diff --git a/internal/constellation/helm/BUILD.bazel b/internal/constellation/helm/BUILD.bazel index 194a70ab7..d579dddb9 100644 --- a/internal/constellation/helm/BUILD.bazel +++ b/internal/constellation/helm/BUILD.bazel @@ -17,19 +17,37 @@ go_library( "versionlister.go", ], embedsrcs = [ + "charts/aws-load-balancer-controller/.helmignore", + "charts/aws-load-balancer-controller/Chart.yaml", + "charts/aws-load-balancer-controller/crds/crds.yaml", + "charts/aws-load-balancer-controller/README.md", + "charts/aws-load-balancer-controller/templates/_helpers.tpl", + "charts/aws-load-balancer-controller/templates/deployment.yaml", + "charts/aws-load-balancer-controller/templates/ingressclass.yaml", + "charts/aws-load-balancer-controller/templates/NOTES.txt", + "charts/aws-load-balancer-controller/templates/pdb.yaml", + "charts/aws-load-balancer-controller/templates/rbac.yaml", + "charts/aws-load-balancer-controller/templates/service.yaml", + "charts/aws-load-balancer-controller/templates/serviceaccount.yaml", + "charts/aws-load-balancer-controller/templates/servicemonitor.yaml", + "charts/aws-load-balancer-controller/templates/webhook.yaml", + "charts/aws-load-balancer-controller/values.yaml", "charts/cert-manager/Chart.yaml", - "charts/cert-manager/templates/NOTES.txt", "charts/cert-manager/templates/_helpers.tpl", "charts/cert-manager/templates/cainjector-deployment.yaml", + "charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml", "charts/cert-manager/templates/cainjector-psp-clusterrole.yaml", "charts/cert-manager/templates/cainjector-psp-clusterrolebinding.yaml", "charts/cert-manager/templates/cainjector-psp.yaml", "charts/cert-manager/templates/cainjector-rbac.yaml", "charts/cert-manager/templates/cainjector-serviceaccount.yaml", + "charts/cert-manager/templates/controller-config.yaml", "charts/cert-manager/templates/crds.yaml", "charts/cert-manager/templates/deployment.yaml", "charts/cert-manager/templates/networkpolicy-egress.yaml", "charts/cert-manager/templates/networkpolicy-webhooks.yaml", + "charts/cert-manager/templates/NOTES.txt", + "charts/cert-manager/templates/poddisruptionbudget.yaml", "charts/cert-manager/templates/psp-clusterrole.yaml", "charts/cert-manager/templates/psp-clusterrolebinding.yaml", "charts/cert-manager/templates/psp.yaml", @@ -46,6 +64,7 @@ go_library( "charts/cert-manager/templates/webhook-config.yaml", "charts/cert-manager/templates/webhook-deployment.yaml", "charts/cert-manager/templates/webhook-mutating-webhook.yaml", + "charts/cert-manager/templates/webhook-poddisruptionbudget.yaml", "charts/cert-manager/templates/webhook-psp-clusterrole.yaml", "charts/cert-manager/templates/webhook-psp-clusterrolebinding.yaml", "charts/cert-manager/templates/webhook-psp.yaml", @@ -56,29 +75,50 @@ go_library( "charts/cert-manager/values.yaml", "charts/cilium/.helmignore", "charts/cilium/Chart.yaml", - "charts/cilium/LICENSE", - "charts/cilium/README.md", - "charts/cilium/README.md.gotmpl", + "charts/cilium/files/agent/poststart-eni.bash", + "charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json", + "charts/cilium/files/cilium-envoy/configmap/bootstrap-config.json", + "charts/cilium/files/cilium-operator/dashboards/cilium-operator-dashboard.json", + "charts/cilium/files/hubble/dashboards/hubble-dashboard.json", + "charts/cilium/files/hubble/dashboards/hubble-dns-namespace.json", + "charts/cilium/files/hubble/dashboards/hubble-l7-http-metrics-by-workload.json", + "charts/cilium/files/hubble/dashboards/hubble-network-overview-namespace.json", "charts/cilium/files/nodeinit/poststart-eni.bash", "charts/cilium/files/nodeinit/prestop.bash", "charts/cilium/files/nodeinit/startup.bash", - "charts/cilium/templates/NOTES.txt", + "charts/cilium/files/spire/init.bash", + "charts/cilium/files/spire/wait-for-spire.bash", + "charts/cilium/LICENSE", + "charts/cilium/README.md.gotmpl", + "charts/cilium/README.md", "charts/cilium/templates/_helpers.tpl", "charts/cilium/templates/cilium-agent/clusterrole.yaml", "charts/cilium/templates/cilium-agent/clusterrolebinding.yaml", "charts/cilium/templates/cilium-agent/daemonset.yaml", + "charts/cilium/templates/cilium-agent/dashboards-configmap.yaml", "charts/cilium/templates/cilium-agent/role.yaml", "charts/cilium/templates/cilium-agent/rolebinding.yaml", "charts/cilium/templates/cilium-agent/service.yaml", "charts/cilium/templates/cilium-agent/serviceaccount.yaml", "charts/cilium/templates/cilium-agent/servicemonitor.yaml", + "charts/cilium/templates/cilium-ca-bundle-configmap.yaml", "charts/cilium/templates/cilium-ca-secret.yaml", "charts/cilium/templates/cilium-configmap.yaml", + "charts/cilium/templates/cilium-envoy/configmap.yaml", + "charts/cilium/templates/cilium-envoy/daemonset.yaml", + "charts/cilium/templates/cilium-envoy/service.yaml", + "charts/cilium/templates/cilium-envoy/serviceaccount.yaml", + "charts/cilium/templates/cilium-envoy/servicemonitor.yaml", + "charts/cilium/templates/cilium-flowlog-configmap.yaml", + "charts/cilium/templates/cilium-gateway-api-class.yaml", "charts/cilium/templates/cilium-ingress-class.yaml", + "charts/cilium/templates/cilium-ingress-service.yaml", "charts/cilium/templates/cilium-nodeinit/daemonset.yaml", + "charts/cilium/templates/cilium-nodeinit/serviceaccount.yaml", "charts/cilium/templates/cilium-operator/_helpers.tpl", "charts/cilium/templates/cilium-operator/clusterrole.yaml", "charts/cilium/templates/cilium-operator/clusterrolebinding.yaml", + "charts/cilium/templates/cilium-operator/dashboards-configmap.yaml", "charts/cilium/templates/cilium-operator/deployment.yaml", "charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml", "charts/cilium/templates/cilium-operator/role.yaml", @@ -95,12 +135,15 @@ go_library( "charts/cilium/templates/cilium-preflight/serviceaccount.yaml", "charts/cilium/templates/cilium-resource-quota.yaml", "charts/cilium/templates/cilium-secrets-namespace.yaml", + "charts/cilium/templates/clustermesh-apiserver/_helpers.tpl", "charts/cilium/templates/clustermesh-apiserver/clusterrole.yaml", "charts/cilium/templates/clustermesh-apiserver/clusterrolebinding.yaml", "charts/cilium/templates/clustermesh-apiserver/deployment.yaml", + "charts/cilium/templates/clustermesh-apiserver/metrics-service.yaml", "charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml", "charts/cilium/templates/clustermesh-apiserver/service.yaml", "charts/cilium/templates/clustermesh-apiserver/serviceaccount.yaml", + "charts/cilium/templates/clustermesh-apiserver/servicemonitor.yaml", "charts/cilium/templates/clustermesh-apiserver/tls-certmanager/_helpers.tpl", "charts/cilium/templates/clustermesh-apiserver/tls-certmanager/admin-secret.yaml", "charts/cilium/templates/clustermesh-apiserver/tls-certmanager/client-secret.yaml", @@ -125,8 +168,10 @@ go_library( "charts/cilium/templates/clustermesh-apiserver/tls-provided/client-secret.yaml", "charts/cilium/templates/clustermesh-apiserver/tls-provided/remote-secret.yaml", "charts/cilium/templates/clustermesh-apiserver/tls-provided/server-secret.yaml", + "charts/cilium/templates/clustermesh-apiserver/users-configmap.yaml", "charts/cilium/templates/clustermesh-config/_helpers.tpl", "charts/cilium/templates/clustermesh-config/clustermesh-secret.yaml", + "charts/cilium/templates/clustermesh-config/kvstoremesh-secret.yaml", "charts/cilium/templates/etcd-operator/cilium-etcd-operator-clusterrole.yaml", "charts/cilium/templates/etcd-operator/cilium-etcd-operator-clusterrolebinding.yaml", "charts/cilium/templates/etcd-operator/cilium-etcd-operator-deployment.yaml", @@ -151,6 +196,7 @@ go_library( "charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml", "charts/cilium/templates/hubble-ui/service.yaml", "charts/cilium/templates/hubble-ui/serviceaccount.yaml", + "charts/cilium/templates/hubble/dashboards-configmap.yaml", "charts/cilium/templates/hubble/metrics-service.yaml", "charts/cilium/templates/hubble/peer-service.yaml", "charts/cilium/templates/hubble/servicemonitor.yaml", @@ -178,9 +224,25 @@ go_library( "charts/cilium/templates/hubble/tls-provided/relay-server-secret.yaml", "charts/cilium/templates/hubble/tls-provided/server-secret.yaml", "charts/cilium/templates/hubble/tls-provided/ui-client-certs.yaml", + "charts/cilium/templates/NOTES.txt", + "charts/cilium/templates/spire/agent/clusterrole.yaml", + "charts/cilium/templates/spire/agent/clusterrolebinding.yaml", + "charts/cilium/templates/spire/agent/configmap.yaml", + "charts/cilium/templates/spire/agent/daemonset.yaml", + "charts/cilium/templates/spire/agent/serviceaccount.yaml", + "charts/cilium/templates/spire/bundle-configmap.yaml", + "charts/cilium/templates/spire/namespace.yaml", + "charts/cilium/templates/spire/server/clusterrole.yaml", + "charts/cilium/templates/spire/server/clusterrolebinding.yaml", + "charts/cilium/templates/spire/server/configmap.yaml", + "charts/cilium/templates/spire/server/role.yaml", + "charts/cilium/templates/spire/server/rolebinding.yaml", + "charts/cilium/templates/spire/server/service.yaml", + "charts/cilium/templates/spire/server/serviceaccount.yaml", + "charts/cilium/templates/spire/server/statefulset.yaml", "charts/cilium/templates/validate.yaml", - "charts/cilium/values.yaml", "charts/cilium/values.yaml.tmpl", + "charts/cilium/values.yaml", "charts/edgeless/constellation-services/.helmignore", "charts/edgeless/constellation-services/Chart.yaml", "charts/edgeless/constellation-services/charts/autoscaler/.helmignore", @@ -189,6 +251,7 @@ go_library( "charts/edgeless/constellation-services/charts/autoscaler/templates/azure-deployment.yaml", "charts/edgeless/constellation-services/charts/autoscaler/templates/clusterrole.yaml", "charts/edgeless/constellation-services/charts/autoscaler/templates/clusterrolebinding.yaml", + "charts/edgeless/constellation-services/charts/autoscaler/templates/coredns-pdb.yaml", "charts/edgeless/constellation-services/charts/autoscaler/templates/gcp-deployment.yaml", "charts/edgeless/constellation-services/charts/autoscaler/templates/poddisruptionbudget.yaml", "charts/edgeless/constellation-services/charts/autoscaler/templates/role.yaml", @@ -203,9 +266,12 @@ go_library( "charts/edgeless/constellation-services/charts/ccm/templates/azure-daemonset.yaml", "charts/edgeless/constellation-services/charts/ccm/templates/azure-secret.yaml", "charts/edgeless/constellation-services/charts/ccm/templates/clusterrolebinding.yaml", + "charts/edgeless/constellation-services/charts/ccm/templates/gcp-clusterrolebinding.yaml", "charts/edgeless/constellation-services/charts/ccm/templates/gcp-cm.yaml", "charts/edgeless/constellation-services/charts/ccm/templates/gcp-daemonset.yaml", "charts/edgeless/constellation-services/charts/ccm/templates/gcp-secret.yaml", + "charts/edgeless/constellation-services/charts/ccm/templates/openstack-daemonset.yaml", + "charts/edgeless/constellation-services/charts/ccm/templates/openstack-secret.yaml", "charts/edgeless/constellation-services/charts/ccm/templates/serviceaccount.yaml", "charts/edgeless/constellation-services/charts/ccm/values.schema.json", "charts/edgeless/constellation-services/charts/ccm/values.yaml", @@ -249,6 +315,88 @@ go_library( "charts/edgeless/constellation-services/charts/verification-service/values.yaml", "charts/edgeless/constellation-services/templates/.gitkeep", "charts/edgeless/constellation-services/values.yaml", + "charts/edgeless/csi/Chart.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/CHANGELOG.md", + "charts/edgeless/csi/charts/aws-csi-driver/Chart.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/_helpers.tpl", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-attacher.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-resizer.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-attacher.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-csi-node.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-provisioner.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-resizer.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-snapshotter.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/controller.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/csidriver.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/metrics.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/node-windows.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/node.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/NOTES.txt", + "charts/edgeless/csi/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass_default.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass_integrity.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/volumesnapshotclass.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/values.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/_helpers.tpl", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_default.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml", + "charts/edgeless/csi/charts/azuredisk-csi-driver/values.yaml", + "charts/edgeless/csi/charts/cinder-config/.helmignore", + "charts/edgeless/csi/charts/cinder-config/Chart.yaml", + "charts/edgeless/csi/charts/cinder-config/templates/secret.yaml", + "charts/edgeless/csi/charts/cinder-config/values.schema.json", + "charts/edgeless/csi/charts/cinder-config/values.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml", + "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/values.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/Chart.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/README.md", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/_helpers.tpl", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/cinder-csi-driver.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-deployment.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-podmonitor.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-rbac.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/custom_storageclass.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-daemonset.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-rbac.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/NOTES.txt", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/templates/storageclass.yaml", + "charts/edgeless/csi/charts/openstack-cinder-csi/values.yaml", + "charts/edgeless/csi/charts/snapshot-controller/Chart.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/admission-configuration.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/rbac-snapshot-controller.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/rbac-snapshot-webhook.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/selfsigned-issuer.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/serving-cert.