From 2798a2153ee49fa85aef650343a5d0702892f403 Mon Sep 17 00:00:00 2001
From: Joe McCormick <31295332+iamjoemccormick@users.noreply.github.com>
Date: Tue, 27 Feb 2024 21:11:32 +0000
Subject: [PATCH 1/3] Workflow updates for v1.6.0
- Update matrix of tested K8s and BeeGFS versions
- Update deprecated GitHub Actions
- Rework how test package names are extracted to use GITHUB_OUTPUT resolving linting issues
---
.github/workflows/build-test-publish.yaml | 81 ++++++++++++-------
operator/hack/minikube_deploy_all_examples.sh | 3 +-
test/env/beegfs-ubuntu/beegfs-fs-1.yaml | 6 +-
test/env/beegfs-ubuntu/beegfs-fs-2.yaml | 6 +-
4 files changed, 60 insertions(+), 36 deletions(-)
diff --git a/.github/workflows/build-test-publish.yaml b/.github/workflows/build-test-publish.yaml
index bfa8394b..309ca9ce 100644
--- a/.github/workflows/build-test-publish.yaml
+++ b/.github/workflows/build-test-publish.yaml
@@ -47,13 +47,13 @@ jobs:
packages: write
contents: read
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4.1.1
with:
# Work around for how release-tools verify-subtree.sh verifies release-tools has not been modified.
fetch-depth: "0"
- name: Set up Go
- uses: actions/setup-go@v4
+ uses: actions/setup-go@v5
with:
go-version: 1.22.0
# Dependencies are cached by default: https://github.com/actions/setup-go#v4
@@ -85,10 +85,10 @@ jobs:
# https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go#caching-dependencies
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
+ uses: docker/setup-buildx-action@v3.1.0
- name: Log into the GitHub Container Registry
- uses: docker/login-action@v2
+ uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
@@ -271,16 +271,13 @@ jobs:
strategy:
fail-fast: true
matrix:
- k8s-version: [1.23.17, 1.24.15, 1.25.11, 1.26.3, 1.27.3]
- beegfs-version: [7.3.4, 7.4.0]
+ k8s-version: [1.25.16, 1.26.14, 1.27.11, 1.28.7]
+ beegfs-version: [7.3.4, 7.4.2]
permissions:
packages: read
contents: read
steps:
- - uses: actions/checkout@v3
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ - uses: actions/checkout@v4.1.1
- name: Deploy Kubernetes ${{ matrix.k8s-version }} using Minikube
uses: medyagh/setup-minikube@latest
@@ -288,10 +285,22 @@ jobs:
driver: none
kubernetes-version: ${{ matrix.k8s-version }}
+ # Starting with BeeGFS 7.4.1 the container registry used to host BeeGFS images switched from DockerHub
+ # to ghcr.io. This can be removed once we no longer test with BeeGFS 7.3.4.
+ - name: Determine BeeGFS image registry
+ id: determine_registry
+ run: |
+ if [ "${{ matrix.beegfs-version }}" = "7.3.4" ]; then
+ echo "BEEGFS_REGISTRY=beegfs/" >> $GITHUB_OUTPUT
+ else
+ echo "BEEGFS_REGISTRY=ghcr.io/thinkparq/" >> $GITHUB_OUTPUT
+ fi
+
- name: Deploy BeeGFS ${{ matrix.beegfs-version }} for testing
run: |
export BEEGFS_VERSION=$(echo ${{ matrix.beegfs-version }})
export BEEGFS_SECRET=$(echo ${{ secrets.CONN_AUTH_SECRET }})
+ export BEEGFS_REGISTRY=$(echo ${{ steps.determine_registry.outputs.BEEGFS_REGISTRY }})
envsubst < test/env/beegfs-ubuntu/beegfs-fs-1.yaml | kubectl apply -f -
kubectl get pods -A
@@ -367,13 +376,13 @@ jobs:
strategy:
fail-fast: true
matrix:
- k8s-version: [1.23.17, 1.24.15, 1.25.11, 1.26.3, 1.27.3]
- beegfs-version: [7.3.4, 7.4.0]
+ k8s-version: [1.25.16, 1.26.14, 1.27.11, 1.28.7]
+ beegfs-version: [7.3.4, 7.4.2]
permissions:
packages: read
contents: read
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4.1.1
- name: Deploy Kubernetes ${{ matrix.k8s-version }} using Minikube
uses: medyagh/setup-minikube@latest
@@ -399,7 +408,7 @@ jobs:
operator-sdk scorecard ./operator/bundle -w 180s > /tmp/scorecard.txt 2>&1 || (echo "SCORECARD FAILURE!" && exit 1)
- name: Save the Operator Scorecard results as an artifact
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4.3.1
if: ${{ always() }}
with:
name: operator-scorecard-k8s${{ matrix.k8s-version }}-beegfs${{ matrix.beegfs-version }}
@@ -411,12 +420,24 @@ jobs:
chmod +x install.sh
./install.sh v0.25.0
+ # Starting with BeeGFS 7.4.1 the container registry used to host BeeGFS images switched from DockerHub
+ # to ghcr.io. This can be removed once we no longer test with BeeGFS 7.3.4.
