diff --git a/Makefile b/Makefile index de4b5ed2d..c78ebf451 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,9 @@ +CURPATH=$(PWD) +BIN_PATH=$(CURPATH)/bin +YQ = $(BIN_PATH)/yq +YQ_VERSION = v4.47.1 +export PATH := $(BIN_PATH):$(PATH) + all: build .PHONY: all @@ -8,15 +14,28 @@ include $(addprefix ./vendor/github.com/openshift/build-machinery-go/make/, \ golang.mk \ targets/openshift/deps-gomod.mk \ targets/openshift/images.mk \ + targets/openshift/yq.mk \ ) +# Bump OCP version in CSV and OLM metadata +# +# Example: +# make metadata OCP_VERSION=4.20.0 +metadata: ensure-yq +ifdef OCP_VERSION + ./hack/update-metadata.sh $(OCP_VERSION) +else + ./hack/update-metadata.sh +endif +.PHONY: metadata + verify: verify-generated-assets verify-generated-assets: update-generated-assets git diff --exit-code .PHONY: verify-generated-assets -update: update-generated-assets +update: update-generated-assets metadata update-generated-assets: hack/update-generated-assets.sh diff --git a/README.md b/README.md index 3f50784ce..e023e658b 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,13 @@ export KUBE_RBAC_PROXY_IMAGE=quay.io/openshift/origin-kube-rbac-proxy:latest ./bin/aws-ebs-csi-driver-operator start --kubeconfig $MY_KUBECONFIG --namespace openshift-cluster-csi-drivers ``` +## Bumping OCP version in CSV and OLM metadata + +This updates the package versions in `config/aws-efs/manifests/aws-efs-csi-driver-operator.package.yaml`, `config/aws-efs/manifests/stable/aws-efs-csi-driver-operator.clusterserviceversion.yaml`, `config/samba/manifests/smb-csi-driver-operator.package.yaml`, `config/samba/manifests/stable/smb-csi-driver-operator.clusterserviceversion.yaml` to 4.20: +``` +./hack/update-metadata.sh 4.20 +``` + ## Migrating an existing operator If you are looking to migrate an existing CSI Driver operator to the combined `csi-operator` operator, refer to [the docs](docs/migrating-operators.md) diff --git a/config/aws-efs/manifests/aws-efs-csi-driver-operator.package.yaml b/config/aws-efs/manifests/aws-efs-csi-driver-operator.package.yaml index 34cb70e0f..c16231040 100644 --- a/config/aws-efs/manifests/aws-efs-csi-driver-operator.package.yaml +++ b/config/aws-efs/manifests/aws-efs-csi-driver-operator.package.yaml @@ -1,4 +1,4 @@ packageName: aws-efs-csi-driver-operator channels: -- name: stable - currentCSV: aws-efs-csi-driver-operator.v4.20.0 + - name: stable + currentCSV: aws-efs-csi-driver-operator.v4.21.0 diff --git a/config/aws-efs/manifests/stable/aws-efs-csi-driver-operator.clusterserviceversion.yaml b/config/aws-efs/manifests/stable/aws-efs-csi-driver-operator.clusterserviceversion.yaml index 2b0d934f9..e4aebfc5c 100644 --- a/config/aws-efs/manifests/stable/aws-efs-csi-driver-operator.clusterserviceversion.yaml +++ b/config/aws-efs/manifests/stable/aws-efs-csi-driver-operator.clusterserviceversion.yaml @@ -1,7 +1,7 @@ apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: - name: aws-efs-csi-driver-operator.v4.20.0 + name: aws-efs-csi-driver-operator.v4.21.0 namespace: placeholder annotations: categories: Storage @@ -13,7 +13,8 @@ metadata: repository: https://github.com/openshift/aws-efs-csi-driver-operator createdAt: "2021-07-14T00:00:00Z" description: Install and configure AWS EFS CSI driver. - olm.skipRange: ">=4.9.0-0 <4.20.0" + olm.properties: '[{"type":"olm.maxOpenShiftVersion","value":"4.22"}]' + olm.skipRange: ">=4.9.0-0 <4.21.0" features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "true" features.operators.openshift.io/proxy-aware: "true" @@ -22,7 +23,6 @@ metadata: features.operators.openshift.io/token-auth-aws: "true" features.operators.openshift.io/token-auth-azure: "false" features.operators.openshift.io/token-auth-gcp: "false" - labels: operator-metering: "true" "operatorframework.io/arch.amd64": supported @@ -39,7 +39,6 @@ spec: 2. [Install the AWS EFS CSI driver using the operator](https://docs.openshift.com/container-platform/latest/storage/container_storage_interface/persistent-storage-csi-aws-efs.html#persistent-storage-csi-efs-driver-install_persistent-storage-csi-aws-efs) 3. Finally, [create a StorageClass](https://docs.openshift.com/container-platform/latest/storage/container_storage_interface/persistent-storage-csi-aws-efs.html#storage-create-storage-class_persistent-storage-csi-aws-efs) that enables dynamic provisioning of PersistentVolumes. - icon: - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxOTIgMTQ1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2UwMDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlJlZEhhdC1Mb2dvLUhhdC1Db2xvcjwvdGl0bGU+PHBhdGggZD0iTTE1Ny43Nyw2Mi42MWExNCwxNCwwLDAsMSwuMzEsMy40MmMwLDE0Ljg4LTE4LjEsMTcuNDYtMzAuNjEsMTcuNDZDNzguODMsODMuNDksNDIuNTMsNTMuMjYsNDIuNTMsNDRhNi40Myw2LjQzLDAsMCwxLC4yMi0xLjk0bC0zLjY2LDkuMDZhMTguNDUsMTguNDUsMCwwLDAtMS41MSw3LjMzYzAsMTguMTEsNDEsNDUuNDgsODcuNzQsNDUuNDgsMjAuNjksMCwzNi40My03Ljc2LDM2LjQzLTIxLjc3LDAtMS4wOCwwLTEuOTQtMS43My0xMC4xM1oiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0xMjcuNDcsODMuNDljMTIuNTEsMCwzMC42MS0yLjU4LDMwLjYxLTE3LjQ2YTE0LDE0LDAsMCwwLS4zMS0zLjQybC03LjQ1LTMyLjM2Yy0xLjcyLTcuMTItMy4yMy0xMC4zNS0xNS43My0xNi42QzEyNC44OSw4LjY5LDEwMy43Ni41LDk3LjUxLjUsOTEuNjkuNSw5MCw4LDgzLjA2LDhjLTYuNjgsMC0xMS42NC01LjYtMTcuODktNS42LTYsMC05LjkxLDQuMDktMTIuOTMsMTIuNSwwLDAtOC40MSwyMy43Mi05LjQ5LDI3LjE2QTYuNDMsNi40MywwLDAsMCw0Mi41Myw0NGMwLDkuMjIsMzYuMywzOS40NSw4NC45NCwzOS40NU0xNjAsNzIuMDdjMS43Myw4LjE5LDEuNzMsOS4wNSwxLjczLDEwLjEzLDAsMTQtMTUuNzQsMjEuNzctMzYuNDMsMjEuNzdDNzguNTQsMTA0LDM3LjU4LDc2LjYsMzcuNTgsNTguNDlhMTguNDUsMTguNDUsMCwwLDEsMS41MS03LjMzQzIyLjI3LDUyLC41LDU1LC41LDc0LjIyYzAsMzEuNDgsNzQuNTksNzAuMjgsMTMzLjY1LDcwLjI4LDQ1LjI4LDAsNTYuNy0yMC40OCw1Ni43LTM2LjY1LDAtMTIuNzItMTEtMjcuMTYtMzAuODMtMzUuNzgiLz48L3N2Zz4= mediatype: image/svg+xml @@ -51,7 +50,7 @@ spec: url: https://github.com/openshift/aws-efs-csi-driver-operator - name: Source Repository url: https://github.com/openshift/aws-efs-csi-driver-operator - version: 4.20.0 + version: 4.21.0 maturity: stable maintainers: - email: aos-storage-staff@redhat.com @@ -61,289 +60,289 @@ spec: name: Red Hat labels: alm-owner-metering: aws-efs-csi-driver-operator - alm-status-descriptors: aws-efs-csi-driver-operator.v4.20.0 + alm-status-descriptors: aws-efs-csi-driver-operator.v4.21.0 selector: matchLabels: alm-owner-metering: aws-efs-csi-driver-operator installModes: - - type: OwnNamespace - supported: false - - type: SingleNamespace - supported: false - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true + - type: OwnNamespace + supported: false + - type: SingleNamespace + supported: false + - type: MultiNamespace + supported: false + - type: AllNamespaces + supported: true install: strategy: deployment spec: permissions: - rules: - - apiGroups: - - '' - resources: - - pods - - services - - endpoints - - events - - configmaps - - secrets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - update - - patch - - delete - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete + - apiGroups: + - '' + resources: + - pods + - services + - endpoints + - events + - configmaps + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - update + - patch + - delete + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete serviceAccountName: aws-efs-csi-driver-operator clusterPermissions: - rules: - - apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use - - apiGroups: - - operator.openshift.io - resources: - - clustercsidrivers - verbs: - - get - - list - - watch - # The Config Observer controller updates the CR's spec - - update - - patch - - apiGroups: - - operator.openshift.io - resources: - - clustercsidrivers/status - verbs: - - get - - list - - watch - - update - - patch - - apiGroups: - - '' - resourceNames: - - extension-apiserver-authentication - - aws-ebs-csi-driver-operator-lock - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - - clusterrolebindings - - roles - - rolebindings - verbs: - - watch - - list - - get - - create - - delete - - patch - - update - - apiGroups: - - '' - resources: - - serviceaccounts - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - '' - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - persistentvolumes - verbs: - - create - - delete - - list - - get - - watch - - update - - patch - - apiGroups: - - '' - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - update - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch - - update - - delete - - create - - patch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - csinodes - verbs: - - create - - get - - list - - watch - - update - - delete - - apiGroups: - - '*' - resources: - - events - verbs: - - get - - patch - - create - - list - - watch - - update - - delete - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - get - - list - - watch - - update - - delete - - apiGroups: - - cloudcredential.openshift.io - resources: - - credentialsrequests - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - operator.openshift.io - resources: - - cloudcredentials - verbs: - - get - - list - - watch - - apiGroups: - - config.openshift.io - resources: - - infrastructures - - proxies - - apiservers - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - operator.openshift.io + resources: + - clustercsidrivers + verbs: + - get + - list + - watch + # The Config Observer controller updates the CR's spec + - update + - patch + - apiGroups: + - operator.openshift.io + resources: + - clustercsidrivers/status + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - '' + resourceNames: + - extension-apiserver-authentication + - aws-ebs-csi-driver-operator-lock + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - watch + - list + - get + - create + - delete + - patch + - update + - apiGroups: + - '' + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - persistentvolumes + verbs: + - create + - delete + - list + - get + - watch + - update + - patch + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - delete + - create + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - '*' + resources: + - events + verbs: + - get + - patch + - create + - list + - watch + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - cloudcredential.openshift.io + resources: + - credentialsrequests + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - operator.openshift.io + resources: + - cloudcredentials + verbs: + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - infrastructures + - proxies + - apiservers + verbs: + - get + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch serviceAccountName: aws-efs-csi-driver-operator deployments: - name: aws-efs-csi-driver-operator @@ -364,67 +363,67 @@ spec: spec: serviceAccountName: aws-efs-csi-driver-operator containers: - - name: aws-efs-csi-driver-operator - image: quay.io/openshift/origin-aws-efs-csi-driver-operator:latest - imagePullPolicy: IfNotPresent - args: - - "start" - - "-v=2" - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DRIVER_IMAGE - value: quay.io/openshift/origin-aws-efs-csi-driver:latest - - name: PROVISIONER_IMAGE - value: quay.io/openshift/origin-csi-external-provisioner:latest - - name: NODE_DRIVER_REGISTRAR_IMAGE - value: quay.io/openshift/origin-csi-node-driver-registrar:latest - - name: LIVENESS_PROBE_IMAGE - value: quay.io/openshift/origin-csi-livenessprobe:latest - - name: OPERATOR_NAME - value: aws-efs-csi-driver-operator - - name: KUBE_RBAC_PROXY_IMAGE - value: quay.io/openshift/origin-kube-rbac-proxy:latest - - name: TOOLS_IMAGE - value: quay.io/openshift/origin-tools:latest - resources: - requests: - memory: 50Mi - cpu: 10m - terminationMessagePolicy: FallbackToLogsOnError - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - volumeMounts: - - mountPath: /tmp - name: tmp + - name: aws-efs-csi-driver-operator + image: quay.io/openshift/origin-aws-efs-csi-driver-operator:latest + imagePullPolicy: IfNotPresent + args: + - "start" + - "-v=2" + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DRIVER_IMAGE + value: quay.io/openshift/origin-aws-efs-csi-driver:latest + - name: PROVISIONER_IMAGE + value: quay.io/openshift/origin-csi-external-provisioner:latest + - name: NODE_DRIVER_REGISTRAR_IMAGE + value: quay.io/openshift/origin-csi-node-driver-registrar:latest + - name: LIVENESS_PROBE_IMAGE + value: quay.io/openshift/origin-csi-livenessprobe:latest + - name: OPERATOR_NAME + value: aws-efs-csi-driver-operator + - name: KUBE_RBAC_PROXY_IMAGE + value: quay.io/openshift/origin-kube-rbac-proxy:latest + - name: TOOLS_IMAGE + value: quay.io/openshift/origin-tools:latest + resources: + requests: + memory: 50Mi + cpu: 10m + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /tmp + name: tmp priorityClassName: system-cluster-critical securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault volumes: - - name: tmp - emptyDir: - medium: Memory + - name: tmp + emptyDir: + medium: Memory # Strongly prefer a master node, but don't require it. # We want the same Deployment to work on hypershift, # without any master nodes. affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - preference: - matchExpressions: - - key: node-role.kubernetes.io/master - operator: In - values: - - "" + - weight: 100 + preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "" tolerations: - key: CriticalAddonsOnly operator: Exists diff --git a/config/samba/manifests/smb-csi-driver-operator.package.yaml b/config/samba/manifests/smb-csi-driver-operator.package.yaml index abcf1555a..6104f6688 100644 --- a/config/samba/manifests/smb-csi-driver-operator.package.yaml +++ b/config/samba/manifests/smb-csi-driver-operator.package.yaml @@ -1,4 +1,4 @@ packageName: smb-csi-driver-operator channels: -- name: stable - currentCSV: smb-csi-driver-operator.v4.20.0 + - name: stable + currentCSV: smb-csi-driver-operator.v4.21.0 diff --git a/config/samba/manifests/stable/smb-csi-driver-operator.clusterserviceversion.yaml b/config/samba/manifests/stable/smb-csi-driver-operator.clusterserviceversion.yaml index 1ed81d322..5a5d54f78 100644 --- a/config/samba/manifests/stable/smb-csi-driver-operator.clusterserviceversion.yaml +++ b/config/samba/manifests/stable/smb-csi-driver-operator.clusterserviceversion.yaml @@ -1,7 +1,7 @@ apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: - name: smb-csi-driver-operator.v4.20.0 + name: smb-csi-driver-operator.v4.21.0 namespace: placeholder annotations: categories: Storage @@ -13,7 +13,8 @@ metadata: repository: https://github.com/openshift/csi-operator createdAt: "2021-07-14T00:00:00Z" description: Install and configure CIFS/SMB CSI driver. - olm.skipRange: ">=4.15.0-0 <4.20.0" + olm.properties: '[{"type":"olm.maxOpenShiftVersion","value":"4.22"}]' + olm.skipRange: ">=4.15.0-0 <4.21.0" features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "false" features.operators.openshift.io/proxy-aware: "true" @@ -22,7 +23,6 @@ metadata: features.operators.openshift.io/token-auth-aws: "false" features.operators.openshift.io/token-auth-azure: "false" features.operators.openshift.io/token-auth-gcp: "false" - labels: operator-metering: "true" "operatorframework.io/arch.amd64": supported @@ -31,7 +31,6 @@ spec: displayName: CIFS/SMB CSI Driver Operator description: | CIFS/SMB CSI Driver Operator provides Server Message Block (SMB) CSI Driver that enables you to create and mount CIFS/SMB PersistentVolumes. - icon: - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxOTIgMTQ1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2UwMDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlJlZEhhdC1Mb2dvLUhhdC1Db2xvcjwvdGl0bGU+PHBhdGggZD0iTTE1Ny43Nyw2Mi42MWExNCwxNCwwLDAsMSwuMzEsMy40MmMwLDE0Ljg4LTE4LjEsMTcuNDYtMzAuNjEsMTcuNDZDNzguODMsODMuNDksNDIuNTMsNTMuMjYsNDIuNTMsNDRhNi40Myw2LjQzLDAsMCwxLC4yMi0xLjk0bC0zLjY2LDkuMDZhMTguNDUsMTguNDUsMCwwLDAtMS41MSw3LjMzYzAsMTguMTEsNDEsNDUuNDgsODcuNzQsNDUuNDgsMjAuNjksMCwzNi40My03Ljc2LDM2LjQzLTIxLjc3LDAtMS4wOCwwLTEuOTQtMS43My0xMC4xM1oiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0xMjcuNDcsODMuNDljMTIuNTEsMCwzMC42MS0yLjU4LDMwLjYxLTE3LjQ2YTE0LDE0LDAsMCwwLS4zMS0zLjQybC03LjQ1LTMyLjM2Yy0xLjcyLTcuMTItMy4yMy0xMC4zNS0xNS43My0xNi42QzEyNC44OSw4LjY5LDEwMy43Ni41LDk3LjUxLjUsOTEuNjkuNSw5MCw4LDgzLjA2LDhjLTYuNjgsMC0xMS42NC01LjYtMTcuODktNS42LTYsMC05LjkxLDQuMDktMTIuOTMsMTIuNSwwLDAtOC40MSwyMy43Mi05LjQ5LDI3LjE2QTYuNDMsNi40MywwLDAsMCw0Mi41Myw0NGMwLDkuMjIsMzYuMywzOS40NSw4NC45NCwzOS40NU0xNjAsNzIuMDdjMS43Myw4LjE5LDEuNzMsOS4wNSwxLjczLDEwLjEzLDAsMTQtMTUuNzQsMjEuNzctMzYuNDMsMjEuNzdDNzguNTQsMTA0LDM3LjU4LDc2LjYsMzcuNTgsNTguNDlhMTguNDUsMTguNDUsMCwwLDEsMS41MS03LjMzQzIyLjI3LDUyLC41LDU1LC41LDc0LjIyYzAsMzEuNDgsNzQuNTksNzAuMjgsMTMzLjY1LDcwLjI4LDQ1LjI4LDAsNTYuNy0yMC40OCw1Ni43LTM2LjY1LDAtMTIuNzItMTEtMjcuMTYtMzAuODMtMzUuNzgiLz48L3N2Zz4= mediatype: image/svg+xml @@ -44,7 +43,7 @@ spec: url: https://github.com/openshift/csi-operator - name: Source Repository url: https://github.com/openshift/csi-operator - version: 4.20.0 + version: 4.21.0 maturity: stable maintainers: - email: aos-storage-staff@redhat.com @@ -54,246 +53,246 @@ spec: name: Red Hat labels: alm-owner-metering: smb-csi-driver-operator - alm-status-descriptors: smb-csi-driver-operator.v4.20.0 + alm-status-descriptors: smb-csi-driver-operator.v4.21.0 selector: matchLabels: alm-owner-metering: smb-csi-driver-operator installModes: - - type: OwnNamespace - supported: false - - type: SingleNamespace - supported: false - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true + - type: OwnNamespace + supported: false + - type: SingleNamespace + supported: false + - type: MultiNamespace + supported: false + - type: AllNamespaces + supported: true install: strategy: deployment spec: permissions: - rules: - - apiGroups: - - '' - resources: - - pods - - services - - endpoints - - events - - configmaps - - secrets - - serviceaccounts - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - update - - patch - - delete - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete + - apiGroups: + - '' + resources: + - pods + - services + - endpoints + - events + - configmaps + - secrets + - serviceaccounts + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - update + - patch + - delete + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete serviceAccountName: smb-csi-driver-operator clusterPermissions: - rules: - - apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use - - apiGroups: - - operator.openshift.io - resources: - - clustercsidrivers - verbs: - - get - - list - - watch - # The Config Observer controller updates the CR's spec - - update - - patch - - apiGroups: - - operator.openshift.io - resources: - - clustercsidrivers/status - verbs: - - get - - list - - watch - - update - - patch - - apiGroups: - - '' - resourceNames: - - extension-apiserver-authentication - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - - clusterrolebindings - - roles - - rolebindings - verbs: - - watch - - list - - get - - create - - delete - - patch - - update - - apiGroups: - - '' - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - persistentvolumes - verbs: - - create - - delete - - list - - get - - watch - - update - - patch - - apiGroups: - - '' - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - update - - apiGroups: - - '' - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - csinodes - verbs: - - create - - get - - list - - watch - - update - - delete - - apiGroups: - - '*' - resources: - - events - verbs: - - get - - patch - - create - - list - - watch - - update - - delete - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - get - - list - - watch - - update - - delete - - apiGroups: - - config.openshift.io - resources: - - infrastructures - - proxies - - apiservers - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - operator.openshift.io + resources: + - clustercsidrivers + verbs: + - get + - list + - watch + # The Config Observer controller updates the CR's spec + - update + - patch + - apiGroups: + - operator.openshift.io + resources: + - clustercsidrivers/status + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - '' + resourceNames: + - extension-apiserver-authentication + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - watch + - list + - get + - create + - delete + - patch + - update + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - persistentvolumes + verbs: + - create + - delete + - list + - get + - watch + - update + - patch + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update + - apiGroups: + - '' + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - '*' + resources: + - events + verbs: + - get + - patch + - create + - list + - watch + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - config.openshift.io + resources: + - infrastructures + - proxies + - apiservers + verbs: + - get + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch serviceAccountName: smb-csi-driver-operator deployments: - name: smb-csi-driver-operator @@ -314,67 +313,67 @@ spec: spec: serviceAccountName: smb-csi-driver-operator containers: - - name: smb-csi-driver-operator - image: quay.io/openshift/origin-smb-csi-driver-operator:latest - imagePullPolicy: IfNotPresent - args: - - "start" - - "-v=2" - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DRIVER_IMAGE - value: quay.io/openshift/origin-csi-driver-smb:latest - - name: PROVISIONER_IMAGE - value: quay.io/openshift/origin-csi-external-provisioner:latest - - name: RESIZER_IMAGE - value: quay.io/openshift/origin-csi-external-resizer:latest - - name: NODE_DRIVER_REGISTRAR_IMAGE - value: quay.io/openshift/origin-csi-node-driver-registrar:latest - - name: LIVENESS_PROBE_IMAGE - value: quay.io/openshift/origin-csi-livenessprobe:latest - - name: OPERATOR_NAME - value: smb-csi-driver-operator - - name: KUBE_RBAC_PROXY_IMAGE - value: quay.io/openshift/origin-kube-rbac-proxy:latest - resources: - requests: - memory: 50Mi - cpu: 10m - terminationMessagePolicy: FallbackToLogsOnError - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - volumeMounts: - - mountPath: /tmp - name: tmp + - name: smb-csi-driver-operator + image: quay.io/openshift/origin-smb-csi-driver-operator:latest + imagePullPolicy: IfNotPresent + args: + - "start" + - "-v=2" + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DRIVER_IMAGE + value: quay.io/openshift/origin-csi-driver-smb:latest + - name: PROVISIONER_IMAGE + value: quay.io/openshift/origin-csi-external-provisioner:latest + - name: RESIZER_IMAGE + value: quay.io/openshift/origin-csi-external-resizer:latest + - name: NODE_DRIVER_REGISTRAR_IMAGE + value: quay.io/openshift/origin-csi-node-driver-registrar:latest + - name: LIVENESS_PROBE_IMAGE + value: quay.io/openshift/origin-csi-livenessprobe:latest + - name: OPERATOR_NAME + value: smb-csi-driver-operator + - name: KUBE_RBAC_PROXY_IMAGE + value: quay.io/openshift/origin-kube-rbac-proxy:latest + resources: + requests: + memory: 50Mi + cpu: 10m + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /tmp + name: tmp priorityClassName: system-cluster-critical securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault volumes: - - name: tmp - emptyDir: - medium: Memory + - name: tmp + emptyDir: + medium: Memory # Strongly prefer a master node, but don't require it. # We want the same Deployment to work on hypershift, # without any master nodes. affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - preference: - matchExpressions: - - key: node-role.kubernetes.io/master - operator: In - values: - - "" + - weight: 100 + preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "" tolerations: - key: CriticalAddonsOnly operator: Exists diff --git a/hack/update-metadata.sh b/hack/update-metadata.sh new file mode 100755 index 000000000..75e14fbbf --- /dev/null +++ b/hack/update-metadata.sh @@ -0,0 +1,84 @@ +#!/bin/bash + +set -o errexit +set -o nounset +set -o pipefail + +# Usage: +# ./hack/update-metadata.sh [OCP_VERSION] +# +# OCP_VERSION is an optional argument. If no argument is provided, it defaults +# to the version found in .channels[0].currentCSV in PACKAGE_MANIFEST. +# This means you can run `./hack/update-metadata.sh` to update the manifests +# using the current package version, or you can for example run +# `./hack/update-metadata.sh 4.20` to set the package version to 4.20. +# Both PACKAGE_MANIFEST and CSV_MANIFEST will be updated by this script. + +PLATFORMS_NAMES=("aws-efs" "samba") +PLATFORMS_ACRONYMS=("aws-efs" "smb") +for i in {0..1} +do + PACKAGE_MANIFEST=config/${PLATFORMS_NAMES[i]}/manifests/${PLATFORMS_ACRONYMS[i]}-csi-driver-operator.package.yaml + CHANNEL=$(yq '.channels[0].name' ${PACKAGE_MANIFEST}) + CURRENT_CSV=$(yq '.channels[0].currentCSV' ${PACKAGE_MANIFEST}) + PACKAGE_NAME=$(echo ${CURRENT_CSV} | sed 's/\.v.*$//') + PACKAGE_VERSION=$(echo ${CURRENT_CSV} | sed 's/^.*\.v//') + + if [ -z "${CHANNEL}" ] || + [ -z "${PACKAGE_NAME}" ] || + [ -z "${PACKAGE_VERSION}" ]; then + echo "Failed to parse ${PACKAGE_MANIFEST}" + exit 1 + fi + + CSV_MANIFEST=config/${PLATFORMS_NAMES[i]}/manifests/${CHANNEL}/${PACKAGE_NAME}.clusterserviceversion.yaml + METADATA_NAME=$(yq ' "" + .metadata.name' ${CSV_MANIFEST}) + SKIP_RANGE=$(yq ' "" + .metadata.annotations["olm.skipRange"]' ${CSV_MANIFEST}) + OLM_PROPERTIES=$(yq ' "" + .metadata.annotations["olm.properties"]' ${CSV_MANIFEST}) # sets olm.maxOpenShiftVersion + SPEC_VERSION=$(yq ' "" + .spec.version' ${CSV_MANIFEST}) + ALM_STATUS_DESC=$(yq ' "" + .spec.labels.alm-status-descriptors' ${CSV_MANIFEST}) + + if [ -z "${METADATA_NAME}" ] || + [ -z "${SKIP_RANGE}" ] || + [ -z "${OLM_PROPERTIES}" ] || + [ -z "${SPEC_VERSION}" ] || + [ -z "${ALM_STATUS_DESC}" ]; then + echo "Failed to parse ${CSV_MANIFEST}" + exit 1 + fi + + OCP_VERSION=${1:-${PACKAGE_VERSION}} + IFS='.' read -r MAJOR_VERSION MINOR_VERSION PATCH_VERSION <<< "${OCP_VERSION}" + PATCH_VERSION=${PATCH_VERSION:-0} + if [ "${OCP_VERSION}" != "${PACKAGE_VERSION}" ]; then + PACKAGE_VERSION="${MAJOR_VERSION}.${MINOR_VERSION}.${PATCH_VERSION}" + fi + + export NEW_CURRENT_CSV="${PACKAGE_NAME}.v${PACKAGE_VERSION}" + export NEW_METADATA_NAME="${PACKAGE_NAME}.v${PACKAGE_VERSION}" + export NEW_SKIP_RANGE=$(echo ${SKIP_RANGE} | sed "s/ <.*$/ <${PACKAGE_VERSION}/") + export NEW_OLM_PROPERTIES=$(echo "${OLM_PROPERTIES}" | jq -c 'map(if .type=="olm.maxOpenShiftVersion" then .value="'${MAJOR_VERSION}.$((MINOR_VERSION + 1))'" else . end)') + export NEW_SPEC_VERSION="${PACKAGE_VERSION}" + export NEW_ALM_STATUS_DESC="${PACKAGE_NAME}.v${PACKAGE_VERSION}" + + if [ -z "${NEW_METADATA_NAME}" ] || + [ -z "${NEW_SKIP_RANGE}" ] || + [ -z "${NEW_OLM_PROPERTIES}" ] || + [ -z "${NEW_SPEC_VERSION}" ] || + [ -z "${NEW_ALM_STATUS_DESC}" ]; then + echo "Failed to generate new values for ${CSV_MANIFEST}" + exit 1 + fi + + echo "Updating ${PLATFORMS_NAMES[i]} package manifest to ${PACKAGE_VERSION}" + yq -i '.channels[0].currentCSV = strenv(NEW_CURRENT_CSV)' ${PACKAGE_MANIFEST} + + echo "Updating ${PLATFORMS_NAMES[i]} OLM metadata to ${PACKAGE_VERSION}" + yq -i ' + .metadata.name = strenv(NEW_METADATA_NAME) | + .metadata.annotations["olm.skipRange"] = strenv(NEW_SKIP_RANGE) | + .metadata.annotations["olm.properties"] = strenv(NEW_OLM_PROPERTIES) | + .spec.version = strenv(NEW_SPEC_VERSION) | + .spec.labels.alm-status-descriptors = strenv(NEW_ALM_STATUS_DESC) + ' ${CSV_MANIFEST} +done