diff --git a/Dockerfile b/Dockerfile index 423dfc8..e76fd31 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.20.2 +FROM alpine:3.20.3 ADD requirements.txt / RUN apk add --no-cache python3 py3-pip && \ python3 -m venv /app && \ diff --git a/INSTALL.md b/INSTALL.md index bb86930..910229b 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -25,14 +25,14 @@ Install HPE CSI Driver using manifests (assumes latest supported Kubernetes vers ``` kubectl create ns hpe-storage -kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v2.4.2/hpe-linux-config.yaml -kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v2.4.2/hpe-csi-k8s-1.29.yaml +kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v2.5.0/hpe-linux-config.yaml +kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.30.yaml ``` Install the TrueNAS CSP using manifests: ``` -kubectl create -f https://raw.githubusercontent.com/hpe-storage/truenas-csp/master/K8s/v2.4.2/truenas-csp.yaml +kubectl create -f https://raw.githubusercontent.com/hpe-storage/truenas-csp/master/K8s/v2.5.1/truenas-csp.yaml ``` **Note:** Replace `hpe-csi-k8s-.yaml` with your version of Kubernetes. Also change the version of the HPE CSI Driver manifests where applicable. Using mismatching versions of the TrueNAS CSP and the HPE CSI Driver will most likely **NOT** work. @@ -131,3 +131,11 @@ Set `root` to a dataset that will serve as the base dataset where the ZVols will Once the `Secret` and `StorageClass` have been created, all functionality is provided by the HPE CSI Driver and is [documented here](https://scod.hpedev.io/csi_driver/using.html). **Tip:** If `VolumeSnapshots` are needed, follow the guidance in HPE CSI Driver documentation on how to [enable CSI snapshots](https://scod.hpedev.io/csi_driver/using.html#enabling_csi_snapshots) and [how to use them](https://scod.hpedev.io/csi_driver/using.html#using_csi_snapshots). + +## CHAP support + +From v2.5.1 onwards iSCSI CHAP is supported. Follow the [guidance provided by HPE](https://scod.hpedev.io/csi_driver/index.html#iscsi_chap_considerations). Retrofitting CHAP into an existing cluster is not recommended. Bi-directional CHAP is not supported by the HPE CSI Driver and will not work with the TrueNAS CSP. + +CHAP on TrueNAS uses a hardcoded tag (4730274) for the authorization on the appliance. As long as that authorization exist on the appliance, CHAP details will be returned to the CSI driver and attempted to connect to the target. Do not create this tag manually, it will be created by TrueNAS CSP when enabled in the HPE CSI Driver. + +**Important:** If you need to rotate the CHAP authorization it's recommended to scale down all workloads, change the `Secret`, and scale the workloads up again. Otherwise existing iSCSI sessions may break. diff --git a/K8s/v2.5.1/hpe-storageclass-nfs.yaml b/K8s/v2.5.1/hpe-storageclass-nfs.yaml new file mode 100644 index 0000000..0cfca16 --- /dev/null +++ b/K8s/v2.5.1/hpe-storageclass-nfs.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + annotations: + storageclass.kubernetes.io/is-default-class: "false" + name: hpe-standard-nfs +provisioner: csi.hpe.com +parameters: + csi.storage.k8s.io/controller-expand-secret-name: truenas-secret + csi.storage.k8s.io/controller-expand-secret-namespace: hpe-storage + csi.storage.k8s.io/controller-publish-secret-name: truenas-secret + csi.storage.k8s.io/controller-publish-secret-namespace: hpe-storage + csi.storage.k8s.io/node-publish-secret-name: truenas-secret + csi.storage.k8s.io/node-publish-secret-namespace: hpe-storage + csi.storage.k8s.io/node-stage-secret-name: truenas-secret + csi.storage.k8s.io/node-stage-secret-namespace: hpe-storage + csi.storage.k8s.io/provisioner-secret-name: truenas-secret + csi.storage.k8s.io/provisioner-secret-namespace: hpe-storage + csi.storage.k8s.io/fstype: xfs + nfsResources: "true" + allowOverrides: sparse,compression,deduplication,volblocksize,sync,description + root: zwimming/csi-volumes +reclaimPolicy: Delete +allowVolumeExpansion: true diff --git a/K8s/v2.5.1/hpe-storageclass.yaml b/K8s/v2.5.1/hpe-storageclass.yaml new file mode 100644 index 0000000..ebc877f --- /dev/null +++ b/K8s/v2.5.1/hpe-storageclass.