+ - name: Determine BeeGFS image registry
+ id: determine_registry
+ run: |
+ if [ "${{ matrix.beegfs-version }}" = "7.3.4" ]; then
+ echo "BEEGFS_REGISTRY=beegfs/" >> $GITHUB_OUTPUT
+ else
+ echo "BEEGFS_REGISTRY=ghcr.io/thinkparq/" >> $GITHUB_OUTPUT
+ fi
+
# Test using a base64 encoded secret for the Operator based deployment to
# ensure the broadest coverage for how we handle base64 encoded secrets.
- name: Deploy BeeGFS ${{ matrix.beegfs-version }} for testing and expose as a service to the host OS
run: |
export BEEGFS_VERSION=$(echo ${{ matrix.beegfs-version }})
export BEEGFS_SECRET=$(echo ${{ secrets.CONN_AUTH_BASE64_SECRET }})
+ export BEEGFS_REGISTRY=$(echo ${{ steps.determine_registry.outputs.BEEGFS_REGISTRY }})
envsubst < test/env/beegfs-ubuntu/beegfs-fs-2.yaml | kubectl apply -f -
MAX_ATTEMPTS=36
@@ -539,38 +560,40 @@ jobs:
if: always()
steps:
- name: Extract CSI driver test package name
+ id: extract_driver
run: |
test_image_name="${{ env.TEST_IMAGE_NAME }}"
test_image_pkg=${test_image_name##*/}
- echo "TEST_IMAGE_PKG=$test_image_pkg" >> $GITHUB_ENV
+ echo "TEST_IMAGE_PKG=$test_image_pkg" >> $GITHUB_OUTPUT
- - name: Cleanup old ${{ env.TEST_IMAGE_PKG }} packages
- uses: actions/delete-package-versions@v4
+ - name: Cleanup old ${{ steps.extract_driver.outputs.TEST_IMAGE_PKG }} packages
+ uses: actions/delete-package-versions@v5
with:
- package-name: "${{ env.TEST_IMAGE_PKG }}"
+ package-name: "${{ steps.extract_driver.outputs.TEST_IMAGE_PKG }}"
package-type: "container"
- min-versions-to-keep: 5
+ min-versions-to-keep: 10
- name: Extract operator test package names
+ id: extract_operator
run: |
operator_test_image_name="${{ env.OPERATOR_TEST_IMAGE_NAME }}"
operator_test_image_pkg=${operator_test_image_name##*/}
- echo "OPERATOR_TEST_IMAGE_PKG=$operator_test_image_pkg" >> $GITHUB_ENV
+ echo "OPERATOR_TEST_IMAGE_PKG=$operator_test_image_pkg" >> $GITHUB_OUTPUT
operator_test_bundle_name="${{ env.OPERATOR_TEST_IMAGE_NAME }}"
operator_test_bundle_pkg=${operator_test_bundle_name##*/}
- echo "OPERATOR_TEST_BUNDLE_PKG=$operator_test_bundle_pkg" >> $GITHUB_ENV
+ echo "OPERATOR_TEST_BUNDLE_PKG=$operator_test_bundle_pkg" >> $GITHUB_OUTPUT
- - name: Cleanup old ${{ env.OPERATOR_TEST_IMAGE_PKG }} packages
- uses: actions/delete-package-versions@v4
+ - name: Cleanup old ${{ steps.extract_operator.outputs.OPERATOR_TEST_IMAGE_PKG }} packages
+ uses: actions/delete-package-versions@v5
with:
- package-name: "${{ env.OPERATOR_TEST_IMAGE_PKG }}"
+ package-name: "${{ steps.extract_operator.outputs.OPERATOR_TEST_IMAGE_PKG }}"
package-type: "container"
- min-versions-to-keep: 5
+ min-versions-to-keep: 10
- - name: Cleanup old ${{ env.OPERATOR_TEST_BUNDLE_PKG }} packages
- uses: actions/delete-package-versions@v4
+ - name: Cleanup old ${{ steps.extract_operator.outputs.OPERATOR_TEST_BUNDLE_PKG }} packages
+ uses: actions/delete-package-versions@v5
with:
- package-name: "${{ env.OPERATOR_TEST_BUNDLE_PKG }}"
+ package-name: "${{ steps.extract_operator.outputs.OPERATOR_TEST_BUNDLE_PKG }}"
package-type: "container"
- min-versions-to-keep: 5
+ min-versions-to-keep: 10
diff --git a/operator/hack/minikube_deploy_all_examples.sh b/operator/hack/minikube_deploy_all_examples.sh
