rebase

test rebase 2

Dockerfile

@@ -29,7 +29,7 @@ ARG DISTROLESS_IMAGE=registry.k8s.io/build-image/go-runner:v2.3.1-go1.22.2-bookw
 ARG ALPINE_IMAGE=alpine:3.17.5
 
 # cinder-csi-plugin uses Debian as a base image
-ARG DEBIAN_IMAGE=registry.k8s.io/build-image/debian-base:bullseye-v1.4.3
+ARG DEBIAN_IMAGE=registry.k8s.io/build-image/debian-base:bookworm-v1.0.4
 
 ################################################################################
 ##                              BUILD STAGE                                   ##
@@ -38,17 +38,16 @@ ARG DEBIAN_IMAGE=registry.k8s.io/build-image/debian-base:bullseye-v1.4.3
 # Build an image containing a common ca-certificates used by all target images
 # regardless of how they are built. We arbitrarily take ca-certificates from
 # the amd64 Alpine image.
-FROM --platform=linux/amd64 ${ALPINE_IMAGE} as certs
+FROM --platform=${BUILDPLATFORM} ${ALPINE_IMAGE} AS certs
 RUN apk add --no-cache ca-certificates
 
 
 # Build all command targets. We build all command targets in a single build
 # stage for efficiency. Target images copy their binary from this image.
 # We use go's native cross compilation for multi-arch in this stage, so the
 # builder itself is always amd64
-FROM --platform=linux/amd64 ${GOLANG_IMAGE} as builder
+FROM --platform=${BUILDPLATFORM} ${GOLANG_IMAGE} AS builder
 
-ARG GOPROXY=https://goproxy.io,direct
 ARG TARGETOS
 ARG TARGETARCH
 ARG VERSION
@@ -67,7 +66,7 @@ RUN make build GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOPROXY=${GOPROXY} VERSION=
 ##
 ## openstack-cloud-controller-manager
 ##
-FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as openstack-cloud-controller-manager
+FROM ${DISTROLESS_IMAGE} AS openstack-cloud-controller-manager
 
 COPY --from=certs /etc/ssl/certs /etc/ssl/certs
 COPY --from=builder /build/openstack-cloud-controller-manager /bin/openstack-cloud-controller-manager
@@ -85,7 +84,7 @@ CMD [ "/bin/openstack-cloud-controller-manager" ]
 ##
 ## barbican-kms-plugin
 ##
-FROM --platform=${TARGETPLATFORM} ${ALPINE_IMAGE} as barbican-kms-plugin
+FROM ${ALPINE_IMAGE} AS barbican-kms-plugin
 # barbican-kms-plugin uses ALPINE instead of distroless because its entrypoint
 # uses a shell for environment substitution. If there are no other uses this
 # could be replaced by callers passing arguments explicitly.
@@ -109,15 +108,15 @@ CMD ["sh", "-c", "/bin/barbican-kms-plugin --socketpath ${socketpath} --cloud-co
 
 # step 1: copy all necessary files from Debian distro to /dest folder
 # all magic happens in tools/csi-deps.sh
-FROM --platform=${TARGETPLATFORM} ${DEBIAN_IMAGE} as cinder-csi-plugin-utils
+FROM ${DEBIAN_IMAGE} AS cinder-csi-plugin-utils
 
 RUN clean-install bash rsync mount udev btrfs-progs e2fsprogs xfsprogs util-linux
 COPY tools/csi-deps.sh /tools/csi-deps.sh
 RUN /tools/csi-deps.sh
 
 # step 2: check if all necessary files are copied and work properly
 # the build have to finish without errors, but the result image will not be used
-FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as cinder-csi-plugin-utils-check
+FROM ${DISTROLESS_IMAGE} AS cinder-csi-plugin-utils-check
 
 COPY --from=cinder-csi-plugin-utils /dest /
 COPY --from=cinder-csi-plugin-utils /bin/sh /bin/sh
@@ -127,7 +126,7 @@ SHELL ["/bin/sh"]
 RUN /tools/csi-deps-check.sh
 
 # step 3: build tiny cinder-csi-plugin image with only necessary files
-FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as cinder-csi-plugin
+FROM ${DISTROLESS_IMAGE} AS cinder-csi-plugin
 
 # Copying csi-deps-check.sh simply ensures that the resulting image has a dependency
 # on cinder-csi-plugin-utils-check and therefore that the check has passed
@@ -149,7 +148,7 @@ CMD ["/bin/cinder-csi-plugin"]
 ##
 ## k8s-keystone-auth
 ##
-FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as k8s-keystone-auth
+FROM ${DISTROLESS_IMAGE} AS k8s-keystone-auth
 
 COPY --from=builder /build/k8s-keystone-auth /bin/k8s-keystone-auth
 COPY --from=certs /etc/ssl/certs /etc/ssl/certs
@@ -169,7 +168,7 @@ CMD ["/bin/k8s-keystone-auth"]
 ##
 ## magnum-auto-healer
 ##
-FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as magnum-auto-healer
+FROM ${DISTROLESS_IMAGE} AS magnum-auto-healer
 
 COPY --from=builder /build/magnum-auto-healer /bin/magnum-auto-healer
 COPY --from=certs /etc/ssl/certs /etc/ssl/certs
@@ -187,7 +186,7 @@ CMD ["/bin/magnum-auto-healer"]
 ##
 ## manila-csi-plugin
 ##
-FROM --platform=${TARGETPLATFORM} ${ALPINE_IMAGE} as manila-csi-plugin
+FROM ${ALPINE_IMAGE} AS manila-csi-plugin
 # manila-csi-plugin uses ALPINE because it pulls in jq and curl
 
 RUN apk add --no-cache jq curl
@@ -208,7 +207,7 @@ ENTRYPOINT ["/bin/manila-csi-plugin"]
 ##
 ## octavia-ingress-controller
 ##
-FROM --platform=${TARGETPLATFORM} ${DISTROLESS_IMAGE} as octavia-ingress-controller
+FROM ${DISTROLESS_IMAGE} AS octavia-ingress-controller
 
 COPY --from=builder /build/octavia-ingress-controller /bin/octavia-ingress-controller
 COPY --from=certs /etc/ssl/certs /etc/ssl/certs

OWNERS

@@ -2,14 +2,13 @@ emeritus_approvers:
 - chrigl
 - lingxiankong
 - ramineni
+- jichenjc
 approvers:
 - dulek
-- jichenjc
 - kayrus
 - zetaab
 reviewers:
 - dulek
-- jichenjc
 - kayrus
 - mdbooth
 - zetaab

charts/cinder-csi-plugin/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: v1.31.0
+appVersion: v1.31.2
 description: Cinder CSI Chart for OpenStack
 name: openstack-cinder-csi
-version: 2.31.3
+version: 2.31.7
 home: https://github.com/kubernetes/cloud-provider-openstack
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
 maintainers:

charts/cinder-csi-plugin/templates/_helpers.tpl

@@ -82,6 +82,13 @@ component: controllerplugin
 {{ include "cinder-csi.common.metaLabels" . }}
 {{- end -}}
 
+{{- define "cinder-csi.controllerplugin.podLabels" -}}
+{{ include "cinder-csi.controllerplugin.labels" . }}
+{{ if .Values.csi.plugin.controllerPlugin.podLabels }}
+{{- toYaml .Values.csi.plugin.controllerPlugin.podLabels }}
+{{- end }}
+{{- end -}}
+
 {{- define "cinder-csi.nodeplugin.matchLabels" -}}
 component: nodeplugin
 {{ include "cinder-csi.common.matchLabels" . }}
@@ -92,6 +99,13 @@ component: nodeplugin
 {{ include "cinder-csi.common.metaLabels" . }}
 {{- end -}}
 
+{{- define "cinder-csi.nodeplugin.podLabels" -}}
+{{ include "cinder-csi.nodeplugin.labels" . }}
+{{ if .Values.csi.plugin.nodePlugin.podLabels }}
+{{- toYaml .Values.csi.plugin.nodePlugin.podLabels }}
+{{- end }}
+{{- end -}}
+
 {{- define "cinder-csi.snapshot-controller.matchLabels" -}}
 component: snapshot-controller
 {{ include "cinder-csi.common.matchLabels" . }}
@@ -101,3 +115,30 @@ component: snapshot-controller
 {{ include "cinder-csi.snapshot-controller.matchLabels" . }}
 {{ include "cinder-csi.common.metaLabels" . }}
 {{- end -}}
+
+{{/*
+Common annotations
+*/}}
+{{- define "cinder-csi.annotations" -}}
+{{- if .Values.commonAnnotations }}
+{{- toYaml .Values.commonAnnotations }}
+{{- end }}
+{{- end -}}
+
+
+{{/*
+Create unified annotations for cinder-csi components
+*/}}
+{{- define "cinder-csi.controllerplugin.podAnnotations" -}}
+{{ include "cinder-csi.annotations" . }}
+{{ if .Values.csi.plugin.controllerPlugin.podAnnotations }}
+{{- toYaml .Values.csi.plugin.controllerPlugin.podAnnotations }}
+{{- end }}
+{{- end -}}
+
+{{- define "cinder-csi.nodeplugin.podAnnotations" -}}
+{{ include "cinder-csi.annotations" . }}
+{{ if .Values.csi.plugin.nodePlugin.podAnnotations }}
+{{- toYaml .Values.csi.plugin.nodePlugin.podAnnotations }}
+{{- end }}
+{{- end -}}

charts/cinder-csi-plugin/templates/controllerplugin-deployment.yaml

@@ -24,11 +24,9 @@ spec:
   template:
     metadata:
       labels:
-        {{- include "cinder-csi.controllerplugin.labels" . | nindent 8 }}
+        {{- include "cinder-csi.controllerplugin.podLabels" . | nindent 8 }}
       annotations:
-        {{- with .Values.commonAnnotations }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
+        {{- include "cinder-csi.controllerplugin.podAnnotations" . | nindent 8 }}
     spec:
       serviceAccount: csi-cinder-controller-sa
       securityContext:
@@ -173,9 +171,13 @@ spec:
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--cloud-config=$(CLOUD_CONFIG)"
             - "--cluster=$(CLUSTER_NAME)"
+            - "--provide-node-service=false"
             {{- if .Values.csi.plugin.httpEndpoint.enabled }}
             - "--http-endpoint=:{{ .Values.csi.plugin.httpEndpoint.port }}"
             {{- end }}
+            {{- if .Values.pvcAnnotations }}
+            - "--pvc-annotations"
+            {{- end }}
             {{- if .Values.csi.plugin.extraArgs }}
             {{- with .Values.csi.plugin.extraArgs }}
             {{- tpl . $ | trim | nindent 12 }}

charts/cinder-csi-plugin/templates/controllerplugin-rbac.yaml

@@ -49,7 +49,7 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "create", "delete"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch"]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
     verbs: ["get", "list", "watch", "update"]

charts/cinder-csi-plugin/templates/nodeplugin-daemonset.yaml

@@ -16,11 +16,9 @@ spec:
   template:
     metadata:
       labels:
-        {{- include "cinder-csi.nodeplugin.labels" . | nindent 8 }}
+        {{- include "cinder-csi.nodeplugin.podLabels" . | nindent 8 }}
       annotations:
-        {{- with .Values.commonAnnotations }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
+        {{- include "cinder-csi.nodeplugin.podAnnotations" . | nindent 8 }}
     spec:
       serviceAccount: csi-cinder-node-sa
       hostNetwork: true
@@ -91,6 +89,7 @@ spec:
             - /bin/cinder-csi-plugin
             - "-v={{ .Values.logVerbosityLevel }}"
             - "--endpoint=$(CSI_ENDPOINT)"
+            - "--provide-controller-service=false"
             - "--cloud-config=$(CLOUD_CONFIG)"
             {{- if .Values.csi.plugin.extraArgs }}
             {{- with .Values.csi.plugin.extraArgs }}

charts/cinder-csi-plugin/values.yaml

@@ -8,7 +8,7 @@ csi:
   attacher:
     image:
       repository: registry.k8s.io/sig-storage/csi-attacher
-      tag: v4.4.2
+      tag: v4.7.0
       pullPolicy: IfNotPresent
     resources: {}
     extraArgs: {}
@@ -17,15 +17,15 @@ csi:
     topology: "true"
     image:
       repository: registry.k8s.io/sig-storage/csi-provisioner
-      tag: v3.6.2
+      tag: v5.1.0
       pullPolicy: IfNotPresent
     resources: {}
     extraArgs: {}
     extraEnv: []
   snapshotter:
     image:
       repository: registry.k8s.io/sig-storage/csi-snapshotter
-      tag: v6.3.2
+      tag: v8.1.0
       pullPolicy: IfNotPresent
     resources: {}
     extraArgs: {}
@@ -41,7 +41,7 @@ csi:
   resizer:
     image:
       repository: registry.k8s.io/sig-storage/csi-resizer
-      tag: v1.9.2
+      tag: v1.12.0
       pullPolicy: IfNotPresent
     resources: {}
     extraArgs: {}
@@ -55,7 +55,7 @@ csi:
   livenessprobe:
     image:
       repository: registry.k8s.io/sig-storage/livenessprobe
-      tag: v2.11.0
+      tag: v2.14.0
       pullPolicy: IfNotPresent
     failureThreshold: 5
     initialDelaySeconds: 10
@@ -67,7 +67,7 @@ csi:
   nodeDriverRegistrar:
     image:
       repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
-      tag: v2.9.2
+      tag: v2.12.0
       pullPolicy: IfNotPresent
     resources: {}
     extraArgs: {}
@@ -90,6 +90,10 @@ csi:
         readOnly: true
     nodePlugin:
       dnsPolicy: ClusterFirstWithHostNet
+      # Optional additional annotations to add to the nodePlugin Pods.
+      podAnnotations: {}
+      # Optional additional labels to add to the nodePlugin Pods.
+      podLabels: {}
       podSecurityContext: {}
       securityContext: {}
         # capabilities:
@@ -121,6 +125,10 @@ csi:
           # maxSurge is the maximum number of pods that can be
           # created over the desired number of pods.
           maxSurge: 1
+      # Optional additional annotations to add to the controllerPlugin Pods.
+      podAnnotations: {}
+      # Optional additional labels to add to the controllerPlugin Pods.
+      podLabels: {}
       podSecurityContext: {}
         # runAsNonRoot: true
         # runAsUser: 65532
@@ -215,10 +223,13 @@ storageClass:
 # to volume metadata in newly provisioned volumes as `cinder.csi.openstack.org/cluster=<cluster ID>`.
 clusterID: "kubernetes"
 
+# Enable PVC annotations support to create PVCs with extra parameters
+pvcAnnotations: false
+
 priorityClassName: ""
 
 imagePullSecrets: []
 # - name: my-imagepull-secret
 
-# add annotations to all pods
+# add annotations to all pods, deployment, daemonset and podmonitor
 commonAnnotations: {}

charts/manila-csi-plugin/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: v1.31.0
+appVersion: v1.31.2
 description: Manila CSI Chart for OpenStack
 name: openstack-manila-csi
-version: 2.31.0
+version: 2.31.4
 home: http://github.com/kubernetes/cloud-provider-openstack
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
 maintainers:

charts/manila-csi-plugin/templates/controllerplugin-statefulset.yaml

@@ -26,7 +26,7 @@ spec:
             {{- if $.Values.csimanila.topologyAwarenessEnabled }}
             - "--feature-gates=Topology=true"
             {{- end }}
-            {{- if $.Values.controllerplugin.provisioner.extraCreateMetadata }}
+            {{- if or $.Values.controllerplugin.provisioner.extraCreateMetadata $.Values.csimanila.pvcAnnotations }}
             - "--extra-create-metadata"
             {{- end }}
           env:
@@ -86,10 +86,8 @@ spec:
           command: ["/bin/sh", "-c",
             '/bin/manila-csi-plugin
             -v={{ $.Values.logVerbosityLevel }}
-            --nodeid=$(NODE_ID)
             {{- if $.Values.csimanila.topologyAwarenessEnabled }}
             --with-topology
-            --nodeaz={{ $.Values.csimanila.nodeAZ }}
             {{- end }}
             {{- if $.Values.csimanila.runtimeConfig.enabled }}
             --runtime-config-file=/runtimeconfig/runtimeconfig.json
@@ -101,15 +99,14 @@ spec:
             {{- if .compatibilitySettings }}
             --compatibility-settings={{ .compatibilitySettings }}
             {{- end }}
-            --cluster-id="{{ $.Values.csimanila.clusterID }}"'
+            --cluster-id="{{ $.Values.csimanila.clusterID }}"
+            {{- if $.Values.csimanila.pvcAnnotations }}
+            --pvc-annotations
+            {{- end }}'
           ]
           env:
             - name: DRIVER_NAME
               value: {{ printf "%s.%s" .protocolSelector $.Values.driverName | lower }}
-            - name: NODE_ID
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
             - name: CSI_ENDPOINT
               value: "unix:///var/lib/kubelet/plugins/{{ printf "%s.%s" .protocolSelector $.Values.driverName | lower }}/csi-controllerplugin.sock"
             - name: FWD_CSI_ENDPOINT