diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..44c62815 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,73 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # github actions + - package-ecosystem: "github-actions" + target-branch: "release-v1.12.0" + directory: "/" + schedule: + # Check for updates to GitHub Actions every week + interval: "weekly" + day: "saturday" + groups: + github-actions: + patterns: + - "*" + + # csi-vxflexos packages + - package-ecosystem: docker + target-branch: "release-v1.12.0" + directories: + - /charts/csi-vxflexos + labels: + - dependencies + schedule: + # check daily + interval: daily + # at 6pm UTC + time: "18:00" + groups: + csi-vxflexos: + patterns: + - "*" + + # csm-authorization packages + - package-ecosystem: docker + target-branch: "release-v1.12.0" + directories: + - /charts/csm-authorization + labels: + - dependencies + schedule: + # check daily + interval: daily + # at 6pm UTC + time: "18:00" + groups: + csm-authorization: + patterns: + - "*" + + # karavi-observability packages + - package-ecosystem: docker + target-branch: "release-v1.12.0" + directories: + - /charts/karavi-observability + labels: + - dependencies + schedule: + # check daily + interval: daily + # at 6pm UTC + time: "18:00" + ignore: + # ignore all updates to otel/opentelemetry-collector + - dependency-name: "otel/opentelemetry-collector" + groups: + karavi-observability: + patterns: + - "*" diff --git a/charts/csi-vxflexos/templates/controller.yaml b/charts/csi-vxflexos/templates/controller.yaml index e002f4f9..9274406e 100644 --- a/charts/csi-vxflexos/templates/controller.yaml +++ b/charts/csi-vxflexos/templates/controller.yaml @@ -193,7 +193,7 @@ spec: {{- if hasKey .Values "podmon" }} {{- if eq .Values.podmon.enabled true }} - name: podmon - image: {{ required "Must provide the podmon container image." .Values.images.podmon }} + image: {{ required "Must provide the podmon container image." .Values.images.podmon.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} args: {{- toYaml .Values.podmon.controller.args | nindent 12 }} @@ -218,7 +218,7 @@ spec: {{- end }} {{- end }} - name: attacher - image: {{ required "Must provide the CSI attacher container image." .Values.images.attacher }} + image: {{ required "Must provide the CSI attacher container image." .Values.images.attacher.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} args: - "--csi-address=$(ADDRESS)" @@ -233,7 +233,7 @@ spec: {{- if hasKey .Values.controller "replication" }} {{- if eq .Values.controller.replication.enabled true}} - name: dell-csi-replicator - image: {{ required "Must provide the Dell CSI Replicator image." .Values.images.replication }} + image: {{ required "Must provide the Dell CSI Replicator image." .Values.images.replication.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} args: - "--csi-address=$(ADDRESS)" @@ -259,7 +259,7 @@ spec: {{- end }} {{- end }} - name: provisioner - image: {{ required "Must provide the CSI provisioner container image." .Values.images.provisioner }} + image: {{ required "Must provide the CSI provisioner container image." .Values.images.provisioner.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} args: - "--csi-address=$(ADDRESS)" @@ -291,7 +291,7 @@ spec: {{- if hasKey .Values.controller "healthMonitor" }} {{- if eq .Values.controller.healthMonitor.enabled true}} - name: csi-external-health-monitor-controller - image: {{ required "Must provide the CSI external health monitor image." .Values.images.healthmonitor }} + image: {{ required "Must provide the CSI external health monitor image." .Values.images.healthmonitor.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} args: - "--csi-address=$(ADDRESS)" @@ -312,7 +312,7 @@ spec: {{- if hasKey .Values "vgsnapshotter" }} {{- if eq .Values.vgsnapshotter.enabled true }} - name: vg-snapshotter - image: {{ required "Must provide the vgsnapshotter container image." .Values.images.vgsnapshotter }} + image: {{ required "Must provide the vgsnapshotter container image." .Values.images.vgsnapshotter.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: - name: ADDRESS @@ -325,7 +325,7 @@ spec: {{- if hasKey .Values.controller "snapshot" }} {{- if eq .Values.controller.snapshot.enabled true }} - name: snapshotter - image: {{ required "Must provide the CSI snapshotter container image. " .Values.images.snapshotter }} + image: {{ required "Must provide the CSI snapshotter container image. " .Values.images.snapshotter.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} args: - "--csi-address=$(ADDRESS)" @@ -343,7 +343,7 @@ spec: {{- if hasKey .Values.controller "resizer" }} {{- if eq .Values.controller.resizer.enabled true }} - name: resizer - image: {{ required "Must provide the CSI resizer container image." .Values.images.resizer }} + image: {{ required "Must provide the CSI resizer container image." .Values.images.resizer.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} args: - "--csi-address=$(ADDRESS)" @@ -360,7 +360,7 @@ spec: {{- if hasKey .Values "authorization" }} {{- if eq .Values.authorization.enabled true }} - name: karavi-authorization-proxy - image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization }} + image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: - name: PROXY_HOST @@ -389,7 +389,7 @@ spec: {{- end }} {{- end }} - name: driver - image: "{{ required "Must provide the driver image repository." .Values.images.driver }}" + image: "{{ required "Must provide the driver image repository." .Values.images.driver.image }}" imagePullPolicy: {{ .Values.imagePullPolicy }} command: [ "/csi-vxflexos.sh" ] args: diff --git a/charts/csi-vxflexos/templates/node.yaml b/charts/csi-vxflexos/templates/node.yaml index c7a91407..98c99d10 100644 --- a/charts/csi-vxflexos/templates/node.yaml +++ b/charts/csi-vxflexos/templates/node.yaml @@ -108,7 +108,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: {{ required "Must provide the podmon container image." .Values.images.podmon }} + image: {{ required "Must provide the podmon container image." .Values.images.podmon.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} args: {{- toYaml .Values.podmon.node.args | nindent 12 }} @@ -150,7 +150,7 @@ spec: {{- if hasKey .Values "authorization" }} {{- if eq .Values.authorization.enabled true }} - name: karavi-authorization-proxy - image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization }} + image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: - name: PROXY_HOST @@ -184,7 +184,7 @@ spec: allowPrivilegeEscalation: true capabilities: add: ["SYS_ADMIN"] - image: "{{ required "Must provide the driver image repository." .Values.images.driver }}" + image: "{{ required "Must provide the driver image repository." .Values.images.driver.image }}" imagePullPolicy: {{ .Values.imagePullPolicy }} command: [ "/csi-vxflexos.sh" ] args: @@ -247,7 +247,7 @@ spec: readOnly: true {{- end}} - name: registrar - image: {{ required "Must provide the CSI registrar container image." .Values.images.registrar }} + image: {{ required "Must provide the CSI registrar container image." .Values.images.registrar.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} args: - "--v=5" @@ -270,7 +270,7 @@ spec: - name: sdc-monitor securityContext: privileged: true - image: {{ required "Must provide the PowerFlex SDC container image." .Values.images.powerflexSdc }} + image: {{ required "Must provide the PowerFlex SDC container image." .Values.images.powerflexSdc.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: {{ if eq .Values.monitor.hostPID true }} @@ -309,7 +309,7 @@ spec: - name: sdc securityContext: privileged: true - image: {{ required "Must provide the PowerFlex SDC container image." .Values.images.powerflexSdc }} + image: {{ required "Must provide the PowerFlex SDC container image." .Values.images.powerflexSdc.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: - name: NODENAME diff --git a/charts/csi-vxflexos/values.yaml b/charts/csi-vxflexos/values.yaml index e8d3a77e..a47af7f6 100644 --- a/charts/csi-vxflexos/values.yaml +++ b/charts/csi-vxflexos/values.yaml @@ -10,21 +10,33 @@ version: v2.11.0 images: # "driver" defines the container image, used for the driver container. - driver: dellemc/csi-vxflexos:v2.11.0 + driver: + image: dellemc/csi-vxflexos:v2.11.0 # "powerflexSdc" defines the SDC image for init container. - powerflexSdc: dellemc/sdc:4.5.2.1 + powerflexSdc: + image: dellemc/sdc:4.5.2.1 # CSI sidecars - attacher: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - resizer: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + attacher: + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + provisioner: + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + snapshotter: + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + resizer: + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + registrar: + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + healthmonitor: + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 # CSM sidecars - replication: dellemc/dell-csi-replicator:v1.9.0 - vgsnapshotter: dellemc/csi-volumegroup-snapshotter:v1.6.0 - podmon: dellemc/podmon:v1.10.0 - authorization: dellemc/csm-authorization-sidecar:v1.11.0 + replication: + image: dellemc/dell-csi-replicator:v1.9.0 + vgsnapshotter: + image: dellemc/csi-volumegroup-snapshotter:v1.6.0 + podmon: + image: dellemc/podmon:v1.10.0 + authorization: + image: dellemc/csm-authorization-sidecar:v1.11.0 # Represents number of certificate secrets, which user is going to create for ssl authentication. (vxflexos-cert-0..vxflexos-cert-n) # If user does not use