index 02787782..2dcc5e8d 100755
--- a/operator/hack/minikube_deploy_all_examples.sh
+++ b/operator/hack/minikube_deploy_all_examples.sh
@@ -8,8 +8,9 @@ set -euo pipefail
# IMPORTANT: This script is not idempotent, notably the step to create directories in BeeGFS.
-export BEEGFS_VERSION=7.3.4
+export BEEGFS_VERSION=7.4.2
export BEEGFS_SECRET=mysecret
+export BEEGFS_REGISTRY=ghcr.io/thinkparq/
# Deploy BeeGFS file system:
envsubst < ../test/env/beegfs-ubuntu/beegfs-fs-1.yaml | kubectl apply -f -
diff --git a/test/env/beegfs-ubuntu/beegfs-fs-1.yaml b/test/env/beegfs-ubuntu/beegfs-fs-1.yaml
index 3469121c..0f683972 100644
--- a/test/env/beegfs-ubuntu/beegfs-fs-1.yaml
+++ b/test/env/beegfs-ubuntu/beegfs-fs-1.yaml
@@ -18,7 +18,7 @@ spec:
hostNetwork: true # This is the easiest (but not necessarily the best) way for clients to access the file system.
containers:
- name: beegfs-mgmtd
- image: beegfs/beegfs-mgmtd:${BEEGFS_VERSION}
+ image: ${BEEGFS_REGISTRY}beegfs-mgmtd:${BEEGFS_VERSION}
args:
- storeMgmtdDirectory=/mnt/mgmt_tgt_mgmt01
- storeAllowFirstRunInit=false
@@ -28,7 +28,7 @@ spec:
- name: CONN_AUTH_FILE_DATA
value: "${BEEGFS_SECRET}"
- name: beegfs-meta
- image: beegfs/beegfs-meta:${BEEGFS_VERSION}
+ image: ${BEEGFS_REGISTRY}beegfs-meta:${BEEGFS_VERSION}
args:
- storeMetaDirectory=/mnt/meta_01_tgt_0101
- storeAllowFirstRunInit=false
@@ -39,7 +39,7 @@ spec:
- name: CONN_AUTH_FILE_DATA
value: "${BEEGFS_SECRET}"
- name: beegfs-storage
- image: beegfs/beegfs-storage:${BEEGFS_VERSION}
+ image: ${BEEGFS_REGISTRY}beegfs-storage:${BEEGFS_VERSION}
args:
- storeStorageDirectory=/mnt/stor_01_tgt_101,/mnt/stor_01_tgt_102
- storeAllowFirstRunInit=false
diff --git a/test/env/beegfs-ubuntu/beegfs-fs-2.yaml b/test/env/beegfs-ubuntu/beegfs-fs-2.yaml
index 55d46ee0..fd169396 100644
--- a/test/env/beegfs-ubuntu/beegfs-fs-2.yaml
+++ b/test/env/beegfs-ubuntu/beegfs-fs-2.yaml
@@ -27,7 +27,7 @@ spec:
hostNetwork: true # This is the easiest (but not necessarily the best) way for clients to access the file system.
containers:
- name: beegfs-mgmtd
- image: beegfs/beegfs-mgmtd:${BEEGFS_VERSION}
+ image: ${BEEGFS_REGISTRY}beegfs-mgmtd:${BEEGFS_VERSION}
args:
- storeMgmtdDirectory=/mnt/mgmt_tgt_mgmt01
- storeAllowFirstRunInit=false
@@ -39,7 +39,7 @@ spec:
- name: conn-auth-secret-volume
mountPath: "/etc/beegfs"
- name: beegfs-meta
- image: beegfs/beegfs-meta:${BEEGFS_VERSION}
+ image: ${BEEGFS_REGISTRY}beegfs-meta:${BEEGFS_VERSION}
args:
- storeMetaDirectory=/mnt/meta_01_tgt_0101
- storeAllowFirstRunInit=false
@@ -52,7 +52,7 @@ spec:
- name: conn-auth-secret-volume
mountPath: "/etc/beegfs"
- name: beegfs-storage
- image: beegfs/beegfs-storage:${BEEGFS_VERSION}
+ image: ${BEEGFS_REGISTRY}beegfs-storage:${BEEGFS_VERSION}
args:
- storeStorageDirectory=/mnt/stor_01_tgt_101,/mnt/stor_01_tgt_102
- storeAllowFirstRunInit=false
From d1f57f72eb050508c6627ca107561e9e294344a0 Mon Sep 17 00:00:00 2001
From: Joe McCormick <31295332+iamjoemccormick@users.noreply.github.com>
Date: Wed, 28 Feb 2024 20:16:48 +0000
Subject: [PATCH 2/3] Update all deployment manifests for v1.6.0
- Regenerate operator manifests and bundle.
- Kubectl deployment manifests.
- Nomad deployment manifests.
---
deploy/k8s/bases/csi-beegfs-controller.yaml | 2 +-
deploy/k8s/bases/csi-beegfs-node.yaml | 2 +-
deploy/nomad/controller.nomad | 2 +-
deploy/nomad/node.nomad | 2 +-
operator/Makefile | 2 +-
.../beegfs-csi-driver-operator.clusterserviceversion.yaml | 8 ++++----
operator/config/manager/kustomization.yaml | 2 +-
.../beegfs-csi-driver-operator.clusterserviceversion.yaml | 2 +-
8 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/deploy/k8s/bases/csi-beegfs-controller.yaml b/deploy/k8s/bases/csi-beegfs-controller.yaml
index f9da1e18..bcdcb435 100644
--- a/deploy/k8s/bases/csi-beegfs-controller.yaml
+++ b/deploy/k8s/bases/csi-beegfs-controller.yaml
@@ -49,7 +49,7 @@ spec:
cpu: 80m
memory: 24Mi
- name: beegfs
- image: ghcr.io/thinkparq/beegfs-csi-driver:v1.5.0
+ image: ghcr.io/thinkparq/beegfs-csi-driver:v1.6.0
args:
- --driver-name=beegfs.csi.netapp.com
- --node-id=$(KUBE_NODE_NAME)
diff --git a/deploy/k8s/bases/csi-beegfs-node.yaml b/deploy/k8s/bases/csi-beegfs-node.yaml
index ee7f94a1..0b0450be 100644
--- a/deploy/k8s/bases/csi-beegfs-node.yaml
+++ b/deploy/k8s/bases/csi-beegfs-node.yaml
@@ -46,7 +46,7 @@ spec:
cpu: 80m
memory: 10Mi
- name: beegfs
- image: ghcr.io/thinkparq/beegfs-csi-driver:v1.5.0
+ image: ghcr.io/thinkparq/beegfs-csi-driver:v1.6.0
args:
- --driver-name=beegfs.csi.netapp.com
- --node-id=$(KUBE_NODE_NAME)
diff --git a/deploy/nomad/controller.nomad b/deploy/nomad/controller.nomad
index 1fde7d34..683d71d1 100644
--- a/deploy/nomad/controller.nomad
+++ b/deploy/nomad/controller.nomad
@@ -22,7 +22,7 @@ job "beegfs-csi-plugin-controller" {
driver = "docker"
config {
- image = "ghcr.io/thinkparq/beegfs-csi-driver:v1.5.0"
+ image = "ghcr.io/thinkparq/beegfs-csi-driver:v1.6.0"
# chwrap is used to execute the beegfs-ctl binary already installed on the host. We also read the
# beegfs-client.conf template already installed on the host.
diff --git a/deploy/nomad/node.nomad b/deploy/nomad/node.nomad
index bb8557e0..21fa51a7 100644
--- a/deploy/nomad/node.nomad
+++ b/deploy/nomad/node.nomad
@@ -20,7 +20,7 @@ job "beegfs-csi-plugin-node" {
driver = "docker"
config {
- image = "ghcr.io/thinkparq/beegfs-csi-driver:v1.5.0"
+ image = "ghcr.io/thinkparq/beegfs-csi-driver:v1.6.0"
# chwrap is used to execute the beegfs-ctl binary already installed on the host. We also read the
# beegfs-client.conf template already installed on the host.
diff --git a/operator/Makefile b/operator/Makefile
index 7ddacb05..d940e509 100644
--- a/operator/Makefile
+++ b/operator/Makefile
@@ -3,7 +3,7 @@
# To re-generate a bundle for another specific version without changing the standard setup, you can:
# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
# - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 1.5.0
+VERSION ?= 1.6.0
# BUILD_PLATFORMS contains a set of tuples [os arch buildx_platform suffix base_image addon_image]
# separated by semicolon. An empty variable or empty entry (= just a
diff --git a/operator/bundle/manifests/beegfs-csi-driver-operator.clusterserviceversion.yaml b/operator/bundle/manifests/beegfs-csi-driver-operator.clusterserviceversion.yaml
index ff42228f..40718acf 100644
--- a/operator/bundle/manifests/beegfs-csi-driver-operator.clusterserviceversion.yaml
+++ b/operator/bundle/manifests/beegfs-csi-driver-operator.clusterserviceversion.yaml
@@ -63,7 +63,7 @@ metadata:
]
capabilities: Seamless Upgrades
categories: Storage
- containerImage: ghcr.io/thinkparq/beegfs-csi-driver-operator:v1.5.0
+ containerImage: ghcr.io/thinkparq/beegfs-csi-driver-operator:v1.6.0
createdAt: 2021-06-30:03:11:00
description: Install and manage the BeeGFS CSI driver
operatorframework.io/suggested-namespace: beegfs-csi
@@ -71,7 +71,7 @@ metadata:
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/ThinkParQ/beegfs-csi-driver
support: ThinkParQ
- name: beegfs-csi-driver-operator.v1.5.0
+ name: beegfs-csi-driver-operator.v1.6.0
namespace: placeholder
spec:
apiservicedefinitions: {}
@@ -627,7 +627,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/thinkparq/beegfs-csi-driver-operator:v1.5.0
+ image: ghcr.io/thinkparq/beegfs-csi-driver-operator:v1.6.0
livenessProbe:
httpGet:
path: /healthz
@@ -722,4 +722,4 @@ spec:
provider:
name: ThinkParQ
url: https://www.thinkparq.com
- version: 1.5.0
+ version: 1.6.0
diff --git a/operator/config/manager/kustomization.yaml b/operator/config/manager/kustomization.yaml
index 246ffa8c..feaed797 100644
--- a/operator/config/manager/kustomization.yaml
+++ b/operator/config/manager/kustomization.yaml
@@ -13,4 +13,4 @@ kind: Kustomization
images:
- name: controller
newName: ghcr.io/thinkparq/beegfs-csi-driver-operator
- newTag: v1.5.0
+ newTag: v1.6.0
diff --git a/operator/config/manifests/bases/beegfs-csi-driver-operator.clusterserviceversion.yaml b/operator/config/manifests/bases/beegfs-csi-driver-operator.clusterserviceversion.yaml
index 6054803b..60435532 100644
--- a/operator/config/manifests/bases/beegfs-csi-driver-operator.clusterserviceversion.yaml
+++ b/operator/config/manifests/bases/beegfs-csi-driver-operator.clusterserviceversion.yaml
@@ -5,7 +5,7 @@ metadata:
alm-examples: '[]'
capabilities: Seamless Upgrades
categories: Storage
- containerImage: ghcr.io/thinkparq/beegfs-csi-driver-operator:v1.5.0
+ containerImage: ghcr.io/thinkparq/beegfs-csi-driver-operator:v1.6.0
createdAt: 2021-06-30:03:11:00
description: Install and manage the BeeGFS CSI driver
operatorframework.io/suggested-namespace: beegfs-csi
From 25ac7d75231147cb35a414f2e21760ec9f2dc715 Mon Sep 17 00:00:00 2001
From: Joe McCormick <31295332+iamjoemccormick@users.noreply.github.com>
Date: Wed, 28 Feb 2024 20:35:22 +0000
Subject: [PATCH 3/3] Documentation updates for v1.6.0
---
CHANGELOG.md | 18 +++++++-
README.md | 32 +++++++------
docs/deployment.md | 113 +++++++++++++++++++++++----------------------
3 files changed, 93 insertions(+), 70 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 520ecdb0..99d73c4f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,21 @@
# Changelog
-Notable changes to the BeeGFS CSI driver will be documented in this file.
+Notable changes to the BeeGFS CSI driver will be documented in this file.
+
+[1.6.0] - 2024-02-28
+--------------------
+
+### Added
+- Support for BeeGFS v7.4.2 and Kubernetes v1.28.
+- Support for arm64 and official multi-arch container images for all supported platforms
+ (linux/amd64 and linux/arm64).
+
+### Deprecated
+- Kubernetes v1.25 and v1.26 support will be dropped in the next driver release according to our
+ [support
+ policy](docs/compatibility.md#dropping-compatibility-support-for-old-kubernetes-releases).
+
+### Removed
+- Support/testing for Kubernetes v1.23 and v1.24.
[1.5.0] - 2023-09-11
--------------------
diff --git a/README.md b/README.md
index 4a9d874c..faf00c9e 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,8 @@ The driver can be easily deployed using the provided Kubernetes manifests.
