[v0.4.0] - 2020-06-05
Added
- Secured database connection for Linstor: When using the
etcdconnector, you can specify a secret containing a CA certificate to switch from HTTP to HTTPS communication. - Secured connection between Linstor components: You can specify TLS keys to secure the communication between controller and satellite
- Secure storage with LUKS: You can specify the master passphrase used by Linstor when creating encrypted volumes when installing via Helm.
- Authentication with etcd using TLS client certificates.
- Secured connection between linstor-client and controller (HTTPS). More in the security guide
- Linstor controller endpoint can now be customized for all resources. If not specified, the old default values will be filled in.
Removed
- NodeSet service (
piraeus-op-ns) was replaced by the ControllerSet service (piraeus-op-cs) everywhere
Changed
- CSI storage driver setup: move setup from helm to go operator. This is mostly an internal change. These changes may be of note if you used a non-default CSI configuration:
- helm value
csi.imagewas renamed tocsi.pluginImage - CSI deployment can be controlled by a new resource
linstorcsidrivers.piraeus.linbit.com
- helm value
- PriorityClasses are not automatically created. When not specified, the priority class is:
- "system-node-critical", if deployed in "kube-system" namespace
- default PriorityClass in other namespaces
- RBAC rules for CSI: creation moved to deployment step (Helm/OLM). ServiceAccounts should be specified in CSI resource. If no ServiceAccounts are named, the implicitly created accounts from previous deployments will be used.
- Helm: update default images