certificate, set to 0 diff --git a/charts/csm-authorization/charts/redis/templates/redis.yaml b/charts/csm-authorization/charts/redis/templates/redis.yaml index ce901eb4..a1e79400 100644 --- a/charts/csm-authorization/charts/redis/templates/redis.yaml +++ b/charts/csm-authorization/charts/redis/templates/redis.yaml @@ -21,7 +21,7 @@ spec: spec: containers: - name: primary - image: {{ .Values.images.redis }} + image: {{ .Values.images.redis.image }} imagePullPolicy: IfNotPresent args: ["--appendonly", "yes", "--appendfsync", "always"] resources: @@ -100,7 +100,7 @@ spec: spec: containers: - name: redis-commander - image: {{ .Values.images.commander }} + image: {{ .Values.images.commander.image }} imagePullPolicy: IfNotPresent env: - name: REDIS_HOSTS diff --git a/charts/csm-authorization/templates/proxy-server.yaml b/charts/csm-authorization/templates/proxy-server.yaml index ac2e6a2a..04e1150f 100644 --- a/charts/csm-authorization/templates/proxy-server.yaml +++ b/charts/csm-authorization/templates/proxy-server.yaml @@ -58,7 +58,7 @@ spec: spec: containers: - name: proxy-server - image: {{ required "Must provide the proxy-server image." .Values.authorization.images.proxyService }} + image: {{ required "Must provide the proxy-server image." .Values.authorization.images.proxyService.image }} imagePullPolicy: Always args: - "--redis-host=redis.{{ .Release.Namespace }}.svc.cluster.local:6379" @@ -75,7 +75,7 @@ spec: - name: csm-config-params mountPath: /etc/karavi-authorization/csm-config-params - name: opa - image: {{ required "Must provide the openpolicyagent image." .Values.authorization.images.opa }} + image: {{ required "Must provide the openpolicyagent image." .Values.authorization.images.opa.image }} imagePullPolicy: IfNotPresent args: - "run" @@ -86,7 +86,7 @@ spec: - name: http containerPort: 8181 - name: kube-mgmt - image: {{ required "Must provide the opaKubeMgmt image." .Values.authorization.images.opaKubeMgmt }} + image: {{ required "Must provide the opaKubeMgmt image." .Values.authorization.images.opaKubeMgmt.image }} imagePullPolicy: IfNotPresent args: - "--policies={{ include "custom.namespace" . }}" diff --git a/charts/csm-authorization/templates/role-service.yaml b/charts/csm-authorization/templates/role-service.yaml index 1774b2c8..934110c1 100644 --- a/charts/csm-authorization/templates/role-service.yaml +++ b/charts/csm-authorization/templates/role-service.yaml @@ -49,7 +49,7 @@ spec: serviceAccountName: role-service containers: - name: role-service - image: {{ required "Must provide the role-service image." .Values.authorization.images.roleService }} + image: {{ required "Must provide the role-service image." .Values.authorization.images.roleService.image }} imagePullPolicy: Always ports: - containerPort: 50051 diff --git a/charts/csm-authorization/templates/storage-service.yaml b/charts/csm-authorization/templates/storage-service.yaml index 16672639..e0d8e93f 100644 --- a/charts/csm-authorization/templates/storage-service.yaml +++ b/charts/csm-authorization/templates/storage-service.yaml @@ -46,7 +46,7 @@ spec: serviceAccountName: storage-service containers: - name: storage-service - image: {{ required "Must provide the storage-service image." .Values.authorization.images.storageService }} + image: {{ required "Must provide the storage-service image." .Values.authorization.images.storageService.image }} imagePullPolicy: Always ports: - containerPort: 50051 diff --git a/charts/csm-authorization/templates/tenant-service.yaml b/charts/csm-authorization/templates/tenant-service.yaml index b54a7f13..f8b161f9 100644 --- a/charts/csm-authorization/templates/tenant-service.yaml +++ b/charts/csm-authorization/templates/tenant-service.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: tenant-service - image: {{ required "Must provide the tenant-service image." .Values.authorization.images.tenantService }} + image: {{ required "Must provide the tenant-service image." .Values.authorization.images.tenantService.image }} imagePullPolicy: Always args: - "--redis-host=redis.{{ include "custom.namespace" . }}.svc.cluster.local:6379" diff --git a/charts/csm-authorization/values.yaml b/charts/csm-authorization/values.yaml index 756519de..e3119b32 100644 --- a/charts/csm-authorization/values.yaml +++ b/charts/csm-authorization/values.yaml @@ -12,12 +12,18 @@ cert-manager: authorization: # images to use in installation images: - proxyService: dellemc/csm-authorization-proxy:v1.11.0 - tenantService: dellemc/csm-authorization-tenant:v1.11.0 - roleService: dellemc/csm-authorization-role:v1.11.0 - storageService: dellemc/csm-authorization-storage:v1.11.0 - opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + proxyService: + image: dellemc/csm-authorization-proxy:v1.11.0 + tenantService: + image: dellemc/csm-authorization-tenant:v1.11.0 + roleService: + image: dellemc/csm-authorization-role:v1.11.0 + storageService: + image: dellemc/csm-authorization-storage:v1.11.0 + opa: + image: openpolicyagent/opa + opaKubeMgmt: + image: openpolicyagent/kube-mgmt:0.11 # proxy-server ingress will use this hostname # NOTE: additional hostnames can be configured in authorization.proxyServerIngress.hosts @@ -52,8 +58,10 @@ authorization: redis: images: - redis: redis:6.0.8-alpine - commander: rediscommander/redis-commander:latest + redis: + image: redis:6.0.8-alpine + commander: + image: rediscommander/redis-commander:latest # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis # to use a different storage class for redis, uncomment the following line and specify the name of the storage class diff --git a/charts/karavi-observability/templates/karavi-metrics-powerflex.yaml b/charts/karavi-observability/templates/karavi-metrics-powerflex.yaml index 7c84d7b2..85e03a73 100644 --- a/charts/karavi-observability/templates/karavi-metrics-powerflex.yaml +++ b/charts/karavi-observability/templates/karavi-metrics-powerflex.yaml @@ -73,7 +73,7 @@ spec: {{- if eq .Values.karaviMetricsPowerflex.authorization.enabled true }} - name: karavi-authorization-proxy imagePullPolicy: IfNotPresent - image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowerflex.authorization.sidecarProxyImage }} + image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowerflex.authorization.sidecarProxy.image }} env: - name: PROXY_HOST value: "{{ .Values.karaviMetricsPowerflex.authorization.proxyHost }}" diff --git a/charts/karavi-observability/templates/karavi-metrics-powermax.yaml b/charts/karavi-observability/templates/karavi-metrics-powermax.yaml index 31891ab8..9ae811c6 100644 --- a/charts/karavi-observability/templates/karavi-metrics-powermax.yaml +++ b/charts/karavi-observability/templates/karavi-metrics-powermax.yaml @@ -77,7 +77,7 @@ spec: {{- if eq .Values.karaviMetricsPowermax.authorization.enabled true }} - name: karavi-authorization-proxy imagePullPolicy: IfNotPresent - image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowermax.authorization.sidecarProxyImage }} + image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowermax.authorization.sidecarProxy.image }} env: - name: PROXY_HOST value: "{{ .Values.karaviMetricsPowermax.authorization.proxyHost }}" diff --git a/charts/karavi-observability/templates/karavi-metrics-powerscale.yaml b/charts/karavi-observability/templates/karavi-metrics-powerscale.yaml index d0d7868b..babe4387 100644 --- a/charts/karavi-observability/templates/karavi-metrics-powerscale.yaml +++ b/charts/karavi-observability/templates/karavi-metrics-powerscale.yaml @@ -73,7 +73,7 @@ spec: {{- if eq .Values.karaviMetricsPowerscale.authorization.enabled true }} - name: karavi-authorization-proxy imagePullPolicy: IfNotPresent - image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowerscale.authorization.sidecarProxyImage }} + image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowerscale.authorization.sidecarProxy.image }} env: - name: PROXY_HOST value: "{{ .Values.karaviMetricsPowerscale.authorization.proxyHost }}" diff --git a/charts/karavi-observability/values.yaml b/charts/karavi-observability/values.yaml index f593addc..787081ac 100644 --- a/charts/karavi-observability/values.yaml +++ b/charts/karavi-observability/values.yaml @@ -39,9 +39,10 @@ karaviMetricsPowerflex: logFormat: text authorization: enabled: false - # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.11.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.11.0 + # sidecarProxy.image: the container image used for the csm-authorization-sidecar. + # Default value: dellemc/csm-authorization-sidecar:v1.10.1 + sidecarProxy: + image: dellemc/csm-authorization-sidecar:v1.11.0 # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: @@ -115,9 +116,10 @@ karaviMetricsPowerscale: isiLogVerbose: 0 authorization: enabled: false - # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.10.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.11.0 + # sidecarProxy.image: the container image used for the csm-authorization-sidecar. + # Default value: dellemc/csm-authorization-sidecar:v1.10.1 + sidecarProxy: + image: dellemc/csm-authorization-sidecar:v1.11.0 # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: @@ -152,9 +154,10 @@ karaviMetricsPowermax: logFormat: text authorization: enabled: false - # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.11.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.11.0 + # sidecarProxy.image: the container image used for the csm-authorization-sidecar. + # Default value: dellemc/csm-authorization-sidecar:v1.10.1 + sidecarProxy: + image: dellemc/csm-authorization-sidecar:v1.11.0 # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: