Enable dependabot for version updates (#479)

* Enable dependabot for version updates This PR includes a dependabot configuration file that instructs dependabot to look for version updates to container images in the following charts: - csi-vxflexos - csm-authorization - karavi-observability Other charts can be updated by following a similar pattern to alter the chart values and templates, and then adding the chart to the .github/dependabot file. Tested by running `helm template --dependency-update <chart-name>` and manually inspecting the resulting yaml for proper image specifications. Signed-off-by: Eric Young <eric.young@emc.com> --------- Signed-off-by: Eric Young <eric.young@emc.com>
dell · Aug 6, 2024 · 6e0b47d · 6e0b47d
1 parent 6ec6b75
commit 6e0b47d
Show file tree

Hide file tree

Showing 14 changed files with 152 additions and 56 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,73 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  # github actions
+  - package-ecosystem: "github-actions"
+    target-branch: "release-v1.12.0"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"
+      day: "saturday"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+
+  # csi-vxflexos packages
+  - package-ecosystem: docker
+    target-branch: "release-v1.12.0"
+    directories:
+      - /charts/csi-vxflexos
+    labels:
+      - dependencies
+    schedule:
+      # check daily
+      interval: daily
+      # at 6pm UTC
+      time: "18:00"
+    groups:
+      csi-vxflexos:
+        patterns:
+          - "*"
+
+  # csm-authorization packages
+  - package-ecosystem: docker
+    target-branch: "release-v1.12.0"
+    directories:
+      - /charts/csm-authorization
+    labels:
+      - dependencies
+    schedule:
+      # check daily
+      interval: daily
+      # at 6pm UTC
+      time: "18:00"
+    groups:
+      csm-authorization:
+        patterns:
+          - "*"
+
+  # karavi-observability packages
+  - package-ecosystem: docker
+    target-branch: "release-v1.12.0"
+    directories:
+      - /charts/karavi-observability
+    labels:
+      - dependencies
+    schedule:
+      # check daily
+      interval: daily
+      # at 6pm UTC
+      time: "18:00"
+    ignore:
+      # ignore all updates to otel/opentelemetry-collector
+      - dependency-name: "otel/opentelemetry-collector"
+    groups:
+      karavi-observability:
+        patterns:
+          - "*"
diff --git a/charts/csi-vxflexos/templates/controller.yaml b/charts/csi-vxflexos/templates/controller.yaml
@@ -193,7 +193,7 @@ spec:
 {{- if hasKey .Values "podmon" }}
 {{- if eq .Values.podmon.enabled true }}
         - name: podmon
-          image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
+          image: {{ required "Must provide the podmon container image." .Values.images.podmon.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             {{- toYaml .Values.podmon.controller.args | nindent 12 }}
@@ -218,7 +218,7 @@ spec:
 {{- end }}
 {{- end }}
         - name: attacher
-          image: {{ required "Must provide the CSI attacher container image." .Values.images.attacher }}
+          image: {{ required "Must provide the CSI attacher container image." .Values.images.attacher.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -233,7 +233,7 @@ spec:
         {{- if hasKey .Values.controller "replication" }}
         {{- if eq .Values.controller.replication.enabled true}}
         - name: dell-csi-replicator
-          image: {{ required "Must provide the Dell CSI Replicator image." .Values.images.replication }}
+          image: {{ required "Must provide the Dell CSI Replicator image." .Values.images.replication.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -259,7 +259,7 @@ spec:
         {{- end }}
         {{- end }}
         - name: provisioner
-          image: {{ required "Must provide the CSI provisioner container image." .Values.images.provisioner }}
+          image: {{ required "Must provide the CSI provisioner container image." .Values.images.provisioner.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -291,7 +291,7 @@ spec:
         {{- if hasKey .Values.controller "healthMonitor" }}
         {{- if eq .Values.controller.healthMonitor.enabled true}}
         - name: csi-external-health-monitor-controller
-          image: {{ required "Must provide the CSI external health monitor image." .Values.images.healthmonitor }}
+          image: {{ required "Must provide the CSI external health monitor image." .Values.images.healthmonitor.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -312,7 +312,7 @@ spec:
 {{- if hasKey .Values "vgsnapshotter" }}
 {{- if eq .Values.vgsnapshotter.enabled true }}
         - name: vg-snapshotter
-          image: {{ required "Must provide the vgsnapshotter container image." .Values.images.vgsnapshotter }}
+          image: {{ required "Must provide the vgsnapshotter container image." .Values.images.vgsnapshotter.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           env:
             - name: ADDRESS
@@ -325,7 +325,7 @@ spec:
 {{- if hasKey .Values.controller "snapshot" }}
 {{- if eq .Values.controller.snapshot.enabled true }}
         - name: snapshotter
-          image: {{ required "Must provide the CSI snapshotter container image. " .Values.images.snapshotter }}
+          image: {{ required "Must provide the CSI snapshotter container image. " .Values.images.snapshotter.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -343,7 +343,7 @@ spec:
 {{- if hasKey .Values.controller "resizer" }}
 {{- if eq .Values.controller.resizer.enabled true }}
         - name: resizer
-          image: {{ required "Must provide the CSI resizer container image." .Values.images.resizer }}
+          image: {{ required "Must provide the CSI resizer container image." .Values.images.resizer.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -360,7 +360,7 @@ spec:
 {{- if hasKey .Values "authorization" }}
 {{- if eq .Values.authorization.enabled true }}
         - name: karavi-authorization-proxy
-          image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization }}
+          image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           env:
             - name: PROXY_HOST
@@ -389,7 +389,7 @@ spec:
 {{- end }}
 {{- end }}
         - name: driver
-          image: "{{ required "Must provide the driver image repository." .Values.images.driver }}"
+          image: "{{ required "Must provide the driver image repository." .Values.images.driver.image }}"
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           command: [ "/csi-vxflexos.sh" ]
           args:

diff --git a/charts/csi-vxflexos/templates/node.yaml b/charts/csi-vxflexos/templates/node.yaml
@@ -108,7 +108,7 @@ spec:
             capabilities:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
-          image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
+          image: {{ required "Must provide the podmon container image." .Values.images.podmon.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             {{- toYaml .Values.podmon.node.args | nindent 12 }}
@@ -150,7 +150,7 @@ spec:
 {{- if hasKey .Values "authorization" }}
 {{- if eq .Values.authorization.enabled true }}
         - name: karavi-authorization-proxy
-          image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization }}
+          image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           env:
             - name: PROXY_HOST
@@ -184,7 +184,7 @@ spec:
             allowPrivilegeEscalation: true
             capabilities:
               add: ["SYS_ADMIN"]
-          image: "{{ required "Must provide the driver image repository." .Values.images.driver }}"
+          image: "{{ required "Must provide the driver image repository." .Values.images.driver.image }}"
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           command: [ "/csi-vxflexos.sh" ]
           args:
@@ -247,7 +247,7 @@ spec:
               readOnly: true
 {{- end}}
         - name: registrar
-          image: {{ required "Must provide the CSI registrar container image." .Values.images.registrar }}
+          image: {{ required "Must provide the CSI registrar container image." .Values.images.registrar.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--v=5"
@@ -270,7 +270,7 @@ spec:
         - name: sdc-monitor
           securityContext:
             privileged: true
-          image: {{ required "Must provide the PowerFlex SDC container image." .Values.images.powerflexSdc }}
+          image: {{ required "Must provide the PowerFlex SDC container image." .Values.images.powerflexSdc.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           env:
             {{ if eq .Values.monitor.hostPID true }}
@@ -309,7 +309,7 @@ spec:
         - name: sdc
           securityContext:
             privileged: true
-          image: {{ required "Must provide the PowerFlex SDC container image." .Values.images.powerflexSdc }}
+          image: {{ required "Must provide the PowerFlex SDC container image." .Values.images.powerflexSdc.image }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           env:
             - name: NODENAME

diff --git a/charts/csi-vxflexos/values.yaml b/charts/csi-vxflexos/values.yaml
@@ -10,21 +10,33 @@ version: v2.11.0
 
