Operator can override default images from env

Author: reederc42

Dockerfile

@@ -11,9 +11,9 @@ RUN --mount=type=secret,id=activation_key,env=ACTIVATION_KEY \
     --mount=type=secret,id=organization,env=ORGANIZATION \
     function unregister() { subscription-manager unregister || true; }; trap unregister EXIT; \
     if [[ $DEPS_IMAGE =~ "alpine" ]]; \
-    then apk add nfs-utils; \
-    else subscription-manager register --activationkey $ACTIVATION_KEY --org $ORGANIZATION && \
-    yum install --repo=rhel-9-*-baseos-rpms -y nfs-utils; \
+        then apk add nfs-utils; \
+        else subscription-manager register --activationkey $ACTIVATION_KEY --org $ORGANIZATION && \
+            yum install --repo=rhel-9-*-baseos-rpms -y nfs-utils; \
     fi
 
 # Get the mount.nfs4 dependency

Makefile

@@ -323,9 +323,9 @@ create_manifest_for_platforms = $(DOCKER_BUILDX_BUILD_CLI) imagetools create -t
 # digest: "$digest", os: "$os", architecture: "$arch"}
 # usage: $(call image_digests,$(platforms),$(tag))
 image_digests = for image in $(foreach platform,$1,$(call image_tag,$2,$(platform))); do\
-		$(DOCKER_BUILDX_BUILD_CLI) imagetools inspect --raw $$image |\
+		$(DOCKER_BUILDX_BUILD_CLI) imagetools inspect --format '{{json .Manifest}}' $$image |\
 		jq ".manifests[0] | {image: \"$$image\", digest: .digest, os: .platform.os, architecture: .platform.architecture }";\
-	done | jq -n '{manifest: "$2", images: [inputs]}'
+	done | jq -n "{manifest: \"$2\", digest: \"$$($(DOCKER_BUILDX_BUILD_CLI) imagetools inspect --format '{{json .Manifest}}' $2 | jq -r .digest)\", images: [inputs]}"
 
 # Build targets
 

cli/k8s_client/types.go

@@ -135,65 +135,71 @@ type KubernetesClient interface {
 }
 
 type DeploymentYAMLArguments struct {
-	DeploymentName          string                `json:"deploymentName"`
-	TridentImage            string                `json:"tridentImage"`
-	AutosupportImage        string                `json:"autosupportImage"`
-	AutosupportProxy        string                `json:"autosupportProxy"`
-	AutosupportInsecure     bool                  `json:"autosupportInsecure"`
-	AutosupportCustomURL    string                `json:"autosupportCustomURL"`
-	AutosupportSerialNumber string                `json:"autosupportSerialNumber"`
-	AutosupportHostname     string                `json:"autosupportHostname"`
-	ImageRegistry           string                `json:"imageRegistry"`
-	LogFormat               string                `json:"logFormat"`
-	LogLevel                string                `json:"logLevel"`
-	LogWorkflows            string                `json:"logWorkflows"`
-	LogLayers               string                `json:"logLayers"`
-	ImagePullSecrets        []string              `json:"imagePullSecrets"`
-	Labels                  map[string]string     `json:"labels"`
-	ControllingCRDetails    map[string]string     `json:"controllingCRDetails"`
-	Debug                   bool                  `json:"debug"`
-	UseIPv6                 bool                  `json:"useIPv6"`
-	SilenceAutosupport      bool                  `json:"silenceAutosupport"`
-	Version                 *versionutils.Version `json:"version"`
-	DisableAuditLog         bool                  `json:"disableAuditLog"`
-	HTTPRequestTimeout      string                `json:"httpRequestTimeout"`
-	NodeSelector            map[string]string     `json:"nodeSelector"`
-	Tolerations             []map[string]string   `json:"tolerations"`
-	ServiceAccountName      string                `json:"serviceAccountName"`
-	ImagePullPolicy         string                `json:"imagePullPolicy"`
-	EnableForceDetach       bool                  `json:"enableForceDetach"`
-	ACPImage                string                `json:"acpImage"`  // TODO: Remove after 26.04.
-	EnableACP               bool                  `json:"enableACP"` // TODO: Remove after 26.04.
-	CloudProvider           string                `json:"cloudProvider"`
-	IdentityLabel           bool                  `json:"identityLabel"`
-	K8sAPIQPS               int                   `json:"k8sAPIQPS"`
+	DeploymentName             string                `json:"deploymentName"`
+	TridentImage               string                `json:"tridentImage"`
+	AutosupportImage           string                `json:"autosupportImage"`
+	AutosupportProxy           string                `json:"autosupportProxy"`
+	AutosupportInsecure        bool                  `json:"autosupportInsecure"`
+	AutosupportCustomURL       string                `json:"autosupportCustomURL"`
+	AutosupportSerialNumber    string                `json:"autosupportSerialNumber"`
+	AutosupportHostname        string                `json:"autosupportHostname"`
+	ImageRegistry              string                `json:"imageRegistry"`
+	CSISidecarProvisionerImage string                `json:"csiSidecarProvisionerImage"`
+	CSISidecarAttacherImage    string                `json:"csiSidecarAttacherImage"`
+	CSISidecarResizerImage     string                `json:"csiSidecarResizerImage"`
+	CSISidecarSnapshotterImage string                `json:"csiSidecarSnapshotterImage"`
+	LogFormat                  string                `json:"logFormat"`
+	LogLevel                   string                `json:"logLevel"`
+	LogWorkflows               string                `json:"logWorkflows"`
+	LogLayers                  string                `json:"logLayers"`
+	ImagePullSecrets           []string              `json:"imagePullSecrets"`
+	Labels                     map[string]string     `json:"labels"`
+	ControllingCRDetails       map[string]string     `json:"controllingCRDetails"`
+	Debug                      bool                  `json:"debug"`
+	UseIPv6                    bool                  `json:"useIPv6"`
+	SilenceAutosupport         bool                  `json:"silenceAutosupport"`
+	Version                    *versionutils.Version `json:"version"`
+	DisableAuditLog            bool                  `json:"disableAuditLog"`
+	HTTPRequestTimeout         string                `json:"httpRequestTimeout"`
+	NodeSelector               map[string]string     `json:"nodeSelector"`
+	Tolerations                []map[string]string   `json:"tolerations"`
+	ServiceAccountName         string                `json:"serviceAccountName"`
+	ImagePullPolicy            string                `json:"imagePullPolicy"`
+	EnableForceDetach          bool                  `json:"enableForceDetach"`
+	ACPImage                   string                `json:"acpImage"`  // TODO: Remove after 26.04.
+	EnableACP                  bool                  `json:"enableACP"` // TODO: Remove after 26.04.
+	CloudProvider              string                `json:"cloudProvider"`
+	IdentityLabel              bool                  `json:"identityLabel"`
+	K8sAPIQPS                  int                   `json:"k8sAPIQPS"`
 }
 
 type DaemonsetYAMLArguments struct {
-	DaemonsetName            string                `json:"daemonsetName"`
-	TridentImage             string                `json:"tridentImage"`
-	ImageRegistry            string                `json:"imageRegistry"`
-	KubeletDir               string                `json:"kubeletDir"`
-	LogFormat                string                `json:"logFormat"`
-	LogLevel                 string                `json:"logLevel"`
-	LogWorkflows             string                `json:"logWorkflows"`
-	LogLayers                string                `json:"logLayers"`
-	ProbePort                string                `json:"probePort"`
-	ImagePullSecrets         []string              `json:"imagePullSecrets"`
-	Labels                   map[string]string     `json:"labels"`
-	ControllingCRDetails     map[string]string     `json:"controllingCRDetails"`
-	EnableForceDetach        bool                  `json:"enableForceDetach"`
-	DisableAuditLog          bool                  `json:"disableAuditLog"`
-	Debug                    bool                  `json:"debug"`
-	Version                  *versionutils.Version `json:"version"`
-	HTTPRequestTimeout       string                `json:"httpRequestTimeout"`
-	NodeSelector             map[string]string     `json:"nodeSelector"`
-	Tolerations              []map[string]string   `json:"tolerations"`
-	ServiceAccountName       string                `json:"serviceAccountName"`
-	ImagePullPolicy          string                `json:"imagePullPolicy"`
-	ISCSISelfHealingInterval string                `json:"iscsiSelfHealingInterval"`
-	ISCSISelfHealingWaitTime string                `json:"iscsiSelfHealingWaitTime"`
-	NodePrep                 []string              `json:"nodePrep"`
+	DaemonsetName                      string                `json:"daemonsetName"`
+	TridentImage                       string                `json:"tridentImage"`
+	ImageRegistry                      string                `json:"imageRegistry"`
+	CSISidecarNodeDriverRegistrarImage string                `json:"csiSidecarNodeDriverRegistrarImage"`
+	CSISidecarLivenessProbeImage       string                `json:"csiSidecarLivenessProbeImage"`
+	KubeletDir                         string                `json:"kubeletDir"`
+	LogFormat                          string                `json:"logFormat"`
+	LogLevel                           string                `json:"logLevel"`
+	LogWorkflows                       string                `json:"logWorkflows"`
+	LogLayers                          string                `json:"logLayers"`
+	ProbePort                          string                `json:"probePort"`
+	ImagePullSecrets                   []string              `json:"imagePullSecrets"`
+	Labels                             map[string]string     `json:"labels"`
+	ControllingCRDetails               map[string]string     `json:"controllingCRDetails"`
+	EnableForceDetach                  bool                  `json:"enableForceDetach"`
+	DisableAuditLog                    bool                  `json:"disableAuditLog"`
+	Debug                              bool                  `json:"debug"`
+	Version                            *versionutils.Version `json:"version"`
+	HTTPRequestTimeout                 string                `json:"httpRequestTimeout"`
+	NodeSelector                       map[string]string     `json:"nodeSelector"`
+	Tolerations                        []map[string]string   `json:"tolerations"`
+	ServiceAccountName                 string                `json:"serviceAccountName"`
+	ImagePullPolicy                    string                `json:"imagePullPolicy"`
+	ISCSISelfHealingInterval           string                `json:"iscsiSelfHealingInterval"`
+	ISCSISelfHealingWaitTime           string                `json:"iscsiSelfHealingWaitTime"`
+	NodePrep                           []string              `json:"nodePrep"`
 }
 
