Verify go mod tidy has been run + run: | + set -e + go mod tidy + if [ ! -z "$(git status --porcelain go.mod go.sum)" ]; then + >&2 echo "Running go mod tidy modified go.mod and/or go.sum" + exit 1 + fi + + - name: Verify gofumpt has been run + run: | + set -e + go install mvdan.cc/gofumpt@latest + gofumpt -l -w . + if [ ! -z "$(git status --porcelain .)" ]; then + >&2 echo "Running gofumpt modified source code" + exit 1 + fi diff --git a/Makefile b/Makefile index 0929856..c9a928c 100644 --- a/Makefile +++ b/Makefile @@ -116,6 +116,13 @@ image: build $(GOX): go install github.com/mitchellh/gox@v1.0.1 +# ------------------------------------------------------------------------------ +# linting +.PHONY: fmt +fmt: + @[ -x "$$(command -v gofumpt)" ] || go install mvdan.cc/gofumpt@latest + gofumpt -l -w . + # ------------------------------------------------------------------------------ .PHONY: clean clean: diff --git a/go.sum b/go.sum index db42628..ef74536 100644 --- a/go.sum +++ b/go.sum @@ -2,20 +2,12 @@ github.com/container-storage-interface/spec v1.9.0 h1:zKtX4STsq31Knz3gciCYCi1SXt github.com/container-storage-interface/spec v1.9.0/go.mod h1:ZfDu+3ZRyeVqxZM0Ds19MVLkN2d1XJ5MAfi1L3VjlT0= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/kubernetes-csi/csi-lib-utils v0.17.0 h1:xEpJ3WYgMyyYF6fvcKHh4cDRtknuTkBS9rG8bYoLTCU= -github.com/kubernetes-csi/csi-lib-utils v0.17.0/go.mod h1:2Ba5/aQgUjbpqyC2uCcFwMF3rnPVs5jhZXm8jAzcT9Q= github.com/kubernetes-csi/csi-lib-utils v0.18.1 h1:vpg1kbQ6lFVCz7mY71zcqVE7W0GAQXXBoFfHvbW3gdw= github.com/kubernetes-csi/csi-lib-utils v0.18.1/go.mod h1:PIcn27zmbY0KBue4JDdZVfDF56tjcS3jKroZPi+pMoY= github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= @@ -24,63 +16,26 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 h1:Zy9XzmMEflZ/MAaA7vNcoebnRAld7FsPW1EeBB7V0m8= google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= -google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk= -google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= -google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= -google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4= -google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apimachinery v0.29.1 h1:KY4/E6km/wLBguvCZv8cKTeOwwOBqFNjwJIdMkMbbRc= -k8s.io/apimachinery v0.29.1/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/mount-utils v0.29.1 h1:veXlIm52Y4tm3H0pG03cOdkw0KOJxYDa0fQqhJCoqvQ= -k8s.io/mount-utils v0.29.1/go.mod h1:9IWJTMe8tG0MYMLEp60xK9GYVeCdA3g4LowmnVi+t9Y= -k8s.io/mount-utils v0.30.0 h1:EceYTNYVabfpdtIAHC4KgMzoZkm1B8ovZ1J666mYZQI= -k8s.io/mount-utils v0.30.0/go.mod h1:9sCVmwGLcV1MPvbZ+rToMDnl1QcGozy+jBPd0MsQLIo= k8s.io/mount-utils v0.30.1 h1:4HEFqo2bzRjCHHXRu7yQh6tvpMnplwWaqhuU7oE3710= k8s.io/mount-utils v0.30.1/go.mod h1:9sCVmwGLcV1MPvbZ+rToMDnl1QcGozy+jBPd0MsQLIo= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ= -k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= From ee2e94d7fb25cfa5e745f689aa4ad2b9cf1d8977 Mon Sep 17 00:00:00 2001 From: jack <62025739+1602077@users.noreply.github.com> Date: Tue, 9 Jul 2024 14:00:44 +0200 Subject: [PATCH 3/6] deploy: set plugin image tags from Chart AppVersion (#16) * deploy: plugin image tags default to pull from Chart AppVersion * fix csi-node-driver-registrar version --- deployments/helm/eosxd-csi/Chart.yaml | 4 ++-- .../templates/controllerplugin-deployment.yaml | 4 ++-- .../eosxd-csi/templates/nodeplugin-daemonset.yaml | 6 +++--- deployments/helm/eosxd-csi/values.yaml | 12 ++++++------ 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/deployments/helm/eosxd-csi/Chart.yaml b/deployments/helm/eosxd-csi/Chart.yaml index f3db48a..595fd1f 100644 --- a/deployments/helm/eosxd-csi/Chart.yaml +++ b/deployments/helm/eosxd-csi/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "latest" +appVersion: "v1.4.0" description: A Helm chart to deploy the eosxd-CSI Plugin name: eosxd-csi -version: "1.0.0" +version: 1.4.0 diff --git a/deployments/helm/eosxd-csi/templates/controllerplugin-deployment.yaml b/deployments/helm/eosxd-csi/templates/controllerplugin-deployment.yaml index 0c51258..6763a41 100644 --- a/deployments/helm/eosxd-csi/templates/controllerplugin-deployment.yaml +++ b/deployments/helm/eosxd-csi/templates/controllerplugin-deployment.yaml @@ -21,7 +21,7 @@ spec: serviceAccount: {{ include "eosxd-csi.serviceAccountName.controllerplugin" . }} containers: - name: provisioner - image: {{ .Values.controllerplugin.provisioner.image.repository }}:{{ .Values.controllerplugin.provisioner.image.tag }} + image: {{ .Values.controllerplugin.provisioner.image.repository }}:{{ .Values.controllerplugin.provisioner.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.controllerplugin.provisioner.image.pullPolicy }} args: - -v={{ .Values.logVerbosityLevel }} @@ -37,7 +37,7 @@ spec: resources: {{ toYaml . | nindent 12 }} {{- end }} - name: controllerplugin - image: {{ .Values.controllerplugin.plugin.image.repository }}:{{ .Values.controllerplugin.plugin.image.tag }} + image: {{ .Values.controllerplugin.plugin.image.repository }}:{{ .Values.controllerplugin.plugin.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.controllerplugin.plugin.image.pullPolicy }} command: [/csi-driver] args: diff --git a/deployments/helm/eosxd-csi/templates/nodeplugin-daemonset.yaml b/deployments/helm/eosxd-csi/templates/nodeplugin-daemonset.yaml index f5afc55..e0b33f9 100644 --- a/deployments/helm/eosxd-csi/templates/nodeplugin-daemonset.yaml +++ b/deployments/helm/eosxd-csi/templates/nodeplugin-daemonset.yaml @@ -45,7 +45,7 @@ spec: resources: {{ toYaml . | nindent 12 }} {{- end }} - name: nodeplugin - image: {{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }} + image: {{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag | default .Chart.AppVersion }} command: [/csi-driver] args: - -v={{ .Values.logVerbosityLevel }} @@ -92,7 +92,7 @@ spec: resources: {{ toYaml . | nindent 12 }} {{- end }} - name: automount - image: {{ .Values.nodeplugin.automount.image.repository }}:{{ .Values.nodeplugin.automount.image.tag }} + image: {{ .Values.nodeplugin.automount.image.repository }}:{{ .Values.nodeplugin.automount.image.tag | default .Chart.AppVersion }} command: [/automount-runner] args: - -v={{ .Values.logVerbosityLevel }} @@ -121,7 +121,7 @@ spec: resources: {{ toYaml . | nindent 12 }} {{- end }} - name: mountreconciler - image: {{ .Values.nodeplugin.mountreconciler.image.repository }}:{{ .Values.nodeplugin.mountreconciler.image.tag }} + image: {{ .Values.nodeplugin.mountreconciler.image.repository }}:{{ .Values.nodeplugin.mountreconciler.image.tag | default .Chart.AppVersion }} command: [/mount-reconciler] args: - -v={{ .Values.logVerbosityLevel }} diff --git a/deployments/helm/eosxd-csi/values.yaml b/deployments/helm/eosxd-csi/values.yaml index f30602f..0d7bf16 100644 --- a/deployments/helm/eosxd-csi/values.yaml +++ b/deployments/helm/eosxd-csi/values.yaml @@ -192,7 +192,7 @@ nodeplugin: plugin: image: repository: registry.cern.ch/kubernetes/eosxd-csi - tag: v1.1.1 + tag: "" # If no tag specified default to Chart AppVersion. pullPolicy: IfNotPresent resources: {} # Extra volume mounts to append to nodeplugin's @@ -205,7 +205,7 @@ nodeplugin: automount: image: repository: registry.cern.ch/kubernetes/eosxd-csi - tag: v1.1.1 + tag: "" # If no tag specified default to Chart AppVersion. pullPolicy: IfNotPresent resources: {} # Extra volume mounts to append to nodeplugin's @@ -226,7 +226,7 @@ nodeplugin: mountreconciler: image: repository: registry.cern.ch/kubernetes/eosxd-csi - tag: v1.1.1 + tag: "" # If no tag specified default to Chart AppVersion. pullPolicy: IfNotPresent resources: {} # Extra volume mounts to append to nodeplugin's @@ -239,7 +239,7 @@ nodeplugin: registrar: image: repository: registry.k8s.io/sig-storage/csi-node-driver-registrar - tag: v2.5.1 + tag: v2.10.1 pullPolicy: IfNotPresent resources: {} @@ -300,7 +300,7 @@ controllerplugin: plugin: image: repository: registry.cern.ch/kubernetes/eosxd-csi - tag: v1.1.1 + tag: "" # If no tag specified default to Chart AppVersion. pullPolicy: IfNotPresent resources: {} extraVolumeMounts: @@ -311,7 +311,7 @@ controllerplugin: provisioner: image: repository: k8s.gcr.io/sig-storage/csi-provisioner - tag: v3.2.1 + tag: v4.0.1 pullPolicy: IfNotPresent resources: {} From 69756fec10a294c85124e5bf1aee08758294a256 Mon Sep 17 00:00:00 2001 From: jack <62025739+1602077@users.noreply.github.com> Date: Tue, 9 Jul 2024 14:03:50 +0200 Subject: [PATCH 4/6] fix: remove deprecated arcfour-hmac-md5 cipher (#18) --- deployments/helm/eosxd-csi/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/helm/eosxd-csi/values.yaml b/deployments/helm/eosxd-csi/values.yaml index 0d7bf16..331156f 100644 --- a/deployments/helm/eosxd-csi/values.yaml +++ b/deployments/helm/eosxd-csi/values.yaml @@ -22,7 +22,7 @@ extraConfigMaps: # to retain support for tickets created by cc7 clients. [libdefaults] - permitted_enctypes = arcfour-hmac-md5 aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes128-cts-hmac-sha1-96 + permitted_enctypes = aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes128-cts-hmac-sha1-96 eos-csi-dir-etc-auto-master-d: # /etc/auto.master.d/eos.autofs From e40e40ff5ce1adadc953a6835b2ac336f44afe47 Mon Sep 17 00:00:00 2001 From: jmunday <62025739+1602077@users.noreply.github.com> Date: Tue, 9 Jul 2024 14:13:26 +0200 Subject: [PATCH 5/6] deploy: pin images for v1.4.1 release --- deployments/helm/eosxd-csi/Chart.yaml | 4 ++-- deployments/helm/eosxd-csi/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deployments/helm/eosxd-csi/Chart.yaml b/deployments/helm/eosxd-csi/Chart.yaml index 595fd1f..eafaae2 100644 --- a/deployments/helm/eosxd-csi/Chart.yaml +++ b/deployments/helm/eosxd-csi/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "v1.4.0" +appVersion: "v1.4.1" description: A Helm chart to deploy the eosxd-CSI Plugin name: eosxd-csi -version: 1.4.0 +version: 1.4.1 diff --git a/deployments/helm/eosxd-csi/values.yaml b/deployments/helm/eosxd-csi/values.yaml index 331156f..71c2b59 100644 --- a/deployments/helm/eosxd-csi/values.yaml +++ b/deployments/helm/eosxd-csi/values.yaml @@ -310,7 +310,7 @@ controllerplugin: # CSI external-provisioner image and container resources specs. provisioner: image: - repository: k8s.gcr.io/sig-storage/csi-provisioner + repository: registry.k8s.io/sig-storage/csi-provisioner tag: v4.0.1 pullPolicy: IfNotPresent resources: {} From 553c61ac09f79ba74427f629bfb316bf1894fbd3 Mon Sep 17 00:00:00 2001 From: jmunday <62025739+1602077@users.noreply.github.com> Date: Tue, 9 Jul 2024 14:18:23 +0200 Subject: [PATCH 6/6] deploy: pin images for v1.4.2 release --- deployments/helm/eosxd-csi/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployments/helm/eosxd-csi/Chart.yaml b/deployments/helm/eosxd-csi/Chart.yaml index eafaae2..c4fd82c 100644 --- a/deployments/helm/eosxd-csi/Chart.yaml +++ b/deployments/helm/eosxd-csi/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "v1.4.1" +appVersion: "v1.4.2" description: A Helm chart to deploy the eosxd-CSI Plugin name: eosxd-csi -version: 1.4.1 +version: 1.4.2