 images:
   # "driver" defines the container image, used for the driver container.
-  driver: dellemc/csi-vxflexos:v2.11.0
+  driver:
+    image: dellemc/csi-vxflexos:v2.11.0
   # "powerflexSdc" defines the SDC image for init container.
-  powerflexSdc: dellemc/sdc:4.5.2.1
+  powerflexSdc:
+    image: dellemc/sdc:4.5.2.1
   # CSI sidecars
-  attacher: registry.k8s.io/sig-storage/csi-attacher:v4.6.1
-  provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1
-  snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1
-  resizer: registry.k8s.io/sig-storage/csi-resizer:v1.11.1
-  registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1
-  healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1
+  attacher:
+    image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1
+  provisioner:
+    image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1
+  snapshotter:
+    image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1
+  resizer:
+    image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1
+  registrar:
+    image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1
+  healthmonitor:
+    image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1
   # CSM sidecars
-  replication: dellemc/dell-csi-replicator:v1.9.0
-  vgsnapshotter: dellemc/csi-volumegroup-snapshotter:v1.6.0
-  podmon: dellemc/podmon:v1.10.0
-  authorization: dellemc/csm-authorization-sidecar:v1.11.0
+  replication:
+    image: dellemc/dell-csi-replicator:v1.9.0
+  vgsnapshotter:
+    image: dellemc/csi-volumegroup-snapshotter:v1.6.0
+  podmon:
+    image: dellemc/podmon:v1.10.0
+  authorization:
+    image: dellemc/csm-authorization-sidecar:v1.11.0
 
 # Represents number of certificate secrets, which user is going to create for ssl authentication. (vxflexos-cert-0..vxflexos-cert-n)
 # If user does not use certificate, set to 0

diff --git a/charts/csm-authorization/charts/redis/templates/redis.yaml b/charts/csm-authorization/charts/redis/templates/redis.yaml
@@ -21,7 +21,7 @@ spec:
     spec:
       containers:
       - name: primary
-        image: {{ .Values.images.redis }}
+        image: {{ .Values.images.redis.image }}
         imagePullPolicy: IfNotPresent
         args: ["--appendonly", "yes", "--appendfsync", "always"]
         resources:
@@ -100,7 +100,7 @@ spec:
     spec:
       containers:
       - name: redis-commander
-        image: {{ .Values.images.commander }}
+        image: {{ .Values.images.commander.image }}
         imagePullPolicy: IfNotPresent
         env:
         - name: REDIS_HOSTS

diff --git a/charts/csm-authorization/templates/proxy-server.yaml b/charts/csm-authorization/templates/proxy-server.yaml
@@ -58,7 +58,7 @@ spec:
     spec:
       containers:
       - name: proxy-server
-        image:  {{ required "Must provide the proxy-server image." .Values.authorization.images.proxyService }}
+        image:  {{ required "Must provide the proxy-server image." .Values.authorization.images.proxyService.image }}
         imagePullPolicy: Always
         args:
           - "--redis-host=redis.{{ .Release.Namespace }}.svc.cluster.local:6379"
@@ -75,7 +75,7 @@ spec:
         - name: csm-config-params
           mountPath: /etc/karavi-authorization/csm-config-params
       - name: opa
-        image: {{ required "Must provide the openpolicyagent image." .Values.authorization.images.opa }}
+        image: {{ required "Must provide the openpolicyagent image." .Values.authorization.images.opa.image }}
         imagePullPolicy: IfNotPresent
         args:
         - "run"
@@ -86,7 +86,7 @@ spec:
         - name: http
           containerPort: 8181
       - name: kube-mgmt
-        image: {{ required "Must provide the opaKubeMgmt image." .Values.authorization.images.opaKubeMgmt }}
+        image: {{ required "Must provide the opaKubeMgmt image." .Values.authorization.images.opaKubeMgmt.image }}
         imagePullPolicy: IfNotPresent
         args:
         - "--policies={{ include "custom.namespace" . }}"

diff --git a/charts/csm-authorization/templates/role-service.yaml b/charts/csm-authorization/templates/role-service.yaml
@@ -49,7 +49,7 @@ spec:
       serviceAccountName: role-service
       containers:
       - name: role-service
-        image: {{ required "Must provide the role-service image." .Values.authorization.images.roleService }}
+        image: {{ required "Must provide the role-service image." .Values.authorization.images.roleService.image }}
         imagePullPolicy: Always
         ports:
         - containerPort: 50051

diff --git a/charts/csm-authorization/templates/storage-service.yaml b/charts/csm-authorization/templates/storage-service.yaml
@@ -46,7 +46,7 @@ spec:
       serviceAccountName: storage-service
       containers:
       - name: storage-service
-        image: {{ required "Must provide the storage-service image." .Values.authorization.images.storageService }}
+        image: {{ required "Must provide the storage-service image." .Values.authorization.images.storageService.image }}
         imagePullPolicy: Always
         ports:
         - containerPort: 50051

diff --git a/charts/csm-authorization/templates/tenant-service.yaml b/charts/csm-authorization/templates/tenant-service.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
       - name: tenant-service
-        image: {{ required "Must provide the tenant-service image." .Values.authorization.images.tenantService }}
+        image: {{ required "Must provide the tenant-service image." .Values.authorization.images.tenantService.image }}
         imagePullPolicy: Always
         args:
           - "--redis-host=redis.{{ include "custom.namespace" . }}.svc.cluster.local:6379"

diff --git a/charts/csm-authorization/values.yaml b/charts/csm-authorization/values.yaml
@@ -12,12 +12,18 @@ cert-manager:
 authorization:
   # images to use in installation
   images:
-    proxyService: dellemc/csm-authorization-proxy:v1.11.0
-    tenantService: dellemc/csm-authorization-tenant:v1.11.0
-    roleService: dellemc/csm-authorization-role:v1.11.0
-    storageService: dellemc/csm-authorization-storage:v1.11.0
-    opa: openpolicyagent/opa
-    opaKubeMgmt: openpolicyagent/kube-mgmt:0.11
+    proxyService:
+      image: dellemc/csm-authorization-proxy:v1.11.0
+    tenantService:
+      image: dellemc/csm-authorization-tenant:v1.11.0
+    roleService:
+      image: dellemc/csm-authorization-role:v1.11.0
+    storageService:
+      image: dellemc/csm-authorization-storage:v1.11.0
+    opa:
+      image: openpolicyagent/opa
+    opaKubeMgmt:
+      image: openpolicyagent/kube-mgmt:0.11
 
   # proxy-server ingress will use this hostname
   # NOTE: additional hostnames can be configured in authorization.proxyServerIngress.hosts
@@ -52,8 +58,10 @@ authorization:
 
 redis:
   images:
-    redis: redis:6.0.8-alpine
-    commander: rediscommander/redis-commander:latest
+    redis:
+      image: redis:6.0.8-alpine
+    commander:
+      image: rediscommander/redis-commander:latest
 
   # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis
   # to use a different storage class for redis, uncomment the following line and specify the name of the storage class

diff --git a/charts/karavi-observability/templates/karavi-metrics-powerflex.yaml b/charts/karavi-observability/templates/karavi-metrics-powerflex.yaml
@@ -73,7 +73,7 @@ spec:
       {{- if eq .Values.karaviMetricsPowerflex.authorization.enabled true }}
       - name: karavi-authorization-proxy
         imagePullPolicy: IfNotPresent
-        image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowerflex.authorization.sidecarProxyImage }}
+        image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowerflex.authorization.sidecarProxy.image }}
         env:
           - name: PROXY_HOST
             value: "{{ .Values.karaviMetricsPowerflex.authorization.proxyHost }}"

diff --git a/charts/karavi-observability/templates/karavi-metrics-powermax.yaml b/charts/karavi-observability/templates/karavi-metrics-powermax.yaml
@@ -77,7 +77,7 @@ spec:
       {{- if eq .Values.karaviMetricsPowermax.authorization.enabled true }}
       - name: karavi-authorization-proxy
         imagePullPolicy: IfNotPresent
-        image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowermax.authorization.sidecarProxyImage }}
+        image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowermax.authorization.sidecarProxy.image }}
         env:
           - name: PROXY_HOST
             value: "{{ .Values.karaviMetricsPowermax.authorization.proxyHost }}"