PWX-27656: auto-ssl support (resync w/ DaemonSet) #826

zoxpx · 2022-11-16T07:24:58Z

This PR resyncs DaemonSet changes done for auto- ssl/tls support:

adding events/update RBAC permission
adding certificatesigningrequests RBAC permissions
adding containerdvardir (/var/lib/containerd) mount

Signed-off-by: Zoran Rajic zrajic@purestorage.com

What this PR does / why we need it:

This is the preparation work for the automatic SSL/TLS setup

adding events/update RBAC permission, so that the pre-existing K8s events can get updated
adding CSR (certificatesigningrequests) RBAC permissions, so that OCI-Mon can post/update/delete CSRs
adding new /var/lib/containerd mount, as newer ContainerD-APIs that OCI-Mon uses will require this mount
updating UT's to reflect the new mount requirement

Which issue(s) this PR fixes (optional)
Closes # PWX-27656

Special notes for your reviewer:

codecov · 2022-11-16T07:40:58Z

Codecov Report

Base: 81.64% // Head: 81.65% // Increases project coverage by +0.00% 🎉

Coverage data is based on head (702370c) compared to base (67d47ab).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #826   +/-   ##
=======================================
  Coverage   81.64%   81.65%           
=======================================
  Files          58       58           
  Lines       15249    15257    +8     
=======================================
+ Hits        12450    12458    +8     
  Misses       1973     1973           
  Partials      826      826

Impacted Files	Coverage Δ
pkg/migration/generate.go	`88.61% <ø> (ø)`
...ivers/storage/portworx/component/portworx_basic.go	`85.90% <100.00%> (+0.15%)`	⬆️
drivers/storage/portworx/deployment.go	`95.46% <100.00%> (+0.01%)`	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

Preparation work for auto-ssl support: * adding events/update RBAC permission * adding certificatesigningrequests RBAC permissions * adding containerdvardir (/var/lib/containerd) mount Signed-off-by: Zoran Rajic <zrajic@purestorage.com>

zoxpx · 2022-11-17T06:48:30Z

NOTE: Updated JIRA ticket reference (using separate PWX-27656 ticket, addressing this change only)

pure-jliao

LGTM

zoxpx · 2022-11-17T20:19:27Z

Thank you Jiafeng -- merging the PR

Syncs DaemonSet changes done for auto- ssl/tls support: * adding events/update RBAC permission * adding certificatesigningrequests RBAC permissions * adding containerdvardir (/var/lib/containerd) mount Signed-off-by: Zoran Rajic <zrajic@purestorage.com>

