From 0b84522a3e783eebaa3210a9e9d5075347ab3018 Mon Sep 17 00:00:00 2001 From: Sidharth Sharma Date: Mon, 1 Jun 2026 07:27:29 +0000 Subject: [PATCH] Patch 1.10.2 changes to main --- .../powerflex/v2.15.2/controller.yaml | 298 ++++++++++ .../powerflex/v2.15.2/csidriver.yaml | 14 + .../v2.15.2/driver-config-params.yaml | 13 + .../driverconfig/powerflex/v2.15.2/node.yaml | 371 +++++++++++++ .../powerflex/v2.15.2/upgrade-path.yaml | 1 + .../moduleconfig/common/version-values.yaml | 5 + .../1.10.2/storage_csm_authorization_v2.yaml | 125 +++++ .../1.10.2/storage_csm_powerflex_v2152.yaml | 468 ++++++++++++++++ .../1.10.2/storage_csm_powermax_v2151.yaml | 518 +++++++++++++++++ .../1.10.2/storage_csm_powerscale_v2151.yaml | 522 ++++++++++++++++++ .../1.10.2/storage_csm_powerstore_v2151.yaml | 459 +++++++++++++++ .../ocp/1.10.2/storage_csm_unity_v2151.yaml | 194 +++++++ .../minimal-samples/powerflex_v2152.yaml | 54 ++ .../v2.15.0/storage_csm_powerflex_v2152.yaml | 456 +++++++++++++++ 14 files changed, 3498 insertions(+) create mode 100644 operatorconfig/driverconfig/powerflex/v2.15.2/controller.yaml create mode 100644 operatorconfig/driverconfig/powerflex/v2.15.2/csidriver.yaml create mode 100644 operatorconfig/driverconfig/powerflex/v2.15.2/driver-config-params.yaml create mode 100644 operatorconfig/driverconfig/powerflex/v2.15.2/node.yaml create mode 100644 operatorconfig/driverconfig/powerflex/v2.15.2/upgrade-path.yaml create mode 100644 samples/ocp/1.10.2/storage_csm_authorization_v2.yaml create mode 100644 samples/ocp/1.10.2/storage_csm_powerflex_v2152.yaml create mode 100644 samples/ocp/1.10.2/storage_csm_powermax_v2151.yaml create mode 100644 samples/ocp/1.10.2/storage_csm_powerscale_v2151.yaml create mode 100644 samples/ocp/1.10.2/storage_csm_powerstore_v2151.yaml create mode 100644 samples/ocp/1.10.2/storage_csm_unity_v2151.yaml create mode 100644 samples/v2.15.0/minimal-samples/powerflex_v2152.yaml create mode 100644 samples/v2.15.0/storage_csm_powerflex_v2152.yaml diff --git a/operatorconfig/driverconfig/powerflex/v2.15.2/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.15.2/controller.yaml new file mode 100644 index 00000000..99a72033 --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.15.2/controller.yaml @@ -0,0 +1,298 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "patch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + # below for snapshotter + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + # Permissions for ReplicationReplicator + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["create", "get", "list", "watch"] + # Permissions for configmaps needed by NFS without SDC + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +# Role for Driver-specific Permissions in a Namespace +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller + namespace: +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +# RoleBinding for Driver-specific Role +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller + namespace: +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: Role + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: + annotations: + com.dell.karavi-authorization-proxy: "true" +spec: + strategy: + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + name: -controller + replicas: 2 + template: + metadata: + labels: + name: -controller + csmNamespace: + annotations: + kubectl.kubernetes.io/default-container: driver + spec: + affinity: + nodeSelector: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + serviceAccountName: -controller + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.9.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.3.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--feature-gates=Topology=true" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--leader-election=true" + - "--timeout=120s" + - "--v=5" + - "--default-fstype=ext4" + - "--extra-create-metadata" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-external-health-monitor-controller + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.15.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + - "--enable-node-watcher=true" + - "--http-endpoint=:8080" + - "--monitor-interval=60s" + - "--timeout=180s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.3.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=120s" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.14.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.15.2 + imagePullPolicy: IfNotPresent + command: ["/csi-vxflexos.sh"] + args: + - "--array-config=/vxflexos-config/config" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: false + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: false + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_QUOTA_ENABLED + value: + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + - name: GOSCALEIO_DEBUG + value: + - name: GOSCALEIO_SHOWHTTP + value: + - name: X_CSI_PROBE_TIMEOUT + value: + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: vxflexos-config + mountPath: /vxflexos-config + - name: vxflexos-config-params + mountPath: /vxflexos-config-params + - name: certs + mountPath: /certs + readOnly: true + volumes: + - name: socket-dir + emptyDir: + - name: vxflexos-config + secret: + secretName: -config + - name: vxflexos-config-params + configMap: + name: -config-params + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 diff --git a/operatorconfig/driverconfig/powerflex/v2.15.2/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.15.2/csidriver.yaml new file mode 100644 index 00000000..431b4fe0 --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.15.2/csidriver.yaml @@ -0,0 +1,14 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-vxflexos.dellemc.com + labels: + security.openshift.io/csi-ephemeral-volume-profile: restricted +spec: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/operatorconfig/driverconfig/powerflex/v2.15.2/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.15.2/driver-config-params.yaml new file mode 100644 index 00000000..7572831c --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.15.2/driver-config-params.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: |- + CSI_LOG_LEVEL: "info" + CSI_LOG_FORMAT: "TEXT" + PODMON_CONTROLLER_LOG_LEVEL: "debug" + PODMON_CONTROLLER_LOG_FORMAT: "TEXT" + PODMON_NODE_LOG_LEVEL: "debug" + PODMON_NODE_LOG_FORMAT: "TEXT" diff --git a/operatorconfig/driverconfig/powerflex/v2.15.2/node.yaml b/operatorconfig/driverconfig/powerflex/v2.15.2/node.yaml new file mode 100644 index 00000000..64e142ad --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.15.2/node.yaml @@ -0,0 +1,371 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +# Role for Driver-specific Permissions in a Namespace +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node + namespace: +--- +# RoleBinding for Driver-specific Role +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node + namespace: +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: Role + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: + annotations: + com.dell.karavi-authorization-proxy: "true" +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + driver.dellemc.com: dell-storage + csmNamespace: + annotations: + kubectl.kubernetes.io/default-container: driver + spec: + serviceAccount: -node + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostPID: false + containers: + - name: driver + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: ["SYS_ADMIN"] + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.15.2 + imagePullPolicy: IfNotPresent + command: ["/csi-vxflexos.sh"] + args: + - "--array-config=/vxflexos-config/config" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: unix:///plugins/vxflexos.emc.dell.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/vxflexos.emc.dell.com/disks" + - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS + value: false + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_SDC_ENABLED + value: + - name: X_CSI_APPROVE_SDC_ENABLED + value: + - name: X_CSI_RENAME_SDC_ENABLED + value: + - name: X_CSI_RENAME_SDC_PREFIX + value: + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: + - name: GOSCALEIO_DEBUG + value: + - name: GOSCALEIO_SHOWHTTP + value: + - name: X_CSI_SDC_SFTP_REPO_ENABLED + value: + - name: X_CSI_POWERFLEX_KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: RELEASE_NAME + value: + - name: X_CSI_PROBE_TIMEOUT + value: + volumeMounts: + - name: driver-path + mountPath: /plugins/vxflexos.emc.dell.com + mountPropagation: "Bidirectional" + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + # will be removed if installing on OpenShift + - name: scaleio-path-bin + mountPath: /bin/emc/scaleio/ + readOnly: true + - name: scaleio-path-opt + mountPath: /opt/emc/scaleio/sdc/bin + readOnly: true + - name: dev + mountPath: /dev + - name: vxflexos-config + mountPath: /vxflexos-config + - name: vxflexos-config-params + mountPath: /vxflexos-config-params + - name: certs + mountPath: /certs + readOnly: true + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.14.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/vxflexos.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + - name: sdc-monitor + securityContext: + privileged: true + image: quay.io/dell/storage/powerflex/sdc:4.5.4 + imagePullPolicy: IfNotPresent + env: + - name: HOST_PID + value: "1" + - name: HOST_NET + value: "1" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MODE + value: "monitoring" + volumeMounts: + - name: dev + mountPath: /dev + - name: os-release + mountPath: /host-os-release + - name: sdc-storage + mountPath: /storage + - name: udev-d + mountPath: /rules.d + - name: host-opt-emc-path + mountPath: /host_opt_emc_path + initContainers: + - name: mdm-container + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.15.2 + imagePullPolicy: IfNotPresent + command: ["/csi-vxflexos.sh"] + args: + - "--array-config=/vxflexos-config/config" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + env: + - name: X_CSI_MODE + value: mdm-info + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: vxflexos-config + mountPath: /vxflexos-config + - name: vxflexos-config-params + mountPath: /vxflexos-config-params + - name: certs + mountPath: /certs + readOnly: true + - name: mdm-dir + mountPath: /data + - name: sdc + securityContext: + privileged: true + image: quay.io/dell/storage/powerflex/sdc:4.5.4 + imagePullPolicy: IfNotPresent + command: + - "/bin/sh" + - "-c" + - | + source /data/node_mdms.txt + /files/scripts/init.sh + env: + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MODE + value: "config" + - name: HOST_DRV_CFG_PATH + value: /opt/emc/scaleio/sdc/bin + - name: REPO_ADDRESS + value: "" + - name: REPO_USER + value: "" + - name: MODULE_SIGCHECK + value: "0" + volumeMounts: + - name: dev + mountPath: /dev + - name: os-release + mountPath: /host-os-release + - name: sdc-storage + mountPath: /storage + - name: udev-d + mountPath: /rules.d + - name: sftp-keys + mountPath: /config/ + - name: scaleio-path-opt + mountPath: /host_drv_cfg_path + - name: host-opt-emc-path + mountPath: /host_opt_emc_path + - name: mdm-dir + mountPath: /data + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/vxflexos.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + # will be removed if installing on OpenShift + - name: scaleio-path-bin + hostPath: + path: /bin/emc/scaleio/ + type: DirectoryOrCreate + - name: scaleio-path-opt + hostPath: + path: /opt/emc/scaleio/sdc/bin + type: DirectoryOrCreate + - name: sdc-storage + hostPath: + path: /var/emc-scaleio + type: DirectoryOrCreate + - name: udev-d + hostPath: + path: /etc/udev/rules.d + type: Directory + # will be removed if sftp is not enabled + - name: sftp-keys + projected: + defaultMode: 384 + sources: + - secret: + name: sdcsftprepo-private-secret + - secret: + name: sdcsftprepo-public-secret + - name: os-release + hostPath: + path: /etc/os-release + type: File + - name: host-opt-emc-path + hostPath: + path: /opt/emc + type: Directory + - name: vxflexos-config + secret: + secretName: -config + - name: vxflexos-config-params + configMap: + name: -config-params + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory + - name: mdm-dir + emptyDir: {} + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 diff --git a/operatorconfig/driverconfig/powerflex/v2.15.2/upgrade-path.yaml b/operatorconfig/driverconfig/powerflex/v2.15.2/upgrade-path.yaml new file mode 100644 index 00000000..91e3258f --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.15.2/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.13.0 diff --git a/operatorconfig/moduleconfig/common/version-values.yaml b/operatorconfig/moduleconfig/common/version-values.yaml index d7dffc4e..5b395625 100644 --- a/operatorconfig/moduleconfig/common/version-values.yaml +++ b/operatorconfig/moduleconfig/common/version-values.yaml @@ -33,6 +33,11 @@ powerflex: replication: "v1.13.0" observability: "v1.13.1" resiliency: "v1.14.0" + v2.15.2: + authorization: "v2.3.0" + replication: "v1.13.0" + observability: "v1.13.1" + resiliency: "v1.14.0" v2.16.0: authorization: "v2.4.0" replication: "v1.14.0" diff --git a/samples/ocp/1.10.2/storage_csm_authorization_v2.yaml b/samples/ocp/1.10.2/storage_csm_authorization_v2.yaml new file mode 100644 index 00000000..bc8cc4f9 --- /dev/null +++ b/samples/ocp/1.10.2/storage_csm_authorization_v2.yaml @@ -0,0 +1,125 @@ +# Copyright © 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: authorization + namespace: authorization +spec: + modules: + # Authorization: enable csm-authorization proxy server for RBAC + - name: authorization-proxy-server + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v2.3.0 + forceRemoveModule: true + components: + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: registry.connect.redhat.com/dell-emc/dell-csm-authorization-proxy@sha256:a265ec058b102d1cf175deb2b80718d28f6728c094ee3b5367a07473a0dc2682 + proxyServiceReplicas: 1 + tenantService: registry.connect.redhat.com/dell-emc/dell-csm-authorization-tenant@sha256:687faaa76ac70ab5f9f452c8a70d5ac45b1968ea2adc60198f2fd3e09b41e358 + tenantServiceReplicas: 1 + roleService: registry.connect.redhat.com/dell-emc/dell-csm-authorization-role@sha256:d09ffef1866f24bffab2a0d38af11fbbc528b1eae04db1246617b5f366ae545c + roleServiceReplicas: 1 + storageService: registry.connect.redhat.com/dell-emc/dell-csm-authorization-storage@sha256:ecaafb211be66f090b468bce366fe870877cb921a14f53fc63ffb1a3f26405d5 + storageServiceReplicas: 1 + opa: docker.io/openpolicyagent/opa@sha256:2b1c4b231f6dfa6a2baea4af4109203b10cd4b65e836d72f03bfe5d8dfce7095 + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt@sha256:f5bf223771237756a56168729defb608ec2941c9b701d1f1af96f9ae82966517 + authorizationController: registry.connect.redhat.com/dell-emc/dell-csm-authorization-controller@sha256:6de38a3c833ce514dd8bf496a23157ff9f11aeca6359095c5ac41a38ba3ec231 + authorizationControllerReplicas: 1 + leaderElection: true + # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. + controllerReconcileInterval: 5m + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + # proxy-server ingress will use this hostname + # NOTE: an additional hostname can be configured in proxyServerIngress.hosts + # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required + hostname: "csm-authorization.com" + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx + # additional host rules for the proxy-server ingress + hosts: [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local + + # additional annotations for the proxy-server ingress + annotations: {} + # openTelemetryCollectorAddress: the OTLP receiving endpoint using gRPC + openTelemetryCollectorAddress: "" + - name: redis + redis: docker.io/library/redis@sha256:7521abdff715d396aa482183942f3fe643344287c29ccb66eee16ac08a92190f + commander: docker.io/rediscommander/redis-commander@sha256:19cd0c49f418779fa2822a0496c5e6516d0c792effc39ed20089e6268477e40a + redisName: redis-csm + redisCommander: rediscommander + sentinel: sentinel + redisReplicas: 5 + - name: vault + vaultConfigurations: + - identifier: vault0 + address: https://10.0.0.1:8400 + role: csm-authorization + skipCertificateValidation: true + # clientCertificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientCertificate: "" + # clientKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientKey: "" + # certificateAuthority: base64-encoded certificate authority for validating vault server certificate -- add certificate authority here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificateAuthority: "" +# - identifier: vault0 +# address: https://10.0.0.1:8400 +# role: csm-authorization +# skipCertificateValidation: true +# clientCertificate: +# clientKey: +# certificateAuthority: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: csm-config-params + namespace: authorization +data: + csm-config-params.yaml: |- + CONCURRENT_STORAGE_REQUESTS: 10 + LOG_LEVEL: debug + STORAGE_CAPACITY_POLL_INTERVAL: 30m diff --git a/samples/ocp/1.10.2/storage_csm_powerflex_v2152.yaml b/samples/ocp/1.10.2/storage_csm_powerflex_v2152.yaml new file mode 100644 index 00000000..4dccd920 --- /dev/null +++ b/samples/ocp/1.10.2/storage_csm_powerflex_v2152.yaml @@ -0,0 +1,468 @@ +# Copyright © 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: vxflexos + namespace: vxflexos +spec: + driver: + csiDriverType: "powerflex" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: File + fSGroupPolicy: "File" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.15.2 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceRemoveDriver: true + common: + image: "registry.connect.redhat.com/dell-emc/dell-csm-powerflex@sha256:c93b482fd50724a03a5795b9147d8e609395dbadbc04e8f6e18df6535a08e59b" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + # Log level for CSI driver, passed to logrus. + # Options are "PANIC", "FATAL", "ERROR", "WARN", "INFO", + # "DEBUG", and "TRACE". + - name: CSI_LOG_LEVEL + value: "INFO" + # GOSCALEIO_DEBUG: Enable/disable debug logs from goscaleio library. + # Default value: false + - name: GOSCALEIO_DEBUG + value: "false" + # GOSCALEIO_SHOWHTTP: Enable/disable HTTP requests and responses from goscaleio library + - name: GOSCALEIO_SHOWHTTP + value: "false" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + - name: "CERT_SECRET_COUNT" + value: "0" + - name: X_CSI_QUOTA_ENABLED + value: "false" + # CSI driver interface names for NFS deployment without SDC + # Multiple interface names should be separated by comma + # Ensure to single quote the whole value and double quote each interface name + # Examples: 'worker1: "interface1",worker2: "interface2"' + # Default value: None, required only when X_CSI_SDC_ENABLED is set to false + - name: INTERFACE_NAMES + value: + # X_CSI_PROBE_TIMEOUT: Specify the timeout limit for controller and node to communicate with the array. + # Allowed values: 1s, 10s, etc. + # In the format of a duration. + # Default value: 10s + - name: X_CSI_PROBE_TIMEOUT + value: "10s" + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner@sha256:bb057f866177d5f4139a1527e594499cbe0feeb67b63aaca8679dfdf0a6016f9 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher@sha256:5aaefc24f315b182233c8b6146077f8c32e274d864cb03c632206e78bd0302da + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:5244abbe87e01b35adeb8bb13882a74785df0c0619f8325c9e950395c3f72a97 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer@sha256:5e7cbb63fd497fa913caa21fee1a69f727c220c6fa83c5f8bb0995e2ad73a474 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:bc7be893ecc3ad524194aa6573b2f5c06cd469bdf21a500ab6c99c2ba1c4d64d + - name: csi-metadata-retriever + image: registry.connect.redhat.com/dell-emc/dell-csm-metadata-retriever@sha256:6de94d91a17a401b5f2e5cdf7bb50cd053521deaf1e189340d21c4249e8c4bf1 + # sdc-monitor is disabled by default, due to high CPU usage + - name: sdc-monitor + enabled: false + image: quay.io/dell/storage/powerflex/sdc@sha256:4aca94f895636efcc7308aeb8b083cb2f15133e255185b8db0805b9649ca8540 + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # Default monitor-interval: 60s + - name: csi-external-health-monitor-controller + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:ce054c6fade575e9d4dbd4c3d65b9c5d1b05160aacfb9cf8d8cac51d73f3ccea + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + # - name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERFLEX_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: None + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + # "controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_SDC_ENABLED: Enable/Disable SDC + # Allowed values: + # true: enable SDC + # false: disable SDC + # Default value: true + - name: X_CSI_SDC_ENABLED + value: "true" + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval + # Allowed values: + # true: enable SDC approval based on either GUID or IP address, depending on the restricted SDC mode configured in PowerFlex system + # false: disable SDC approval based on either GUID or IP address, depending on the restricted SDC mode configured in PowerFlex system + # Default value: false + - name: X_CSI_APPROVE_SDC_ENABLED + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_RENAME_SDC_ENABLED: Enable/Disable rename of SDC + # Allowed values: + # true: enable renaming + # false: disable renaming + # Default value: false + - name: X_CSI_RENAME_SDC_ENABLED + value: "false" + # X_CSI_RENAME_SDC_PREFIX: defines a string for prefix of the SDC name. + # "prefix" + "worker_node_hostname" should not exceed 31 chars. + # Default value: none + # Examples: "rhel-sdc", "sdc-test" + - name: X_CSI_RENAME_SDC_PREFIX + value: "" + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # If value is zero Container Orchestrator shall decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'maxVxflexosVolumesPerNode' is not set. + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + # X_CSI_SDC_SFTP_REPO_ENABLED: Enable/Disable SDC SFTP repository + - name: X_CSI_SDC_SFTP_REPO_ENABLED + value: "false" + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "node.tolerations" defines tolerations that would be applied to node daemonset + # Leave as blank to install node driver only on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + initContainers: + - image: quay.io/dell/storage/powerflex/sdc@sha256:4aca94f895636efcc7308aeb8b083cb2f15133e255185b8db0805b9649ca8540 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + - name: REPO_ADDRESS + value: "sftp://0.0.0.0" # SFTP/private repository address. Format: "protocol://address" + - name: REPO_USER + value: "sdcRepoUser" # provide username to authenticate to the SFTP repo + - name: MODULE_SIGCHECK + value: "0" + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enabled: Enable/Disable csm-authorization + enabled: false + # For PowerFlex Tech-Preview v2.0.0-alpha use v1.11.0 as configVersion. + # Do not change the configVersion to v2.0.0-alpha + configVersion: v2.3.0 + components: + - name: karavi-authorization-proxy + # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.3.0 + image: registry.connect.redhat.com/dell-emc/dell-csm-authorization-sidecar@sha256:fadcba26fe3464925b7b8857d470204ba43a72e75edd32ffa83675c1db6530da + envs: + # proxyHost: hostname of the csm-authorization server + # Default value: none + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + # Default value: "true" + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + # Default value: false + enabled: false + configVersion: v1.13.1 + components: + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + # Default value: false + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector@sha256:6d260efde7406a1f7d731a5d9663cb6ce25fa634f3ef3ef4a69266aaae1680fd + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "quay.io/nginx/nginx-unprivileged:1.27" + - name: "NGINX_PROXY_IMAGE" + value: "quay.io/nginx/nginx-unprivileged@sha256:f9dfa9c20b2b0b7c5cc830374f22f23dee3f750b6c5291ca7e0330b5c88e6403" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: false + - name: metrics-powerflex + # enabled: Enable/Disable PowerFlex metrics + # Default value: false + enabled: false + # image: Defines PowerFlex metrics image. This shouldn't be changed + image: registry.connect.redhat.com/dell-emc/dell-csm-metrics-powerflex@sha256:61390c6019a1b9505e405f7ca42c55971710671623991a4d1f431e414ec4679e + envs: + # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERFLEX_SDC_METRICS_ENABLED: enable/disable collection of sdc metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_SDC_METRICS_ENABLED" + value: "true" + # POWERFLEX_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_VOLUME_METRICS_ENABLED" + value: "true" + # POWERFLEX_STORAGE_POOL_METRICS_ENABLED: enable/disable collection of storage pool metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_STORAGE_POOL_METRICS_ENABLED" + value: "true" + # POWERFLEX_SDC_IO_POLL_FREQUENCY: set polling frequency to get sdc metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_SDC_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_VOLUME_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_STORAGE_POOL_POLL_FREQUENCY" + value: "10" + # POWERFLEX_TOPOLOGY_METRICS_ENABLED: enable/disable collection of topology metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_TOPOLOGY_METRICS_ENABLED" + value: "true" + # POWERFLEX_TOPOLOGY_METRICS_POLL_FREQUENCY: set polling frequency to get topology metrics data + # Allowed values: int + # Default value: 30 + - name: "POWERFLEX_TOPOLOGY_METRICS_POLL_FREQUENCY" + value: "30" + # PowerFlex metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERFLEX_LOG_LEVEL" + value: "INFO" + # PowerFlex Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERFLEX_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + # Replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.13.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: registry.connect.redhat.com/dell-emc/dell-csm-replicator@sha256:b427913a72121a261161cf2f81bb991dfd383fa1703d20f1f1ff4fb5743eba16 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerflex" + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: registry.connect.redhat.com/dell-emc/dell-csm-replication-controller-manager@sha256:8cad45a81bd05be95170944850dd1b8b5fb7c8c5ee0397420d04cd2155ba52fa + envs: + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + # DISABLE_PVC_REMAP: Disable PVC remapping for replication in single cluster configuration + # Allowed values: + # true: Disable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + - name: "DISABLE_PVC_REMAP" + value: "false" + # REPLICATION_ALLOW_PVC_CREATION_ON_TARGET: It Creates PVC on target cluster using replicated PV. + # Allowed values: + # true: It creates a PVC on target cluster against replicated PV + # false: simply updates claimref on replicated PV on target cluster without actually creating a PVC + # Default value: false + - name: "REPLICATION_ALLOW_PVC_CREATION_ON_TARGET" + value: "false" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.14.0 + components: + - name: podmon-controller + image: registry.connect.redhat.com/dell-emc/dell-csm-podmon@sha256:68780493ea9718faa399babd40cf09e1ace43e6a63a878d37612fec377067ebe + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-vxflexos" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 3 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + - name: podmon-node + image: registry.connect.redhat.com/dell-emc/dell-csm-podmon@sha256:68780493ea9718faa399babd40cf09e1ace43e6a63a878d37612fec377067ebe + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-vxflexos" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + # Below 3 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/samples/ocp/1.10.2/storage_csm_powermax_v2151.yaml b/samples/ocp/1.10.2/storage_csm_powermax_v2151.yaml new file mode 100644 index 00000000..24cad304 --- /dev/null +++ b/samples/ocp/1.10.2/storage_csm_powermax_v2151.yaml @@ -0,0 +1,518 @@ +# +# Copyright © 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: powermax + namespace: powermax +spec: + # Add fields here + driver: + csiDriverType: "powermax" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.15.1 + # replica: Define the number of PowerMax controller nodes + # to deploy to the Kubernetes release + # Controller count + # Allowed values: n, where n > 0 + # Default value: 2 + replicas: 2 + # Default credential secret for Powermax, if not set it to "" + authSecret: powermax-creds + dnsPolicy: ClusterFirstWithHostNet + forceRemoveDriver: true + common: + image: registry.connect.redhat.com/dell-emc/dell-csm-powermax@sha256:9f879b571cf4f8935a2bc02d17c627327ab115aae989addf6a1f960ac8611cb6 + # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. + # Allowed values: + # Always: Always pull the image. + # IfNotPresent: Only pull the image if it does not already exist on the node. + # Never: Never pull the image. + # Default value: None + imagePullPolicy: IfNotPresent + envs: + # X_CSI_MANAGED_ARRAYS: Serial ID of the arrays that will be used for provisioning + # Default value: None + # Examples: "000000000001,000000000002" + - name: X_CSI_MANAGED_ARRAYS + value: "000000000001,000000000002" + # X_CSI_POWERMAX_PORTGROUPS: Define the set of existing port groups that the driver will use. + # It is a comma separated list of portgroup names. + # Required only in case of iSCSI and NVMe/TCP only + # Allowed values: iSCSI or NVMe/TCP Port Group names + # Default value: None + # Examples: "pg1", "pg1, pg2" + - name: X_CSI_POWERMAX_PORTGROUPS + value: "" + # "X_CSI_TRANSPORT_PROTOCOL" can be "FC" or "FIBRE" for fibrechannel, + # "ISCSI" for iSCSI, + # "NVMETCP" for NVMeTCP or "" for autoselection. + # Allowed values: + # "FC" - Fiber Channel protocol + # "FIBER" - Fiber Channel protocol + # "ISCSI" - iSCSI protocol + # "NVMETCP" = NVMeTCP protocol + # "" - Automatic selection of transport protocol + # Default value: "" defaults to auto if nothing is specified + - name: X_CSI_TRANSPORT_PROTOCOL + value: "" + # X_CSI_K8S_CLUSTER_PREFIX: Define a prefix that is appended onto + # all resources created in the Array + # This should be unique per K8s/CSI deployment + # maximum length of this value is 3 characters + # Default value: "CSM" + # Examples: "XYZ", "EMC" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "CSM" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + # VMware/vSphere virtualization support + # set X_CSI_VSPHERE_ENABLED to true, if you to enable VMware virtualized environment support via RDM + # Allowed values: + # "true" - vSphere volumes are enabled + # "false" - vSphere volumes are disabled + # Default value: "false" + - name: "X_CSI_VSPHERE_ENABLED" + value: "false" + # X_CSI_VSPHERE_PORTGROUP: An existing portGroup that driver will use for vSphere + # recommended format: csi-x-VC-PG, x can be anything of user choice + # Allowed value: valid existing port group on the array + # Default value: "" + - name: "X_CSI_VSPHERE_PORTGROUP" + value: "" + # X_CSI_VSPHERE_HOSTNAME: An existing host(initiator group)/ host group(cascaded initiator group) that driver will use for vSphere + # this host should contain initiators from all the ESXs/ESXi host where the cluster is deployed + # recommended format: csi-x-VC-HN, x can be anything of user choice + # Allowed value: valid existing host/host group on the array + # Default value: "" + - name: "X_CSI_VSPHERE_HOSTNAME" + value: "" + # X_CSI_VCENTER_HOST: URL/endpoint of the vCenter where all the ESX are present + # Allowed value: valid vCenter host endpoint + # Default value: "" + - name: "X_CSI_VCENTER_HOST" + value: "" + # CSI driver log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "CSI_LOG_LEVEL" + value: "info" + # X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION: It determines if driver is going to skip verification + # of TLS certificates while connecting to Unisphere RESTAPI interface + # If it is set to false, + # then a secret powermax-certs has to be created with a X.509 certificate of CA + # which signed the Unisphere certificate + # Allowed values: + # "true" - TLS certificates verification will be skipped + # "false" - TLS certificates will be verified + # Default value: "true" + - name: "X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION" + value: "true" + # CSI driver log format + # Allowed values: "TEXT" or "JSON" + # Default value: "TEXT" + - name: "CSI_LOG_FORMAT" + value: "TEXT" + # X_CSI_POWERMAX_DEBUG: Enable/disable debug logs from gopowermax library. + - name: "X_CSI_POWERMAX_DEBUG" + value: "true" + # X_CSI_REVPROXY_USE_SECRET: Define whether or not to use the new secret format for the reverse proxy. + # Allowed values: + # "true" - Use secret format for the reverse proxy + # "false" - Use configmap format for the reverse proxy + # Default value: "false" + - name: "X_CSI_REVPROXY_USE_SECRET" + value: "false" + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin- volume usage, volume condition + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # nodeSelector: Define node selection constraints for controller pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Allowed values: map of key-value pairs + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_POWERMAX_ISCSI_ENABLE_CHAP: Determine if the driver is going to configure + # ISCSI node databases on the nodes with the CHAP credentials + # If enabled, the CHAP secret must be provided in the credentials secret + # and set to the key "chapsecret" + # Allowed values: + # "true" - CHAP is enabled + # "false" - CHAP is disabled + # Default value: "false" + - name: X_CSI_POWERMAX_ISCSI_ENABLE_CHAP + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin- volume usage, volume condition + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_TOPOLOGY_CONTROL_ENABLED provides a way to filter topology keys on a node based on array and transport protocol + # if enabled, user can create custom topology keys by editing node-topology-config configmap. + # Allowed values: + # true: enable the filtration based on config map + # false: disable the filtration based on config map + # Default value: false + - name: X_CSI_TOPOLOGY_CONTROL_ENABLED + value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerMax volumes that the controller can schedule on the node + # Allowed values: Any value greater than or equal to 0 + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations that would be applied to node daemonset + # Add/Remove tolerations as per requirement + # Leave as blank if you wish to not apply any tolerations + # Allowed values: map of key-value pairs + # Default value: None + tolerations: + - key: "node.kubernetes.io/memory-pressure" + operator: "Exists" + effect: "NoExecute" + - key: "node.kubernetes.io/disk-pressure" + operator: "Exists" + effect: "NoExecute" + - key: "node.kubernetes.io/network-unavailable" + operator: "Exists" + effect: "NoExecute" + # Uncomment and tab if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment and tab if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.powermax.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "powermax.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner@sha256:bb057f866177d5f4139a1527e594499cbe0feeb67b63aaca8679dfdf0a6016f9 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher@sha256:5aaefc24f315b182233c8b6146077f8c32e274d864cb03c632206e78bd0302da + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:5244abbe87e01b35adeb8bb13882a74785df0c0619f8325c9e950395c3f72a97 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer@sha256:5e7cbb63fd497fa913caa21fee1a69f727c220c6fa83c5f8bb0995e2ad73a474 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:bc7be893ecc3ad524194aa6573b2f5c06cd469bdf21a500ab6c99c2ba1c4d64d + - name: csi-metadata-retriever + image: registry.connect.redhat.com/dell-emc/dell-csm-metadata-retriever@sha256:6de94d91a17a401b5f2e5cdf7bb50cd053521deaf1e189340d21c4249e8c4bf1 + # health monitor is disabled by default, refer to driver documentation before enabling it + # Default monitor-interval: 60s + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:ce054c6fade575e9d4dbd4c3d65b9c5d1b05160aacfb9cf8d8cac51d73f3ccea + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure only when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + # - name: provisioner + # args: ["--capacity-poll-interval=5m"] + modules: + # CSI Powermax Reverseproxy is a mandatory module for Powermax + - name: csireverseproxy + configVersion: v2.14.1 + components: + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + image: registry.connect.redhat.com/dell-emc/dell-csm-powermax-reverseproxy@sha256:eeb95f0f5413314d14e7a5ef2279cef93182e229815577779574ba4d781e2c3e + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "true" + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enabled: Enable/Disable csm-authorization + # Default value: false + enabled: false + configVersion: v2.3.0 + components: + - name: karavi-authorization-proxy + image: registry.connect.redhat.com/dell-emc/dell-csm-authorization-sidecar@sha256:fadcba26fe3464925b7b8857d470204ba43a72e75edd32ffa83675c1db6530da + envs: + # proxyHost: hostname of the csm-authorization server + # Default value: none + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + # Default value: "true" + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + # Replication: allows configuring replication module + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.13.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: registry.connect.redhat.com/dell-emc/dell-csm-replicator@sha256:b427913a72121a261161cf2f81bb991dfd383fa1703d20f1f1ff4fb5743eba16 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powermax + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powermax" + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: registry.connect.redhat.com/dell-emc/dell-csm-replication-controller-manager@sha256:8cad45a81bd05be95170944850dd1b8b5fb7c8c5ee0397420d04cd2155ba52fa + envs: + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + # DISABLE_PVC_REMAP: Disable PVC remapping for replication in single cluster configuration + # Allowed values: + # true: Disable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + - name: "DISABLE_PVC_REMAP" + value: "false" + # REPLICATION_ALLOW_PVC_CREATION_ON_TARGET: It Creates PVC on target cluster using replicated PV. + # Allowed values: + # true: It creates a PVC on target cluster against replicated PV + # false: simply updates claimref on replicated PV on target cluster without actually creating a PVC + # Default value: false + - name: "REPLICATION_ALLOW_PVC_CREATION_ON_TARGET" + value: "false" + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + # Default value: false + enabled: false + configVersion: v1.13.0 + components: + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + # Default value: false + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector@sha256:6d260efde7406a1f7d731a5d9663cb6ce25fa634f3ef3ef4a69266aaae1680fd + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "quay.io/nginx/nginx-unprivileged:1.27" + - name: "NGINX_PROXY_IMAGE" + value: "quay.io/nginx/nginx-unprivileged@sha256:f9dfa9c20b2b0b7c5cc830374f22f23dee3f750b6c5291ca7e0330b5c88e6403" + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + - name: metrics-powermax + # enabled: Enable/Disable PowerMax metrics + # Default value: false + enabled: false + # image: Defines PowerMax metrics image. This shouldn't be changed + image: registry.connect.redhat.com/dell-emc/dell-csm-metrics-powermax@sha256:baab9e0c17eb30a1a33832b8384d82bfff03ad378d432897231eab83dc679414 + envs: + # POWERMAX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerMax + # Allowed values: int + # Default value: 10 + - name: "POWERMAX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERMAX_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERMAX_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERMAX_PERFORMANCE_METRICS_ENABLED: enable/disable collection of volume performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERMAX_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERMAX_TOPOLOGY_METRICS_ENABLED: enable/disable collection of topology metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERMAX_TOPOLOGY_METRICS_ENABLED" + value: "true" + # POWERMAX_TOPOLOGY_METRICS_POLL_FREQUENCY: set polling frequency to get topology metrics + # Allowed values: int + # Default value: 30 + - name: "POWERMAX_TOPOLOGY_METRICS_POLL_FREQUENCY" + value: "30" + # POWERMAX_CAPACITY_POLL_FREQUENCY: set polling frequency to get capacity metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERMAX_CAPACITY_POLL_FREQUENCY" + value: "20" + # POWERMAX_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get volume performance data + # Allowed values: int + # Default value: 20 + - name: "POWERMAX_PERFORMANCE_POLL_FREQUENCY" + value: "20" + # PowerMax metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERMAX_LOG_LEVEL" + value: "INFO" + # PowerMax Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERMAX_LOG_FORMAT" + value: "TEXT" + # otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + # configMap name which has all array/endpoint related info + - name: "X_CSI_CONFIG_MAP_NAME" + value: "powermax-reverseproxy-config" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.14.0 + components: + - name: podmon-controller + image: registry.connect.redhat.com/dell-emc/dell-csm-podmon@sha256:68780493ea9718faa399babd40cf09e1ace43e6a63a878d37612fec377067ebe + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-powermax" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" + - "--driverPath=csi-powermax.dellemc.com" + - name: podmon-node + image: registry.connect.redhat.com/dell-emc/dell-csm-podmon@sha256:68780493ea9718faa399babd40cf09e1ace43e6a63a878d37612fec377067ebe + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-powermax" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/powermax.emc.dell.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" + - "--driverPath=csi-powermax.dellemc.com" diff --git a/samples/ocp/1.10.2/storage_csm_powerscale_v2151.yaml b/samples/ocp/1.10.2/storage_csm_powerscale_v2151.yaml new file mode 100644 index 00000000..3526657c --- /dev/null +++ b/samples/ocp/1.10.2/storage_csm_powerscale_v2151.yaml @@ -0,0 +1,522 @@ +# Copyright © 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: isilon + namespace: isilon +spec: + driver: + csiDriverType: "isilon" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.15.1 + authSecret: isilon-creds + # Controller count + # Allowed values: n, where n > 0 + # Default value: 2 + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + # Uninstall CSI Driver and/or modules when CR is deleted + forceRemoveDriver: true + common: + image: "registry.connect.redhat.com/dell-emc/dell-csm-powerscale@sha256:83827890fccaa3aa0006fdb7af5f41522890adcc499d4d7f40d439a97a95ecfb" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs + # Allowed Values: + # 0: log full content of the HTTP request and response + # 1: log without the HTTP response body + # 2: log only 1st line of the HTTP request and response + # Default value: 0 + - name: X_CSI_VERBOSE + value: "1" + # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server + # This value acts as a default value for endpointPort, if not specified for a cluster config in secret + # Allowed value: valid port number + # Default value: 8080 + - name: X_CSI_ISI_PORT + value: "8080" + # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. + # This value acts as a default value for isiPath, if not specified for a cluster config in secret + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Default value: /ifs + # Examples: /ifs/data/csi, /ifs/engineering + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization + # Allowed values: + # true : do not probe all PowerScale clusters during driver initialization + # false: probe all PowerScale clusters during driver initialization + # Default value: false + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. + # Allowed values: + # true : enable auto probe. + # false: disable auto probe. + # Default value: false + - name: X_CSI_ISI_AUTOPROBE + value: "true" + # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. + # Formerly this attribute was named as "X_CSI_ISI_INSECURE" + # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret + # Allowed values: + # true: skip OneFS API server's certificate verification + # false: verify OneFS API server's certificates + # Default value: true + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + # X_CSI_ISI_AUTH_TYPE: Specify the authentication method to be used. + # Allowed values: + # 0: basic authentication + # 1: session-based authentication + # Default value: 0 + - name: X_CSI_ISI_AUTH_TYPE + value: "0" + # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: + # has to be used for making connection to backend PowerScale Array. + # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. + # Allowed values: + # true : enable custom topology + # false: disable custom topology + # Default value: false + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + # certSecretCount: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (isilon-cert-0..isilon-cert-n) + # Allowed values: n, where n > 0 + # Default value: None + - name: "CERT_SECRET_COUNT" + value: "1" + # CSI driver log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "CSI_LOG_LEVEL" + value: "info" + # GOISILON_DEBUG: Enable/disable debug logs from gopowerscale library. + # Default value: false + - name: "GOISILON_DEBUG" + value: "false" + # AZ_RECONCILE_INTERVAL: Interval to monitor and reconcile network interface labels on nodes. + # Allowed values: Number followed by unit of time (s,m,h) + # Default value: 1h + - name: "AZ_RECONCILE_INTERVAL" + value: "1h" + controller: + envs: + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + # nodeSelector: Define node selection constraints for pods of controller deployment. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controller deployment, if required. + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + # nodeSelector: Define node selection constraints for pods of node daemonset + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the node daemonset, if required. + # Default value: None + tolerations: + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + sideCars: + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner@sha256:bb057f866177d5f4139a1527e594499cbe0feeb67b63aaca8679dfdf0a6016f9 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher@sha256:5aaefc24f315b182233c8b6146077f8c32e274d864cb03c632206e78bd0302da + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:5244abbe87e01b35adeb8bb13882a74785df0c0619f8325c9e950395c3f72a97 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer@sha256:5e7cbb63fd497fa913caa21fee1a69f727c220c6fa83c5f8bb0995e2ad73a474 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:bc7be893ecc3ad524194aa6573b2f5c06cd469bdf21a500ab6c99c2ba1c4d64d + - name: csi-metadata-retriever + image: registry.connect.redhat.com/dell-emc/dell-csm-metadata-retriever@sha256:6de94d91a17a401b5f2e5cdf7bb50cd053521deaf1e189340d21c4249e8c4bf1 + # health monitor is disabled by default, refer to driver documentation before enabling it + # Default monitor-interval: 60s + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:ce054c6fade575e9d4dbd4c3d65b9c5d1b05160aacfb9cf8d8cac51d73f3ccea + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + # - name: provisioner + # args: ["--capacity-poll-interval=5m"] + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + # Default value: false + enabled: false + configVersion: v2.3.0 + components: + - name: karavi-authorization-proxy + image: registry.connect.redhat.com/dell-emc/dell-csm-authorization-sidecar@sha256:fadcba26fe3464925b7b8857d470204ba43a72e75edd32ffa83675c1db6530da + envs: + # proxyHost: hostname of the csm-authorization server + # Default value: none + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + # Default value: "true" + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + # replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.13.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: registry.connect.redhat.com/dell-emc/dell-csm-replicator@sha256:b427913a72121a261161cf2f81bb991dfd383fa1703d20f1f1ff4fb5743eba16 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: registry.connect.redhat.com/dell-emc/dell-csm-replication-controller-manager@sha256:8cad45a81bd05be95170944850dd1b8b5fb7c8c5ee0397420d04cd2155ba52fa + envs: + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + # DISABLE_PVC_REMAP: Disable PVC remapping for replication in single cluster configuration + # Allowed values: + # true: Disable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + - name: "DISABLE_PVC_REMAP" + value: "false" + # REPLICATION_ALLOW_PVC_CREATION_ON_TARGET: It Creates PVC on target cluster using replicated PV. + # Allowed values: + # true: It creates a PVC on target cluster against replicated PV + # false: simply updates claimref on replicated PV on target cluster without actually creating a PVC + # Default value: false + - name: "REPLICATION_ALLOW_PVC_CREATION_ON_TARGET" + value: "false" + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + # Default value: false + enabled: false + configVersion: v1.13.0 + components: + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + # Default value: false + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector@sha256:6d260efde7406a1f7d731a5d9663cb6ce25fa634f3ef3ef4a69266aaae1680fd + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "quay.io/nginx/nginx-unprivileged:1.27" + - name: "NGINX_PROXY_IMAGE" + value: "quay.io/nginx/nginx-unprivileged@sha256:f9dfa9c20b2b0b7c5cc830374f22f23dee3f750b6c5291ca7e0330b5c88e6403" + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + - name: metrics-powerscale + # enabled: Enable/Disable PowerScale metrics + # Default value: false + enabled: false + # image: Defines PowerScale metrics image. This shouldn't be changed + # Allowed values: string + image: registry.connect.redhat.com/dell-emc/dell-csm-metrics-powerscale@sha256:a1b24f964308efc7d21e0496dbbe602819ac9ef1115899646a058665f3fb83a0 + envs: + # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale + # Allowed values: int + # Default value: 10 + - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERSCALE_TOPOLOGY_METRICS_ENABLED: enable/disable collection of topology metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_TOPOLOGY_METRICS_ENABLED" + value: "true" + # POWERSCALE_TOPOLOGY_METRICS_POLL_FREQUENCY: set polling frequency to get topology metrics + # Allowed values: int + # Default value: 30 + - name: "POWERSCALE_TOPOLOGY_METRICS_POLL_FREQUENCY" + value: "30" + # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data + # Allowed values: int + # Default value: 30 + - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" + value: "30" + # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" + value: "20" + # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" + value: "30" + # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_INSECURE" + value: "true" + # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_AUTH_TYPE" + value: "1" + # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs + # Allowed values: 0,1,2 + # Default value: 0 + - name: "ISICLIENT_VERBOSE" + value: "0" + # PowerScale metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERSCALE_LOG_LEVEL" + value: "INFO" + # PowerScale Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERSCALE_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.14.0 + components: + - name: podmon-controller + image: registry.connect.redhat.com/dell-emc/dell-csm-podmon@sha256:68780493ea9718faa399babd40cf09e1ace43e6a63a878d37612fec377067ebe + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driverPath=csi-isilon.dellemc.com" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - name: podmon-node + image: registry.connect.redhat.com/dell-emc/dell-csm-podmon@sha256:68780493ea9718faa399babd40cf09e1ace43e6a63a878d37612fec377067ebe + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" + - "--mode=node" + - "--driverPath=csi-isilon.dellemc.com" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" diff --git a/samples/ocp/1.10.2/storage_csm_powerstore_v2151.yaml b/samples/ocp/1.10.2/storage_csm_powerstore_v2151.yaml new file mode 100644 index 00000000..7e22c38b --- /dev/null +++ b/samples/ocp/1.10.2/storage_csm_powerstore_v2151.yaml @@ -0,0 +1,459 @@ +# Copyright © 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: powerstore + namespace: powerstore +spec: + driver: + csiDriverType: "powerstore" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.15.1 + # authSecret: This is the secret used to validate the default PowerStore secret used for installation + # Allowed values: -config + # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config + authSecret: powerstore-config + # Controller count + # Allowed values: n, where n > 0 + # Default value: 2 + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceRemoveDriver: true + common: + image: "registry.connect.redhat.com/dell-emc/dell-csm-powerstore@sha256:0b4e3f64ec340bb16bda3719fb447c17ee09529cbcf1bb08354470aac10e93cc" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX + value: "csi-node" + - name: X_CSI_FC_PORTS_FILTER_FILE_PATH + value: "/etc/fc-ports-filter" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + - name: CSI_LOG_LEVEL + value: info + # GOPOWERSTORE_DEBUG: Enable/disable debug logs from gopowerstore library. + # Default value: false + - name: "GOPOWERSTORE_DEBUG" + value: "false" + # CERT_SECRET_COUNT: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (powerstore-cert-0..powerstore-cert-n) + # This field is only verified if X_CSI_POWERSTORE_SKIP_CERTIFICATE_VALIDATION is set to false + # Allowed values: n, where n > 0 + # Default value: None + - name: CERT_SECRET_COUNT + value: "1" + # X_CSI_POWERSTORE_SKIP_CERTIFICATE_VALIDATION: Specifies if the driver is going to validate certs. + # If it is set to false, then a secret powerstore-certs has to be created with an X.509 certificate of CA which signed the certificate. + # Allowed values: + # true: skip certificate verification + # false: verify certificates + # Default value: true + - name: X_CSI_POWERSTORE_SKIP_CERTIFICATE_VALIDATION + value: "true" + # X_CSI_POWERSTORE_API_TIMEOUT: Defines the timeout for PowerStore REST API calls. + # Allowed values: Number followed by unit (s,m,h) + # Examples: 10s, 1m, 1h + # Default value: 120s + - name: X_CSI_POWERSTORE_API_TIMEOUT + value: "120s" + # X_CSI_PODMON_ARRAY_CONNECTIVITY_TIMEOUT: Defines the timeout (in seconds) for podmon array connectivity timeout check + # Allowed values: Number followed by unit (s,m,h) + # Examples: 10s, 1m, 1h + # Default value: 10s + - name: "X_CSI_PODMON_ARRAY_CONNECTIVITY_TIMEOUT" + value: "10s" + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner@sha256:bb057f866177d5f4139a1527e594499cbe0feeb67b63aaca8679dfdf0a6016f9 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher@sha256:5aaefc24f315b182233c8b6146077f8c32e274d864cb03c632206e78bd0302da + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:5244abbe87e01b35adeb8bb13882a74785df0c0619f8325c9e950395c3f72a97 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer@sha256:5e7cbb63fd497fa913caa21fee1a69f727c220c6fa83c5f8bb0995e2ad73a474 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:bc7be893ecc3ad524194aa6573b2f5c06cd469bdf21a500ab6c99c2ba1c4d64d + - name: csi-metadata-retriever + image: registry.connect.redhat.com/dell-emc/dell-csm-metadata-retriever@sha256:6de94d91a17a401b5f2e5cdf7bb50cd053521deaf1e189340d21c4249e8c4bf1 + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:ce054c6fade575e9d4dbd4c3d65b9c5d1b05160aacfb9cf8d8cac51d73f3ccea + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure only when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + # - name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_MULTI_NAS_FAILURE_THRESHOLD: Number of consecutive FS creation failures after which a NAS is put into cooldown. + # If a NAS is in cooldown, it will not be considered for new FS creation attempts for cooldown period amount of time. + # Allowed values: n, where n >= 0 + # Default value: "5" + - name: X_CSI_MULTI_NAS_FAILURE_THRESHOLD + value: "5" + # X_CSI_MULTI_NAS_COOLDOWN_PERIOD: Duration for which a NAS remains in cooldown once the threshold is reached. + # During this period, the NAS will not be considered for new FS creation attempts. + # Allowed values: Number followed by unit (s,m,h) e.g. 60s,1m,2m,3m,...,1h etc + # Default value: "5m" + - name: X_CSI_MULTI_NAS_COOLDOWN_PERIOD + value: "5m" + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: + - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS + value: + # nodeSelector: Define node selection constraints for controller pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # Set to "true" to enable ISCSI CHAP Authentication + # CHAP password will be autogenerated by driver + - name: "X_CSI_POWERSTORE_ENABLE_CHAP" + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE: Defines the maximum PowerStore volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # Default value: "0" + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: "0" + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.powerstore.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "powerstore.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + # Default value: false + enabled: false + configVersion: v2.3.0 + components: + - name: karavi-authorization-proxy + image: registry.connect.redhat.com/dell-emc/dell-csm-authorization-sidecar@sha256:fadcba26fe3464925b7b8857d470204ba43a72e75edd32ffa83675c1db6530da + envs: + # proxyHost: hostname of the csm-authorization server + # Default value: none + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + # Default value: "true" + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.14.0 + components: + - name: podmon-controller + image: registry.connect.redhat.com/dell-emc/dell-csm-podmon@sha256:68780493ea9718faa399babd40cf09e1ace43e6a63a878d37612fec377067ebe + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" + - name: podmon-node + image: registry.connect.redhat.com/dell-emc/dell-csm-podmon@sha256:68780493ea9718faa399babd40cf09e1ace43e6a63a878d37612fec377067ebe + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" + # Replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.13.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: registry.connect.redhat.com/dell-emc/dell-csm-replicator@sha256:b427913a72121a261161cf2f81bb991dfd383fa1703d20f1f1ff4fb5743eba16 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerstore" + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: registry.connect.redhat.com/dell-emc/dell-csm-replication-controller-manager@sha256:8cad45a81bd05be95170944850dd1b8b5fb7c8c5ee0397420d04cd2155ba52fa + envs: + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + # DISABLE_PVC_REMAP: Disable PVC remapping for replication in single cluster configuration + # Allowed values: + # true: Disable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + - name: "DISABLE_PVC_REMAP" + value: "false" + # REPLICATION_ALLOW_PVC_CREATION_ON_TARGET: It Creates PVC on target cluster using replicated PV. + # Allowed values: + # true: It creates a PVC on target cluster against replicated PV + # false: simply updates claimref on replicated PV on target cluster without actually creating a PVC + # Default value: false + - name: "REPLICATION_ALLOW_PVC_CREATION_ON_TARGET" + value: "false" + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + # Default value: false + enabled: false + configVersion: v1.13.0 + components: + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + # Default value: false + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector@sha256:6d260efde7406a1f7d731a5d9663cb6ce25fa634f3ef3ef4a69266aaae1680fd + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "quay.io/nginx/nginx-unprivileged:1.27" + - name: "NGINX_PROXY_IMAGE" + value: "quay.io/nginx/nginx-unprivileged@sha256:f9dfa9c20b2b0b7c5cc830374f22f23dee3f750b6c5291ca7e0330b5c88e6403" + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + - name: metrics-powerstore + # enabled: Enable/Disable PowerStore metrics + # Default value: false + enabled: false + # image: Defines PowerStore metrics image. This shouldn't be changed + # Allowed values: string + image: registry.connect.redhat.com/dell-emc/dell-csm-metrics-powerstore@sha256:4d288473ab69dff348842d0a04c9c57aa7b76cc18c394e98906d09bfd08e0b60 + envs: + # POWERSTORE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerStore + # Allowed values: int + # Default value: 10 + - name: "POWERSTORE_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERSTORE_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics + # Allowed values: true, false + # Default value: true + - name: "POWERSTORE_VOLUME_METRICS_ENABLED" + value: "true" + # POWERSTORE_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume IO metrics + # Allowed values: String + # Default value: true + - name: "POWERSTORE_VOLUME_IO_POLL_FREQUENCY" + value: "20" + # POWERSTORE_SPACE_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data + # Allowed values: int + # Default value: 300 + - name: "POWERSTORE_SPACE_POLL_FREQUENCY" + value: "300" + # POWERSTORE_ARRAY_POLL_FREQUENCY: set polling frequency to get array capacity metrics data + # Allowed values: int + # Default value: 300 + - name: "POWERSTORE_ARRAY_POLL_FREQUENCY" + value: "300" + # POWERSTORE_FILE_SYSTEM_POLL_FREQUENCY: set polling frequency to get file system capacity metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSTORE_FILE_SYSTEM_POLL_FREQUENCY" + value: "20" + # POWERSTORE_TOPOLOGY_METRICS_ENABLED : enable/disable collection of topology metrics + # Allowed values: true, false + # Default value: true + - name: "POWERSTORE_TOPOLOGY_METRICS_ENABLED" + value: "true" + # POWERSTORE_TOPOLOGY_POLL_FREQUENCY : set polling frequency to get topology metrics + # Allowed values: int + # Default value: 30 + - name: "POWERSTORE_TOPOLOGY_POLL_FREQUENCY" + value: "30" + # PowerStore metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERSTORE_LOG_LEVEL" + value: "INFO" + # PowerStore Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERSTORE_LOG_FORMAT" + value: "TEXT" + # ZIPKIN_URI : URI of a Zipkin instance where tracing data can be forwarded + # Allowed values : String + # Default value: Empty + - name: "ZIPKIN_URI" + value: "" + # ZIPKIN_SERVICE_NAME : Service name used for Zipkin tracing dataService name used for Zipkin tracing data + # Allowed values : String + # Default value: "metrics-powerStore" + - name: "ZIPKIN_SERVICE_NAME" + value: "metrics-powerstore" + # ZIPKIN_PROBABILITY : Percentage of trace information to send to Zipkin (Valid range: 0.0 to 1.0) + # Allowed values : float + # Default value: "0.0" + - name: "ZIPKIN_PROBABILITY" + value: "0.0" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" diff --git a/samples/ocp/1.10.2/storage_csm_unity_v2151.yaml b/samples/ocp/1.10.2/storage_csm_unity_v2151.yaml new file mode 100644 index 00000000..29ab6a46 --- /dev/null +++ b/samples/ocp/1.10.2/storage_csm_unity_v2151.yaml @@ -0,0 +1,194 @@ +# Copyright © 2025 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: unity + namespace: unity +spec: + driver: + csiDriverType: "unity" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.15.0 + # Controller count + # Allowed values: n, where n > 0 + # Default value: 2 + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceRemoveDriver: true + common: + image: "registry.connect.redhat.com/dell-emc/dell-csm-unity@sha256:2eeac19ad6633fba486f807791103dbd5a74ebcd109c3b4a8d12c238346ac5a3" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. + # Allowed values: boolean + # Default value: "false" + # Examples : "true" , "false" + - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS + value: "false" + - name: X_CSI_EPHEMERAL_STAGING_PATH + value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" + # X_CSI_ISCSI_CHROOT is the path to which the driver will chroot before + # running any iscsi commands. This value should only be set when instructed + # by technical support + - name: X_CSI_ISCSI_CHROOT + value: "/noderoot" + # X_CSI_UNITY_SYNC_NODEINFO_INTERVAL - Time interval to add node info to array. Default 15 minutes. Minimum value should be 1. + # Allowed values: integer + # Default value: 15 + # Examples : 0 , 2 + - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL + value: "15" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + # CSI_LOG_LEVEL is used to set the logging level of the driver. + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "info" + - name: CSI_LOG_LEVEL + value: info + # GOUNITY_DEBUG: Enable/disable debug logs from gounity library. + # Default value: false + - name: "GOUNITY_DEBUG" + value: "false" + # GOUNITY_SHOWHTTP: Enable/disable HTTP requests and responses from gounity library. + - name: "GOUNITY_SHOWHTTP" + value: "false" + # CSI driver log format + # Allowed values: "TEXT" or "JSON" + # Default value: "TEXT" + - name: CSI_LOG_FORMAT + value: "TEXT" + # TENANT_NAME - Tenant name that need to added while adding host entry to the array. + # Allowed values: string + # Default value: "" + # Examples : "tenant2" , "tenant3" + - name: TENANT_NAME + value: "" + # CERT_SECRET_COUNT: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (unity-cert-0..unity-cert-n) + # This field is only verified if X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION is set to false + # Allowed values: n, where n > 0 + # Default value: None + - name: CERT_SECRET_COUNT + value: "1" + # X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION: Specifies if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. + # If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate + # Allowed values: + # true: skip Unisphere API server's certificate verification + # false: verify Unisphere API server's certificates + # Default value: true + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner@sha256:bb057f866177d5f4139a1527e594499cbe0feeb67b63aaca8679dfdf0a6016f9 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher@sha256:5aaefc24f315b182233c8b6146077f8c32e274d864cb03c632206e78bd0302da + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:5244abbe87e01b35adeb8bb13882a74785df0c0619f8325c9e950395c3f72a97 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer@sha256:5e7cbb63fd497fa913caa21fee1a69f727c220c6fa83c5f8bb0995e2ad73a474 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:bc7be893ecc3ad524194aa6573b2f5c06cd469bdf21a500ab6c99c2ba1c4d64d + # health monitor is disabled by default, refer to driver documentation before enabling it + # Default monitor-interval: 60s + - name: external-health-monitor + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + # - name: provisioner + # args: ["--capacity-poll-interval=5m"] + + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:ce054c6fade575e9d4dbd4c3d65b9c5d1b05160aacfb9cf8d8cac51d73f3ccea + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_ALLOWED_NETWORKS: Custom networks for Unity export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks (comma separated) + # Default value: "" + # Provide them in the following format: "net1, net2" + # CIDR format should be used + # eg: "192.168.1.0/24, 192.168.100.0/22" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: +# Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled +# - key: "offline.unity.storage.dell.com" +# operator: "Exists" +# effect: "NoSchedule" +# - key: "unity.podmon.storage.dell.com" +# operator: "Exists" +# effect: "NoSchedule" +# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint +# - key: "node-role.kubernetes.io/control-plane" +# operator: "Exists" +# effect: "NoSchedule" diff --git a/samples/v2.15.0/minimal-samples/powerflex_v2152.yaml b/samples/v2.15.0/minimal-samples/powerflex_v2152.yaml new file mode 100644 index 00000000..02d3856f --- /dev/null +++ b/samples/v2.15.0/minimal-samples/powerflex_v2152.yaml @@ -0,0 +1,54 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: vxflexos + namespace: vxflexos +spec: + driver: + csiDriverType: "powerflex" + configVersion: v2.15.2 + forceRemoveDriver: true + node: + envs: + - name: X_CSI_SDC_SFTP_REPO_ENABLED + value: "false" + common: + image: quay.io/dell/container-storage-modules/csi-vxflexos:v2.15.2 + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + # For Auth 2.0, use v2.2.0 as configVersion + configVersion: v2.3.0 + components: + - name: karavi-authorization-proxy + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + - name: replication + enabled: false + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: false + components: + - name: otel-collector + enabled: true + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + - name: metrics-powerflex + enabled: true diff --git a/samples/v2.15.0/storage_csm_powerflex_v2152.yaml b/samples/v2.15.0/storage_csm_powerflex_v2152.yaml new file mode 100644 index 00000000..4101e8c3 --- /dev/null +++ b/samples/v2.15.0/storage_csm_powerflex_v2152.yaml @@ -0,0 +1,456 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: vxflexos + namespace: vxflexos +spec: + driver: + csiDriverType: "powerflex" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: File + fSGroupPolicy: "File" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.15.2 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceRemoveDriver: true + common: + image: "quay.io/dell/container-storage-modules/csi-vxflexos:v2.15.2" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + # Log level for CSI driver, passed to logrus. + # Options are "PANIC", "FATAL", "ERROR", "WARN", "INFO", + # "DEBUG", and "TRACE". + - name: CSI_LOG_LEVEL + value: "INFO" + # GOSCALEIO_DEBUG: Enable/disable debug logs from goscaleio library. + # Default value: false + - name: GOSCALEIO_DEBUG + value: "false" + # GOSCALEIO_SHOWHTTP: Enable/disable HTTP requests and responses from goscaleio library + - name: GOSCALEIO_SHOWHTTP + value: "false" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + - name: "CERT_SECRET_COUNT" + value: "0" + - name: X_CSI_QUOTA_ENABLED + value: "false" + # CSI driver interface names for NFS deployment without SDC + # Multiple interface names should be separated by comma + # Ensure to single quote the whole value and double quote each interface name + # Examples: 'worker1: "interface1",worker2: "interface2"' + # Default value: None, required only when X_CSI_SDC_ENABLED is set to false + - name: INTERFACE_NAMES + value: + # X_CSI_PROBE_TIMEOUT: Specify the timeout limit for controller and node to communicate with the array. + # Allowed values: 1s, 10s, etc. + # In the format of a duration. + # Default value: 10s + - name: X_CSI_PROBE_TIMEOUT + value: "10s" + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.3.0 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.9.0 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.14.0 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.14.0 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.3.0 + - name: csi-metadata-retriever + image: quay.io/dell/container-storage-modules/csi-metadata-retriever:v1.12.0 + # sdc-monitor is disabled by default, due to high CPU usage + - name: sdc-monitor + enabled: false + image: quay.io/dell/storage/powerflex/sdc:4.5.4 + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # Default monitor-interval: 60s + - name: csi-external-health-monitor-controller + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.15.0 + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + # - name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERFLEX_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: None + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + # "controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_SDC_ENABLED: Enable/Disable SDC + # Allowed values: + # true: enable SDC + # false: disable SDC + # Default value: true + - name: X_CSI_SDC_ENABLED + value: "true" + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval + # Allowed values: + # true: enable SDC approval based on either GUID or IP address, depending on the restricted SDC mode configured in PowerFlex system + # false: disable SDC approval based on either GUID or IP address, depending on the restricted SDC mode configured in PowerFlex system + # Default value: false + - name: X_CSI_APPROVE_SDC_ENABLED + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_RENAME_SDC_ENABLED: Enable/Disable rename of SDC + # Allowed values: + # true: enable renaming + # false: disable renaming + # Default value: false + - name: X_CSI_RENAME_SDC_ENABLED + value: "false" + # X_CSI_RENAME_SDC_PREFIX: defines a string for prefix of the SDC name. + # "prefix" + "worker_node_hostname" should not exceed 31 chars. + # Default value: none + # Examples: "rhel-sdc", "sdc-test" + - name: X_CSI_RENAME_SDC_PREFIX + value: "" + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # If value is zero Container Orchestrator shall decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'maxVxflexosVolumesPerNode' is not set. + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + # X_CSI_SDC_SFTP_REPO_ENABLED: Enable/Disable SDC SFTP repository + - name: X_CSI_SDC_SFTP_REPO_ENABLED + value: "false" + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "node.tolerations" defines tolerations that would be applied to node daemonset + # Leave as blank to install node driver only on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + initContainers: + - image: quay.io/dell/storage/powerflex/sdc:4.5.4 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + - name: REPO_ADDRESS + value: "sftp://0.0.0.0" # SFTP/private repository address. Format: "protocol://address" + - name: REPO_USER + value: "sdcRepoUser" # provide username to authenticate to the SFTP repo + - name: MODULE_SIGCHECK + value: "0" + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enabled: Enable/Disable csm-authorization + enabled: false + # For PowerFlex Tech-Preview v2.0.0-alpha use v1.11.0 as configVersion. + # Do not change the configVersion to v2.0.0-alpha + configVersion: v2.3.0 + components: + - name: karavi-authorization-proxy + # Use image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.3.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.3.0 + envs: + # proxyHost: hostname of the csm-authorization server + # Default value: none + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + # Default value: "true" + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + # Default value: false + enabled: false + configVersion: v1.13.1 + components: + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + # Default value: false + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector:0.135.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "quay.io/nginx/nginx-unprivileged:1.27" + - name: "NGINX_PROXY_IMAGE" + value: "quay.io/nginx/nginx-unprivileged:1.27" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: false + - name: metrics-powerflex + # enabled: Enable/Disable PowerFlex metrics + # Default value: false + enabled: false + # image: Defines PowerFlex metrics image. This shouldn't be changed + image: quay.io/dell/container-storage-modules/csm-metrics-powerflex:v1.13.1 + envs: + # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERFLEX_SDC_METRICS_ENABLED: enable/disable collection of sdc metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_SDC_METRICS_ENABLED" + value: "true" + # POWERFLEX_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_VOLUME_METRICS_ENABLED" + value: "true" + # POWERFLEX_STORAGE_POOL_METRICS_ENABLED: enable/disable collection of storage pool metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_STORAGE_POOL_METRICS_ENABLED" + value: "true" + # POWERFLEX_SDC_IO_POLL_FREQUENCY: set polling frequency to get sdc metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_SDC_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_VOLUME_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_STORAGE_POOL_POLL_FREQUENCY" + value: "10" + # POWERFLEX_TOPOLOGY_METRICS_ENABLED: enable/disable collection of topology metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_TOPOLOGY_METRICS_ENABLED" + value: "true" + # POWERFLEX_TOPOLOGY_METRICS_POLL_FREQUENCY: set polling frequency to get topology metrics data + # Allowed values: int + # Default value: 30 + - name: "POWERFLEX_TOPOLOGY_METRICS_POLL_FREQUENCY" + value: "30" + # PowerFlex metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERFLEX_LOG_LEVEL" + value: "INFO" + # PowerFlex Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERFLEX_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + # Replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.13.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.13.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerflex" + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.13.0 + envs: + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + # DISABLE_PVC_REMAP: Disable PVC remapping for replication in single cluster configuration + # Allowed values: + # true: Disable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + - name: "DISABLE_PVC_REMAP" + value: "false" + # REPLICATION_ALLOW_PVC_CREATION_ON_TARGET: It Creates PVC on target cluster using replicated PV. + # Allowed values: + # true: It creates a PVC on target cluster against replicated PV + # false: simply updates claimref on replicated PV on target cluster without actually creating a PVC + # Default value: false + - name: "REPLICATION_ALLOW_PVC_CREATION_ON_TARGET" + value: "false" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.14.0 + components: + - name: podmon-controller + image: quay.io/dell/container-storage-modules/podmon:v1.14.0 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-vxflexos" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 3 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + - name: podmon-node + image: quay.io/dell/container-storage-modules/podmon:v1.14.0 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-vxflexos" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + # Below 3 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml"