Upgrade trident templates for version 24.02.0

Upgrade trident yaml templates, generated by tridentctl
24.02.0 with the following command:
tridentctl -n trident install --generate-custom-yaml

Some of the templates have been changed to make them
compatible with StarlingX. The parts of the code that
have been changed are marked with an "STX_change" comment.

To support upgrading from k8s v1.24 to newer versions,
it was necessary to verify and remove trident PSPs
after installation.

Additionally, the snapshot-controller role has been
removed, as it already runs in bootstrap.

Test Plan:
- PASS: Fresh install on SX/DX/Standard with Trident 24.02.0

- PASS: Backup in AIO-SX with Trident 23.10.0 and restore
with Trident 24.02.0 and tested if the backend and PVCs
created using Trident 23.10.0 still worked.

- PASS: Upgraded Trident to version 24.02.0 rerunning
ansible-playbook and tested if the information stored
in Netapp persisted.

- PASS: Tested with k8s v1.24.4 to v1.29.2 (Fresh install
for each version of k8s and also upgrading k8s from v1.24)

Story: 2011080
Task: 49786

Depends-On: https://review.opendev.org/c/starlingx/integ/+/914094

Change-Id: I7d0ee191bf4db86f3fbc4d28f0b46e4c0f9f4c45
Signed-off-by: Erickson Silva de Oliveira <Erickson.SilvadeOliveira@windriver.com>

playbookconfig/src/playbooks/host_vars/netapp/default.yml

@@ -1,6 +1,6 @@
 ---
 #
-# Copyright (c) 2020-2023 Wind River Systems, Inc.
+# Copyright (c) 2020-2024 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -45,13 +45,13 @@ trident_clean_folder: true
 
 # Images that need to be pulled to the local registry
 trident_images:
-  - docker.io/netapp/trident:23.10.0
-  - docker.io/netapp/trident-autosupport:23.10
-  - registry.k8s.io/sig-storage/csi-provisioner:v3.6.0
-  - registry.k8s.io/sig-storage/csi-attacher:v4.4.0
-  - registry.k8s.io/sig-storage/csi-resizer:v1.9.0
-  - registry.k8s.io/sig-storage/csi-snapshotter:v6.3.0
-  - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0
+  - docker.io/netapp/trident:24.02.0
+  - docker.io/netapp/trident-autosupport:24.02
+  - registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
+  - registry.k8s.io/sig-storage/csi-attacher:v4.5.0
+  - registry.k8s.io/sig-storage/csi-resizer:v1.9.3
+  - registry.k8s.io/sig-storage/csi-snapshotter:v6.3.3
+  - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
 
 # OVERRIDE FILES DIRECTORY
 # ========================

playbookconfig/src/playbooks/install_netapp_backend.yml

@@ -1,6 +1,6 @@
 ---
 #
-# Copyright (c) 2020 Wind River Systems, Inc.
+# Copyright (c) 2020,2024 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -15,5 +15,4 @@
     - { role: common/prepare-env }
     - { role: common/get-kube-version, become: yes }
     - { role: roles/common/push-docker-images, become: yes }
-    - { role: roles/k8s-storage-backends/snapshot-controller, become: yes }
     - { role: roles/k8s-storage-backends/netapp, become: yes }

playbookconfig/src/playbooks/roles/k8s-storage-backends/netapp/tasks/configure-storage-classes.yml

@@ -1,6 +1,6 @@
 ---
 #
-# Copyright (c) 2020,2023 Wind River Systems, Inc.
+# Copyright (c) 2020,2023-2024 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -41,7 +41,7 @@
   command: >-
     kubectl --kubeconfig=/etc/kubernetes/admin.conf
     -n {{ trident_namespace }}
-    delete storageclasses {{ storage_class.metadata.name }}
+    delete storageclass {{ storage_class.metadata.name }}
   failed_when: false
 
 - name: Create K8s StorageClass

playbookconfig/src/playbooks/roles/k8s-storage-backends/netapp/tasks/delete-pod-security-policies.yml

@@ -0,0 +1,21 @@
+---
+#
+# Copyright (c) 2024 Wind River Systems, Inc.
+#
+# SUB-TASKS DESCRIPTION:
+#   These tasks delete Trident's PodSecurityPolicy when the Kubernetes version is lower than v1.25.3
+#
+
+- name: Get all pod security policies
+  command: kubectl get psp -o jsonpath='{.items[*].metadata.name}'
+  environment:
+    KUBECONFIG: "/etc/kubernetes/admin.conf"
+  failed_when: false
+  register: kubectl_get_psp_result
+
+- name: Delete trident pod security policies
+  command: kubectl delete psp {{ item }}
+  environment:
+    KUBECONFIG: "/etc/kubernetes/admin.conf"
+  with_items: "{{ kubectl_get_psp_result.stdout }}"
+  when: "'trident' in item"

playbookconfig/src/playbooks/roles/k8s-storage-backends/netapp/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 #
-# Copyright (c) 2020-2023 Wind River Systems, Inc.
+# Copyright (c) 2020-2024 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -90,6 +90,10 @@
          tridentctl_rest_response.rc != 0) or
         trident_force_reinstall
 
+- name: Delete pod security policies
+  include_tasks: delete-pod-security-policies.yml
+  when: kubernetes_long_version is version('v1.25.3', '<')
+
 # Configure NetApp backends
 - name: Configure tbc secret
   include_tasks: configure-trident-backend-config-secret.yml

playbookconfig/src/playbooks/roles/k8s-storage-backends/netapp/templates/README

@@ -7,10 +7,13 @@ Some of the templates have been changed to make them compatible with StarlingX
 The parts of the code that have been changes are marked with an "STX_change" comment.
 