* PWX-29973 Add check result to StorageNode CRD (#992) Signed-off-by: Harsh Desai <hadesai@purestorage.com> * [PWX-25353][PWX-25355] Auto detect eks cloud environment and check cloud permissions * [PWX-27619] Update cloudops vendor for EKS dry run * [PWX-27619] Use dry run for eks cloud permission check * [PWX-27621] Fix cluster status issue after running preflight * [PWX-25354] Set default cloud storage spec on EKS * PWX-27656: auto-ssl support (resync w/ DaemonSet) (#826) Syncs DaemonSet changes done for auto- ssl/tls support: * adding events/update RBAC permission * adding certificatesigningrequests RBAC permissions * adding containerdvardir (/var/lib/containerd) mount Signed-off-by: Zoran Rajic <zrajic@purestorage.com> * [PWX-27588] Add support for EKS cloud storage capacity based configuration * [PWX-27622] Use provided AWS credentials to run permission check on EKS * [PWX-28664] Unset AWS credential env vars after client creation * PWX-29973 Add check result to StorageNode CRD (#992) Signed-off-by: Harsh Desai <hadesai@purestorage.com> * [PWX-27765] StorageCluster status redesign to show more details * PWX-28826: Handle pre-flight check for DMthin (#1014) * PWX-28826 Boilerplace Signed-off-by: Harsh Desai <hadesai@purestorage.com> * more boilerplate Signed-off-by: Harsh Desai <hadesai@purestorage.com> * PWX-28826: Pre-flight check for DMthin. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Add comments and move StorageNode cleanup. Signed-off-by: Jose Rivera <jose@portworx.com> * Passed checks should be Info events. Signed-off-by: Jose Rivera <jose@portworx.com> * Passed checks should be Info events. (#1010) Signed-off-by: Jose Rivera <jose@portworx.com> * Pwx 28826 (#1011) * Pwx 28826 (#1012) * PWX-28826: Update with the latest master changes. (#1013) * Updating CSV to use 23.3.1 released image * Update for 23.3.1 release * Controller gen vendor Signed-off-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> * PWX-29389 Add CRD for portworx diags collection Signed-off-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> * PWX-29409: Ignore zones with no nodes (#1008) In disaggregated mode, there could be zones in which no storage nodes might be present. Such a zone would make the maxSNPZ value to be 0. CHanging the behavior to ignore 0 nodes in a zone for maxSNPZ calculation. Signed-off-by: Naveen Revanna <nrevanna@purestorage.com> --------- Signed-off-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> Signed-off-by: Naveen Revanna <nrevanna@purestorage.com> Co-authored-by: CNBU Jenkins <cnbu-jenkins@purestorage.com> Co-authored-by: Jiafeng Liao <jliao@purestorage.com> Co-authored-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> Co-authored-by: Naveen Revanna <83608369+nrevanna@users.noreply.github.com> * Add PassPreFlight event tag and logging Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Check status of portworx container in pre-flight pod and remove 'wait' code. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Fix unit test. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Fix unit test. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: PR review changes and fix portworx_test.go UTs Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: fix gomack Validate calls. Also comment out the two tests that don't work since Validate was removed from the controller.validate() func. PWX-30373 to try and fix later. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-30373: Re-add back in the commented out tests and add K8s version check failure to trigger the needed workflow. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Exit pre-check wait if running CBT namespace. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Add 5 min timeout to pre-flight status check. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Exit GetPreFlightStatus() with success if running CBT namespace. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Don't automatically enable dmthin via pre-flight check if running CBT namespace. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-30373: Revert UT and integration test hacks. Need to mock the functionality correctly. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Increase pre-flight daemonset ready wait to 10mins. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: fix 'TestValidate' UT. Don't error if pre-flight daemonset exists. Signed-off-by: Jose Rivera <jose@portworx.com> * Only run preflight if AWS. Signed-off-by: Jose Rivera <jose@portworx.com> --------- Signed-off-by: Harsh Desai <hadesai@purestorage.com> Signed-off-by: Jose Rivera <jose@portworx.com> Signed-off-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> Signed-off-by: Naveen Revanna <nrevanna@purestorage.com> Co-authored-by: Harsh Desai <hadesai@purestorage.com> Co-authored-by: CNBU Jenkins <cnbu-jenkins@purestorage.com> Co-authored-by: Jiafeng Liao <jliao@purestorage.com> Co-authored-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> Co-authored-by: Naveen Revanna <83608369+nrevanna@users.noreply.github.com> * PWX-30496: if '-T dmthin' exists in stc before preflight is ran and preflight fails don't start. (#1019) * PWX-28826 Boilerplace Signed-off-by: Harsh Desai <hadesai@purestorage.com> * more boilerplate Signed-off-by: Harsh Desai <hadesai@purestorage.com> * PWX-28826: Pre-flight check for DMthin. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Add comments and move StorageNode cleanup. Signed-off-by: Jose Rivera <jose@portworx.com> * Passed checks should be Info events. Signed-off-by: Jose Rivera <jose@portworx.com> * Passed checks should be Info events. (#1010) Signed-off-by: Jose Rivera <jose@portworx.com> * Pwx 28826 (#1011) * Pwx 28826 (#1012) * PWX-28826: Update with the latest master changes. (#1013) * Updating CSV to use 23.3.1 released image * Update for 23.3.1 release * Controller gen vendor Signed-off-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> * PWX-29389 Add CRD for portworx diags collection Signed-off-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> * PWX-29409: Ignore zones with no nodes (#1008) In disaggregated mode, there could be zones in which no storage nodes might be present. Such a zone would make the maxSNPZ value to be 0. CHanging the behavior to ignore 0 nodes in a zone for maxSNPZ calculation. Signed-off-by: Naveen Revanna <nrevanna@purestorage.com> --------- Signed-off-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> Signed-off-by: Naveen Revanna <nrevanna@purestorage.com> Co-authored-by: CNBU Jenkins <cnbu-jenkins@purestorage.com> Co-authored-by: Jiafeng Liao <jliao@purestorage.com> Co-authored-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> Co-authored-by: Naveen Revanna <83608369+nrevanna@users.noreply.github.com> * Add PassPreFlight event tag and logging Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Check status of portworx container in pre-flight pod and remove 'wait' code. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Fix unit test. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Fix unit test. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: PR review changes and fix portworx_test.go UTs Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: fix gomack Validate calls. Also comment out the two tests that don't work since Validate was removed from the controller.validate() func. PWX-30373 to try and fix later. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-30373: Re-add back in the commented out tests and add K8s version check failure to trigger the needed workflow. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Exit pre-check wait if running CBT namespace. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Add 5 min timeout to pre-flight status check. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Exit GetPreFlightStatus() with success if running CBT namespace. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Don't automatically enable dmthin via pre-flight check if running CBT namespace. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-30373: Revert UT and integration test hacks. Need to mock the functionality correctly. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: Increase pre-flight daemonset ready wait to 10mins. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826: fix 'TestValidate' UT. Don't error if pre-flight daemonset exists. Signed-off-by: Jose Rivera <jose@portworx.com> * Only run preflight if AWS. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-30496: If the user intended to use dmthin. The '-T dmthin' will exist in the stc before preflight is ran. If preflight fails in this case don't start. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-30496: If preflight enables DMthin add a 64G metadata drive. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-30496: Review fixes. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-30496: add the metadata device in both cases where the user has passed -T dmthin or we added it for them. Signed-off-by: Jose Rivera <jose@portworx.com> --------- Signed-off-by: Harsh Desai <hadesai@purestorage.com> Signed-off-by: Jose Rivera <jose@portworx.com> Signed-off-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> Signed-off-by: Naveen Revanna <nrevanna@purestorage.com> Co-authored-by: Harsh Desai <hadesai@purestorage.com> Co-authored-by: CNBU Jenkins <cnbu-jenkins@purestorage.com> Co-authored-by: Jiafeng Liao <jliao@purestorage.com> Co-authored-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> Co-authored-by: Naveen Revanna <83608369+nrevanna@users.noreply.github.com> * Fix test broken when merged in pre-flight code. Signed-off-by: Jose Rivera <jose@portworx.com> * PWX-28826 & PWX-30496: Add ClusterCondition Source to test runs. Signed-off-by: Jose Rivera <jose@portworx.com> * [PWX-27765] Fix migration status update issue --------- Signed-off-by: Harsh Desai <hadesai@purestorage.com> Signed-off-by: Zoran Rajic <zrajic@purestorage.com> Signed-off-by: Jose Rivera <jose@portworx.com> Signed-off-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> Signed-off-by: Naveen Revanna <nrevanna@purestorage.com> Co-authored-by: Harsh Desai <hadesai@purestorage.com> Co-authored-by: Jiafeng Liao <jliao@purestorage.com> Co-authored-by: Zoran Rajic <zox@portworx.com> Co-authored-by: CNBU Jenkins <cnbu-jenkins@purestorage.com> Co-authored-by: Piyush Nimbalkar <pnimbalkar@purestorage.com> Co-authored-by: Naveen Revanna <83608369+nrevanna@users.noreply.github.com>

zoxpx requested a review from a team November 16, 2022 07:24

zoxpx self-assigned this Nov 16, 2022

github-actions bot added stage/in-review area/components area/integration-test area/portworx size/m labels Nov 16, 2022

PWX-25288-pt1: auto-ssl support

702370c

Preparation work for auto-ssl support: * adding events/update RBAC permission * adding certificatesigningrequests RBAC permissions * adding containerdvardir (/var/lib/containerd) mount Signed-off-by: Zoran Rajic <zrajic@purestorage.com>

zoxpx force-pushed the PWX-25288-pt1_auto-ssl branch from 1f94da5 to 702370c Compare November 16, 2022 08:47

zoxpx changed the title ~~PWX-25288-pt1: auto-ssl support~~ PWX-27656: auto-ssl support (resync w/ DaemonSet) Nov 17, 2022

pure-jliao approved these changes Nov 17, 2022

View reviewed changes

github-actions bot added the stage/approved label Nov 17, 2022

zoxpx merged commit 2e1a09a into master Nov 17, 2022

zoxpx deleted the PWX-25288-pt1_auto-ssl branch November 17, 2022 20:20

zoxpx mentioned this pull request Apr 24, 2023

PWX-27656,PWX-30623 (px-rel-23.4.0): Adding /var/lib/containerd + RBAC updates (#826) #1020

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PWX-27656: auto-ssl support (resync w/ DaemonSet) #826

PWX-27656: auto-ssl support (resync w/ DaemonSet) #826

zoxpx commented Nov 16, 2022 •

edited

Loading

codecov bot commented Nov 16, 2022 •

edited

Loading

zoxpx commented Nov 17, 2022

pure-jliao left a comment

zoxpx commented Nov 17, 2022

PWX-27656: auto-ssl support (resync w/ DaemonSet) #826

PWX-27656: auto-ssl support (resync w/ DaemonSet) #826

Conversation

zoxpx commented Nov 16, 2022 • edited Loading

codecov bot commented Nov 16, 2022 • edited Loading

Codecov Report

zoxpx commented Nov 17, 2022

pure-jliao left a comment

Choose a reason for hiding this comment

zoxpx commented Nov 17, 2022

zoxpx commented Nov 16, 2022 •

edited

Loading

codecov bot commented Nov 16, 2022 •

edited

Loading