Syncing latest changes from master for rook #675
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ceph-CSI support for fscrypt encryption of cephfs.
To achieve this commit add capability of mounting the
required `rook-ceph-csi-kms-config` configmap into
csi-cephfsplugin-provisioner and nodeplugin pods.
Further it modifies the ClusterRoles `cephfs-csi-nodeplugin` and
`cephfs-external-provisioner-runner` to grant privileges
required for reading encryption configuration and fetching
encryption secrets from either kubernetes secrets or
from a Key Management System (KMS).
These privileges are essential for the proper functioning of
ceph-csi-cephfs with fscrypt encryption.
The following privileges have been added:
- `secrets/get`: Allows reading of secrets for encryption.
- `configmaps/get`: Grants access to configuration maps,
this is used to read encryption configuration.
- `serviceaccounts/get`: Enables retrieval of service accounts for
authentication to KMS and for retrieving encryption secrets
stored there.
- `serviceaccounts/token/create`: Allows creation of service account tokens,
which are required for authenticating requests to KMS
when retrieving encryption secrets.
The commit also updated the csi documentation to include cephfs
in the encryption section, with examples updated accordingly.
Signed-off-by: NymanRobin <robin.nyman@est.tech>
skip creating networkFence when 'ROOK_CSI_DISABLE_DRIVER' is set to 'false'. Signed-off-by: subhamkrai <srai@redhat.com>
Updating images for ceph cosi driver and side car. Signed-off-by: Jiffin Tony Thottan <thottanjiffin@gmail.com>
In docs page Storage-Configuration/Shared-Filesystem-CephFS/filesystem-storage.md Signed-off-by: dbrennand <52419383+dbrennand@users.noreply.github.com>
Block devices can move between reboots. In corner cases, an OSDs block device might move to a lower-indexed device while the previous device does not exist. For example, an OSD on /dev/sde might move to /dev/sdd on reboot if the original /dev/sdd died. There would be no /dev/sde after that. Users report that NVMe drives commonly change names, even when there are no disk failures. For these cases, ensure the activate script properly handles cases where the previous disk is not present on the node and where the OSD is still available on a different disk. Signed-off-by: Blaine Gardner <blaine.gardner@ibm.com>
user can look back to there configurations by looking at the configmap created with command line arguments This will be useful for them during upgrades when they need to re run the python script with the same flags Signed-off-by: parth-gr <partharora1010@gmail.com>
…e-change osd: fix activate failure when block device moves
external: create a configmap for the command line args
…abled csi: skip creating networkFence when csi disabled
…-master Signed-off-by: Ceph Jenkins <ceph-jenkins@redhat.com>
add generated csv changes Signed-off-by: Ceph Jenkins <ceph-jenkins@redhat.com>
Now user can pass the cli flags using config file and also command line argument, if mentioned at both the place priority is given to command line argument Signed-off-by: parth-gr <partharora1010@gmail.com>
external: add support for config file in external mode
docs(fix): missing ** in filesystem-storage.md
1) Make the csi rbd container logs persisted in a file (csi plugin, csi provisioner, csi addons sidecar) 2) Use the cephcluster api specs to configure the log rotate 3) Add log rotation to rotate the log file and Add a sidecar log collector container part-of: rook#12809 Signed-off-by: parth-gr <partharora1010@gmail.com>
this commit updates go-retryablehttp from 0.7.6 to 0.7.7 and without this govulcheck ci is failing. Signed-off-by: subhamkrai <srai@redhat.com>
csi: add log rotation for csi rbd pod containers
build: update go-retryablehttp from 0.7.6 to 0.7.7
csi: add cephfs encryption support
Syncing latest changes from upstream master for rook
updating csi-addons repo link to pull the yamls for installation closes: rook#14394 Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
csi: update csi-addons repo link
this commit upgrade to go 1.22 in go mod file and ci related files. Also remove go 1.21 support Signed-off-by: subhamkrai <srai@redhat.com>
govulcheck requires go 1.22.5 and even if `check-latest` is `true` with go `1.22` it is failing so setting specific version go `1.22.5` Signed-off-by: subhamkrai <srai@redhat.com>
Recently we have introuced external-cluster-user-command cm Which help user to look at the previous command run, So with this PR we will add another data field arg on this confimap which will have the final processed flags that are being used So user can use them directly either in config.ini or cmd line args Signed-off-by: parth-gr <partharora1010@gmail.com>
build: upgrade to go 1.22
external: add final args used to the upgrade configmap
this commit update cntrl runtime to v0.18.4 and other related deps/ Signed-off-by: subhamkrai <srai@redhat.com>
Priority: command-line-args > config.ini file values > default values Currently default was having more priority so fixed it Signed-off-by: parth-gr <partharora1010@gmail.com>
multus: reset validation tool debounce time to 30
…dependencies-fc54c511fc build(deps): bump the github-dependencies group across 1 directory with 4 updates
Use the same logrotate flow of rbd, as merged in rook#14305 1) Make the csi cephfs and nfs container logs persisted in a file 2) Use the cephcluster api specs to configure the log rotate 3) Add log rotation to rotate the log file and Add a sidecar log collector container And some fixes on the implementation: 1) Add a operator namespace in the log file path 2) Only add volume to the container if logrotate is enabled Closes: rook#12809, rook#14429 Signed-off-by: parth-gr <partharora1010@gmail.com>
csi: add log rotation for csi cephfs nfs pod containers
pool: Return error if device class update fails
Syncing latest changes from upstream master for rook
Bumps the github-dependencies group with 1 update: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go). Updates `github.com/aws/aws-sdk-go` from 1.54.15 to 1.54.19 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](aws/aws-sdk-go@v1.54.15...v1.54.19) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
With the release of the first squid RC, we add squid to the supported versions and add tests to run Rook against the squid release. Signed-off-by: Travis Nielsen <tnielsen@redhat.com>
core: Add support for Ceph Squid
…dependencies-fb6482a7be build(deps): bump github.com/aws/aws-sdk-go from 1.54.15 to 1.54.19 in the github-dependencies group
Syncing latest changes from upstream master for rook
This commit adds the flexibility to configure kube apiserver qps as per the user requirement and also keeps the existing values as the default one. Signed-off-by: yite.gu <yitegu0@gmail.com>
…rable csi: make kube apiserver qps configurable
Update the vhost-style S3 bucket access design doc to reflect recent user feedback and configuration issues. The primary goal is to add a field to disambiguate for users and Rook which endpoint should be used for CephObjectStoreUsers, OBCs, and COSI buckets. Signed-off-by: Blaine Gardner <blaine.gardner@ibm.com>
This reverts commit bd4250f. Signed-off-by: subhamkrai <srai@redhat.com>
the templateParam need to be updated with the right values before we are rendering the template. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
this commits adds desgin doc for integrating the new csi operator with rook. Signed-off-by: subhamkrai <srai@redhat.com>
csi: fix template render in logRotation
the templateParam need to be updated with the right values before we are rendering the template. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com> (cherry picked from commit cb87c3a)
currently, it was blocking both the mds ip instead its should block ip of of mds which is in the same node which is down. Signed-off-by: subhamkrai <srai@redhat.com>
csi: fix template render in logRotation
docs: design for csi operator integration with rook
doc: update vhost-style S3 bucket design
mds: block of active mds ip only
Syncing latest changes from upstream master for rook
|
/approve |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: df-build-team, travisn The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR containing the latest commits from master branch