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-controller.yaml", + "charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-webhook.yaml", + "charts/edgeless/csi/charts/snapshot-controller/values.yaml", + "charts/edgeless/csi/charts/snapshot-crds/Chart.yaml", + "charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotclasses.yaml", + "charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotcontents.yaml", + "charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshots.yaml", + "charts/edgeless/csi/charts/snapshot-crds/values.yaml", + "charts/edgeless/csi/values.yaml", "charts/edgeless/operators/.helmignore", "charts/edgeless/operators/Chart.yaml", "charts/edgeless/operators/charts/constellation-operator/.helmignore", @@ -285,153 +433,6 @@ go_library( "charts/edgeless/operators/charts/node-maintenance-operator/values.schema.json", "charts/edgeless/operators/charts/node-maintenance-operator/values.yaml", "charts/edgeless/operators/values.yaml", - "charts/edgeless/constellation-services/charts/ccm/templates/openstack-daemonset.yaml", - "charts/edgeless/constellation-services/charts/ccm/templates/openstack-secret.yaml", - "charts/aws-load-balancer-controller/.helmignore", - "charts/aws-load-balancer-controller/Chart.yaml", - "charts/aws-load-balancer-controller/README.md", - "charts/aws-load-balancer-controller/crds/crds.yaml", - "charts/aws-load-balancer-controller/templates/NOTES.txt", - "charts/aws-load-balancer-controller/templates/_helpers.tpl", - "charts/aws-load-balancer-controller/templates/deployment.yaml", - "charts/aws-load-balancer-controller/templates/ingressclass.yaml", - "charts/aws-load-balancer-controller/templates/pdb.yaml", - "charts/aws-load-balancer-controller/templates/rbac.yaml", - "charts/aws-load-balancer-controller/templates/service.yaml", - "charts/aws-load-balancer-controller/templates/serviceaccount.yaml", - "charts/aws-load-balancer-controller/templates/servicemonitor.yaml", - "charts/aws-load-balancer-controller/templates/webhook.yaml", - "charts/aws-load-balancer-controller/values.yaml", - "charts/edgeless/csi/Chart.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/_helpers.tpl", - "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_default.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml", - "charts/edgeless/csi/charts/azuredisk-csi-driver/values.yaml", - "charts/edgeless/csi/charts/cinder-config/.helmignore", - "charts/edgeless/csi/charts/cinder-config/Chart.yaml", - "charts/edgeless/csi/charts/cinder-config/templates/secret.yaml", - "charts/edgeless/csi/charts/cinder-config/values.schema.json", - "charts/edgeless/csi/charts/cinder-config/values.yaml", - "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml", - "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/cluster_setup.yaml", - "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/controller.yaml", - "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/node.yaml", - "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_default.yaml", - "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/storageclass_integrity.yaml", - "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/templates/v1_csidriver.yaml", - "charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/values.yaml", - "charts/edgeless/csi/charts/openstack-cinder-csi/Chart.yaml", - "charts/edgeless/csi/charts/openstack-cinder-csi/README.md", - "charts/edgeless/csi/charts/openstack-cinder-csi/templates/NOTES.txt", - "charts/edgeless/csi/charts/openstack-cinder-csi/templates/_helpers.tpl", - "charts/edgeless/csi/charts/openstack-cinder-csi/templates/cinder-csi-driver.yaml", - "charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-deployment.yaml", - "charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-rbac.yaml", - "charts/edgeless/csi/charts/openstack-cinder-csi/templates/custom_storageclass.yaml", - "charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-daemonset.yaml", - "charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-rbac.yaml", - "charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml", - "charts/edgeless/csi/charts/openstack-cinder-csi/templates/storageclass.yaml", - "charts/edgeless/csi/charts/openstack-cinder-csi/values.yaml", - "charts/edgeless/csi/charts/snapshot-controller/Chart.yaml", - "charts/edgeless/csi/charts/snapshot-controller/templates/admission-configuration.yaml", - "charts/edgeless/csi/charts/snapshot-controller/templates/rbac-snapshot-controller.yaml", - "charts/edgeless/csi/charts/snapshot-controller/templates/rbac-snapshot-webhook.yaml", - "charts/edgeless/csi/charts/snapshot-controller/templates/selfsigned-issuer.yaml", - "charts/edgeless/csi/charts/snapshot-controller/templates/serving-cert.yaml", - "charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-controller.yaml", - "charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-webhook.yaml", - "charts/edgeless/csi/charts/snapshot-controller/values.yaml", - "charts/edgeless/csi/charts/snapshot-crds/Chart.yaml", - "charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotclasses.yaml", - "charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotcontents.yaml", - "charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshots.yaml", - "charts/edgeless/csi/charts/snapshot-crds/values.yaml", - "charts/edgeless/csi/values.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/CHANGELOG.md", - "charts/edgeless/csi/charts/aws-csi-driver/Chart.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/NOTES.txt", - "charts/edgeless/csi/charts/aws-csi-driver/templates/_helpers.tpl", - "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-attacher.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-resizer.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-attacher.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-csi-node.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-provisioner.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-resizer.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrolebinding-snapshotter.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/controller.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/csidriver.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/metrics.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/node-windows.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/node.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass_default.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/storageclass_integrity.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/templates/volumesnapshotclass.yaml", - "charts/edgeless/csi/charts/aws-csi-driver/values.yaml", - "charts/edgeless/constellation-services/charts/ccm/templates/gcp-clusterrolebinding.yaml", - "charts/cilium/files/agent/poststart-eni.bash", - "charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json", - "charts/cilium/files/cilium-envoy/configmap/bootstrap-config.json", - "charts/cilium/files/cilium-operator/dashboards/cilium-operator-dashboard.json", - "charts/cilium/files/hubble/dashboards/hubble-dashboard.json", - "charts/cilium/files/hubble/dashboards/hubble-dns-namespace.json", - "charts/cilium/files/hubble/dashboards/hubble-l7-http-metrics-by-workload.json", - "charts/cilium/files/hubble/dashboards/hubble-network-overview-namespace.json", - "charts/cilium/files/spire/init.bash", - "charts/cilium/files/spire/wait-for-spire.bash", - "charts/cilium/templates/cilium-agent/dashboards-configmap.yaml", - "charts/cilium/templates/cilium-ca-bundle-configmap.yaml", - "charts/cilium/templates/cilium-envoy/configmap.yaml", - "charts/cilium/templates/cilium-envoy/daemonset.yaml", - "charts/cilium/templates/cilium-envoy/service.yaml", - "charts/cilium/templates/cilium-envoy/serviceaccount.yaml", - "charts/cilium/templates/cilium-envoy/servicemonitor.yaml", - "charts/cilium/templates/cilium-gateway-api-class.yaml", - "charts/cilium/templates/cilium-ingress-service.yaml", - "charts/cilium/templates/cilium-nodeinit/serviceaccount.yaml", - "charts/cilium/templates/cilium-operator/dashboards-configmap.yaml", - "charts/cilium/templates/clustermesh-apiserver/_helpers.tpl", - "charts/cilium/templates/clustermesh-apiserver/metrics-service.yaml", - "charts/cilium/templates/clustermesh-apiserver/servicemonitor.yaml", - "charts/cilium/templates/clustermesh-apiserver/users-configmap.yaml", - "charts/cilium/templates/clustermesh-config/kvstoremesh-secret.yaml", - "charts/cilium/templates/hubble/dashboards-configmap.yaml", - "charts/cilium/templates/spire/agent/clusterrole.yaml", - "charts/cilium/templates/spire/agent/clusterrolebinding.yaml", - "charts/cilium/templates/spire/agent/configmap.yaml", - "charts/cilium/templates/spire/agent/daemonset.yaml", - "charts/cilium/templates/spire/agent/serviceaccount.yaml", - "charts/cilium/templates/spire/bundle-configmap.yaml", - "charts/cilium/templates/spire/namespace.yaml", - "charts/cilium/templates/spire/server/clusterrole.yaml", - "charts/cilium/templates/spire/server/clusterrolebinding.yaml", - "charts/cilium/templates/spire/server/configmap.yaml", - "charts/cilium/templates/spire/server/role.yaml", - "charts/cilium/templates/spire/server/rolebinding.yaml", - "charts/cilium/templates/spire/server/service.yaml", - "charts/cilium/templates/spire/server/serviceaccount.yaml", - "charts/cilium/templates/spire/server/statefulset.yaml", - "charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml", - "charts/cert-manager/templates/controller-config.yaml", - "charts/cert-manager/templates/poddisruptionbudget.yaml", - "charts/cert-manager/templates/webhook-poddisruptionbudget.yaml", - "charts/edgeless/constellation-services/charts/autoscaler/templates/coredns-pdb.yaml", - "charts/cilium/templates/cilium-flowlog-configmap.yaml", "charts/yawol/.helmignore", "charts/yawol/Chart.yaml", "charts/yawol/charts/yawol-config/.helmignore", @@ -440,10 +441,10 @@ go_library( "charts/yawol/charts/yawol-config/values.schema.json", "charts/yawol/charts/yawol-config/values.yaml", "charts/yawol/charts/yawol-controller/Chart.yaml", - "charts/yawol/charts/yawol-controller/README.md", "charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancermachines.yaml", "charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancers.yaml", "charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancersets.yaml", + "charts/yawol/charts/yawol-controller/README.md", "charts/yawol/charts/yawol-controller/templates/_helpers.tpl", "charts/yawol/charts/yawol-controller/templates/rbac-yawol-cloud-controller.yaml", "charts/yawol/charts/yawol-controller/templates/rbac-yawol-controller.yaml", diff --git a/internal/constellation/helm/charts/edgeless/csi/Chart.yaml b/internal/constellation/helm/charts/edgeless/csi/Chart.yaml index c947d8b8a..4d9e2fa5e 100644 --- a/internal/constellation/helm/charts/edgeless/csi/Chart.