From 2f0373d26be3e74b59b4d49ffd22e44217e7e8ec Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 12 Aug 2024 14:33:31 +0200 Subject: [PATCH] Update LINSTOR v1.28 (#276) --- .../charts/piraeus/Chart.yaml | 4 +- .../charts/piraeus/templates/config.yaml | 44 ++++-- .../charts/piraeus/templates/crds.yaml | 145 ++++++++++++++++++ 3 files changed, 175 insertions(+), 18 deletions(-) diff --git a/packages/system/piraeus-operator/charts/piraeus/Chart.yaml b/packages/system/piraeus-operator/charts/piraeus/Chart.yaml index ac8b65cf..71717397 100644 --- a/packages/system/piraeus-operator/charts/piraeus/Chart.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/Chart.yaml @@ -3,8 +3,8 @@ name: piraeus description: | The Piraeus Operator manages software defined storage clusters using LINSTOR in Kubernetes. type: application -version: 2.5.1 -appVersion: "v2.5.1" +version: 2.5.2 +appVersion: "v2.5.2" maintainers: - name: Piraeus Datastore url: https://piraeus.io diff --git a/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml b/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml index a9e77bc6..3c5235af 100644 --- a/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml @@ -17,17 +17,17 @@ data: # quay.io/piraeusdatastore/piraeus-server:v1.24.2 components: linstor-controller: - tag: v1.27.1 + tag: v1.28.0 image: piraeus-server linstor-satellite: # Pin with digest to ensure we pull the version with downgraded thin-send-recv - tag: v1.27.1@sha256:26037f77d30d5487024e02a808d4ef913b93b745f2bb850cabc7f43a5359adff + tag: v1.28.0 image: piraeus-server linstor-csi: - tag: v1.6.0 + tag: v1.6.3 image: piraeus-csi drbd-reactor: - tag: v1.4.0 + tag: v1.4.1 image: drbd-reactor ha-controller: tag: v1.2.1 @@ -36,25 +36,37 @@ data: tag: v1.0.0 image: drbd-shutdown-guard ktls-utils: - tag: v0.10 + tag: v0.11 image: ktls-utils drbd-module-loader: - tag: v9.2.9 + tag: v9.2.10 # The special "match" attribute is used to select an image based on the node's reported OS. # The operator will first check the k8s node's ".status.nodeInfo.osImage" field, and compare it against the list # here. If one matches, that specific image name will be used instead of the fallback image. image: drbd9-noble # Fallback image: chose a recent kernel, which can hopefully compile whatever config is actually in use match: + - osImage: Red Hat Enterprise Linux 7\. + image: drbd9-centos7 + - osImage: Red Hat Enterprise Linux 8\. + image: drbd9-almalinux8 + - osImage: Red Hat Enterprise Linux 9\. + image: drbd9-almalinux9 + - osImage: "Red Hat Enterprise Linux CoreOS 41[3-9]" + image: drbd9-almalinux9 + - osImage: Red Hat Enterprise Linux CoreOS + image: drbd9-almalinux8 - osImage: CentOS Linux 7 image: drbd9-centos7 - osImage: CentOS Linux 8 - image: drbd9-centos8 + image: drbd9-almalinux8 - osImage: AlmaLinux 8 image: drbd9-almalinux8 - - osImage: Red Hat Enterprise Linux CoreOS - image: drbd9-almalinux8 - osImage: AlmaLinux 9 image: drbd9-almalinux9 + - osImage: Oracle Linux Server 8\. + image: drbd9-almalinux8 + - osImage: Oracle Linux Server 9\. + image: drbd9-almalinux9 - osImage: Rocky Linux 8 image: drbd9-almalinux8 - osImage: Rocky Linux 9 @@ -78,25 +90,25 @@ data: base: registry.k8s.io/sig-storage components: csi-attacher: - tag: v4.5.1 + tag: v4.6.1 image: csi-attacher csi-livenessprobe: - tag: v2.12.0 + tag: v2.13.1 image: livenessprobe csi-provisioner: - tag: v4.0.1 + tag: v5.0.1 image: csi-provisioner csi-snapshotter: - tag: v7.0.2 + tag: v8.0.1 image: csi-snapshotter csi-resizer: - tag: v1.10.1 + tag: v1.11.1 image: csi-resizer csi-external-health-monitor-controller: - tag: v0.11.0 + tag: v0.12.1 image: csi-external-health-monitor-controller csi-node-driver-registrar: - tag: v2.10.1 + tag: v2.11.1 image: csi-node-driver-registrar {{- range $idx, $value := .Values.imageConfigOverride }} {{ add $idx 1 }}_helm_override.yaml: | diff --git a/packages/system/piraeus-operator/charts/piraeus/templates/crds.yaml b/packages/system/piraeus-operator/charts/piraeus/templates/crds.yaml index 75952f94..44cc49af 100644 --- a/packages/system/piraeus-operator/charts/piraeus/templates/crds.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/templates/crds.yaml @@ -53,6 +53,35 @@ spec: ApiSecretName references a secret holding the TLS key and certificate used to protect the API. Defaults to "linstor-api-tls". type: string + caReference: + description: |- + CAReference configures the CA certificate to use when validating TLS certificates. + If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate. + properties: + key: + default: ca.crt + description: |- + Key to select in the resource. + Defaults to ca.crt if not specified. + type: string + kind: + default: Secret + description: Kind of the resource containing the CA Certificate, + either a ConfigMap or Secret. + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the resource containing the CA Certificate. + type: string + optional: + description: Optional specifies whether the resource and its + key must exist. + type: boolean + required: + - name + type: object certManager: description: |- CertManager references a cert-manager Issuer or ClusterIssuer. @@ -188,6 +217,35 @@ spec: when the Satellite is configured to for secure connections using `LinstorSatellite.spec.internalTLS`. nullable: true properties: + caReference: + description: |- + CAReference configures the CA certificate to use when validating TLS certificates. + If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate. + properties: + key: + default: ca.crt + description: |- + Key to select in the resource. + Defaults to ca.crt if not specified. + type: string + kind: + default: Secret + description: Kind of the resource containing the CA Certificate, + either a ConfigMap or Secret. + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the resource containing the CA Certificate. + type: string + optional: + description: Optional specifies whether the resource and its + key must exist. + type: boolean + required: + - name + type: object certManager: description: |- CertManager references a cert-manager Issuer or ClusterIssuer. @@ -747,6 +805,35 @@ spec: If set, the control traffic between LINSTOR Controller and Satellite will be encrypted using mTLS. nullable: true properties: + caReference: + description: |- + CAReference configures the CA certificate to use when validating TLS certificates. + If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate. + properties: + key: + default: ca.crt + description: |- + Key to select in the resource. + Defaults to ca.crt if not specified. + type: string + kind: + default: Secret + description: Kind of the resource containing the CA Certificate, + either a ConfigMap or Secret. + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the resource containing the CA Certificate. + type: string + optional: + description: Optional specifies whether the resource and its + key must exist. + type: boolean + required: + - name + type: object certManager: description: |- CertManager references a cert-manager Issuer or ClusterIssuer. @@ -1202,6 +1289,35 @@ spec: description: ClusterRef references the LinstorCluster used to create this LinstorSatellite. properties: + caReference: + description: |- + CAReference configures the CA certificate to use when validating TLS certificates. + If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate. + properties: + key: + default: ca.crt + description: |- + Key to select in the resource. + Defaults to ca.crt if not specified. + type: string + kind: + default: Secret + description: Kind of the resource containing the CA Certificate, + either a ConfigMap or Secret. + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the resource containing the CA Certificate. + type: string + optional: + description: Optional specifies whether the resource and its + key must exist. + type: boolean + required: + - name + type: object clientSecretName: description: ClientSecretName references the secret used by the operator to validate the https endpoint. @@ -1232,6 +1348,35 @@ spec: The Controller will use the client key from `LinstorCluster.spec.internalTLS` when connecting. nullable: true properties: + caReference: + description: |- + CAReference configures the CA certificate to use when validating TLS certificates. + If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate. + properties: + key: + default: ca.crt + description: |- + Key to select in the resource. + Defaults to ca.crt if not specified. + type: string + kind: + default: Secret + description: Kind of the resource containing the CA Certificate, + either a ConfigMap or Secret. + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the resource containing the CA Certificate. + type: string + optional: + description: Optional specifies whether the resource and its + key must exist. + type: boolean + required: + - name + type: object certManager: description: |- CertManager references a cert-manager Issuer or ClusterIssuer.