 type TridentVersionPodYAMLArguments struct {

cli/k8s_client/yaml_factory.go

@@ -408,6 +408,21 @@ func GetCSIDeploymentYAML(args *DeploymentYAMLArguments) string {
 		args.ImageRegistry = commonconfig.KubernetesCSISidecarRegistry
 	}
 
+	sidecarImages := []struct {
+		arg *string
+		tag string
+	}{
+		{&args.CSISidecarProvisionerImage, commonconfig.CSISidecarProvisionerImageTag},
+		{&args.CSISidecarAttacherImage, commonconfig.CSISidecarAttacherImageTag},
+		{&args.CSISidecarResizerImage, commonconfig.CSISidecarResizerImageTag},
+		{&args.CSISidecarSnapshotterImage, commonconfig.CSISidecarSnapshotterImageTag},
+	}
+	for _, image := range sidecarImages {
+		if *image.arg == "" {
+			*image.arg = args.ImageRegistry + "/" + image.tag
+		}
+	}
+
 	if args.AutosupportImage == "" {
 		args.AutosupportImage = commonconfig.DefaultAutosupportImage
 	}
@@ -477,7 +492,10 @@ func GetCSIDeploymentYAML(args *DeploymentYAMLArguments) string {
 
 	deploymentYAML = strings.ReplaceAll(deploymentYAML, "{TRIDENT_IMAGE}", args.TridentImage)
 	deploymentYAML = strings.ReplaceAll(deploymentYAML, "{DEPLOYMENT_NAME}", args.DeploymentName)
-	deploymentYAML = strings.ReplaceAll(deploymentYAML, "{CSI_SIDECAR_REGISTRY}", args.ImageRegistry)
+	deploymentYAML = strings.ReplaceAll(deploymentYAML, "{CSI_SIDECAR_PROVISIONER_IMAGE}", args.CSISidecarProvisionerImage)
+	deploymentYAML = strings.ReplaceAll(deploymentYAML, "{CSI_SIDECAR_ATTACHER_IMAGE}", args.CSISidecarAttacherImage)
+	deploymentYAML = strings.ReplaceAll(deploymentYAML, "{CSI_SIDECAR_RESIZER_IMAGE}", args.CSISidecarResizerImage)
+	deploymentYAML = strings.ReplaceAll(deploymentYAML, "{CSI_SIDECAR_SNAPSHOTTER_IMAGE}", args.CSISidecarSnapshotterImage)
 	deploymentYAML = strings.ReplaceAll(deploymentYAML, "{LABEL_APP}", args.Labels[TridentAppLabelKey])
 	deploymentYAML = strings.ReplaceAll(deploymentYAML, "{SIDECAR_LOG_LEVEL}", sideCarLogLevel)
 	deploymentYAML = strings.ReplaceAll(deploymentYAML, "{LOG_FORMAT}", args.LogFormat)
@@ -633,7 +651,7 @@ spec:
         - name: asup-dir
           mountPath: /asup
       - name: csi-provisioner
-        image: {CSI_SIDECAR_REGISTRY}/csi-provisioner:v5.2.0
+        image: {CSI_SIDECAR_PROVISIONER_IMAGE}
         imagePullPolicy: {IMAGE_PULL_POLICY}
         securityContext:
           capabilities:
@@ -653,7 +671,7 @@ spec:
         - name: socket-dir
           mountPath: /var/lib/csi/sockets/pluginproxy/
       - name: csi-attacher
-        image: {CSI_SIDECAR_REGISTRY}/csi-attacher:v4.8.0
+        image: {CSI_SIDECAR_ATTACHER_IMAGE}
         imagePullPolicy: {IMAGE_PULL_POLICY}
         securityContext:
           capabilities:
@@ -672,8 +690,12 @@ spec:
         - name: socket-dir
           mountPath: /var/lib/csi/sockets/pluginproxy/
       - name: csi-resizer
-        image: {CSI_SIDECAR_REGISTRY}/csi-resizer:v1.13.1
+        image: {CSI_SIDECAR_RESIZER_IMAGE}
         imagePullPolicy: {IMAGE_PULL_POLICY}
+        securityContext:
+          capabilities:
+            drop:
+            - all
         args:
         - "--v={SIDECAR_LOG_LEVEL}"
         - "--timeout=300s"
@@ -686,7 +708,7 @@ spec:
         - name: socket-dir
           mountPath: /var/lib/csi/sockets/pluginproxy/
       - name: csi-snapshotter
-        image: {CSI_SIDECAR_REGISTRY}/csi-snapshotter:v8.2.0
+        image: {CSI_SIDECAR_SNAPSHOTTER_IMAGE}
         imagePullPolicy: {IMAGE_PULL_POLICY}
         securityContext:
           capabilities:
@@ -771,10 +793,6 @@ func GetCSIDaemonSetYAMLWindows(args *DaemonsetYAMLArguments) string {
 		daemonSetYAML = daemonSet120YAMLTemplateWindows
 	}
 
