Merge pull request #8 from dell/csiunity_v1.3

csi-unity 1.3

.gitignore

@@ -6,7 +6,6 @@ builds/
 *.exe
 vendor/
 bin/
-csi-unity
 semver.mk
 go.sum
 ./csi-unity

Dockerfile

@@ -1,20 +1,48 @@
-# Dockerfile to build PowerStore CSI Driver
-FROM centos:7.6.1810
+# Stage to build the driver
+FROM golang:1.13 as builder
+RUN mkdir -p /go/src
+COPY csi-unity/ /go/src/csi-unity
 
+WORKDIR /go/src/csi-unity
+RUN mkdir -p bin
+RUN go generate
+RUN GOOS=linux CGO_ENABLED=0 GOARCH=amd64 go build -ldflags '-extldflags "-static"' -o bin/csi-unity
+# Print the version
+RUN go run core/semver/semver.go -f mk
+
+# Dockerfile to build Unity CSI Driver
+FROM registry.access.redhat.com/ubi7/ubi-minimal:7.8-328 as driver
 # dependencies, following by cleaning the cache
-RUN yum install -y e2fsprogs xfsprogs which nfs-utils device-mapper-multipath \
+RUN microdnf install -y --enablerepo=rhel-7-server-rpms e2fsprogs xfsprogs nfs-utils device-mapper-multipath \
     && \
-    yum clean all \
+    microdnf clean all \
     && \
     rm -rf /var/cache/run
+COPY --from=builder /go/src/csi-unity/bin/csi-unity /
+COPY csi-unity/scripts/run.sh /
+RUN chmod 777 /run.sh
+ENTRYPOINT ["/run.sh"]
 
-# validate some cli utilities are found
-RUN which mkfs.ext4
-RUN which mkfs.xfs
+# Stage to check for critical and high CVE issues via Trivy (https://github.com/aquasecurity/trivy)
+# will break image build if CRITICAL issues found
+# will print out all HIGH issues found
+FROM driver as trivy-ubi7m
+RUN microdnf install -y tar
 
-COPY "bin/csi-unity" /
-COPY "scripts/run.sh" /
+FROM trivy-ubi7m as trivy
+RUN curl https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh
+RUN trivy fs -s CRITICAL --exit-code 1 / && \
+    trivy fs -s HIGH / && \
+    trivy image --reset && \
+    rm ./bin/trivy
 
-RUN chmod 777 /run.sh
+# final stage
+FROM driver as final
 
-ENTRYPOINT ["/run.sh"]
+LABEL vendor="Dell Inc." \
+      name="csi-unity" \
+      summary="CSI Driver for Dell EMC Unity" \
+      description="CSI Driver for provisioning persistent storage from Dell EMC Unity" \
+      version="1.3.0" \
+      license="Apache-2.0"
+COPY csi-unity/licenses /licenses

Makefile

@@ -30,18 +30,16 @@ unit-test:
 # Docker-related tasks
 #
 # Generates the docker container (but does not push)
-docker-build: go-build
-	cd core && go generate
-	go run core/semver/semver.go -f mk >semver.mk
-	make -f docker.mk docker-build
+podman-build: go-build
+	sh build.sh
 
-docker-push:
-	make -f docker.mk docker-push
+podman-push: go-build
+	sh build.sh -p
 
 version:
 	go generate
 	go run core/semver/semver.go -f mk >semver.mk
-	make -f docker.mk version
+	sh build.sh -h
 
 .PHONY: clean
 clean:

build.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+# This script will build an image for the Unity CSI Driver
+# Before running this script, make sure that you have podman installed on your system
+# If you are going to push the image to an image repo, make sure that you are logged in
+# sh build.sh: build the image
+# sh build.sh -p: build and push the image
+
+function git_version {
+   local gitdesc=$(git describe --long)
+   local version="${gitdesc%%-*}"
+   MAJOR_VERSION=$(echo $version | cut -d. -f1)
+   MINOR_VERSION=$(echo $version | cut -d. -f2)
+   PATCH_NUMBER=$(echo $version | cut -d. -f3)
+   BUILD_NUMBER_FROM_GIT=$(sed -e 's#.*-\(\)#\1#' <<< "${gitdesc%-*}")
+   echo MAJOR_VERSION=$MAJOR_VERSION MINOR_VERSION=$MINOR_VERSION PATCH_NUMBER=$PATCH_NUMBER BUILD_NUMBER_FROM_GIT=$BUILD_NUMBER_FROM_GIT
+   echo Target Version=$VERSION
+}
+
+function build_image {
+   echo $BUILDCMD build -t ${IMAGE_NAME}:${IMAGE_TAG} .
+   (cd .. && $BUILDCMD build -t ${IMAGE_NAME}:${IMAGE_TAG} --build-arg GOPROXY=$GOPROXY -f csi-unity/Dockerfile . --format=docker)
+   echo $BUILDCMD tag ${IMAGE_NAME}:${IMAGE_TAG} ${IMAGE_REPO}/${IMAGE_REPO_NAMESPACE}/${IMAGE_NAME}:${IMAGE_TAG}
+   $BUILDCMD tag ${IMAGE_NAME}:${IMAGE_TAG} ${IMAGE_REPO}/${IMAGE_REPO_NAMESPACE}/${IMAGE_NAME}:${IMAGE_TAG}
+}
+
+function push_image {
+   echo $BUILDCMD push ${IMAGE_REPO}/${IMAGE_REPO_NAMESPACE}/${IMAGE_NAME}:${IMAGE_TAG}
+   $BUILDCMD push ${IMAGE_REPO}/${IMAGE_REPO_NAMESPACE}/${IMAGE_NAME}:${IMAGE_TAG}
+}
+
+NAME=csi-unity
+IMAGE_NAME=${NAME}-${USER}
+VERSION=$(date +%Y%m%d%H%M%S)
+BIN_DIR=bin
+BIN_NAME=${NAME}
+IMAGE_REPO=amaas-eos-mw1.cec.lab.emc.com:5028
+IMAGE_REPO_NAMESPACE=csi-unity
+IMAGE_TAG=${VERSION}
+
+# Read options
+while getopts 'ph' flag; do
+  case "${flag}" in
+    p) PUSH_IMAGE='true' ;;
+    h) git_version
+       exit 0 ;;
+    *) git_version
+       exit 0 ;;
+  esac
+done
+
+BUILDCMD="podman"
+DOCKEROPT="--format=docker"
+set -e
+
+command -v podman
+if [ $? -eq 0 ]; then
+    echo "Using podman for building image"
+else
+    echo "podman must be installed for building UBI based image"
+    exit 1
+fi
+
+# Build the image
+build_image
+
+if [ "$PUSH_IMAGE" = true ]; then
+    push_image
+fi
+
+exit 0

dell-csi-helm-installer/README.md

@@ -0,0 +1,157 @@
+# Helm Installer for Dell EMC CSI Storage Providers
+
+## Description
+
+This directory provides scripts to install, upgrade, uninstall the CSI drivers, and to verify the Kubernetes environment.
+These same scripts are present in all Dell EMC Container Storage Interface ([CSI](https://github.com/container-storage-interface/spec)) drivers. This includes the drivers for:
+* [PowerFlex](https://github.com/dell/csi-vxflexos)
+* [PowerMax](https://github.com/dell/csi-powermax)
+* [PowerScale](https://github.com/dell/csi-powerscale)
+* [PowerStore](https://github.com/dell/csi-powerstore)
+* [Unity](https://github.com/dell/csi-unity)
+
+NOTE: This documentation uses the Unity driver as an example. If working with a different driver, substitute the name as appropriate.
+
+## Dependencies
+
+Installing any of the Dell EMC CSI Drivers requires a few utilities to be installed on the system running the installation.
+
+| Dependency    | Usage  |
+| ------------- | ----- |
+| `kubectl`     | Kubectl is used to validate that the Kubernetes system meets the requirements of the driver. |
+| `helm`        | Helm v3 is used as the deployment tool for Charts. See, [Install HELM 3](https://helm.sh/docs/intro/install/) for instructions to install HELM 3. |
+
+
+In order to use these tools, a valid `KUBECONFIG` is required. Ensure that either a valid configuration is in the default location or that the `KUBECONFIG` environment variable points to a valid confiugration before using these tools.
+
+## Capabilities
+
+This project provides the following capabilitites, each one is discussed in detail later in this document.
+
+* Install a driver. When installing a driver, options are provided to specify the target namespace as well as options to control the types of verifications to be performed on the target system.
+* Upgrade a driver. Upgrading a driver is an effective way to either deploy a new version of the driver or to modify the parameters used in an initial deployment.
+* Uninstall a driver. This removes the driver and any installed storage classes.
+* Verify a Kubernetes system for suitability with a driver. These verification steps differ, slightly, from driver to driver but include verifiying version compatibility, namespace availability, existance of required secrets, and validating worker node compatibility with driver protocols such as iSCSI, Fibre Channel, NFS, etc 
+
+
+Most of these usages require the creation/specification of a values file. These files specify configuration settings that are passed into the driver and configure it for use. To create one of these files, the following steps should be followed:
+1. Copy a template file for the driver to a new location, naming this new file is at the users discretion. The template files are always found within the driver repo at `helm/csi-<drivername>/values.yaml`
+2. Edit the file such that it contains the proper configuration settings for the specific environment. These files are yaml formatted so maintaining the file structure is important.
+
+For example, to create a values file for the Unity driver the following steps can be executed
+```
+# cd to  the installation script directory
+cd dell-csi-helm-installer
+
+# copy the template file
+cp ../helm/csi-unity/values.yaml ./my-unity-settings.yaml
+
+# edit the newly created values file
+vi my-unity-settings.yaml
+```
+
+These values files can then be archived for later reference or for usage when upgrading the driver.
+
+
+### Install A Driver
+
+Installing a driver is performed via the `csi-install.sh` script. This script requires a few arguments: the target namespace and the user created values file. By default, this will verify the Kubernetes environment and present a list of warnings and/or errors. Errors must be addressed before installing, warning should be examined for their applicability. For example, in order to install the Unity driver into a namespace called "unity", the following command should be run:
+```
+./csi-install.sh --namespace unity --values ./my-unity-settings.yaml
+```
+
+For usage information:
+```
+[dell-csi-helm-installer]# ./csi-install.sh -h
+Help for ./csi-install.sh
+
+Usage: ./csi-install.sh options...
+Options:
+  Required
+  --namespace[=]<namespace>                Kubernetes namespace containing the CSI driver
+  --values[=]<values.yaml>                 Values file, which defines configuration values
+  Optional
+  --release[=]<helm release>               Name to register with helm, default value will match the driver name
+  --upgrade                                Perform an upgrade of the specified driver, default is false
+  --node-verify-user[=]<username>          Username to SSH to worker nodes as, used to validate node requirements. Default is root
+  --skip-verify                            Skip the kubernetes configuration verification to use the CSI driver, default will run verification
+  --skip-verify-node                       Skip worker node verification checks
+  --snapshot-crd                           Install snapshot CRDs. Default will not install Snapshot classes.
+  -h                                       Help
+```
+
+### Upgrade A Driver
+
+Upgrading a driver is very similar to installation. The `csi-install.sh` script is run, with the same required arguments, along with a `--upgrade` argument. For example, to upgrade the previously installed Unity driver, the following command can be supplied:
+
+```
+./csi-install.sh --namespace unity --values ./my-unity-settings.yaml --upgrade
+```
+
+For usage information:
+```
+[dell-csi-helm-installer]# ./csi-install.sh -h
+Help for ./csi-install.sh
+
+Usage: ./csi-install.sh options...
+Options:
+  Required
+  --namespace[=]<namespace>                Kubernetes namespace containing the CSI driver
+  --values[=]<values.yaml>                 Values file, which defines configuration values
+  Optional
+  --release[=]<helm release>               Name to register with helm, default value will match the driver name
+  --upgrade                                Perform an upgrade of the specified driver, default is false
+  --node-verify-user[=]<username>          Username to SSH to worker nodes as, used to validate node requirements. Default is root
+  --skip-verify                            Skip the kubernetes configuration verification to use the CSI driver, default will run verification
+  --skip-verify-node                       Skip worker node verification checks
+  --snapshot-crd                           Install snapshot CRDs. Default will not install Snapshot classes.
+  -h                                       Help
+```
+
+### Uninstall A Driver
+
+To uninstall a driver, the `csi-uninstall.sh` script provides a handy wrapper around the `helm` utility. The only required argument for uninstallation is the namespace name. To uninstall the Unity driver:
+
+```
+./csi-uninstall.sh --namespace unity
+```
+
+For usage information:
+```
+[dell-csi-helm-installer]# ./csi-uninstall.sh -h
+Help for ./csi-uninstall.sh
+
+Usage: ./csi-uninstall.sh options...
+Options:
+  Required
+  --namespace[=]<namespace>  Kubernetes namespace to uninstall the CSI driver from
+  Optional
+  --release[=]<helm release> Name to register with helm, default value will match the driver name
+  -h                         Help
+```
+
+### Verify A Kubernetes Environment
+
+The `verify.sh` script is run, automatically, as part of the installation and upgrade procedures and can also be run by itself. This provides a handy means to validate a Kubernetes system without meaning to actually perform the installation. To verify an environment, run `verify.sh` with the namespace name and values file options.
+
+```
+./verify.sh --namespace unity --values ./my-unity-settings.yaml
+```
+
+For usage information:
+```
+[dell-csi-helm-installer]# ./verify.sh -h
+Help for ./verify.sh
+
+Usage: ./verify.sh options...
+Options:
+  Required
+  --namespace[=]<namespace>       Kubernetes namespace to install the CSI driver
+  --values[=]<values.yaml>        Values file, which defines configuration values
+  Optional
+  --skip-verify-node              Skip worker node verification checks
+  --release[=]<helm release>      Name to register with helm, default value will match the driver name
+  --node-verify-user[=]<username> Username to SSH to worker nodes as, used to validate node requirements. Default is root
+  -h                              Help                           Help
+```
+