Skip to content

Commit

Permalink
Removed encryption (#533)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ChristianAtDell
ChristianAtDell authored Oct 11, 2024
1 parent b56a4a8 commit 0a7581d
Show file tree
Hide file tree
Showing 11 changed files with 0 additions and 382 deletions.
44 changes: 0 additions & 44 deletions charts/csi-isilon/templates/controller.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,20 +179,9 @@ spec:
{{- toYaml .Values.controller.tolerations | nindent 8 }}
{{ end }}
containers:
{{- $encModes := list false }}
{{- if eq .Values.encryption.enabled true }}
{{- $encModes = list false true }}
{{- end }}
{{- range $encrypted := $encModes }}
{{- with $ }}
{{- $driverSock := "csi.sock" }}
{{- $csiSidecarSuffix := "" }}
{{- if $encrypted }}
{{- $driverSock = "csi-sec.sock" }}
{{- $csiSidecarSuffix = "-sec" }}
{{- end }}
{{- $driverSockPath := printf "/var/run/csi/%s" $driverSock }}
{{- if not $encrypted }}
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
Expand All @@ -219,7 +208,6 @@ spec:
- name: csi-isilon-config-params
mountPath: /csi-isilon-config-params
{{- end }}
{{- end }}
{{- if hasKey .Values.controller "replication" }}
{{- if eq .Values.controller.replication.enabled true}}
- name: dell-csi-replicator
Expand Down Expand Up @@ -295,7 +283,6 @@ spec:
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- if not $encrypted }}
- name: csi-metadata-retriever
image: {{ required "Must provide the CSI metadata retriever container image." .Values.images.metadataretriever.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
Expand Down Expand Up @@ -335,7 +322,6 @@ spec:
mountPath: /var/run/csi
{{end}}
{{end}}
{{- end }}
- name: provisioner{{ $csiSidecarSuffix }}
image: {{ required "Must provide the CSI provisioner container image." .Values.images.provisioner.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
Expand Down Expand Up @@ -402,7 +388,6 @@ spec:
mountPath: /var/run/csi
{{end}}
{{end}}
{{- if not $encrypted }}
- name: driver
image: {{ required "Must provide the Isilon driver image repository." .Values.images.driver.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
Expand Down Expand Up @@ -486,8 +471,6 @@ spec:
mountPath: /isilon-configs
- name: csi-isilon-config-params
mountPath: /csi-isilon-config-params
{{- end }}
{{- if not $encrypted }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-proxy
Expand Down Expand Up @@ -519,33 +502,6 @@ spec:
mountPath: /etc/karavi-authorization
{{ end }}
{{ end }}
{{- end }}
{{- if $encrypted }}
- name: driver-sec
image: {{ .Values.images.encryption.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- --name={{ .Values.encryption.pluginName }}
- --nodeId=$(NODE_ID)
- "--endpoint=unix://var/run/csi/csi-sec.sock"
- "--targetEndpoint=unix://var/run/csi/csi.sock"
- --targetType=Isilon
- --controller
- --logLevel={{ .Values.encryption.logLevel }}
{{- range index .Values.encryption.extraArgs }}
- {{ . | quote }}
{{- end }}
env:
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: socket-dir
emptyDir:
Expand Down
112 changes: 0 additions & 112 deletions charts/csi-isilon/templates/node.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,18 +95,8 @@ spec:
hostNetwork: true
dnsPolicy: {{ .Values.node.dnsPolicy }}
containers:
{{- $encModes := list false }}
{{- if eq .Values.encryption.enabled true }}
{{- $encModes = list false true }}
{{- end }}
{{- range $encrypted := $encModes }}
{{- with $ }}
{{- $driverSock := "csi_sock" }}
{{- $csiSidecarSuffix := "" }}
{{- if $encrypted }}
{{- $driverSock = "csi_sec_sock" }}
{{- $csiSidecarSuffix = "-sec" }}
{{- end }}
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
Expand Down Expand Up @@ -159,7 +149,6 @@ spec:
mountPath: /csi-isilon-config-params
{{- end }}
{{- end }}
{{- if not $encrypted }}
- name: driver
command: ["/csi-isilon"]
args:
Expand Down Expand Up @@ -231,14 +220,8 @@ spec:
volumeMounts:
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/csi-isilon
{{- if eq .Values.encryption.enabled true }}
- name: staging-dir
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: Bidirectional
{{- else }}
- name: volumedevices-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi/volumeDevices
{{- end }}
- name: pods-path
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
Expand All @@ -251,7 +234,6 @@ spec:
mountPath: /isilon-configs
- name: csi-isilon-config-params
mountPath: /csi-isilon-config-params
{{- end }}
- name: registrar{{ $csiSidecarSuffix }}
image: {{ required "Must provide the CSI node registrar container image." .Values.images.registrar.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
Expand All @@ -270,7 +252,6 @@ spec:
mountPath: /registration
- name: driver-path
mountPath: /csi
{{- if not $encrypted }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-proxy
Expand Down Expand Up @@ -302,73 +283,6 @@ spec:
mountPath: /etc/karavi-authorization
{{ end }}
{{ end }}
{{- end }}
{{- if $encrypted }}
- name: driver-sec
image: {{ .Values.images.encryption.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
securityContext:
privileged: true
allowPrivilegeEscalation: true
capabilities:
add: ["SYS_ADMIN"]
args:
- --name={{ .Values.encryption.pluginName }}
- --nodeId=$(NODE_ID)
- "--endpoint=unix://var/run/csi/csi_sec_sock"
- "--targetEndpoint=unix://var/run/csi/csi_sock"
- --targetType=Isilon
- --vaultClientConfig=/etc/dea/vault/client.json
- --logLevel={{ .Values.encryption.logLevel }}
- --licenseName=/etc/dea/license/license
{{- if .Values.encryption.livenessPort }}
- --livenessPort={{ .Values.encryption.livenessPort }}
{{- end}}
- --apiPort={{ .Values.encryption.apiPort }}
{{- range index .Values.encryption.extraArgs }}
- {{ . | quote }}
{{- end }}
env:
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- if eq .Values.encryption.ocp true }}
- name: CORE_ID
value: "{{ required "encryption.ocpCoreID not set to core user uid:gid" .Values.encryption.ocpCoreID }}"
{{- end }}
volumeMounts:
- name: vault-config
mountPath: /etc/dea/vault
- name: driver-path
mountPath: /var/run/csi
- name: pods-path
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: Bidirectional
- name: staging-dir
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: Bidirectional
- name: user-home
{{- if eq .Values.encryption.ocp true }}
mountPath: /corehome
{{- else }}
mountPath: /roothome
{{- end }}
- name: license-config
mountPath: /etc/dea/license
{{- if .Values.encryption.livenessPort }}
livenessProbe:
httpGet:
path: /liveprobe
port: {{ .Values.encryption.livenessPort }}
initialDelaySeconds: 1500
periodSeconds: 1000
timeoutSeconds: 3
failureThreshold: 100
{{- end }}
{{- end }}
{{- end }}
{{- end }}
volumes:
- name: registration-dir
hostPath:
Expand Down Expand Up @@ -432,29 +346,3 @@ spec:
type: Directory
{{ end }}
{{ end }}
{{- if eq .Values.encryption.enabled true }}
- name: vault-config
projected:
sources:
- secret:
name: vault-cert
- secret:
name: vault-auth
- configMap:
name: vault-client-conf
- name: staging-dir
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
type: DirectoryOrCreate
- name: user-home
hostPath:
{{- if eq .Values.encryption.ocp true }}
path: /home/core
{{- else }}
path: /root
{{- end }}
type: Directory
- name: license-config
secret:
secretName: encryption-license
{{- end }}
42 changes: 0 additions & 42 deletions charts/csi-isilon/templates/sec-rolebinding.yaml
View file

This file was deleted.

17 changes: 0 additions & 17 deletions charts/csi-isilon/templates/validation.yaml
View file

This file was deleted.

35 changes: 0 additions & 35 deletions charts/csi-isilon/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,6 @@ images:
image: dellemc/csm-authorization-sidecar:v1.11.0
metadataretriever:
image: dellemc/csi-metadata-retriever:v1.8.0
encryption:
image: dellemc/csm-encryption:v0.6.0

# CSI driver log level
# Allowed values: "error", "warn"/"warning", "info", "debug"
Expand Down Expand Up @@ -430,36 +428,3 @@ podmon:
- "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"

encryption:
# enabled: Enable/disable volume encryption feature.
enabled: false

# pluginName: The name of the provisioner to use for encrypted volumes.
pluginName: "sec-isilon.dellemc.com"

# apiPort: TCP port number used by the REST API server.
apiPort: 3838

# logLevel: Log level of the encryption driver.
# Allowed values: "error", "warning", "info", "debug", "trace".
logLevel: "error"

# livenessPort: HTTP liveness probe port number.
# Leave empty to disable the liveness probe.
# Example: 8080
livenessPort:

# ocp: Enable when running on OpenShift Container Platform with CoreOS worker nodes.
ocp: false

# ocpCoreID: User ID and group ID of user core on CoreOS worker nodes.
# Ignored when ocp is set to false.
ocpCoreID: "1000:1000"

# extraArgs: Extra command line parameters to pass to the encryption driver.
# Allowed values:
# --sharedStorage - may be required by some applications to work properly.
# When set, performance is reduced and hard links cannot be created.
# See the gocryptfs documentation for more details.
extraArgs: []
15 changes: 0 additions & 15 deletions charts/csm-encryption-rekey-controller/Chart.yaml
View file

This file was deleted.

Loading

0 comments on commit 0a7581d

Please sign in to comment.