-	if args.ImageRegistry == "" {
-		args.ImageRegistry = commonconfig.KubernetesCSISidecarRegistry
-	}
-
 	if args.Labels == nil {
 		args.Labels = map[string]string{}
 	}
@@ -788,10 +806,28 @@ func GetCSIDaemonSetYAMLWindows(args *DaemonsetYAMLArguments) string {
 		}
 	}
 
+	if args.ImageRegistry == "" {
+		args.ImageRegistry = commonconfig.KubernetesCSISidecarRegistry
+	}
+
+	sidecarImages := []struct {
+		arg *string
+		tag string
+	}{
+		{&args.CSISidecarNodeDriverRegistrarImage, commonconfig.CSISidecarNodeDriverRegistrarImageTag},
+		{&args.CSISidecarLivenessProbeImage, commonconfig.CSISidecarLivenessProbeImageTag},
+	}
+	for _, image := range sidecarImages {
+		if *image.arg == "" {
+			*image.arg = args.ImageRegistry + "/" + image.tag
+		}
+	}
+
 	kubeletDir := strings.TrimRight(args.KubeletDir, "/")
 	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{TRIDENT_IMAGE}", args.TridentImage)
 	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{DAEMONSET_NAME}", args.DaemonsetName)
-	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{CSI_SIDECAR_REGISTRY}", args.ImageRegistry)
+	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{CSI_SIDECAR_NODE_DRIVER_REGISTRAR_IMAGE}", args.CSISidecarNodeDriverRegistrarImage)
+	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{CSI_SIDECAR_LIVENESS_PROBE_IMAGE}", args.CSISidecarLivenessProbeImage)
 	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{KUBELET_DIR}", kubeletDir)
 	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{LABEL_APP}", args.Labels[TridentAppLabelKey])
 	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{SIDECAR_LOG_LEVEL}", sidecarLogLevel)
@@ -844,10 +880,6 @@ func GetCSIDaemonSetYAMLLinux(args *DaemonsetYAMLArguments) string {
 
 	daemonSetYAML := daemonSet120YAMLTemplateLinux
 
-	if args.ImageRegistry == "" {
-		args.ImageRegistry = commonconfig.KubernetesCSISidecarRegistry
-	}
-
 	if args.Labels == nil {
 		args.Labels = map[string]string{}
 	}
@@ -861,12 +893,21 @@ func GetCSIDaemonSetYAMLLinux(args *DaemonsetYAMLArguments) string {
 		}
 	}
 