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/Chart.yaml @@ -25,6 +25,6 @@ dependencies: tags: - GCP - name: openstack-cinder-csi - version: 1.0.0 + version: 1.0.1 tags: - OpenStack diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/Chart.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/Chart.yaml index d263e85d6..27b471f75 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/Chart.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v1.0.0 +appVersion: v1.0.1 description: Cinder CSI Chart for OpenStack with on-node encryption support name: openstack-cinder-csi -version: 1.0.0 +version: 1.0.1 diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-deployment.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-deployment.yaml index 9e13f8513..18f983268 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-deployment.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-deployment.yaml @@ -5,6 +5,10 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "cinder-csi.controllerplugin.labels" . | nindent 4 }} + annotations: + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.csi.plugin.controllerPlugin.replicas }} strategy: @@ -21,10 +25,18 @@ spec: metadata: labels: {{- include "cinder-csi.controllerplugin.labels" . | nindent 8 }} + annotations: + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccount: csi-cinder-controller-sa + securityContext: + {{- toYaml .Values.csi.plugin.controllerPlugin.podSecurityContext | nindent 8 }} containers: - name: csi-attacher + securityContext: + {{- toYaml .Values.csi.plugin.controllerPlugin.securityContext | nindent 12 }} image: "{{ .Values.csi.attacher.image.repository }}:{{ .Values.csi.attacher.image.tag }}" imagePullPolicy: {{ .Values.csi.attacher.image.pullPolicy }} args: @@ -46,6 +58,8 @@ spec: mountPath: /var/lib/csi/sockets/pluginproxy/ resources: {{ toYaml .Values.csi.attacher.resources | nindent 12 }} - name: csi-provisioner + securityContext: + {{- toYaml .Values.csi.plugin.controllerPlugin.securityContext | nindent 12 }} image: "{{ .Values.csi.provisioner.image.repository }}:{{ .Values.csi.provisioner.image.tag }}" imagePullPolicy: {{ .Values.csi.provisioner.image.pullPolicy }} args: @@ -69,6 +83,8 @@ spec: mountPath: /var/lib/csi/sockets/pluginproxy/ resources: {{ toYaml .Values.csi.provisioner.resources | nindent 12 }} - name: csi-snapshotter + securityContext: + {{- toYaml .Values.csi.plugin.controllerPlugin.securityContext | nindent 12 }} image: "{{ .Values.csi.snapshotter.image.repository }}:{{ .Values.csi.snapshotter.image.tag }}" imagePullPolicy: {{ .Values.csi.snapshotter.image.pullPolicy }} args: @@ -89,6 +105,8 @@ spec: name: socket-dir resources: {{ toYaml .Values.csi.snapshotter.resources | nindent 12 }} - name: csi-resizer + securityContext: + {{- toYaml .Values.csi.plugin.controllerPlugin.securityContext | nindent 12 }} image: "{{ .Values.csi.resizer.image.repository }}:{{ .Values.csi.resizer.image.tag }}" imagePullPolicy: {{ .Values.csi.resizer.image.pullPolicy }} args: @@ -110,6 +128,8 @@ spec: mountPath: /var/lib/csi/sockets/pluginproxy/ resources: {{ toYaml .Values.csi.resizer.resources | nindent 12 }} - name: liveness-probe + securityContext: + {{- toYaml .Values.csi.plugin.controllerPlugin.securityContext | nindent 12 }} image: "{{ .Values.csi.livenessprobe.image.repository }}:{{ .Values.csi.livenessprobe.image.tag }}" imagePullPolicy: {{ .Values.csi.livenessprobe.image.pullPolicy }} args: @@ -128,6 +148,8 @@ spec: name: socket-dir resources: {{ toYaml .Values.csi.livenessprobe.resources | nindent 12 }} - name: cinder-csi-plugin + securityContext: + {{- toYaml .Values.csi.plugin.controllerPlugin.securityContext | nindent 12 }} image: "{{ .Values.csi.plugin.image.repository }}:{{ .Values.csi.plugin.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.csi.plugin.image.pullPolicy }} args: @@ -137,6 +159,9 @@ spec: - "--cloud-config=$(CLOUD_CONFIG)" - "--cluster=$(CLUSTER_NAME)" - "--kms-addr={{ .Values.csi.kms.keyServiceName }}.{{ .Values.csi.kms.keyServiceNamespace | default .Release.Namespace }}:{{ .Values.csi.kms.keyServicePort }}" + {{- if .Values.csi.plugin.httpEndpoint.enabled }} + - "--http-endpoint=:{{ .Values.csi.plugin.httpEndpoint.port }}" + {{- end }} {{- if .Values.csi.plugin.extraArgs }} {{- with .Values.csi.plugin.extraArgs }} {{- tpl . $ | trim | nindent 12 }} @@ -153,6 +178,11 @@ spec: - containerPort: 9808 name: healthz protocol: TCP + {{- if .Values.csi.plugin.httpEndpoint.enabled }} + - containerPort: {{ .Values.csi.plugin.httpEndpoint.port }} + name: http + protocol: TCP + {{- end }} # The probe livenessProbe: failureThreshold: {{ .Values.csi.livenessprobe.failureThreshold }} @@ -169,22 +199,33 @@ spec: mountPath: /etc/kubernetes/{{ .Values.secret.filename }} readOnly: true subPath: {{ .Values.secret.filename }} + {{- with .Values.csi.plugin.