Merge pull request #280 from iPraveenParihar/api/controller-publish-secret

api: ClientProfile default controller publish secret

Author: Madhu-1

api/v1/clientprofile_types.go

@@ -21,6 +21,14 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// CephCsiSecretsSpec defines the secrets used by the client profile
+// to access the Ceph cluster and perform operations
+// on volumes.
+type CephCsiSecretsSpec struct {
+	//+kubebuilder:validation:Optional
+	ControllerPublishSecret corev1.SecretReference `json:"controllerPublishSecret,omitempty"`
+}
+
 // CephFsConfigSpec defines the desired CephFs configuration
 type CephFsConfigSpec struct {
 	//+kubebuilder:validation:Optional
@@ -35,13 +43,19 @@ type CephFsConfigSpec struct {
 	//+kubebuilder:validation:XValidation:rule="self == oldSelf",message="field is immutable"
 	//+kubebuilder:validation:Optional
 	RadosNamespace *string `json:"radosNamespace,omitempty"`
+
+	//+kubebuilder:validation:Optional
+	CephCsiSecrets *CephCsiSecretsSpec `json:"cephCsiSecrets,omitempty"`
 }
 
 // RbdConfigSpec defines the desired RBD configuration
 type RbdConfigSpec struct {
 	//+kubebuilder:validation:XValidation:rule="self == oldSelf",message="field is immutable"
 	//+kubebuilder:validation:Optional
 	RadosNamespace string `json:"radosNamespace,omitempty"`
+
+	//+kubebuilder:validation:Optional
+	CephCsiSecrets *CephCsiSecretsSpec `json:"cephCsiSecrets,omitempty"`
 }
 
 // NfsConfigSpec cdefines the desired NFS configuration

api/v1/zz_generated.deepcopy.go

@@ -64,6 +64,28 @@ spec:
               cephFs:
                 description: CephFsConfigSpec defines the desired CephFs configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   fuseMountOptions:
                     additionalProperties:
                       type: string
@@ -86,6 +108,28 @@ spec:
               rbd:
                 description: RbdConfigSpec defines the desired RBD configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   radosNamespace:
                     type: string
                     x-kubernetes-validations:

config/crd/bases/csi.ceph.io_clientprofiles.yaml

@@ -338,6 +338,28 @@ spec:
               cephFs:
                 description: CephFsConfigSpec defines the desired CephFs configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   fuseMountOptions:
                     additionalProperties:
                       type: string
@@ -360,6 +382,28 @@ spec:
               rbd:
                 description: RbdConfigSpec defines the desired RBD configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   radosNamespace:
                     type: string
                     x-kubernetes-validations:

deploy/all-in-one/install.yaml

@@ -65,6 +65,28 @@ spec:
               cephFs:
                 description: CephFsConfigSpec defines the desired CephFs configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which the
+                              secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   fuseMountOptions:
                     additionalProperties:
                       type: string
@@ -87,6 +109,28 @@ spec:
               rbd:
                 description: RbdConfigSpec defines the desired RBD configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which the
+                              secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   radosNamespace:
                     type: string
                     x-kubernetes-validations:

deploy/charts/ceph-csi-operator/templates/clientprofile-crd.yaml

@@ -329,6 +329,28 @@ spec:
               cephFs:
                 description: CephFsConfigSpec defines the desired CephFs configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   fuseMountOptions:
                     additionalProperties:
                       type: string
@@ -351,6 +373,28 @@ spec:
               rbd:
                 description: RbdConfigSpec defines the desired RBD configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   radosNamespace:
                     type: string
                     x-kubernetes-validations:

deploy/multifile/crd.yaml

@@ -67,14 +67,22 @@ type csiClusterInfoRecord struct {
 	ClusterId string   `json:"clusterID,omitempty"`
 	Monitors  []string `json:"monitors,omitempty"`
 	CephFs    struct {
-		SubvolumeGroup     string `json:"subvolumeGroup,omitempty"`
-		KernelMountOptions string `json:"kernelMountOptions"`
-		FuseMountOptions   string `json:"fuseMountOptions"`
-		RadosNamespace     string `json:"radosNamespace,omitempty"`
+		SubvolumeGroup             string `json:"subvolumeGroup,omitempty"`
+		KernelMountOptions         string `json:"kernelMountOptions"`
+		FuseMountOptions           string `json:"fuseMountOptions"`
+		RadosNamespace             string `json:"radosNamespace,omitempty"`
+		ControllerPublishSecretRef struct {
+			Name      string `json:"name,omitempty"`
+			Namespace string `json:"namespace,omitempty"`
+		} `json:"controllerPublishSecretRef,omitempty"`
 	} `json:"cephFS,omitempty"`
 	Rbd struct {
-		RadosNamespace string `json:"radosNamespace,omitempty"`
-		MirrorCount    int    `json:"mirrorCount,omitempty"`
+		RadosNamespace             string `json:"radosNamespace,omitempty"`
+		MirrorCount                int    `json:"mirrorCount,omitempty"`
+		ControllerPublishSecretRef struct {
+			Name      string `json:"name,omitempty"`
+			Namespace string `json:"namespace,omitempty"`
+		} `json:"controllerPublishSecretRef,omitempty"`
 	} `json:"rbd,omitempty"`
 	Nfs          struct{} `json:"nfs,omitempty"`
 	ReadAffinity struct {
@@ -322,10 +330,18 @@ func composeCsiClusterInfoRecord(clientProfile *csiv1.ClientProfile, cephConn *c
 		if mountOpt := cephFs.FuseMountOptions; mountOpt != nil {
 			record.CephFs.FuseMountOptions = utils.MapToString(mountOpt, "=", ",")
 		}
+		if cephCsiSecrets := cephFs.CephCsiSecrets; cephCsiSecrets != nil {
+			record.CephFs.ControllerPublishSecretRef.Name = cephCsiSecrets.ControllerPublishSecret.Name
+			record.CephFs.ControllerPublishSecretRef.Namespace = cephCsiSecrets.ControllerPublishSecret.Namespace
+		}
 	}
 	if rbd := clientProfile.Spec.Rbd; rbd != nil {
 		record.Rbd.RadosNamespace = rbd.RadosNamespace
 		record.Rbd.MirrorCount = cephConn.Spec.RbdMirrorDaemonCount
+		if cephCsiSecrets := rbd.CephCsiSecrets; cephCsiSecrets != nil {
+			record.Rbd.ControllerPublishSecretRef.Name = cephCsiSecrets.ControllerPublishSecret.Name
+			record.Rbd.ControllerPublishSecretRef.Namespace = cephCsiSecrets.ControllerPublishSecret.Namespace
+		}
 	}
 	if readAffinity := cephConn.Spec.ReadAffinity; readAffinity != nil {
 		record.ReadAffinity.Enabled = true