+	if args.ImageRegistry == "" {
+		args.ImageRegistry = commonconfig.KubernetesCSISidecarRegistry
+	}
+
+	if args.CSISidecarNodeDriverRegistrarImage == "" {
+		args.CSISidecarNodeDriverRegistrarImage = args.ImageRegistry + "/" + commonconfig.CSISidecarNodeDriverRegistrarImageTag
+	}
+
 	kubeletDir := strings.TrimRight(args.KubeletDir, "/")
 	// NodePrep this must come first because it adds a section that has tags in it
 	daemonSetYAML = replaceNodePrepTag(daemonSetYAML, args.NodePrep)
 	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{TRIDENT_IMAGE}", args.TridentImage)
 	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{DAEMONSET_NAME}", args.DaemonsetName)
-	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{CSI_SIDECAR_REGISTRY}", args.ImageRegistry)
+	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{CSI_SIDECAR_NODE_DRIVER_REGISTRAR_IMAGE}",
+		args.CSISidecarNodeDriverRegistrarImage)
 	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{KUBELET_DIR}", kubeletDir)
 	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{LABEL_APP}", args.Labels[TridentAppLabelKey])
 	daemonSetYAML = strings.ReplaceAll(daemonSetYAML, "{FORCE_DETACH_BOOL}", strconv.FormatBool(args.EnableForceDetach))
@@ -1069,7 +1110,7 @@ spec:
           mountPath: /certs
           readOnly: true
       - name: driver-registrar
-        image: {CSI_SIDECAR_REGISTRY}/csi-node-driver-registrar:v2.13.0
+        image: {CSI_SIDECAR_NODE_DRIVER_REGISTRAR_IMAGE}
         imagePullPolicy: {IMAGE_PULL_POLICY}
         args:
         - "--v={SIDECAR_LOG_LEVEL}"
@@ -1273,7 +1314,7 @@ spec:
             cpu: 10m
             memory: 20Mi
       - name: node-driver-registrar
-        image: {CSI_SIDECAR_REGISTRY}/csi-node-driver-registrar:v2.10.0
+        image: {CSI_SIDECAR_NODE_DRIVER_REGISTRAR_IMAGE}
         imagePullPolicy: {IMAGE_PULL_POLICY}
         args:
         - --v=2
@@ -1313,7 +1354,7 @@ spec:
         volumeMounts:
           - mountPath: C:\csi
             name: plugin-dir
-        image: {CSI_SIDECAR_REGISTRY}/livenessprobe:v2.5.0
+        image: {CSI_SIDECAR_LIVENESS_PROBE_IMAGE}
         args:
           - --csi-address=$(CSI_ENDPOINT)
           - --probe-timeout=3s

config/config.go

@@ -154,7 +154,13 @@ const (
 	KubernetesVersionMax = "v1.32"
 
 	// KubernetesCSISidecarRegistry is where the CSI sidecar images are hosted
-	KubernetesCSISidecarRegistry = "registry.k8s.io/sig-storage"
+	KubernetesCSISidecarRegistry          = "registry.k8s.io/sig-storage"
+	CSISidecarProvisionerImageTag         = "csi-provisioner:v5.2.0"
+	CSISidecarAttacherImageTag            = "csi-attacher:v4.8.0"
+	CSISidecarResizerImageTag             = "csi-resizer:v1.13.1"
+	CSISidecarSnapshotterImageTag         = "csi-snapshotter:v8.2.0"
+	CSISidecarNodeDriverRegistrarImageTag = "csi-node-driver-registrar:v2.13.0"
+	CSISidecarLivenessProbeImageTag       = "livenessprobe:v2.9.0"
 
 	DefaultK8sAPIQPS   = 100.0
 	DefaultK8sAPIBurst = 200

operator/config/config.go

@@ -25,6 +25,15 @@ const (
 
 	// ConfiguratorReconcileInterval is the resource refresh rate for the auto generated backends.
 	ConfiguratorReconcileInterval time.Duration = 30 * time.Minute
+
+	TridentImageEnv                       = "DEFAULT_TRIDENT_IMAGE"
+	AutosupportImageEnv                   = "DEFAULT_TRIDENT_AUTOSUPPORT_IMAGE"
+	CSISidecarProvisionerImageEnv         = "TRIDENT_CSI_SIDECAR_PROVISIONER_IMAGE"
+	CSISidecarAttacherImageEnv            = "TRIDENT_CSI_SIDECAR_ATTACHER_IMAGE"
+	CSISidecarResizerImageEnv             = "TRIDENT_CSI_SIDECAR_RESIZER_IMAGE"
+	CSISidecarSnapshotterImageEnv         = "TRIDENT_CSI_SIDECAR_SNAPSHOTTER_IMAGE"
+	CSISidecarNodeDriverRegistrarImageEnv = "TRIDENT_CSI_SIDECAR_NODE_DRIVER_REGISTRAR_IMAGE"
+	CSISidecarLivenessProbeImageEnv       = "TRIDENT_CSI_SIDECAR_LIVENESS_PROBE_IMAGE"
 )
 
 var (