New release

CHANGELOG.md

@@ -1,5 +1,9 @@
 ## unreleased
 
+## v4.7.0 - 2023.06.23
+* Add LUKS encryption support
+  [[GH-514]](https://github.com/digitalocean/csi-digitalocean/pull/514)
+
 ## v4.6.1 - 2023.05.17
 * Update CSI sidecars to latest
   [[GH-502]](https://github.com/digitalocean/csi-digitalocean/pull/502)

VERSION

@@ -1 +1 @@
-v4.6.1
+v4.7.0

deploy/kubernetes/releases/csi-digitalocean-dev/driver.yaml

@@ -38,6 +38,36 @@ deletionPolicy: Delete
 
 ---
 
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: do-block-storage-luks-global
+provisioner: dobs.csi.digitalocean.com
+allowVolumeExpansion: true
+parameters:
+  dobs.csi.digitalocean.com/luks-encrypted: "true"
+  dobs.csi.digitalocean.com/luks-cipher: "aes-xts-plain64"
+  dobs.csi.digitalocean.com/luks-key-size: "512"
+  csi.storage.k8s.io/node-stage-secret-namespace: "kube-system"
+  csi.storage.k8s.io/node-stage-secret-name: "luks-key"
+
+---
+
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: do-block-storage-luks
+provisioner: dobs.csi.digitalocean.com
+allowVolumeExpansion: true
+parameters:
+  dobs.csi.digitalocean.com/luks-encrypted: "true"
+  dobs.csi.digitalocean.com/luks-cipher: "aes-xts-plain64"
+  dobs.csi.digitalocean.com/luks-key-size: "512"
+  csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace}
+  csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}-luks-key
+
+---
+
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
@@ -165,7 +195,7 @@ spec:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
         - name: csi-do-plugin
-          image: digitalocean/do-csi-plugin:dev
+          image: digitalocean/do-csi-plugin:v4.7.0
           args :
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)"
@@ -418,7 +448,7 @@ spec:
             - name: registration-dir
               mountPath: /registration/
         - name: csi-do-plugin
-          image: digitalocean/do-csi-plugin:dev
+          image: digitalocean/do-csi-plugin:v4.7.0
           args :
             - "--endpoint=$(CSI_ENDPOINT)"
             - "--url=$(DIGITALOCEAN_API_URL)"
@@ -443,6 +473,8 @@ spec:
               mountPropagation: "Bidirectional"
             - name: device-dir
               mountPath: /dev
+            - name: tmpfs
+              mountPath: /tmp
       volumes:
         - name: registration-dir
           hostPath:
@@ -462,6 +494,10 @@ spec:
         - name: udev-rules-dir
           hostPath:
             path: /etc/udev/rules.d/
+        # to make sure temporary stored luks keys never touch a disk
+        - name: tmpfs
+          emptyDir:
+            medium: Memory
 ---
 
 apiVersion: v1

deploy/kubernetes/releases/csi-digitalocean-v4.6.1/driver.yaml

@@ -37,36 +37,6 @@ deletionPolicy: Delete
 
 ---
 
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: do-block-storage-luks-global
-provisioner: dobs.csi.digitalocean.com
-allowVolumeExpansion: true
-parameters:
-  dobs.csi.digitalocean.com/luks-encrypted: "true"
-  dobs.csi.digitalocean.com/luks-cipher: "aes-xts-plain64"
-  dobs.csi.digitalocean.com/luks-key-size: "512"
-  csi.storage.k8s.io/node-stage-secret-namespace: "kube-system"
-  csi.storage.k8s.io/node-stage-secret-name: "luks-key"
-
----
-
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: do-block-storage-luks
-provisioner: dobs.csi.digitalocean.com
-allowVolumeExpansion: true
-parameters:
-  dobs.csi.digitalocean.com/luks-encrypted: "true"
-  dobs.csi.digitalocean.com/luks-cipher: "aes-xts-plain64"
-  dobs.csi.digitalocean.com/luks-key-size: "512"
-  csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace}
-  csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}-luks-key
-
----
-
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
@@ -472,8 +442,6 @@ spec:
               mountPropagation: "Bidirectional"
             - name: device-dir
               mountPath: /dev
-            - name: tmpfs
-              mountPath: /tmp
       volumes:
         - name: registration-dir
           hostPath:
@@ -493,10 +461,6 @@ spec:
         - name: udev-rules-dir
           hostPath:
             path: /etc/udev/rules.d/
-        # to make sure temporary stored luks keys never touch a disk
-        - name: tmpfs
-          emptyDir:
-            medium: Memory
 ---
 
 apiVersion: v1