Optionally the [BeeGFS CSI Driver Operator](operator/README.md) can be used to
automate day-1 (install/ configure) and day-2 (reconfigure/update) tasks for the
driver. This especially simplifies discovery and installation from Operator
-Lifecycle Manger (OLM) enabled clusters.
+Lifecycle Manger (OLM) enabled clusters. Multi-arch images supporting amd64 and
+arm64 Kubernetes nodes are provided for the BeeGFS CSI driver and operator.
### Notable Features
@@ -77,23 +78,26 @@ table describes the versions of each component used in testing each release of
the BeeGFS CSI driver. These configurations should be considered compatible and
supported.
-| beegfs.csi.netapp.com | K8s Versions | Red Hat OpenShift Versions | BeeGFS Client Versions | CSI Version |
-| --------------------- | ----------------------------------------- | ---------------------------------------------------- | ---------------------- | ----------- |
-| v1.5.0 | 1.23.17, 1.24.15, 1.25.11, 1.26.3, 1.27.3 | [No longer tested.](docs/compatibility.md#openshift) | 7.3.4, v7.4.0 | v1.7.0 |
-| v1.4.0 | 1.22.6, 1.23.5, 1.24.1, 1.25.2 | 4.11 (RHEL only; RHCOS experimental) | 7.3.2, 7.2.8 | v1.7.0 |
-| v1.3.0 | 1.21.4, 1.22.3, 1.23.1, 1.24.1 | 4.10 (RHEL only; RHCOS experimental) | 7.3.1, 7.2.7 | v1.6.0 |
-| v1.2.2 | 1.20.11, 1.21.4, 1.22.3, 1.23.1 | 4.10 (RHEL only; RHCOS experimental) | 7.3.0, 7.2.6 [^1] | v1.5.0 |
-| v1.2.1 | 1.19.15, 1.20.11, 1.21.4, 1.22.3 | 4.9 (RHEL only) | 7.2.5 [^1] | v1.5.0 |
-| v1.2.0 | 1.18, 1.19, 1.20, 1.21 | 4.8 (RHEL only) | 7.2.4 [^1] | v1.5.0 |
-| v1.1.0 | 1.18, 1.19, 1.20 | | 7.2.1 [^1] | v1.3.0 |
-| v1.0.0 | 1.19 | | 7.2 [^1] | v1.3.0 |
+| BeeGFS CSI Driver | K8s Versions | BeeGFS Client Versions | CSI Version |
+| ----------------- | ----------------------------------------- | ---------------------- | ----------- |
+| v1.6.0 | 1.25.16, 1.26.14, 1.27.11, 1.28.7 | 7.3.4, 7.4.2 | v1.8.0 |
+| v1.5.0 | 1.23.17, 1.24.15, 1.25.11, 1.26.3, 1.27.3 | 7.3.4, 7.4.0 | v1.7.0 |
+| v1.4.0 | 1.22.6, 1.23.5, 1.24.1, 1.25.2 | 7.3.2, 7.2.8 | v1.7.0 |
+| v1.3.0 | 1.21.4, 1.22.3, 1.23.1, 1.24.1 | 7.3.1, 7.2.7 | v1.6.0 |
+| v1.2.2 | 1.20.11, 1.21.4, 1.22.3, 1.23.1 | 7.3.0, 7.2.6 [^1] | v1.5.0 |
+| v1.2.1 | 1.19.15, 1.20.11, 1.21.4, 1.22.3 | 7.2.5 [^1] | v1.5.0 |
+| v1.2.0 | 1.18, 1.19, 1.20, 1.21 | 7.2.4 [^1] | v1.5.0 |
+| v1.1.0 | 1.18, 1.19, 1.20 | 7.2.1 [^1] | v1.3.0 |
+| v1.0.0 | 1.19 | 7.2 [^1] | v1.3.0 |
+
+Additional notes:
+* Starting with v1.6.0 official multi-arch container images are provided for both amd64 and arm64.
+* The BeeGFS CSI driver offers experimental support for [Hashicorp Nomad](docs/nomad.md).
+* As of v1.5.0 the BeeGFS CSI driver is [no longer tested](docs/compatibility.md#openshift) with Red Hat OpenShift.
See the [compatibility guide](docs/compatibility.md) for more details on
expectations of compatibility for the BeeGFS CSI driver.
-The BeeGFS CSI driver is also tested for use with Hashicorp Nomad. See our
-[Nomad documentation](docs/nomad.md) for details.
-
### Known Incompatibilities
#### BeeGFS CSI Driver compatibility with BeeGFS 7.2.7+ and 7.3.1+
diff --git a/docs/deployment.md b/docs/deployment.md
index 7a399788..11018559 100644
--- a/docs/deployment.md
+++ b/docs/deployment.md
@@ -77,14 +77,23 @@ OPTION 1: Validate the image using the version tag:
```
cosign verify --key ghcr.io/thinkparq/beegfs-csi-driver:
```
-Example: `cosign verify --key cosign.pub ghcr.io/thinkparq/beegfs-csi-driver:v1.5.0`
+Examples:
+```
+cosign verify --key cosign.pub ghcr.io/thinkparq/beegfs-csi-driver:v1.6.0
+cosign verify --key https://raw.githubusercontent.com/ThinkParQ/beegfs-csi-driver/master/release/cosign.pub ghcr.io/thinkparq/beegfs-csi-driver:v1.6.0
+```
OPTION 2: Validate the image using the version tag and digest:
```
cosign verify --key ghcr.io/thinkparq/beegfs-csi-driver:@SHA256:
```
-Example: `cosign verify --key cosign.pub ghcr.io/thinkparq/beegfs-csi-driver:v1.5.0@SHA256:a6efb4f870003f28a2ee421690f4f9d0e5b8eed0e24b3881fb816a760eb6dfea`
+Examples:
+
+```
+cosign verify --key cosign.pub ghcr.io/thinkparq/beegfs-csi-driver:v1.5.0@SHA256:a6efb4f870003f28a2ee421690f4f9d0e5b8eed0e24b3881fb816a760eb6dfea
+cosign verify --key https://raw.githubusercontent.com/ThinkParQ/beegfs-csi-driver/master/release/cosign.pub ghcr.io/thinkparq/beegfs-csi-driver:v1.5.0@SHA256:a6efb4f870003f28a2ee421690f4f9d0e5b8eed0e24b3881fb816a760eb6dfea
+```
### Automating Image Verification with Admission Controllers
@@ -575,20 +584,17 @@ manifests handle this automatically.
#### ConnAuth Configuration
-As of BeeGFS `v7.3.1+` and `v7.2.7+`, connection based authentication is enabled by
-default unless explicitly disabled. See the [BeeGFS
-docs](https://doc.beegfs.io/latest/advanced_topics/authentication.html) for more
-details.
-
-Version `v1.5.0` introduced the acceptance of base64 encoded connAuthFile secrets.
-See [Base64 Encoded Secrets](#base64-encoded-secrets) for more details.
+As of BeeGFS `v7.3.1+` and `v7.2.7+`, connection based authentication is enabled by default unless
+explicitly disabled. See the [BeeGFS
+docs](https://doc.beegfs.io/latest/advanced_topics/authentication.html) for more details. When using
+raw string secrets, the driver will function as previously expected. Care should be taken when
+creating raw string secrets as different text editors behave differently. Specifically, some editors
+add newlines to the end of files. This may produce mis-match connAuthFile secrets between the client
+and BeeGFS services causing the driver to fail.
-NOTE: When using raw string secrets, the driver will function as previously expected.
-Care should be taken when creating raw string secrets as different text editors
-behave differently. Specifically, some editors add newlines to the end of files.
-This may produce mis-match connAuthFile secrets between the client and BeeGFS
-services causing the driver to fail. To ensure your secret is correct, it is
-recommended to use base64 encoded secrets.
+With version `v1.5.0` the CSI driver added support for base64 encoded connAuthFile secrets. See
+[Base64 Encoded Secrets](#base64-encoded-secrets) for more details. To ensure your secret is
+correct, it is recommended to use base64 encoded secrets.
NOTE: Utilizing raw string secrets does not require an `encoding` field, but can
be explicitly set using `encoding: raw`.
@@ -608,48 +614,32 @@ connAuthFile configuration option is used on a file system's other services.
encoding: # raw or base64
```
-NOTE: Unlike general configuration, connAuth configuration is only applied at a
+NOTES:
+* Unlike general configuration, connAuth configuration is only applied at a
per file system level. There is no default connAuth and the concept of a node
specific connAuth doesn't make sense.
-
-NOTE: When running the driver directly, the connAuth configuration file is
+* When running the driver directly, the connAuth configuration file is
specified by the `--connauth-path` command line argument. For Kubernetes, the
deployment manifests handle this automatically.
-
-NOTE: It is also possible to create a connAuthFile and set the connAuthFile
+* It is also possible to create a connAuthFile and set the connAuthFile
parameter in the default beegfs-client.conf file on every node. This option
makes the most sense if also [configuring
beegfs-helperd](#beegfs-helperd-configuration) to use connection authentication,
as this requires per-node configuration of beegfs-helperd.conf.
-##### Option 2: Disable Connection Authentication
-
-Only if you are using BeeGFS v7.3.1+ or v7.2.7+ and do not want to use
-connection authentication, you must explicitly disable it by setting the
-following.
-
-```yaml
-config:
- beegfsClientConf:
- connDisableAuthentication: "true"
-```
-
-NOTE: This parameter does not exist in previous BeeGFS versions and BeeGFS will
-fail to mount if it is provided for a file system that does not support it.
-
-##### Base64 Encoded Secrets
+Using Base64 Encoded Secrets:
It is recommended to use binary connAuthFile secrets utilizing base64 encoding
as this aligns with
[BeeGFS's](https://doc.beegfs.io/latest/advanced_topics/authentication.html?highlight=authentication)
recommended format. The following are steps to implement base64 encoded secrets.
-Follow the
+1. Follow the
[BeeGFS Authentication](https://doc.beegfs.io/latest/advanced_topics/authentication.html?highlight=authentication)
steps to create a connAuthFile that contains a binary secret.
-Once created, navigate to the location of your connAuthFile and encode the
+1. Once created, navigate to the location of your connAuthFile and encode the
file utilizing base64 encoding.
```
-> cd /etc/beegfs/
@@ -658,29 +648,42 @@ DbQqb8py78SrmHfpLBR1E0/eEJ5kQBXy9wPtY7umL46s3X0ILlrTednZQOMb+/9/gBIxFqNpyzOn
tHyiNQNMEVNjXsihw11S5G4UbFw3Olcx8ehhnGTjWo0OoGKqM0TEL2FR8p3t1An0l1LUwYj1lrIG
PQ==
```
-Copy and paste the output into `csi-beegfs-connauth.yaml`.
+3. Copy and paste the output into `csi-beegfs-connauth.yaml`.
Include the `encoding: base64` key-value pair inside `csi-beegfs-connauth.yaml` to
-ensure decoding of your secret.
+ensure decoding of your secret. The `csi-beegfs-connauth.yaml` should look similar to the following.
-The `csi-beegfs-connauth.yaml` should look similar to the following.
+ ```yaml
+ # Copyright 2021 NetApp, Inc. All Rights Reserved.
+ # Licensed under the Apache License, Version 2.0.
+
+ # Use this file as instructed in the ConnAuth Configuration section of /docs/deployment.md. See
+ # /deploy/k8s/examples/csi-beegfs-connauth.yaml for an example of what to put in this file. Kustomize will
+ # automatically transform this file into a correct Secret readable by the deployed driver. If this file is left
+ # unmodified, the driver will deploy correctly with no custom configuration.
+
+ - sysMgmtdHost: 10.10.10.10
+ connAuth: |+
+ DbQqb8py78SrmHfpLBR1E0/eEJ5kQBXy9wPtY7umL46s3X0ILlrTednZQOMb+/9/gBIxFqNpyzOn
+ tHyiNQNMEVNjXsihw11S5G4UbFw3Olcx8ehhnGTjWo0OoGKqM0TEL2FR8p3t1An0l1LUwYj1lrIG
+ PQ==
+ encoding: base64
+ ```
+
+##### Option 2: Disable Connection Authentication
+
+Only if you are using BeeGFS v7.3.1+ or v7.2.7+ and do not want to use
+connection authentication, you must explicitly disable it by setting the
+following.
```yaml
-# Copyright 2021 NetApp, Inc. All Rights Reserved.
-# Licensed under the Apache License, Version 2.0.
-
-# Use this file as instructed in the ConnAuth Configuration section of /docs/deployment.md. See
-# /deploy/k8s/examples/csi-beegfs-connauth.yaml for an example of what to put in this file. Kustomize will
-# automatically transform this file into a correct Secret readable by the deployed driver. If this file is left
-# unmodified, the driver will deploy correctly with no custom configuration.
-
-- sysMgmtdHost: 10.10.10.10
- connAuth: |+
- DbQqb8py78SrmHfpLBR1E0/eEJ5kQBXy9wPtY7umL46s3X0ILlrTednZQOMb+/9/gBIxFqNpyzOn
- tHyiNQNMEVNjXsihw11S5G4UbFw3Olcx8ehhnGTjWo0OoGKqM0TEL2FR8p3t1An0l1LUwYj1lrIG
- PQ==
- encoding: base64
+config:
+ beegfsClientConf:
+ connDisableAuthentication: "true"
```
+NOTE: This parameter does not exist in previous BeeGFS versions and BeeGFS will
+fail to mount if it is provided for a file system that does not support it.
+
#### BeeGFS Helperd Configuration