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.csi.plugin.resources | nindent 12 }} volumes: - name: socket-dir emptyDir: - - name: cloud-config {{- if .Values.secret.enabled }} + - name: cloud-config secret: secretName: {{ .Values.secret.name }} - {{- else }} + {{- else if .Values.secret.hostMount }} + - name: cloud-config hostPath: path: /etc/kubernetes {{- end }} + {{- with .Values.csi.plugin.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} affinity: {{ toYaml .Values.csi.plugin.controllerPlugin.affinity | nindent 8 }} nodeSelector: {{ toYaml .Values.csi.plugin.controllerPlugin.nodeSelector | nindent 8 }} tolerations: {{ toYaml .Values.csi.plugin.controllerPlugin.tolerations | nindent 8 }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- with .Values.csi.plugin.controllerPlugin.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-podmonitor.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-podmonitor.yaml new file mode 100644 index 000000000..a1b4ceb4b --- /dev/null +++ b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/controllerplugin-podmonitor.yaml @@ -0,0 +1,22 @@ +{{- if .Values.csi.plugin.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + labels: + {{- include "cinder-csi.controllerplugin.labels" . | nindent 4 }} + name: {{ include "cinder-csi.name" . }}-controllerplugin + namespace: {{ .Release.Namespace }} + annotations: + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + podMetricsEndpoints: + - interval: 30s + port: http + scheme: http + jobLabel: component + selector: + matchLabels: + {{- include "cinder-csi.controllerplugin.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-daemonset.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-daemonset.yaml index dd9f513ac..cf9521f28 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-daemonset.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/nodeplugin-daemonset.yaml @@ -5,6 +5,10 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "cinder-csi.nodeplugin.labels" . | nindent 4 }} + annotations: + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: @@ -13,12 +17,18 @@ spec: metadata: labels: {{- include "cinder-csi.nodeplugin.labels" . | nindent 8 }} + annotations: + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: serviceAccount: csi-cinder-node-sa hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: node-driver-registrar + securityContext: + {{- toYaml .Values.csi.plugin.nodePlugin.securityContext | nindent 12 }} image: "{{ .Values.csi.nodeDriverRegistrar.image.repository }}:{{ .Values.csi.nodeDriverRegistrar.image.tag }}" imagePullPolicy: {{ .Values.csi.nodeDriverRegistrar.image.pullPolicy }} args: @@ -46,6 +56,8 @@ spec: mountPath: /registration resources: {{ toYaml .Values.csi.nodeDriverRegistrar.resources | nindent 12 }} - name: liveness-probe + securityContext: + {{- toYaml .Values.csi.plugin.nodePlugin.securityContext | nindent 12 }} image: "{{ .Values.csi.livenessprobe.image.repository }}:{{ .Values.csi.livenessprobe.image.tag }}" imagePullPolicy: {{ .Values.csi.livenessprobe.image.pullPolicy }} args: @@ -110,6 +122,14 @@ spec: mountPath: /etc/kubernetes/{{ .Values.secret.filename }} readOnly: true subPath: {{ .Values.secret.filename }} + # Edgeless specific mounts for cryptsetup + - name: sys + mountPath: /sys + - name: cryptsetup + mountPath: /run/cryptsetup + {{- with .Values.csi.plugin.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{ toYaml .Values.csi.plugin.resources | nindent 12 }} volumes: - name: socket-dir @@ -124,6 +144,14 @@ spec: hostPath: path: {{ .Values.csi.plugin.nodePlugin.kubeletDir }} type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: cryptsetup + hostPath: + path: /run/cryptsetup + type: Directory # - name: pods-cloud-data # hostPath: # path: /var/lib/cloud/data @@ -132,18 +160,26 @@ spec: hostPath: path: /dev type: Directory - - name: cloud-config {{- if .Values.secret.enabled }} + - name: cloud-config secret: secretName: {{ .Values.secret.name }} - {{- else }} + {{- else if .Values.secret.hostMount }} + - name: cloud-config hostPath: path: /etc/kubernetes {{- end }} + {{- with .Values.csi.plugin.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} affinity: {{ toYaml .Values.csi.plugin.nodePlugin.affinity | nindent 8 }} nodeSelector: {{ toYaml .Values.csi.plugin.nodePlugin.nodeSelector | nindent 8 }} tolerations: {{ toYaml .Values.csi.plugin.nodePlugin.tolerations | nindent 8 }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} + {{- with .Values.csi.plugin.nodePlugin.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml index b11ef8567..597880c0d 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if .Values.secret.create }} +{{- if and (.Values.secret.create) (.Values.secret.enabled) }} apiVersion: v1 kind: Secret metadata: diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/values.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/values.yaml index 40d986102..7e34d3813 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/values.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/openstack-cinder-csi/values.yaml @@ -8,7 +8,7 @@ csi: attacher: image: repository: registry.k8s.io/sig-storage/csi-attacher - tag: v4.2.0 + tag: v4.4.2@sha256:11b955fe4da278aa0e8ca9d6fd70758f2aec4b0c1e23168c665ca345260f1882 pullPolicy: IfNotPresent resources: {} extraArgs: {} @@ -16,28 +16,28 @@ csi: topology: "true" image: repository: registry.k8s.io/sig-storage/csi-provisioner - tag: v3.4.1 + tag: v3.6.2@sha256:49b94f975603d85a1820b72b1188e5b351d122011b3e5351f98c49d72719aa78 pullPolicy: IfNotPresent resources: {} extraArgs: {} snapshotter: image: repository: registry.k8s.io/sig-storage/csi-snapshotter - tag: v6.2.1 + tag: v6.3.2@sha256:4c5a1b57e685b2631909b958487f65af7746361346fcd82a8635bea3ef14509d pullPolicy: IfNotPresent resources: {} extraArgs: {} resizer: image: repository: registry.k8s.io/sig-storage/csi-resizer - tag: v1.7.0 + tag: v1.9.2@sha256:e998f22243869416f9860fc6a1fb07d4202eac8846defc1b85ebd015c1207605 pullPolicy: IfNotPresent resources: {} extraArgs: {} livenessprobe: image: repository: registry.k8s.io/sig-storage/livenessprobe - tag: v2.9.0 + tag: v2.11.0@sha256:82adbebdf5d5a1f40f246aef8ddbee7f89dea190652aefe83336008e69f9a89f pullPolicy: IfNotPresent failureThreshold: 5 initialDelaySeconds: 10 @@ -48,7 +48,7 @@ csi: nodeDriverRegistrar: image: repository: registry.k8s.io/sig-storage/csi-node-driver-registrar - tag: v2.6.2 + tag: v2.9.2@sha256:a18e989a93722e43885120e90bc1d0da0740fcbf44bc10403572b368b9800606 pullPolicy: IfNotPresent resources: {} extraArgs: {} @@ -56,17 +56,31 @@ csi: image: repository: ghcr.io/edgelesssys/constellation/cinder-csi-plugin pullPolicy: IfNotPresent - tag: # defaults to .Chart.AppVersion + # CSI driver version is independent of Constellation releases + tag: v1.0.1@sha256:65b59c9b64701f92c59d05f80d5b2bae0a2bc281e74b1f0db0fa3802081fd298 volumeMounts: - name: cloud-config mountPath: /etc/kubernetes readOnly: true nodePlugin: + dnsPolicy: ClusterFirstWithHostNet + podSecurityContext: {} + securityContext: {} + # capabilities: + # drop: + # - ALL + # seccompProfile: + # type: RuntimeDefault affinity: {} nodeSelector: {} tolerations: - operator: Exists kubeletDir: /var/lib/kubelet + # Allow for specifying internal IP addresses for multiple hostnames + # hostAliases: + # - ip: "10.0.0.1" + # hostnames: + # - "keystone.hostname.com" controllerPlugin: replicas: 1 strategy: @@ -80,10 +94,36 @@ csi: # maxSurge is the maximum number of pods that can be # created over the desired number of pods. maxSurge: 1 + podSecurityContext: {} + # runAsNonRoot: true + # runAsUser: 65532 + # runAsGroup: 65532 + # fsGroup: 65532 + # fsGroupChangePolicy: OnRootMismatch + securityContext: {} + # capabilities: + # drop: + # - ALL + # seccompProfile: + # type: RuntimeDefault + # readOnlyRootFilesystem: true affinity: {} nodeSelector: {} tolerations: [] + # Allow for specifying internal IP addresses for multiple hostnames + # hostAliases: + # - ip: "10.0.0.1" + # hostnames: + # - "keystone.hostname.com" resources: {} + # Enable built-in http server through the http-endpoint flag + httpEndpoint: + enabled: false + port: 8080 + # Create Prometheus Operator PodMonitor. Requires http server above. + # See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PodMonitor + podMonitor: + enabled: false extraArgs: {} kms: keyServiceName: "key-service" @@ -95,6 +135,12 @@ csi: # for description of individual verbosity levels. logVerbosityLevel: 2 +# the secret should contain the openstack credentials +# there are several options to inject the credentials: +# 1) from kubernetes secret that doesn't exist: set "enabled" and "create" to true, this will create a secret from the values written to "data" down below +# 2) from kubernetes secret that already exists: set "enabled" to true and "create" to false +# 3) from host system path /etc/cloud/cloud.conf: set "enabled" to false and "hostMount" to true +# 4) via agent-injector (e.g. hashicorp vault): set "enabled" and "hostMount" to false, you have to provide credentials on your own by injecting credentials into the pod secret: enabled: true create: false @@ -118,3 +164,6 @@ priorityClassName: "" imagePullSecrets: [] # - name: my-imagepull-secret + +# add annotations to all pods +commonAnnotations: {} diff --git a/internal/constellation/helm/update-csi-charts.sh b/internal/constellation/helm/update-csi-charts.sh index 36ddd7dcd..def06788e 100755 --- a/internal/constellation/helm/update-csi-charts.sh +++ b/internal/constellation/helm/update-csi-charts.sh @@ -77,6 +77,6 @@ download_chart "https://github.com/edgelesssys/constellation-azuredisk-csi-drive download_chart "https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver" "v1.3.0" "charts" "gcp-compute-persistent-disk-csi-driver" ## OpenStack CSI Driver (cinder) -download_chart "https://github.com/edgelesssys/constellation-cloud-provider-openstack" "v1.0.0" "charts/cinder-csi-plugin" "openstack-cinder-csi" +download_chart "https://github.com/edgelesssys/constellation-cloud-provider-openstack" "v1.0.1" "charts/cinder-csi-plugin" "openstack-cinder-csi" echo # final newline