Merge https://github.com/kubernetes/cloud-provider-openstack:master into master

charts/cinder-csi-plugin/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: v1.27.1
 description: Cinder CSI Chart for OpenStack
 name: openstack-cinder-csi
-version: 2.28.0-alpha.3
+version: 2.28.0-alpha.4
 home: https://github.com/kubernetes/cloud-provider-openstack
 icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
 maintainers:

charts/cinder-csi-plugin/templates/controllerplugin-deployment.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "cinder-csi.controllerplugin.labels" . | nindent 4 }}
+  annotations:
+    {{- with .Values.commonAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
   replicas: {{ .Values.csi.plugin.controllerPlugin.replicas }}
   strategy:
@@ -21,6 +25,10 @@ spec:
     metadata:
       labels:
         {{- include "cinder-csi.controllerplugin.labels" . | nindent 8 }}
+      annotations:
+        {{- with .Values.commonAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       serviceAccount: csi-cinder-controller-sa
       containers:
@@ -169,11 +177,13 @@ spec:
       volumes:
         - name: socket-dir
           emptyDir:
-        - name: cloud-config
         {{- if .Values.secret.enabled }}
+        - name: cloud-config
           secret:
             secretName: {{ .Values.secret.name }}
-        {{- else }}
+        {{- end }}
+        {{- if .Values.secret.hostMount }}
+        - name: cloud-config
           hostPath:
             path: /etc/kubernetes
         {{- end }}

charts/cinder-csi-plugin/templates/nodeplugin-daemonset.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "cinder-csi.nodeplugin.labels" . | nindent 4 }}
+  annotations:
+    {{- with .Values.commonAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
   selector:
     matchLabels:
@@ -13,6 +17,10 @@ spec:
     metadata:
       labels:
         {{- include "cinder-csi.nodeplugin.labels" . | nindent 8 }}
+      annotations:
+        {{- with .Values.commonAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       serviceAccount: csi-cinder-node-sa
       hostNetwork: true
@@ -127,11 +135,13 @@ spec:
           hostPath:
             path: /dev
             type: Directory
-        - name: cloud-config
         {{- if .Values.secret.enabled }}
+        - name: cloud-config
           secret:
             secretName: {{ .Values.secret.name }}
-        {{- else }}
+        {{- end }}
+        {{- if .Values.secret.hostMount }}
+        - name: cloud-config
           hostPath:
             path: /etc/kubernetes
         {{- end }}

charts/cinder-csi-plugin/templates/secret.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.secret.create }}
+{{- if and (.Values.secret.create) (.Values.secret.enabled) }}
 apiVersion: v1
 kind: Secret
 metadata:

charts/cinder-csi-plugin/values.yaml

@@ -98,8 +98,15 @@ csi:
 # for description of individual verbosity levels.
 logVerbosityLevel: 2
 
+# the secret should contain the openstack credentials
+# there are several options to inject the credentials:
+# 1) from kubernetes secret that doesn't exist: set "enabled" and "create" to true, this will create a secret from the values written to "data" down below
+# 2) from kubernetes secret that already exists: set "enabled" to true and "create" to false
+# 3) from host system path /etc/cloud/cloud.conf: set "enabled" to false and "hostMount" to true
+# 4) via agent-injector (e.g. hashicorp vault): set "enabled" and "hostMount" to false, you have to provide credentials on your own by injecting credentials into the pod
 secret:
   enabled: false
+  hostMount: true
   create: false
   filename: cloud.conf
 #  name: cinder-csi-cloud-config
@@ -149,3 +156,6 @@ priorityClassName: ""
 
 imagePullSecrets: []
 # - name: my-imagepull-secret
+
+# add annotations to all pods
+commonAnnotations: {}