 Files changed:
+- trident-controller-clusterrolebinding.yaml.j2
+- trident-controller-role.yaml.j2
+- trident-controller-rolebinding.yaml.j2
+- trident-controller-serviceaccount.yaml.j2
 - trident-daemonset.yaml.j2
-- trident-clusterrolebinding.yaml.j2
-- trident-namespace.yaml.j2
-- trident-serviceaccount.yaml.j2
 - trident-deployment.yaml.j2
-- trident-service.yaml.j2
+- trident-namespace.yaml.j2
+- trident-node-linux-serviceaccount.yaml.j2
 - trident-resourcequota.yaml.j2
+- trident-service.yaml.j2

playbookconfig/src/playbooks/roles/k8s-storage-backends/netapp/templates/trident-daemonset.yaml.j2

@@ -4,8 +4,8 @@ kind: DaemonSet
 metadata:
   name: trident-node-linux
   labels:
-    kubectl.kubernetes.io/default-container: trident-main
     app: node.csi.trident.netapp.io
+    kubectl.kubernetes.io/default-container: trident-main
 spec:
   selector:
     matchLabels:
@@ -32,7 +32,7 @@ spec:
             add:
             - SYS_ADMIN
         # STX_change: pull image from local registry
-        image: {{ local_registry }}/docker.io/netapp/trident:23.10.0
+        image: {{ local_registry }}/docker.io/netapp/trident:24.02.0
         imagePullPolicy: IfNotPresent
         command:
         - /trident_orchestrator
@@ -52,6 +52,8 @@ spec:
         - "--https_rest"
         - "--https_port=17546"
         - "--enable_force_detach=false"
+        - "--iscsi_self_healing_interval=5m0s"
+        - "--iscsi_self_healing_wait_time=7m0s"
         #- -debug
         startupProbe:
           httpGet:
@@ -113,7 +115,7 @@ spec:
           readOnly: true
       - name: driver-registrar
         # STX_change: pull image from local registry
-        image: {{ local_registry }}/registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0
+        image: {{ local_registry }}/registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
         imagePullPolicy: IfNotPresent
         args:
         - "--v=2"

playbookconfig/src/playbooks/roles/k8s-storage-backends/netapp/templates/trident-deployment.yaml.j2

@@ -22,7 +22,7 @@ spec:
       containers:
       - name: trident-main
         # STX_change: pull image from local registry
-        image: {{ local_registry }}/docker.io/netapp/trident:23.10.0
+        image: {{ local_registry }}/docker.io/netapp/trident:24.02.0
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsNonRoot: false
@@ -92,7 +92,7 @@ spec:
 
       - name: trident-autosupport
         # STX_change: pull image from local registry
-        image: {{ local_registry }}/docker.io/netapp/trident-autosupport:23.10
+        image: {{ local_registry }}/docker.io/netapp/trident-autosupport:24.02
         imagePullPolicy: IfNotPresent
         securityContext:
           capabilities:
@@ -113,7 +113,7 @@ spec:
           mountPath: /asup
       - name: csi-provisioner
         # STX_change: pull image from local registry
-        image: {{ local_registry }}/registry.k8s.io/sig-storage/csi-provisioner:v3.6.0
+        image: {{ local_registry }}/registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
         imagePullPolicy: IfNotPresent
         securityContext:
           capabilities:
@@ -133,7 +133,7 @@ spec:
           mountPath: /var/lib/csi/sockets/pluginproxy/
       - name: csi-attacher
         # STX_change: pull image from local registry
-        image: {{ local_registry }}/registry.k8s.io/sig-storage/csi-attacher:v4.4.0
+        image: {{ local_registry }}/registry.k8s.io/sig-storage/csi-attacher:v4.5.0
         imagePullPolicy: IfNotPresent
         securityContext:
           capabilities:
@@ -152,7 +152,7 @@ spec:
           mountPath: /var/lib/csi/sockets/pluginproxy/
       - name: csi-resizer
         # STX_change: pull image from local registry
-        image: {{ local_registry }}/registry.k8s.io/sig-storage/csi-resizer:v1.9.0
+        image: {{ local_registry }}/registry.k8s.io/sig-storage/csi-resizer:v1.9.3
         imagePullPolicy: IfNotPresent
         args:
         - "--v=2"
@@ -166,7 +166,7 @@ spec:
           mountPath: /var/lib/csi/sockets/pluginproxy/
       - name: csi-snapshotter
         # STX_change: pull image from local registry
-        image: {{ local_registry }}/registry.k8s.io/sig-storage/csi-snapshotter:v6.3.0
+        image: {{ local_registry }}/registry.k8s.io/sig-storage/csi-snapshotter:v6.3.3
         imagePullPolicy: IfNotPresent
         securityContext:
           capabilities: