Prepare v1.3.0 release (#47)

* Bump version
* Remove CSI Snapshot files, they are managed by Constellation directly
* Update chart
* Use idempotent cryptsetup open function
* Fix incorrect path variable assignment

---------

Signed-off-by: Daniel Weiße <[email protected]>

.github/workflows/build-container-image.yml

@@ -22,7 +22,7 @@ jobs:
       - name: Install Go
         uses: actions/[email protected]
         with:
-          go-version: "1.20.3"
+          go-version: "1.21.1"
 
       - name: Set up Docker Buildx
         id: docker-setup

.github/workflows/linux.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: 1.20.3
+          go-version: "1.21.1"
         id: go
 
       - name: Install Dependencies

.github/workflows/static.yaml

@@ -13,7 +13,7 @@ jobs:
       - name: Set up Go 1.x
         uses: actions/setup-go@v4
         with:
-          go-version: "1.20.3"
+          go-version: "1.21.1"
 
       - name: Checkout code
         uses: actions/checkout@v4

.github/workflows/trivy.yaml

@@ -13,7 +13,7 @@ jobs:
       - name: Set up Go 1.x
         uses: actions/setup-go@v4
         with:
-          go-version: "1.20.3"
+          go-version: "1.21.1"
         id: go
 
       - name: Checkout code

Dockerfile

@@ -2,7 +2,7 @@ FROM debian:bullseye AS build
 
 ENV DEBIAN_FRONTEND="noninteractive"
 RUN apt-get update && apt-get install -y build-essential git wget pkg-config libcryptsetup12 libcryptsetup-dev
-ARG GO_VER=1.20.3
+ARG GO_VER=1.21.1
 RUN wget https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \
     tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \
     rm go${GO_VER}.linux-amd64.tar.gz

Makefile

@@ -37,7 +37,7 @@ REGISTRY_NAME ?= $(shell echo $(REGISTRY) | sed "s/.azurecr.io//g")
 IMAGE_NAME ?= constellation/azure-csi-driver
 ifneq ($(BUILD_V2), true)
 PLUGIN_NAME = azurediskplugin
-IMAGE_VERSION ?= v1.1.0
+IMAGE_VERSION ?= v1.3.0
 CHART_VERSION ?= latest
 else
 PLUGIN_NAME = azurediskpluginv2

charts/edgeless/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: "v1.2.0"
+appVersion: "v1.3.0"
 description: Azure disk Container Storage Interface (CSI) Storage Plugin with on-node encryption support
 name: azuredisk-csi-driver
-version: v1.2.0
+version: v1.3.0

charts/edgeless/templates/csi-azuredisk-controller.yaml

@@ -20,6 +20,9 @@ spec:
     metadata:
 {{ include "azuredisk.labels" . | indent 6 }}
         app: {{ .Values.controller.name }}
+        {{- if .Values.workloadIdentity.clientID }}
+        azure.workload.identity/use: "true"
+        {{- end }}
 {{- with .Values.controller.podLabels }}
 {{ toYaml . | indent 8 }}
 {{- end }}
@@ -46,6 +49,9 @@ spec:
         node-role.kubernetes.io/control-plane: ""
         {{- end}}
       priorityClassName: system-cluster-critical
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
 {{- with .Values.controller.tolerations }}
       tolerations:
 {{ toYaml . | indent 8 }}
@@ -63,7 +69,7 @@ spec:
           image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
 {{- end }}
           args:
-            - "--feature-gates=Topology=true"
+            - "--feature-gates=Topology=true,HonorPVReclaimPolicy=true"
             - "--csi-address=$(ADDRESS)"
             - "--v=2"
             - "--timeout=30s"
@@ -190,6 +196,7 @@ spec:
             - "--vmss-cache-ttl-seconds={{ .Values.controller.vmssCacheTTLInSeconds }}"
             - "--enable-traffic-manager={{ .Values.controller.enableTrafficManager }}"
             - "--traffic-manager-port={{ .Values.controller.trafficManagerPort }}"
+            - "--enable-otel-tracing={{ .Values.controller.otelTracing.enabled }}"
           ports:
             - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
               name: healthz
@@ -209,7 +216,7 @@ spec:
             - name: AZURE_CREDENTIAL_FILE
               valueFrom:
                 configMapKeyRef:
-                  name: azure-cred-file
+                  name: {{ .Values.azureCredentialFileConfigMap }}
                   key: path
                   optional: true
             - name: CSI_ENDPOINT
@@ -232,6 +239,12 @@ spec:
             - name: AZURE_ENVIRONMENT_FILEPATH
               value: /etc/kubernetes/azurestackcloud.json
             {{- end }}
+            {{- if .Values.controller.otelTracing.enabled }}
+            - name: OTEL_SERVICE_NAME
+              value: {{ .Values.controller.otelTracing.otelServiceName }}
+            - name: OTEL_EXPORTER_OTLP_ENDPOINT
+              value: {{ .Values.controller.otelTracing.otelExporterEndpoint }}
+            {{- end }}
           imagePullPolicy: {{ .Values.image.azuredisk.pullPolicy }}
           volumeMounts:
             - mountPath: /csi

charts/edgeless/templates/csi-azuredisk-node.yaml

@@ -24,6 +24,9 @@ spec:
     metadata:
 {{ include "azuredisk.labels" . | indent 6 }}
         app: {{ .Values.linux.dsName }}
+        {{- if .Values.workloadIdentity.clientID }}
+        azure.workload.identity/use: "true"
+        {{- end }}
 {{- with .Values.linux.podLabels }}
 {{ toYaml . | indent 8 }}
 {{- end }}
@@ -50,6 +53,9 @@ spec:
         nodeAffinity:
 {{ toYaml .Values.linux.nodeAffinity | indent 10 }}
       priorityClassName: system-node-critical
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
 {{- with .Values.linux.tolerations }}
       tolerations:
 {{ toYaml . | indent 8 }}
@@ -81,6 +87,7 @@ spec:
             - --csi-address=$(ADDRESS)
             - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
             - --v=2
+{{- if .Values.linux.enableRegistrationProbe }}
           livenessProbe:
             exec:
               command:
@@ -89,6 +96,7 @@ spec:
                 - --mode=kubelet-registration-probe
             initialDelaySeconds: 30
             timeoutSeconds: 15
+{{- end }}
           env:
             - name: ADDRESS
               value: /csi/csi.sock
@@ -110,7 +118,6 @@ spec:
             - "--v={{ .Values.node.logLevel }}"
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
-            - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}"
             - "--enable-perf-optimization={{ .Values.linux.enablePerfOptimization }}"
             - "--drivername={{ .Values.driver.name }}"
             - "--volume-attach-limit={{ .Values.driver.volumeAttachLimit }}"
@@ -121,6 +128,8 @@ spec:
             - "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}"
             - "--support-zone={{ .Values.node.supportZone }}"
             - "--get-node-info-from-labels={{ .Values.linux.getNodeInfoFromLabels }}"
+            - "--get-nodeid-from-imds={{ .Values.node.getNodeIDFromIMDS }}"
+            - "--enable-otel-tracing={{ .Values.linux.otelTracing.enabled }}"
             - "--kms-addr={{ .Values.global.keyServiceName }}.{{ .Values.global.keyServiceNamespace | default .Release.Namespace }}:{{ .Values.global.keyServicePort }}"
           ports:
             - containerPort: {{ .Values.node.livenessProbe.healthPort }}
@@ -138,7 +147,7 @@ spec:
             - name: AZURE_CREDENTIAL_FILE
               valueFrom:
                 configMapKeyRef:
-                  name: azure-cred-file
+                  name: {{ .Values.azureCredentialFileConfigMap }}
                   key: path
                   optional: true
             - name: CSI_ENDPOINT
@@ -166,6 +175,12 @@ spec:
             - name: AZURE_ENVIRONMENT_FILEPATH
               value: /etc/kubernetes/azurestackcloud.json
             {{- end }}
+            {{- if .Values.linux.otelTracing.enabled }}
+            - name: OTEL_SERVICE_NAME
+              value: {{ .Values.linux.otelTracing.otelServiceName }}
+            - name: OTEL_EXPORTER_OTLP_ENDPOINT
+              value: {{ .Values.linux.otelTracing.otelExporterEndpoint }}
+            {{- end }}
           imagePullPolicy: {{ .Values.image.azuredisk.pullPolicy }}
           securityContext:
             privileged: true

charts/edgeless/templates/serviceaccount-csi-azuredisk-controller.yaml

@@ -5,4 +5,12 @@ metadata:
   name: {{ .Values.serviceAccount.controller }}
   namespace: {{ .Release.Namespace }}
 {{ include "azuredisk.labels" . | indent 2 }}
+{{- if .Values.workloadIdentity.clientID }}
+    azure.workload.identity/use: "true"
+  annotations:
+    azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }}
+{{- if .Values.workloadIdentity.tenantID }}
+    azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }}
+{{- end }}
+{{- end }}
 {{- end -}}

charts/edgeless/templates/serviceaccount-csi-azuredisk-node.yaml

@@ -5,4 +5,12 @@ metadata:
   name: {{ .Values.serviceAccount.node }}
   namespace: {{ .Release.Namespace }}
 {{ include "azuredisk.labels" . | indent 2 }}
+{{- if .Values.workloadIdentity.clientID }}
+    azure.workload.identity/use: "true"
+  annotations:
+    azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }}
+{{- if .Values.workloadIdentity.tenantID }}
+    azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }}
+{{- end }}
+{{- end }}
 {{- end -}}