cli: update Azure/GCP CSI charts (#2416)

* Update Azure CSI driver to v1.3.0
* Update GCP CSI driver to v1.3.0

---------

Signed-off-by: Daniel Weiße <[email protected]>

cli/internal/helm/BUILD.bazel

@@ -334,17 +334,13 @@ go_library(
         "charts/edgeless/csi/Chart.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/_helpers.tpl",
-        "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/crd-csi-snapshot.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-driver.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml",
-        "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-snapshot-controller.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-controller.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-azuredisk-node.yaml",
-        "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/rbac-csi-snapshot-controller.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml",
-        "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-snapshot-controller.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_default.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/templates/storageclass_integrity.yaml",
         "charts/edgeless/csi/charts/azuredisk-csi-driver/values.yaml",

cli/internal/helm/charts/edgeless/csi/Chart.yaml

@@ -13,15 +13,15 @@ dependencies:
     tags:
       - AWS
   - name: azuredisk-csi-driver
-    version: v1.2.0
+    version: v1.3.0
     tags:
       - Azure
   - name: cinder-config
     version: 1.0.0
     tags:
       - OpenStack
   - name: gcp-compute-persistent-disk-csi-driver
-    version: 1.2.0
+    version: 1.3.0
     tags:
       - GCP
   - name: openstack-cinder-csi

cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: "v1.2.0"
+appVersion: "v1.3.0"
 description: Azure disk Container Storage Interface (CSI) Storage Plugin with on-node encryption support
 name: azuredisk-csi-driver
-version: v1.2.0
+version: v1.3.0

cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml

@@ -20,6 +20,9 @@ spec:
     metadata:
 {{ include "azuredisk.labels" . | indent 6 }}
         app: {{ .Values.controller.name }}
+        {{- if .Values.workloadIdentity.clientID }}
+        azure.workload.identity/use: "true"
+        {{- end }}
 {{- with .Values.controller.podLabels }}
 {{ toYaml . | indent 8 }}
 {{- end }}
@@ -46,6 +49,9 @@ spec:
         node-role.kubernetes.io/control-plane: ""
         {{- end}}
       priorityClassName: system-cluster-critical
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
 {{- with .Values.controller.tolerations }}
       tolerations:
 {{ toYaml . | indent 8 }}
@@ -63,7 +69,7 @@ spec:
           image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
 {{- end }}
           args:
-            - "--feature-gates=Topology=true"
+            - "--feature-gates=Topology=true,HonorPVReclaimPolicy=true"
             - "--csi-address=$(ADDRESS)"
             - "--v=2"
             - "--timeout=30s"
@@ -190,6 +196,7 @@ spec:
             - "--vmss-cache-ttl-seconds={{ .Values.controller.vmssCacheTTLInSeconds }}"
             - "--enable-traffic-manager={{ .Values.controller.enableTrafficManager }}"
             - "--traffic-manager-port={{ .Values.controller.trafficManagerPort }}"
+            - "--enable-otel-tracing={{ .Values.controller.otelTracing.enabled }}"
           ports:
             - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
               name: healthz
@@ -209,7 +216,7 @@ spec:
             - name: AZURE_CREDENTIAL_FILE
               valueFrom:
                 configMapKeyRef:
-                  name: azure-cred-file
+                  name: {{ .Values.azureCredentialFileConfigMap }}
                   key: path
                   optional: true
             - name: CSI_ENDPOINT
@@ -232,6 +239,12 @@ spec:
             - name: AZURE_ENVIRONMENT_FILEPATH
               value: /etc/kubernetes/azurestackcloud.json
             {{- end }}
+            {{- if .Values.controller.otelTracing.enabled }}
+            - name: OTEL_SERVICE_NAME
+              value: {{ .Values.controller.otelTracing.otelServiceName }}
+            - name: OTEL_EXPORTER_OTLP_ENDPOINT
+              value: {{ .Values.controller.otelTracing.otelExporterEndpoint }}
+            {{- end }}
           imagePullPolicy: {{ .Values.image.azuredisk.pullPolicy }}
           volumeMounts:
             - mountPath: /csi

cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml

@@ -24,6 +24,9 @@ spec:
     metadata:
 {{ include "azuredisk.labels" . | indent 6 }}
         app: {{ .Values.linux.dsName }}
+        {{- if .Values.workloadIdentity.clientID }}
+        azure.workload.identity/use: "true"
+        {{- end }}
 {{- with .Values.linux.podLabels }}
 {{ toYaml . | indent 8 }}
 {{- end }}
@@ -50,6 +53,9 @@ spec:
         nodeAffinity:
 {{ toYaml .Values.linux.nodeAffinity | indent 10 }}
       priorityClassName: system-node-critical
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
 {{- with .Values.linux.tolerations }}
       tolerations:
 {{ toYaml . | indent 8 }}
@@ -81,6 +87,7 @@ spec:
             - --csi-address=$(ADDRESS)
             - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
             - --v=2
+{{- if .Values.linux.enableRegistrationProbe }}
           livenessProbe:
             exec:
               command:
@@ -89,6 +96,7 @@ spec:
                 - --mode=kubelet-registration-probe
             initialDelaySeconds: 30
             timeoutSeconds: 15
+{{- end }}
           env:
             - name: ADDRESS
               value: /csi/csi.sock
@@ -110,7 +118,6 @@ spec:
             - "--v={{ .Values.node.logLevel }}"
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--nodeid=$(KUBE_NODE_NAME)"
-            - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}"
             - "--enable-perf-optimization={{ .Values.linux.enablePerfOptimization }}"
             - "--drivername={{ .Values.driver.name }}"
             - "--volume-attach-limit={{ .Values.driver.volumeAttachLimit }}"
@@ -121,6 +128,8 @@ spec:
             - "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}"
             - "--support-zone={{ .Values.node.supportZone }}"
             - "--get-node-info-from-labels={{ .Values.linux.getNodeInfoFromLabels }}"
+            - "--get-nodeid-from-imds={{ .Values.node.getNodeIDFromIMDS }}"
+            - "--enable-otel-tracing={{ .Values.linux.otelTracing.enabled }}"
             - "--kms-addr={{ .Values.global.keyServiceName }}.{{ .Values.global.keyServiceNamespace | default .Release.Namespace }}:{{ .Values.global.keyServicePort }}"
           ports:
             - containerPort: {{ .Values.node.livenessProbe.healthPort }}
@@ -138,7 +147,7 @@ spec:
             - name: AZURE_CREDENTIAL_FILE
               valueFrom:
                 configMapKeyRef:
-                  name: azure-cred-file
+                  name: {{ .Values.azureCredentialFileConfigMap }}
                   key: path
                   optional: true
             - name: CSI_ENDPOINT
@@ -166,6 +175,12 @@ spec:
             - name: AZURE_ENVIRONMENT_FILEPATH
               value: /etc/kubernetes/azurestackcloud.json
             {{- end }}
+            {{- if .Values.linux.otelTracing.enabled }}
+            - name: OTEL_SERVICE_NAME
+              value: {{ .Values.linux.otelTracing.otelServiceName }}
+            - name: OTEL_EXPORTER_OTLP_ENDPOINT
+              value: {{ .Values.linux.otelTracing.otelExporterEndpoint }}
+            {{- end }}
           imagePullPolicy: {{ .Values.image.azuredisk.pullPolicy }}
           securityContext:
             privileged: true

cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-controller.yaml

@@ -5,4 +5,12 @@ metadata:
   name: {{ .Values.serviceAccount.controller }}
   namespace: {{ .Release.Namespace }}
 {{ include "azuredisk.labels" . | indent 2 }}
+{{- if .Values.workloadIdentity.clientID }}
+    azure.workload.identity/use: "true"
+  annotations:
+    azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }}
+{{- if .Values.workloadIdentity.tenantID }}
+    azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }}
+{{- end }}
+{{- end }}
 {{- end -}}

cli/internal/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/serviceaccount-csi-azuredisk-node.yaml

@@ -5,4 +5,12 @@ metadata:
   name: {{ .Values.serviceAccount.node }}
   namespace: {{ .Release.Namespace }}
 {{ include "azuredisk.labels" . | indent 2 }}
+{{- if .Values.workloadIdentity.clientID }}
+    azure.workload.identity/use: "true"
+  annotations:
+    azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }}
+{{- if .Values.workloadIdentity.tenantID }}
+    azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }}
+{{- end }}
+{{- end }}
 {{- end -}}