Merge pull request #287 from shiftstack/sync-master

OCPBUGS-34137, OCPBUGS-34460, OCPBUGS-34113, OCPBUGS-35462: sync upstream on release-1.30/go1.22
openshift · Jun 18, 2024 · 92021a2 · 92021a2
2 parents 9f2d414 + afabd29
commit 92021a2
Show file tree

Hide file tree

Showing 1,091 changed files with 86,417 additions and 17,673 deletions.
diff --git a/.ci-operator.yaml b/.ci-operator.yaml
@@ -1,4 +1,4 @@
 build_root_image:
   name: release
   namespace: openshift
-  tag: rhel-9-release-golang-1.21-openshift-4.17
+  tag: rhel-9-release-golang-1.22-openshift-4.17
diff --git a/Dockerfile b/Dockerfile
@@ -14,15 +14,15 @@
 ##                               BUILD ARGS                                   ##
 ################################################################################
 # This build arg allows the specification of a custom Golang image.
-ARG GOLANG_IMAGE=golang:1.21.5
+ARG GOLANG_IMAGE=golang:1.22.2
 
 # The distroless image on which the CPI manager image is built.
 #
 # Please do not use "latest". Explicit tags should be used to provide
 # deterministic builds. Follow what kubernetes uses to build
 # kube-controller-manager, for example for 1.27.x:
 # https://github.com/kubernetes/kubernetes/blob/release-1.27/build/common.sh#L99
-ARG DISTROLESS_IMAGE=registry.k8s.io/build-image/go-runner:v2.3.1-go1.21.5-bookworm.0
+ARG DISTROLESS_IMAGE=registry.k8s.io/build-image/go-runner:v2.3.1-go1.22.2-bookworm.0
 
 # We use Alpine as the source for default CA certificates and some output
 # images

diff --git a/charts/cinder-csi-plugin/Chart.yaml b/charts/cinder-csi-plugin/Chart.yaml
@@ -1,10 +1,12 @@
 apiVersion: v1
-appVersion: v1.29.0
+appVersion: v1.30.0
 description: Cinder CSI Chart for OpenStack
 name: openstack-cinder-csi
-version: 2.29.0
+version: 2.30.0
 home: https://github.com/kubernetes/cloud-provider-openstack
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
 maintainers:
-  - name: brtknr
-    email: brtknr@bath.edu
+  - name: mnasiadka
+    email: mnasiadka@gmail.com
+  - name: mkjpryor
+    email: matt@stackhpc.com
diff --git a/charts/manila-csi-plugin/Chart.yaml b/charts/manila-csi-plugin/Chart.yaml
@@ -1,10 +1,12 @@
 apiVersion: v1
-appVersion: v1.29.0
+appVersion: v1.30.0
 description: Manila CSI Chart for OpenStack
 name: openstack-manila-csi
-version: 2.29.0
+version: 2.30.0
 home: http://github.com/kubernetes/cloud-provider-openstack
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
 maintainers:
-  - name: brtknr
-    email: brtknr@bath.edu
+  - name: mnasiadka
+    email: mnasiadka@gmail.com
+  - name: mkjpryor
+    email: matt@stackhpc.com
diff --git a/charts/openstack-cloud-controller-manager/Chart.yaml b/charts/openstack-cloud-controller-manager/Chart.yaml
@@ -1,11 +1,15 @@
-apiVersion: v1
-appVersion: v1.29.0
+apiVersion: v2
+appVersion: v1.30.0
 description: Openstack Cloud Controller Manager Helm Chart
 icon: https://object-storage-ca-ymq-1.vexxhost.net/swift/v1/6e4619c416ff4bd19e1c087f27a43eea/www-images-prod/openstack-logo/OpenStack-Logo-Vertical.png
 home: https://github.com/kubernetes/cloud-provider-openstack
 name: openstack-cloud-controller-manager
-version: 2.29.0
+version: 2.30.0
 maintainers:
   - name: eumel8
     email: f.kloeker@telekom.de
     url: https://www.telekom.com
+dependencies:
+  - name: common
+    version: 2.14.1
+    repository: https://charts.bitnami.com/bitnami
diff --git a/charts/openstack-cloud-controller-manager/templates/_helpers.tpl b/charts/openstack-cloud-controller-manager/templates/_helpers.tpl
@@ -12,19 +12,6 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Common labels and app labels
-*/}}
-{{- define "occm.labels" -}}
-app.kubernetes.io/name: {{ include "occm.name" . }}
-helm.sh/chart: {{ include "occm.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end -}}
-
 {{- define "occm.common.matchLabels" -}}
 app: {{ template "occm.name" . }}
 release: {{ .Release.Name }}
@@ -73,8 +60,12 @@ Create cloud-config makro.
 {{- range $key, $value := .Values.cloudConfig.metadata }}
 {{ $key }} = {{ $value | quote }}
 {{- end }}
-{{- end }}
 
+[Route]
+{{- range $key, $value := .Values.cloudConfig.route }}
+{{ $key }} = {{ $value | quote }}
+{{- end }}
+{{- end }}
 
 {{/*
 Generate string of enabled controllers. Might have a trailing comma (,) which needs to be trimmed.

diff --git a/charts/openstack-cloud-controller-manager/templates/clusterrole.yaml b/charts/openstack-cloud-controller-manager/templates/clusterrole.yaml
@@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ .Values.clusterRoleName }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
   annotations:
     {{- with .Values.commonAnnotations }}
     {{- toYaml . | nindent 4 }}

diff --git a/charts/openstack-cloud-controller-manager/templates/clusterrolebinding-sm.yaml b/charts/openstack-cloud-controller-manager/templates/clusterrolebinding-sm.yaml
@@ -3,6 +3,7 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: system:{{ include "occm.name" . }}:auth-delegate
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
   annotations:
     {{- with .Values.commonAnnotations }}
     {{- toYaml . | nindent 4 }}

diff --git a/charts/openstack-cloud-controller-manager/templates/clusterrolebinding.yaml b/charts/openstack-cloud-controller-manager/templates/clusterrolebinding.yaml
@@ -3,6 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ .Values.clusterRoleName }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
   annotations:
     {{- with .Values.commonAnnotations }}
     {{- toYaml . | nindent 4 }}

diff --git a/charts/openstack-cloud-controller-manager/templates/daemonset.yaml b/charts/openstack-cloud-controller-manager/templates/daemonset.yaml
@@ -2,9 +2,8 @@ apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: {{ include "occm.name" . }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
   namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "occm.labels" . | nindent 4 }}
   annotations:
     {{- with .Values.commonAnnotations }}
     {{- toYaml . | nindent 4 }}
@@ -55,7 +54,7 @@ spec:
             - --cloud-config=$(CLOUD_CONFIG)
             - --cluster-name=$(CLUSTER_NAME)
             - --cloud-provider=openstack
-            - --use-service-account-credentials=true
+            - --use-service-account-credentials=false
             - --controllers={{- trimAll "," (include "occm.enabledControllers" . ) -}}
             {{- if .Values.serviceMonitor.enabled }}
             - --bind-address=0.0.0.0

diff --git a/charts/openstack-cloud-controller-manager/templates/secret.yaml b/charts/openstack-cloud-controller-manager/templates/secret.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ .Values.secret.name | default "cloud-config" }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
   namespace: {{ .Release.Namespace }}
   annotations:
     {{- with .Values.commonAnnotations }}

diff --git a/charts/openstack-cloud-controller-manager/templates/service-sm.yaml b/charts/openstack-cloud-controller-manager/templates/service-sm.yaml
@@ -2,9 +2,8 @@
 apiVersion: v1
 kind: Service
 metadata:
-  labels:
-    {{- include "occm.labels" . | nindent 4 }}
   name: {{ include "occm.name" . }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
   namespace: {{ .Release.Namespace }}
   annotations:
     {{- with .Values.commonAnnotations }}

diff --git a/charts/openstack-cloud-controller-manager/templates/serviceaccount.yaml b/charts/openstack-cloud-controller-manager/templates/serviceaccount.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Values.serviceAccountName }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
   namespace: {{ .Release.Namespace }}
   annotations:
     {{- with .Values.commonAnnotations }}

diff --git a/charts/openstack-cloud-controller-manager/templates/servicemonitor.yaml b/charts/openstack-cloud-controller-manager/templates/servicemonitor.yaml
@@ -2,9 +2,8 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  labels:
-    {{- include "occm.labels" . | nindent 4 }}
   name: {{ include "occm.name" . }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
   namespace: {{ .Release.Namespace }}
   annotations:
     {{- with .Values.commonAnnotations }}

diff --git a/charts/openstack-cloud-controller-manager/values.yaml b/charts/openstack-cloud-controller-manager/values.yaml
@@ -108,6 +108,7 @@ cloudConfig:
   loadBalancer:
   blockStorage:
   metadata:
+  route:
 
 # Allow for specifying internal IP addresses for multiple hostnames
 # hostAliases:

diff --git a/cmd/cinder-csi-plugin/main.go b/cmd/cinder-csi-plugin/main.go
@@ -31,16 +31,18 @@ import (
 )
 
 var (
-	endpoint     string
-	nodeID       string
-	cloudConfig  []string
-	cluster      string
-	httpEndpoint string
+	endpoint                 string
+	nodeID                   string
+	cloudConfig              []string
+	cluster                  string
+	httpEndpoint             string
+	provideControllerService bool
+	provideNodeService       bool
 )
 
 func main() {
 	cmd := &cobra.Command{
-		Use:   "Cinder",
+		Use:   "cinder-csi-plugin",
 		Short: "CSI based Cinder driver",
 		Run: func(cmd *cobra.Command, args []string) {
 			handle()
@@ -65,6 +67,10 @@ func main() {
 
 	cmd.PersistentFlags().StringVar(&cluster, "cluster", "", "The identifier of the cluster that the plugin is running in.")
 	cmd.PersistentFlags().StringVar(&httpEndpoint, "http-endpoint", "", "The TCP network address where the HTTP server for providing metrics for diagnostics, will listen (example: `:8080`). The default is empty string, which means the server is disabled.")
+
+	cmd.PersistentFlags().BoolVar(&provideControllerService, "provide-controller-service", true, "If set to true then the CSI driver does provide the controller service (default: true)")
+	cmd.PersistentFlags().BoolVar(&provideNodeService, "provide-node-service", true, "If set to true then the CSI driver does provide the node service (default: true)")
+
 	openstack.AddExtraFlags(pflag.CommandLine)
 
 	code := cli.Run(cmd)
@@ -73,19 +79,28 @@ func main() {
 
 func handle() {
 	// Initialize cloud
-	d := cinder.NewDriver(endpoint, cluster)
+	d := cinder.NewDriver(&cinder.DriverOpts{Endpoint: endpoint, ClusterID: cluster})
+
 	openstack.InitOpenStackProvider(cloudConfig, httpEndpoint)
 	cloud, err := openstack.GetOpenStackProvider()
 	if err != nil {
 		klog.Warningf("Failed to GetOpenStackProvider: %v", err)
 		return
 	}
-	//Initialize mount
-	mount := mount.GetMountProvider()
 
-	//Initialize Metadata
-	metadata := metadata.GetMetadataProvider(cloud.GetMetadataOpts().SearchOrder)
+	if provideControllerService {
+		d.SetupControllerService(cloud)
+	}
+
+	if provideNodeService {
+		//Initialize mount
+		mount := mount.GetMountProvider()
+
+		//Initialize Metadata
+		metadata := metadata.GetMetadataProvider(cloud.GetMetadataOpts().SearchOrder)
+
+		d.SetupNodeService(cloud, mount, metadata)
+	}
 
-	d.SetupDriver(cloud, mount, metadata)
 	d.Run()
 }
diff --git a/cmd/client-keystone-auth/main.go b/cmd/client-keystone-auth/main.go
@@ -17,23 +17,20 @@ limitations under the License.
 package main
 
 import (
-	"flag"
 	"fmt"
 	"io"
 	"os"
 	"time"
 
 	"github.com/gophercloud/gophercloud"
 	"github.com/gophercloud/utils/openstack/clientconfig"
-	"github.com/spf13/pflag"
-	"k8s.io/component-base/logs"
+	"github.com/spf13/cobra"
+	"k8s.io/component-base/cli"
 
 	"golang.org/x/term"
 
 	"k8s.io/cloud-provider-openstack/pkg/identity/keystone"
 	"k8s.io/cloud-provider-openstack/pkg/version"
-	kflag "k8s.io/component-base/cli/flag"
-	"k8s.io/klog/v2"
 )
 
 const errRespTemplate string = `{
@@ -137,51 +134,49 @@ func argumentsAreSet(url, user, project, password, domain, applicationCredential
 	return false
 }
 
+var (
+	url                         string
+	domain                      string
+	user                        string
+	project                     string
+	password                    string
+	clientCertPath              string
+	clientKeyPath               string
+	clientCAPath                string
+	options                     keystone.Options
+	err                         error
+	applicationCredentialID     string
+	applicationCredentialName   string
+	applicationCredentialSecret string
+)
+
 func main() {
-	var url string
-	var domain string
-	var user string
-	var project string
-	var password string
-	var clientCertPath string
-	var clientKeyPath string
-	var clientCAPath string
-	var options keystone.Options
-	var err error
-	var applicationCredentialID string
-	var applicationCredentialName string
-	var applicationCredentialSecret string
-	var showVersion bool
-
-	pflag.StringVar(&url, "keystone-url", os.Getenv("OS_AUTH_URL"), "URL for the OpenStack Keystone API")
-	pflag.StringVar(&domain, "domain-name", os.Getenv("OS_DOMAIN_NAME"), "Keystone domain name")
-	pflag.StringVar(&user, "user-name", os.Getenv("OS_USERNAME"), "User name")
-	pflag.StringVar(&project, "project-name", os.Getenv("OS_PROJECT_NAME"), "Keystone project name")
-	pflag.StringVar(&password, "password", os.Getenv("OS_PASSWORD"), "Password")
-	pflag.StringVar(&clientCertPath, "cert", os.Getenv("OS_CERT"), "Client certificate bundle file")
-	pflag.StringVar(&clientKeyPath, "key", os.Getenv("OS_KEY"), "Client certificate key file")
-	pflag.StringVar(&clientCAPath, "cacert", os.Getenv("OS_CACERT"), "Certificate authority file")
-	pflag.StringVar(&applicationCredentialID, "application-credential-id", os.Getenv("OS_APPLICATION_CREDENTIAL_ID"), "Application Credential ID")
-	pflag.StringVar(&applicationCredentialName, "application-credential-name", os.Getenv("OS_APPLICATION_CREDENTIAL_NAME"), "Application Credential Name")
-	pflag.StringVar(&applicationCredentialSecret, "application-credential-secret", os.Getenv("OS_APPLICATION_CREDENTIAL_SECRET"), "Application Credential Secret")
-	pflag.BoolVar(&showVersion, "version", false, "Show current version and exit")
-
-	logs.AddFlags(pflag.CommandLine)
-
-	klogFlags := flag.NewFlagSet("klog", flag.ExitOnError)
-	klog.InitFlags(klogFlags)
-	pflag.CommandLine.AddGoFlagSet(klogFlags)
-
-	kflag.InitFlags()
-
-	if showVersion {
-		fmt.Println(version.Version)
-		os.Exit(0)
+	cmd := &cobra.Command{
+		Use:   "client-keystone-auth",
+		Short: "Keystone client credential plugin for Kubernetes",
+		Run: func(cmd *cobra.Command, args []string) {
+			handle()
+		},
+		Version: version.Version,
 	}
 
-	logs.InitLogs()
-	defer logs.FlushLogs()
+	cmd.PersistentFlags().StringVar(&url, "keystone-url", os.Getenv("OS_AUTH_URL"), "URL for the OpenStack Keystone API")
+	cmd.PersistentFlags().StringVar(&domain, "domain-name", os.Getenv("OS_DOMAIN_NAME"), "Keystone domain name")
+	cmd.PersistentFlags().StringVar(&user, "user-name", os.Getenv("OS_USERNAME"), "User name")
+	cmd.PersistentFlags().StringVar(&project, "project-name", os.Getenv("OS_PROJECT_NAME"), "Keystone project name")
+	cmd.PersistentFlags().StringVar(&password, "password", os.Getenv("OS_PASSWORD"), "Password")
+	cmd.PersistentFlags().StringVar(&clientCertPath, "cert", os.Getenv("OS_CERT"), "Client certificate bundle file")
+	cmd.PersistentFlags().StringVar(&clientKeyPath, "key", os.Getenv("OS_KEY"), "Client certificate key file")
+	cmd.PersistentFlags().StringVar(&clientCAPath, "cacert", os.Getenv("OS_CACERT"), "Certificate authority file")
+	cmd.PersistentFlags().StringVar(&applicationCredentialID, "application-credential-id", os.Getenv("OS_APPLICATION_CREDENTIAL_ID"), "Application Credential ID")
+	cmd.PersistentFlags().StringVar(&applicationCredentialName, "application-credential-name", os.Getenv("OS_APPLICATION_CREDENTIAL_NAME"), "Application Credential Name")
+	cmd.PersistentFlags().StringVar(&applicationCredentialSecret, "application-credential-secret", os.Getenv("OS_APPLICATION_CREDENTIAL_SECRET"), "Application Credential Secret")
+
+	code := cli.Run(cmd)
+	os.Exit(code)
+}
 
+func handle() {
 	// Generate Gophercloud Auth Options based on input data from stdin
 	// if IsTerminal returns "true", or from env variables otherwise.
 	if !term.IsTerminal(int(os.Stdin.Fd())) {