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + annotations: + storageclass.kubernetes.io/is-default-class: "true" + name: hpe-standard +provisioner: csi.hpe.com +parameters: + csi.storage.k8s.io/controller-expand-secret-name: truenas-secret + csi.storage.k8s.io/controller-expand-secret-namespace: hpe-storage + csi.storage.k8s.io/controller-publish-secret-name: truenas-secret + csi.storage.k8s.io/controller-publish-secret-namespace: hpe-storage + csi.storage.k8s.io/node-publish-secret-name: truenas-secret + csi.storage.k8s.io/node-publish-secret-namespace: hpe-storage + csi.storage.k8s.io/node-stage-secret-name: truenas-secret + csi.storage.k8s.io/node-stage-secret-namespace: hpe-storage + csi.storage.k8s.io/provisioner-secret-name: truenas-secret + csi.storage.k8s.io/provisioner-secret-namespace: hpe-storage + csi.storage.k8s.io/fstype: xfs + allowOverrides: sparse,compression,deduplication,volblocksize,sync,description + root: zwimming/csi-volumes +reclaimPolicy: Delete +allowVolumeExpansion: true diff --git a/K8s/v2.5.1/truenas-csp.yaml b/K8s/v2.5.1/truenas-csp.yaml new file mode 100644 index 0000000..23c48f0 --- /dev/null +++ b/K8s/v2.5.1/truenas-csp.yaml @@ -0,0 +1,38 @@ +--- +kind: Service +apiVersion: v1 +metadata: + name: truenas-csp-svc + namespace: hpe-storage + labels: + app: truenas-csp-svc +spec: + ports: + - port: 8080 + protocol: TCP + selector: + app: truenas-csp + +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: truenas-csp + namespace: hpe-storage +spec: + selector: + matchLabels: + app: truenas-csp + replicas: 1 + template: + metadata: + labels: + app: truenas-csp + spec: + priorityClassName: system-cluster-critical + containers: + - name: truenas-csp + image: quay.io/datamattsson/truenas-csp:v2.5.1 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 diff --git a/K8s/v2.5.1/truenas-secret.yaml b/K8s/v2.5.1/truenas-secret.yaml new file mode 100644 index 0000000..aa3947e --- /dev/null +++ b/K8s/v2.5.1/truenas-secret.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: truenas-secret + namespace: hpe-storage +stringData: + serviceName: truenas-csp-svc + servicePort: "8080" + username: hpe-csi (username is a no-op) + password: API key or root password of TrueNAS/FreeNAS appliance + backend: Management IP address of TrueNAS/FreeNAS appliance diff --git a/README.md b/README.md index 8dd5518..ce91aa3 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ CSP API endpoints: The [CSP specification](https://github.com/hpe-storage/container-storage-provider) in an open specification that supports iSCSI and Fibre Channel protocols. -As of version 2.2.0 of the HPE CSI Driver, these parts of the CSI spec are currently implemented: +As of version 2.5.1 of the HPE CSI Driver, these parts of the CSI spec are currently implemented: - Dynamic Provisioning - Raw Block Volume @@ -23,13 +23,13 @@ As of version 2.2.0 of the HPE CSI Driver, these parts of the CSI spec are curre - Volume Limits - Volume Stats - Ephemeral Local Volumes (not supported by the TrueNAS CSP, see [limitations](#limitations)) - -Topology is currently not supported by the HPE CSI Driver. +- Basic CSI Topology # Releases -Releases will track the upstream versioning of the HPE CSI Driver for Kubernetes and potential bugfixes in the TrueNAS CSP will be pushed to the same image tag matching the HPE CSI Driver version. +Releases will track the upstream versioning of the HPE CSI Driver for Kubernetes and potential bugfixes in the TrueNAS CSP will be pushed to the same image tag matching the HPE CSI Driver Helm chart version. +* [TrueNAS CSP v2.5.1](https://github.com/hpe-storage/truenas-csp/releases/tag/v2.5.1) for HPE CSI Driver v2.5.1 * [TrueNAS CSP v2.4.2](https://github.com/hpe-storage/truenas-csp/releases/tag/v2.4.2) for HPE CSI Driver v2.4.2 * [TrueNAS CSP v2.4.0](https://github.com/hpe-storage/truenas-csp/releases/tag/v2.4.0) for HPE CSI Driver v2.4.0 * [TrueNAS CSP v2.3.10](https://github.com/hpe-storage/truenas-csp/releases/tag/v2.3.10) for HPE CSI Driver v2.3.0 @@ -83,12 +83,11 @@ These are the known limitations. - **Dataset naming:** The underscore character `_` is used as an internal separator for naming snapshots and datasets. Do NOT use underscores in your pool or dataset names. - **FreeNAS ctl_max_luns:** FreeNAS has an internal limit of 1024 LUNs. That number increments for every new LUN created, even if deleted. The iSCSI Target service won't start and it leads to all sorts of problems. This is the log message on the console: `requested LUN ID 1031 is higher than ctl_max_luns` (this system had two iSCSI Targets). - **FreeNAS iSCSI Target:** On systems with a high degree of churn, especially during e2e testing, the iSCSI Target sometimes croak and needs to be restarted. It's recommended to starve the CSP to ease the API requests against FreeNAS and let failures be handled by CSI driver and Kubernetes (see [Helm chart](https://artifacthub.io/packages/helm/truenas-csp/truenas-csp)). -- **KubeVirt support:** Live migration for KubeVirt is not yet implemented in the CSP. Running KubeVirt without live migration on RWO claims should be fine. This will be implemented in a later released. -- **iSCSI CHAP:** Using CHAP with the HPE CSI Driver will not propagate to the TrueNAS CSP. This will be implemented in a later release of the TrueNAS CSP. +- **CSI spec lag:** `VolumeAttributeClasses` (can be mitigated with the HPE CSI Driver Volume Mutator) and `VolumeGroups` are not implemented yet. # Need help? -Please file an [issue](https://github.com/hpe-storage/truenas-csp/issues). This software is not supported by Hewlett Packard Enterprise. It's a voluntary community effort. +Please file an [issue](https://github.com/hpe-storage/truenas-csp/issues). This software is not supported by Hewlett Packard Enterprise. It's a voluntary community effort # Contributing diff --git a/docs/index.yaml b/docs/index.yaml index 88a8c8c..db2e3c3 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -1,6 +1,39 @@ apiVersion: v1 entries: truenas-csp: + - annotations: + artifacthub.io/license: MIT + artifacthub.io/links: | + - name: HPE CSI Driver for Kubernetes + url: https://scod.hpedev.io + - name: Install + url: https://github.com/hpe-storage/truenas-csp/blob/master/INSTALL.md + artifacthub.io/prerelease: "false" + apiVersion: v2 + appVersion: 2.5.1 + created: "2024-09-13T06:57:31.896152837Z" + dependencies: + - name: hpe-csi-driver + repository: https://hpe-storage.github.io/co-deployments + version: 2.5.1 + description: TrueNAS Container Storage Provider Helm chart for Kubernetes + digest: c60d6b6691b064885c5214e7551d2d9c3d1d6575e6c07aa03b0dc4b18f70e69b + home: https://github.com/hpe-storage/truenas-csp + icon: https://hpe-storage.github.io/truenas-csp/assets/icon.svg + keywords: + - HPE + - Storage + - CSI + maintainers: + - email: michael.mattsson@gmail.com + name: Michael Mattsson + name: truenas-csp + sources: + - https://github.com/hpe-storage/truenas-csp + type: application + urls: + - truenas-csp-1.2.0.tgz + version: 1.2.0 - annotations: artifacthub.io/license: MIT artifacthub.io/links: | @@ -265,4 +298,4 @@ entries: urls: - truenas-csp-1.0.0.tgz version: 1.0.0 -generated: "2024-05-05T17:25:24.564919127Z" +generated: "2024-09-13T06:57:31.894388158Z" diff --git a/docs/truenas-csp-1.2.0.tgz b/docs/truenas-csp-1.2.0.tgz new file mode 100644 index 0000000..b4a6648 Binary files /dev/null and b/docs/truenas-csp-1.2.0.tgz differ diff --git a/e2e/tests/storage-class-rwo.yaml b/e2e/tests/storage-class-rwo.yaml index 534d682..4dc083d 100644 --- a/e2e/tests/storage-class-rwo.yaml +++ b/e2e/tests/storage-class-rwo.yaml @@ -19,6 +19,6 @@ parameters: root: tank/csi-e2e chapSecretNamespace: hpe-storage chapSecretName: my-chap-secret - authNetworks: 192.168.20.0/24, 192.168.10.0/24 + #authNetworks: 192.168.20.0/24, 192.168.10.0/24 reclaimPolicy: Delete allowVolumeExpansion: true diff --git a/helm/charts/truenas-csp/Chart.lock b/helm/charts/truenas-csp/Chart.lock index 0b6ce5e..73d1a9e 100644 --- a/helm/charts/truenas-csp/Chart.lock +++ b/helm/charts/truenas-csp/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: hpe-csi-driver repository: https://hpe-storage.github.io/co-deployments - version: 2.4.2 -digest: sha256:2843d9f603e7c46f931c3cbf033ad80d5df6c1a18b94e90a70237c4e79241c52 -generated: "2024-05-05T17:18:52.756541473Z" + version: 2.5.1 +digest: sha256:3caec267f6ae176da7d26faf3f9fddee9e2e2d1b748d4dba7f3aeca43f235164 +generated: "2024-09-12T06:35:38.684668036Z" diff --git a/helm/charts/truenas-csp/Chart.yaml b/helm/charts/truenas-csp/Chart.yaml index 1500a6b..4609f9a 100644 --- a/helm/charts/truenas-csp/Chart.yaml +++ b/helm/charts/truenas-csp/Chart.yaml @@ -12,8 +12,8 @@ annotations: - name: Install url: https://github.com/hpe-storage/truenas-csp/blob/master/INSTALL.md artifacthub.io/prerelease: "false" -version: "1.1.6" -appVersion: "2.4.2" +version: "1.2.0" +appVersion: "2.5.1" maintainers: - name: Michael Mattsson email: michael.mattsson@gmail.com @@ -22,7 +22,7 @@ sources: home: https://github.com/hpe-storage/truenas-csp dependencies: - name: hpe-csi-driver - version: 2.4.2 + version: 2.5.1 repository: "https://hpe-storage.github.io/co-deployments" keywords: - HPE diff --git a/helm/charts/truenas-csp/README.md b/helm/charts/truenas-csp/README.md index 0f3d546..49b295a 100644 --- a/helm/charts/truenas-csp/README.md +++ b/helm/charts/truenas-csp/README.md @@ -16,10 +16,11 @@ This chart is lock stepped with [HPE CSI Driver for Kubernetes Helm chart](https The following table lists the configurable parameters of the chart and their default values. -| Parameter | Description | Default | -|---------------------------|------------------------------------------------------------------------------------|-----------| -| logDebug | Log extensive debug information on stdout of the CSP | false | -| optimizeFor | Set to "FreeNAS" to apply minimal amount of threads and short timeouts for the CSP | "Default" | +| Parameter | Description | Default | +|---------------------------|------------------------------------------------------------------------------------|------------------| +| logDebug | Log extensive debug information on stdout of the CSP | false | +| optimizeFor | Set to "FreeNAS" to apply minimal amount of threads and short timeouts for the CSP | "Default" | +| images.trueNasCSP | Use this particular fully qualified image name for the TrueNAS CSP | From values.yaml | **Hint:** The usual Helm decorations are available for the CSP, see [values.yaml](https://github.com/hpe-storage/truenas-csp/blob/master/helm/charts/truenas-csp/values.yaml). @@ -66,7 +67,7 @@ Also, it's helpful to be familiar with [persistent storage concepts](https://kub ## Community -Please file any issues, questions or feature requests you may have [here](https://github.com/hpe-storage/truenas-csp/issues) (do not use this facility for support inquiries of your storage product). You may also join our Slack community to chat with some of the HPE folks close to this project. We hang out in `#NimbleStorage`, `#3par-primera`, and `#Kubernetes`. Sign up at [slack.hpedev.io](https://slack.hpedev.io/) and login at [hpedev.slack.com](https://hpedev.slack.com/) +Please file any issues, questions or feature requests you may have [here](https://github.com/hpe-storage/truenas-csp/issues) (do not use this facility for support inquiries of your storage product). You may also join our Slack community to chat with some of the HPE folks close to this project. We hang out in `#NimbleStorage`, `#3par-primera`, and `#Kubernetes`. Sign up at [developer.hpe.com](https://developer.hpe.com/slack-signup) and login at [hpedev.slack.com](https://hpedev.slack.com/) ## Contributing diff --git a/helm/charts/truenas-csp/charts/hpe-csi-driver-2.4.2.tgz b/helm/charts/truenas-csp/charts/hpe-csi-driver-2.4.2.tgz deleted file mode 100644 index 8b31c4b..0000000 Binary files a/helm/charts/truenas-csp/charts/hpe-csi-driver-2.4.2.tgz and /dev/null differ diff --git a/helm/charts/truenas-csp/charts/hpe-csi-driver-2.5.1.tgz b/helm/charts/truenas-csp/charts/hpe-csi-driver-2.5.1.tgz new file mode 100644 index 0000000..cd6a56e Binary files /dev/null and b/helm/charts/truenas-csp/charts/hpe-csi-driver-2.5.1.tgz differ diff --git a/helm/charts/truenas-csp/templates/deployment.yaml b/helm/charts/truenas-csp/templates/deployment.yaml index 14d20ac..e74badb 100644 --- a/helm/charts/truenas-csp/templates/deployment.yaml +++ b/helm/charts/truenas-csp/templates/deployment.yaml @@ -29,8 +29,8 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: {{ .Values.image.repository }}:{{ default .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ .Values.images.trueNasCSP }} + imagePullPolicy: {{ .Values.imagePullPolicy }} {{ if .Values.logDebug -}} env: - name: LOG_DEBUG diff --git a/helm/charts/truenas-csp/values.schema.json b/helm/charts/truenas-csp/values.schema.json index b3f8447..c3ba0af 100644 --- a/helm/charts/truenas-csp/values.schema.json +++ b/helm/charts/truenas-csp/values.schema.json @@ -8,7 +8,8 @@ "required": [ "logDebug", "optimizeFor", - "image", + "images", + "imagePullPolicy", "imagePullSecrets", "nameOverride", "fullnameOverride", @@ -40,42 +41,33 @@ "enum": [ "FreeNAS", "Default" ], "default": "Default" }, - "image": { - "$id": "#/properties/image", + "images": { + "$id": "#/properties/images", "type": "object", - "title": "The image schema", + "title": "The images schema", "description": "An explanation about the purpose of this instance.", "default": {}, "required": [ - "repository", - "pullPolicy", - "tag" + "trueNasCSP" ], "properties": { - "repository": { - "$id": "#/properties/image/properties/repository", + "trueNasCSP": { + "$id": "#/properties/images/properties/truenascsp", "type": "string", - "title": "The repository schema", - "description": "An explanation about the purpose of this instance.", - "default": "" - }, - "pullPolicy": { - "$id": "#/properties/image/properties/pullPolicy", - "type": "string", - "title": "The pullPolicy schema", - "description": "An explanation about the purpose of this instance.", - "default": "" - }, - "tag": { - "$id": "#/properties/image/properties/tag", - "type": "string", - "title": "The tag schema", + "title": "The truenascsp schema", "description": "An explanation about the purpose of this instance.", "default": "" } - }, + }, "additionalProperties": true }, + "imagePullPolicy": { + "$id": "#/properties/imagePullPolicy", + "title": "TrueNAS CSP image pull policy", + "type": "string", + "default": "IfNotPresent", + "enum": [ "Always", "IfNotPresent", "Never" ] + }, "imagePullSecrets": { "$id": "#/properties/imagePullSecrets", "type": "array", diff --git a/helm/charts/truenas-csp/values.yaml b/helm/charts/truenas-csp/values.yaml index 7c78396..66f9e08 100644 --- a/helm/charts/truenas-csp/values.yaml +++ b/helm/charts/truenas-csp/values.yaml @@ -1,17 +1,19 @@ +--- # Default values for truenas-csp. # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# VERY verbose logDebug: false # Tunes the CSP backend API requests optimizeFor: "Default" -image: - repository: quay.io/datamattsson/truenas-csp - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "v2.4.2" +# Pull policy +imagePullPolicy: IfNotPresent + +images: + trueNasCSP: quay.io/datamattsson/truenas-csp:v2.5.1 imagePullSecrets: [] nameOverride: "" @@ -23,21 +25,21 @@ serviceAccount: # Annotations to add to the service account annotations: {} # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + # If not set and create is true, a name is gene'd using the fullname template name: "" podAnnotations: {} podSecurityContext: {} - # fsGroup: 2000 +# fsGroup: 2000 securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 service: type: ClusterIP @@ -47,8 +49,8 @@ ingress: enabled: false className: "" annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: