-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: Sync from upstream release-1.15 to downstream release-4.17 #706
Conversation
Fixes: #14518 A recent change seems to have broken the permissions of the auto-assign action. This tries to fix this by making permissions more specific. Signed-off-by: Michael Adam <obnox@samba.org>
ci: fix the permissions of the assign action
For the new 1.15 branch and first test release, update the docs and manifests to v1.15.0-beta.0 Signed-off-by: Travis Nielsen <tnielsen@redhat.com>
build: Set the release version to v1.15.0-beta.0
Add CephObjectStore spec.hosting.advertiseEndpoint configuration. This provides a clear documented default for which endpoint Rook "advertises" to dependent resources like CephObjectStores, OBCs, and COSI Buckets/Accesses and allows users to override the default behavior if desired. The current default is to round-robin an endpoint from spec.hosting.dnsNames, which has proven to be troublesome for some users' object store configurations. This change provides much-needed disambiguation for users. This may be a breaking change for some existing spec.hosting.dnsNames users. This is unexpected but is documented. Signed-off-by: Blaine Gardner <blaine.gardner@ibm.com> (cherry picked from commit a2b0b64)
object: add hosting.advertiseEndpoint config (backport #14467)
issue: external-provisioner (v5) enabled topology feature-gate by default and the current implementation in Rook uses a conditional block to enable the topology feature gate. This approach now does not directly reflect the state of the `CSI_ENABLE_TOPOLOGY`. fix: replacing the conditional block with a direct use of the `CSI_ENABLE_TOPOLOGY` for flag value. Signed-off-by: Praveen M <m.praveen@ibm.com> (cherry picked from commit e30e5e8)
csi: explicitly set Topology feature-gate (backport #14517)
RGW can only serve a single certificate. This limitation means that the prior behavior of using the default service for admin ops when TLS is enabled may mean it requires additional complex certificate management to make sure the object store uses a certificate valid for Rook internal admin ops and user connections. This is needlessly complex for users. Instead, change Rook's behavior and documentation to clarify that it will use the same endpoint intended for S3 client applications. This means that users have a more straightforward path to enabling both Rook and consuming applications. More info: #14530 Signed-off-by: Blaine Gardner <blaine.gardner@ibm.com> (cherry picked from commit b4a2285)
object: use advertise endpoint for admin ops (backport #14532)
This commit adds example yamls for block volume mode. Signed-off-by: Rakshith R <rar@redhat.com> (cherry picked from commit 53e2f8c)
csi: add pvc & pod yamls for block volume mode (backport #14542)
For the specification see: <https://github.com/rook/rook/blob/master/design/ceph/object/swift-and-keystone-integration.md> * extend the API object specs for swift and keystone integration * adapt rgw to the new go-ceph version - The parameter lists of the API call have changes, as parameters ignored by the RGW Admin Ops API are no longer serialized, therefore the mock has to be adapted. - There is now validation for the user keys that are passed to the User get API, therefore things failed when we had empty keys in our User proxy object. * expand the reconcile loop for the swift and keystone integration * fix minor mistakes in design document * add env var to pass extra args to minikube Minikube decides CPU cores and memory automatically based on the available resources on the machine which may be insufficient to run rook. This commit adds an environment variable to add arbitrary arguments to the minikube command, so both can be specified if desired. * integration tests for swift and keystone The new integration of swift or s3 and keystone support by rook does not have any integration tests yet. This commit introduces integration tests for swift and keystone. The tests are done against a minimal keystone setup (keystone container image from Yaook-project (https://yaook.cloud), sqlite as database backend, cert-manager and trust-manager for test certificate setup). To prevent hardcoded credentials, passwords are generated by the tests. The integration tests use the openstack client (keystone- and swift-functionality) (https://docs.openstack.org/ python-openstackclient/ latest/). This was a concious design decision to use client tooling as close as possible to the end user instead of using other go-libraries (such as gophercloud). * add documentation on swift and keystone Currently there is no documentation on the use of Swift to access an object store as well as the use of OpenStack keystone for authentication. This commit adds documentation on the use of Swift and OpenStack keystone, as well as CRD-related documentation and an example setup. * add integration tests for S3 via keystone This commit introduces integration tests for s3 and keystone. The tests are run against the same minimal keystone setup that the tests for swift and keystone use. The integration tests use the aws s3 client to use client tooling as close as possible to the end user instead of using other go-libraries. Co-authored-by: Jan Klippel <jan.klippel@uhurutec.com> Co-authored-by: Silvio Ankermann <silvio.ankermann@cloudandheat.com> Signed-off-by: Sebastian Riese <sebastian.riese@cloudandheat.com> Signed-off-by: Jan Klippel <jan.klippel@uhurutec.com> Signed-off-by: Silvio Ankermann <silvio.ankermann@cloudandheat.com> (cherry picked from commit ee8bcad)
rgw: implement support for authentication using keystone for s3 and swift (backport #13807)
Signed-off-by: Zuhair AlSader <zuhair@devzero.io> (cherry picked from commit c146b59)
docs: fix affinity docs in operator chart (backport #14546)
PR #14473 tried to improve the token-permissions score of the OpenSSF scorecard report. https://scorecard.dev/viewer/?uri=github.com/rook/rook The latest scorecard run however shows that this score has not improved. It still shows two warbnings about missing top level permissions. The rest looks good (just Info entries). This change aims at finally improving the token-permissions score by adding top level permissions to the two warned-about workflow files. Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 2d29297)
ci: fix excessive token permissions -- again (backport #14557)
Update Rook and Ceph upgrade docs for upcoming v1.15 release. Tidy up pending release notes in the working text as well as official doc texts. Signed-off-by: Blaine Gardner <blaine.gardner@ibm.com> (cherry picked from commit 6026fb1)
docs: update upgrade docs for v1.15 (backport #14559)
With the release of K8s v1.31.0, we update the minimum supported version to v1.26, and add v1.31 to the CI so we can test the most recent six versions of K8s. Signed-off-by: Travis Nielsen <tnielsen@redhat.com> (cherry picked from commit e157bb5)
core: Support k8s versions 1.26 through 1.31 (backport #14566)
Ceph image no longer has `ip` tool installed. Use a different container image for the daemonset which sets host IPs and routes for multus hosts. Signed-off-by: Blaine Gardner <blaine.gardner@ibm.com> (cherry picked from commit 5773132)
ci: fix failing multus validation tool test (backport #14565)
adding code changes,rbac changes required for create the new Ceph-CSI operator CR named cephCluster in api group 'csi.ceph.io'. Signed-off-by: subhamkrai <srai@redhat.com> (cherry picked from commit 4b0b3a5)
adding changes to create CSI-operator config CR based on every radosnamesapce and subvolumegroup. Signed-off-by: subhamkrai <srai@redhat.com> (cherry picked from commit 667e044)
Signed-off-by: subhamkrai <srai@redhat.com> (cherry picked from commit 1ad20d0)
adding the CSI-operator manifest files inside rook repo naming deploy/examples/csi-operator-manifests.yaml. Also, let's skip running any lint check on file `deploy/examples/csi-operator.yaml` as this is owned by CSI-operator. Signed-off-by: subhamkrai <srai@redhat.com> (cherry picked from commit c30b8a5)
adding annotation to existing CSI driver resource so that csi-operator can take ownership of existing CSI driver resources. Signed-off-by: subhamkrai <srai@redhat.com> (cherry picked from commit 64cce51)
adding unit test for csi-op resources and also fixing small pointer issue with this commit. Signed-off-by: subhamkrai <srai@redhat.com> (cherry picked from commit f40cb39)
Below csi sidecars are updated with latest available versions csi-resizer: v1.11.1 csi-provisioner: v5.0.1 csi-attacher: v4.6.1 csi-snapshotter: v8.0.1 csi-node-driver-registrar: v2.11.1 Signed-off-by: Praveen M <m.praveen@ibm.com> (cherry picked from commit a1ddf45) # Conflicts: # deploy/examples/images.txt
updating csi-operator version in go.mod and csi-operator.yaml to use latest release v0.1. And also fixing one small bug where csi-driver log level was set in csi-operator log level. Signed-off-by: subhamkrai <srai@redhat.com> (cherry picked from commit 89e9077)
this commit contains changes that are forced by latest controller-runtime version v0.19.0. Signed-off-by: subhamkrai <srai@redhat.com> (cherry picked from commit 2556e14)
Signed-off-by: Praveen M <m.praveen@ibm.com> (cherry picked from commit 1efe3b6)
make test was failing when running on arm macbooks. Fix it so that it isn't running with hardcoded GOOS=linux. Signed-off-by: Blaine Gardner <blaine.gardner@ibm.com> (cherry picked from commit 5da7feb)
csi: storageclass update to gp2-csi (backport #14586)
csi: update csi-operator to use latest tag v0.1 (backport #14599)
test: fix 'make test' on arm mac (backport #14604)
csi: update csi sidecars' image version (backport #14357)
Alerting on controller-runtime's workqueue_depth can be useful for debugging controllers. Also having a prometheus target for a pod gives another data point that the system is working as expected. It is useful for uptime alerts. Make the bind address configurable via the configmap while still retaining the default behavior that it is disabled. Resolves: #14538 Signed-off-by: Justin Cichra <jcichra@cloudflare.com> (cherry picked from commit 74a79b2)
Signed-off-by: Zuhair AlSader <zuhair@devzero.io> (cherry picked from commit 6714b86)
osd: reweight osd while resizing (backport #14435)
Signed-off-by: Zuhair AlSader <zuhair@devzero.io> (cherry picked from commit b6087c4)
core: add configuration option for metrics bindAddress (backport #14598)
manifest: add registry name to docker images (backport #14550)
docs: missing slack link (backport #14612)
For the minor release update the documentation and manifests to v1.15.0 Signed-off-by: Travis Nielsen <tnielsen@redhat.com>
The docker.io image prefix is expected to be prepended to the image names in the test images. This was missed in 14550 related to some CI tests, which was now causing the CI failures in the 1.15 branch where the search and replace was missing the new docker.io prefix. Signed-off-by: Travis Nielsen <tnielsen@redhat.com>
build: Update the release version to v1.15.0
when I was pusing the new changes in older pr I missed updating the latest tag to v0.1.0 in csi-operator.yaml file. Updating now. Signed-off-by: subhamkrai <srai@redhat.com> (cherry picked from commit 838f583)
csi: use specific tag instead of latest image (backport #14618)
@travisn: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
1 similar comment
@travisn: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: subhamkrai, travisn The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
fbae2aa
into
red-hat-storage:release-4.17
Sync from upstream release-1.15 to downstream release-4.17. This is needed since upstream v1.15.0 shipped so we can have the same base for 4.17.
Checklist: