From ae9f9c57b1fc21610fb701cca0fdcca0d08421bc Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Fri, 31 Oct 2025 21:19:08 +0100 Subject: [PATCH] Update LINSTOR v1.32.3 Signed-off-by: Andrei Kvapil --- .../charts/piraeus/Chart.yaml | 4 +- .../charts/piraeus/templates/config.yaml | 44 +- .../charts/piraeus/templates/rbac.yaml | 724 +++++++----------- .../piraeus/templates/rolebindings.yaml | 33 + .../piraeus/templates/serviceaccount.yaml | 9 + 5 files changed, 344 insertions(+), 470 deletions(-) create mode 100644 packages/system/piraeus-operator/charts/piraeus/templates/rolebindings.yaml create mode 100644 packages/system/piraeus-operator/charts/piraeus/templates/serviceaccount.yaml diff --git a/packages/system/piraeus-operator/charts/piraeus/Chart.yaml b/packages/system/piraeus-operator/charts/piraeus/Chart.yaml index 9cadb1b9..96393c85 100644 --- a/packages/system/piraeus-operator/charts/piraeus/Chart.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/Chart.yaml @@ -3,8 +3,8 @@ name: piraeus description: | The Piraeus Operator manages software defined storage clusters using LINSTOR in Kubernetes. type: application -version: 2.9.0 -appVersion: "v2.9.0" +version: 2.9.1 +appVersion: "v2.9.1" maintainers: - name: Piraeus Datastore url: https://piraeus.io diff --git a/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml b/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml index 7bd14541..62bdb444 100644 --- a/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/templates/config.yaml @@ -1,4 +1,4 @@ -# DO NOT EDIT; Automatically created by hack/copy-image-config-to-chart.sh +# DO NOT EDIT; Automatically created by tools/copy-image-config-to-chart.sh apiVersion: v1 kind: ConfigMap metadata: @@ -17,16 +17,16 @@ data: # quay.io/piraeusdatastore/piraeus-server:v1.24.2 components: linstor-controller: - tag: v1.31.3 + tag: v1.32.3 image: piraeus-server linstor-satellite: - tag: v1.31.3 + tag: v1.32.3 image: piraeus-server linstor-csi: - tag: v1.8.0 + tag: v1.9.0 image: piraeus-csi drbd-reactor: - tag: v1.8.0 + tag: v1.9.0 image: drbd-reactor ha-controller: tag: v1.3.0 @@ -35,45 +35,45 @@ data: tag: v1.0.0 image: drbd-shutdown-guard ktls-utils: - tag: v1.1.0 + tag: v1.2.1 image: ktls-utils drbd-module-loader: - tag: v9.2.14 + tag: v9.2.15 # The special "match" attribute is used to select an image based on the node's reported OS. # The operator will first check the k8s node's ".status.nodeInfo.osImage" field, and compare it against the list # here. If one matches, that specific image name will be used instead of the fallback image. image: drbd9-noble # Fallback image: chose a recent kernel, which can hopefully compile whatever config is actually in use match: - - osImage: Red Hat Enterprise Linux Server 7\. - image: drbd9-centos7 - osImage: Red Hat Enterprise Linux 8\. image: drbd9-almalinux8 - osImage: Red Hat Enterprise Linux 9\. image: drbd9-almalinux9 + - osImage: Red Hat Enterprise Linux 10\. + image: drbd9-almalinux10 - osImage: "Red Hat Enterprise Linux CoreOS 41[3-9]" image: drbd9-almalinux9 - osImage: Red Hat Enterprise Linux CoreOS image: drbd9-almalinux8 - - osImage: CentOS Linux 7 - image: drbd9-centos7 - osImage: CentOS Linux 8 image: drbd9-almalinux8 - osImage: AlmaLinux 8 image: drbd9-almalinux8 - osImage: AlmaLinux 9 image: drbd9-almalinux9 + - osImage: AlmaLinux 10 + image: drbd9-almalinux10 - osImage: Oracle Linux Server 8\. image: drbd9-almalinux8 - osImage: Oracle Linux Server 9\. image: drbd9-almalinux9 + - osImage: Oracle Linux Server 10\. + image: drbd9-almalinux10 - osImage: Rocky Linux 8 image: drbd9-almalinux8 - osImage: Rocky Linux 9 image: drbd9-almalinux9 - - osImage: Ubuntu 18\.04 - image: drbd9-bionic - - osImage: Ubuntu 20\.04 - image: drbd9-focal + - osImage: Rocky Linux 10 + image: drbd9-almalinux10 - osImage: Ubuntu 22\.04 image: drbd9-jammy - osImage: Ubuntu 24\.04 @@ -82,32 +82,30 @@ data: image: drbd9-bookworm - osImage: Debian GNU/Linux 11 image: drbd9-bullseye - - osImage: Debian GNU/Linux 10 - image: drbd9-buster 0_sig_storage_images.yaml: | --- base: registry.k8s.io/sig-storage components: csi-attacher: - tag: v4.9.0 + tag: v4.10.0 image: csi-attacher csi-livenessprobe: - tag: v2.16.0 + tag: v2.17.0 image: livenessprobe csi-provisioner: tag: v5.3.0 image: csi-provisioner csi-snapshotter: - tag: v8.2.1 + tag: v8.3.0 image: csi-snapshotter csi-resizer: - tag: v1.13.2 + tag: v1.14.0 image: csi-resizer csi-external-health-monitor-controller: - tag: v0.15.0 + tag: v0.16.0 image: csi-external-health-monitor-controller csi-node-driver-registrar: - tag: v2.14.0 + tag: v2.15.0 image: csi-node-driver-registrar {{- range $idx, $value := .Values.imageConfigOverride }} {{ add $idx 1 }}_helm_override.yaml: | diff --git a/packages/system/piraeus-operator/charts/piraeus/templates/rbac.yaml b/packages/system/piraeus-operator/charts/piraeus/templates/rbac.yaml index e487114c..5d49c6e6 100644 --- a/packages/system/piraeus-operator/charts/piraeus/templates/rbac.yaml +++ b/packages/system/piraeus-operator/charts/piraeus/templates/rbac.yaml @@ -1,11 +1,5 @@ -{{ if .Values.serviceAccount.create }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "piraeus-operator.serviceAccountName" . }} - labels: - {{- include "piraeus-operator.labels" . | nindent 4 }} +# DO NOT EDIT; Automatically created by tools/copy-rbac-config-to-chart.sh +{{ if .Values.rbac.create }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -14,448 +8,288 @@ metadata: labels: {{- include "piraeus-operator.labels" . | nindent 4 }} rules: - - apiGroups: - - "" - resources: - - configmaps - - events - - persistentvolumes - - secrets - - serviceaccounts - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - - persistentvolumeclaims - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - patch - - apiGroups: - - "" - resources: - - pods - verbs: - - delete - - list - - watch - - apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - replicasets - verbs: - - get - - apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - events.k8s.io - resources: - - events - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - internal.linstor.linbit.com - resources: - - '*' - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - piraeus.io - resources: - - linstorclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - piraeus.io - resources: - - linstorclusters/finalizers - verbs: - - update - - apiGroups: - - piraeus.io - resources: - - linstorclusters/status - verbs: - - get - - patch - - update - - apiGroups: - - piraeus.io - resources: - - linstornodeconnections - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - piraeus.io - resources: - - linstornodeconnections/finalizers - verbs: - - update - - apiGroups: - - piraeus.io - resources: - - linstornodeconnections/status - verbs: - - get - - patch - - update - - apiGroups: - - piraeus.io - resources: - - linstorsatelliteconfigurations - verbs: - - get - - list - - watch - - apiGroups: - - piraeus.io - resources: - - linstorsatelliteconfigurations/status - verbs: - - get - - patch - - update - - apiGroups: - - piraeus.io - resources: - - linstorsatellites - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - piraeus.io - resources: - - linstorsatellites/finalizers - verbs: - - update - - apiGroups: - - piraeus.io - resources: - - linstorsatellites/status - verbs: - - get - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - - volumesnapshots - verbs: - - get - - list - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - - list - - patch - - watch - - apiGroups: - - storage.k8s.io - resources: - - csistoragecapacities - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - delete - - get - - list - - patch - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "piraeus-operator.fullname" . }}-manager-rolebinding - labels: - {{- include "piraeus-operator.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: '{{ include "piraeus-operator.fullname" . }}-controller-manager' -subjects: - - kind: ServiceAccount - name: '{{ include "piraeus-operator.serviceAccountName" . }}' - namespace: '{{ .Release.Namespace }}' -{{ end }} -{{ if.Values.rbac.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "piraeus-operator.fullname" . }}-proxy-role - labels: - {{- include "piraeus-operator.labels" . | nindent 4 }} -rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "piraeus-operator.fullname" . }}-proxy-rolebinding - labels: - {{- include "piraeus-operator.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: '{{ include "piraeus-operator.fullname" . }}-proxy-role' -subjects: - - kind: ServiceAccount - name: {{ include "piraeus-operator.serviceAccountName" . }} - namespace: '{{ .Release.Namespace }}' +- apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumes + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - nodes + - persistentvolumeclaims + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - patch +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - events.k8s.io + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - internal.linstor.linbit.com + resources: + - '*' + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - piraeus.io + resources: + - linstorclusters + - linstornodeconnections + - linstorsatellites + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - piraeus.io + resources: + - linstorclusters/finalizers + - linstornodeconnections/finalizers + - linstorsatellites/finalizers + verbs: + - update +- apiGroups: + - piraeus.io + resources: + - linstorclusters/status + - linstornodeconnections/status + - linstorsatelliteconfigurations/status + - linstorsatellites/status + verbs: + - get + - patch + - update +- apiGroups: + - piraeus.io + resources: + - linstorsatelliteconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + - volumesnapshots + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - csidrivers + - csistoragecapacities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - patch + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - delete + - get + - list + - patch + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ include "piraeus-operator.fullname" . }}-leader-election-role + name: {{ include "piraeus-operator.fullname" . }}-leader-election labels: {{- include "piraeus-operator.labels" . | nindent 4 }} rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "piraeus-operator.fullname" . }}-leader-election-rolebinding - labels: - {{- include "piraeus-operator.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: '{{ include "piraeus-operator.fullname" . }}-leader-election-role' -subjects: - - kind: ServiceAccount - name: {{ include "piraeus-operator.serviceAccountName" . }} - namespace: '{{ .Release.Namespace }}' +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch {{ end }} diff --git a/packages/system/piraeus-operator/charts/piraeus/templates/rolebindings.yaml b/packages/system/piraeus-operator/charts/piraeus/templates/rolebindings.yaml new file mode 100644 index 00000000..97e53b95 --- /dev/null +++ b/packages/system/piraeus-operator/charts/piraeus/templates/rolebindings.yaml @@ -0,0 +1,33 @@ +{{ if .Values.rbac.create }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "piraeus-operator.fullname" . }}-leader-election + namespace: {{ .Release.Namespace }} + labels: + {{- include "piraeus-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "piraeus-operator.fullname" . }}-leader-election +subjects: +- kind: ServiceAccount + name: {{ include "piraeus-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "piraeus-operator.fullname" . }}-controller-manager + labels: + {{- include "piraeus-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "piraeus-operator.fullname" . }}-controller-manager +subjects: +- kind: ServiceAccount + name: {{ include "piraeus-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/packages/system/piraeus-operator/charts/piraeus/templates/serviceaccount.yaml b/packages/system/piraeus-operator/charts/piraeus/templates/serviceaccount.yaml new file mode 100644 index 00000000..89315de9 --- /dev/null +++ b/packages/system/piraeus-operator/charts/piraeus/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +{{ if .Values.serviceAccount.create }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "piraeus-operator.serviceAccountName" . }} + labels: + {{- include "piraeus-operator.labels" . | nindent 4 }} +{{ end }}