charts/openstack-cloud-controller-manager/Chart.yaml

@@ -4,7 +4,7 @@ description: Openstack Cloud Controller Manager Helm Chart
 icon: https://object-storage-ca-ymq-1.vexxhost.net/swift/v1/6e4619c416ff4bd19e1c087f27a43eea/www-images-prod/openstack-logo/OpenStack-Logo-Vertical.png
 home: https://github.com/kubernetes/cloud-provider-openstack
 name: openstack-cloud-controller-manager
-version: 2.28.0-alpha.4
+version: 2.28.0-alpha.6
 maintainers:
   - name: eumel8
     email: [email protected]

charts/openstack-cloud-controller-manager/README.md

@@ -13,11 +13,11 @@ You need to configure an `openstack-ccm.yaml` values file with at least:
   - with password: `cloudConfig.global.username` and `cloudconfig.global.password`
   - with application credentials: (`cloudConfig.global.application-credential-id` or `cloudConfig.global.application-credential-name`) and `cloudConfig.global.application-credential-secret`
 - Load balancing
-  - `cloudConfig.loadbalancer.floating-network-id` **or**
-  - `cloudConfig.loadbalancer.floating-subnet-id` **or**
-  - `cloudConfig.loadbalancer.floating-subnet`
+  - `cloudConfig.loadBalancer.floating-network-id` **or**
+  - `cloudConfig.loadBalancer.floating-subnet-id` **or**
+  - `cloudConfig.loadBalancer.floating-subnet`
 
-If you want to enable health checks for your Load Balancers (optional), set `cloudConfig.loadbalancer.create-monitor: true`.
+If you want to enable health checks for your Load Balancers (optional), set `cloudConfig.loadBalancer.create-monitor: true`.
 
 Then run:
 

charts/openstack-cloud-controller-manager/templates/daemonset.yaml

@@ -66,10 +66,14 @@ spec:
             name: http
             protocol: TCP
           {{- end }}
+          {{- if or (.Values.extraVolumeMounts) (.Values.secret.enabled) }}
           volumeMounts:
+          {{- end }}
+          {{- if .Values.secret.enabled }}
             - mountPath: /etc/config
               name: cloud-config-volume
               readOnly: true
+          {{- end }}
           {{- if .Values.extraVolumeMounts }}
             {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
           {{- end }}
@@ -97,10 +101,15 @@ spec:
       {{- if .Values.priorityClassName }}
       priorityClassName: {{ .Values.priorityClassName }}
       {{- end }}
+
+      {{- if or (.Values.extraVolumes) (.Values.secret.enabled) }}
       volumes:
+      {{- end }}
+      {{- if .Values.secret.enabled }}
       - name: cloud-config-volume
         secret:
           secretName: {{ .Values.secret.name }}
+      {{- end }}
       {{- if .Values.extraVolumes }}
         {{ toYaml .Values.extraVolumes | nindent 6 }}
       {{- end }}

charts/openstack-cloud-controller-manager/templates/secret.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.secret.create }}
+{{- if and (.Values.secret.create) (.Values.secret.enabled) }}
 apiVersion: v1
 kind: Secret
 metadata:

charts/openstack-cloud-controller-manager/values.yaml

@@ -81,7 +81,11 @@ serviceMonitor: {}
 # Create a secret resource cloud-config (or other name) to store credentials and settings from cloudConfig
 # You can also provide your own secret (not created by the Helm chart), in this case set create to false
 # and adjust the name of the secret as necessary
+# If you dont want to use a secret (because you are using something like an agent injector to inject the cloud config file)
+# you can disable the secret usage by setting enabled to false.
+# If you disable the secret, you have to insert the cloud config file into the path /etc/cloud/config.
 secret:
+  enabled: true
   create: true
   name: cloud-config
 

cmd/barbican-kms-plugin/main.go

@@ -29,49 +29,36 @@ import (
 )
 
 var (
-	socketpath  string
-	cloudconfig string
+	socketPath  string
+	cloudConfig string
 )
 
 func main() {
-	// Glog requires this otherwise it complains.
-	if err := flag.CommandLine.Parse(nil); err != nil {
-		klog.Fatalf("Unable to parse flags: %v", err)
-	}
+	flag.Parse()
+
 	// This is a temporary hack to enable proper logging until upstream dependencies
 	// are migrated to fully utilize klog instead of glog.
-	klogFlags := flag.NewFlagSet("klog", flag.ExitOnError)
-	klog.InitFlags(klogFlags)
-	// Sync the glog and klog flags.
-	flag.CommandLine.VisitAll(func(f1 *flag.Flag) {
-		f2 := klogFlags.Lookup(f1.Name)
-		if f2 != nil {
-			value := f1.Value.String()
-			_ = f2.Value.Set(value)
-		}
-	})
+	klog.InitFlags(nil)
 
 	cmd := &cobra.Command{
 		Use:   "barbican-kms-plugin",
-		Short: "Barbican KMS plugin for kubernetes",
+		Short: "Barbican KMS plugin for Kubernetes",
 		RunE: func(cmd *cobra.Command, args []string) error {
-			sigchan := make(chan os.Signal, 1)
-			signal.Notify(sigchan, unix.SIGTERM, unix.SIGINT)
-			err := server.Run(cloudconfig, socketpath, sigchan)
+			sigChan := make(chan os.Signal, 1)
+			signal.Notify(sigChan, unix.SIGTERM, unix.SIGINT)
+			err := server.Run(cloudConfig, socketPath, sigChan)
 			return err
 		},
 	}
 
-	cmd.Flags().AddGoFlagSet(flag.CommandLine)
-
-	cmd.PersistentFlags().StringVar(&socketpath, "socketpath", "", "Barbican KMS Plugin unix socket endpoint")
+	cmd.PersistentFlags().StringVar(&socketPath, "socketpath", "", "Barbican KMS Plugin unix socket endpoint")
 	if err := cmd.MarkPersistentFlagRequired("socketpath"); err != nil {
-		klog.Fatalf("Unable to mark flag socketpath to be required: %v", err)
+		klog.Fatalf("Unable to mark flag socketpath as required: %v", err)
 	}
 
-	cmd.PersistentFlags().StringVar(&cloudconfig, "cloud-config", "", "Barbican KMS Plugin cloud config")
+	cmd.PersistentFlags().StringVar(&cloudConfig, "cloud-config", "", "Barbican KMS Plugin cloud config")
 	if err := cmd.MarkPersistentFlagRequired("cloud-config"); err != nil {
-		klog.Fatalf("Unable to mark flag cloud-config to be required: %v", err)
+		klog.Fatalf("Unable to mark flag cloud-config as required: %v", err)
 	}
 
 	code := cli.Run(cmd)

go.mod

@@ -5,7 +5,7 @@ go 1.20
 require (
 	github.com/container-storage-interface/spec v1.8.0
 	github.com/go-chi/chi/v5 v5.0.8
-	github.com/gophercloud/gophercloud v1.3.0
+	github.com/gophercloud/gophercloud v1.4.0
 	github.com/gophercloud/utils v0.0.0-20230330070308-5bd5e1d608f8
 	github.com/hashicorp/go-version v1.6.0
 	github.com/kubernetes-csi/csi-lib-utils v0.13.0

go.sum

@@ -225,8 +225,9 @@ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/gophercloud/gophercloud v1.3.0 h1:RUKyCMiZoQR3VlVR5E3K7PK1AC3/qppsWYo6dtBiqs8=
 github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
+github.com/gophercloud/gophercloud v1.4.0 h1:RqEu43vaX0lb0LanZr5BylK5ICVxjpFFoc0sxivyuHU=
+github.com/gophercloud/gophercloud v1.4.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
 github.com/gophercloud/utils v0.0.0-20230330070308-5bd5e1d608f8 h1:K9r5WEeAiaEgFZsuOP0OYjE4TtyFcCLG1nI08t9AP6A=
 github.com/gophercloud/utils v0.0.0-20230330070308-5bd5e1d608f8/go.mod h1:VSalo4adEk+3sNkmVJLnhHoOyOYYS8sTWLG4mv5BKto=
 github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=