mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 02:33:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: remove psp from cephcsi

Browse Source 
as PSP is deprecated in kubernetes 1.21
and will be removed in kubernetes 1.25
removing the existing PSP related templates
from the repo and updated the required documents.

fixes #1988

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna
2022-08-23 10:34:16 +05:30
committed by mergify[bot]
parent 3d05ef0585
commit 96a3aabe5a
32 changed files with 37 additions and 987 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
docs/ceph-csi-upgrade.md
View File

@ -17,6 +17,7 @@
- [2.1 Update the CephFS Nodeplugin RBAC](#21-update-the-cephfs-nodeplugin-rbac)
- [2.2 Update the CephFS Nodeplugin daemonset](#22-update-the-cephfs-nodeplugin-daemonset)
- [2.3 Manual deletion of CephFS Nodeplugin daemonset pods](#23-manual-deletion-of-cephfs-nodeplugin-daemonset-pods)
- [Delete removed CephFS PSP, Role and RoleBinding](#delete-removed-cephfs-psp-role-and-rolebinding)
- [Upgrading RBD](#upgrading-rbd)
- [3. Upgrade RBD Provisioner resources](#3-upgrade-rbd-provisioner-resources)
- [3.1 Update the RBD Provisioner RBAC](#31-update-the-rbd-provisioner-rbac)
@ -24,6 +25,7 @@
- [4. Upgrade RBD Nodeplugin resources](#4-upgrade-rbd-nodeplugin-resources)
- [4.1 Update the RBD Nodeplugin RBAC](#41-update-the-rbd-nodeplugin-rbac)
- [4.2 Update the RBD Nodeplugin daemonset](#42-update-the-rbd-nodeplugin-daemonset)
- [Delete removed RBD PSP, Role and RoleBinding](#delete-removed-rbd-psp-role-and-rolebinding)
- [Upgrading NFS](#upgrading-nfs)
- [5. Upgrade NFS Provisioner resources](#5-upgrade-nfs-provisioner-resources)
- [5.1 Update the NFS Provisioner RBAC](#51-update-the-nfs-provisioner-rbac)
@ -231,6 +233,20 @@ For each node:
- The pod deletion causes the pods to be restarted and updated automatically
on the node.
#### Delete removed CephFS PSP, Role and RoleBinding
As PSP is deprecated in Kubernetes v1.21.0. Delete PSP related objects as PSP
support for CephFS is removed.
```console
kubectl delete psp cephfs-csi-provisioner-psp --ignore-not-found
kubectl delete role cephfs-csi-provisioner-psp --ignore-not-found
kubectl delete rolebinding cephfs-csi-provisioner-psp --ignore-not-found
kubectl delete psp cephfs-csi-nodeplugin-psp --ignore-not-found
kubectl delete role cephfs-csi-nodeplugin-psp --ignore-not-found
kubectl delete rolebinding cephfs-csi-nodeplugin-psp --ignore-not-found
```
we have successfully upgraded cephfs csi from v3.6 to v3.7
### Upgrading RBD
@ -297,6 +313,23 @@ daemonset.apps/csi-rbdplugin configured
service/csi-metrics-rbdplugin configured
```
#### Delete removed RBD PSP, Role and RoleBinding
As PSP is deprecated in Kubernetes v1.21.0. Delete PSP related objects as PSP
support for RBD is removed.
```console
kubectl delete psp rbd-csi-provisioner-psp --ignore-not-found
kubectl delete role rbd-csi-provisioner-psp --ignore-not-found
kubectl delete rolebinding rbd-csi-provisioner-psp --ignore-not-found
kubectl delete psp rbd-csi-nodeplugin-psp --ignore-not-found
kubectl delete role rbd-csi-nodeplugin-psp --ignore-not-found
kubectl delete rolebinding rbd-csi-nodeplugin-psp --ignore-not-found
kubectl delete psp rbd-csi-vault-token-review-psp --ignore-not-found
kubectl delete role rbd-csi-vault-token-review-psp --ignore-not-found
kubectl delete rolebinding rbd-csi-vault-token-review-psp --ignore-not-found
```
we have successfully upgraded RBD csi from v3.6 to v3.7
### Upgrading NFS

10
docs/deploy-cephfs.md
View File

@ -140,16 +140,6 @@ Those manifests deploy service accounts, cluster roles and cluster role
bindings. These are shared for both RBD and CephFS CSI plugins, as they require
the same permissions.
**Deploy PodSecurityPolicy resources for sidecar containers and node plugins:**
**NOTE:** These manifests are required only if [PodSecurityPolicy](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#podsecuritypolicy)
admission controller is active on your cluster.
```bash
kubectl create -f csi-provisioner-psp.yaml
kubectl create -f csi-nodeplugin-psp.yaml
```
**Deploy ConfigMap for CSI plugins:**
```bash

10
docs/deploy-rbd.md
View File

@ -109,16 +109,6 @@ Those manifests deploy service accounts, cluster roles and cluster role
bindings. These are shared for both RBD and CephFS CSI plugins, as they require
the same permissions.
**Deploy PodSecurityPolicy resources for sidecar containers and node plugins:**
**NOTE:** These manifests are required only if [PodSecurityPolicy](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#podsecuritypolicy)
admission controller is active on your cluster.
```bash
kubectl create -f csi-provisioner-psp.yaml
kubectl create -f csi-nodeplugin-psp.yaml
```
**Deploy ConfigMap for CSI plugins:**
```bash

2
docs/rbd-nbd.md
View File

@ -61,7 +61,7 @@ storageclass yaml
```
- For standard templates edit [csi-rbdplugin.yaml](../deploy/rbd/kubernetes/csi-rbdplugin.yaml)
to update `hostPath` for `ceph-logdir`, also edit psp [csi-nodeplugin-psp.yaml](../deploy/rbd/kubernetes/csi-nodeplugin-psp.yaml)
to update `hostPath` for `ceph-logdir`.
to update `pathPrefix` spec entries.
- Update the StorageClass with the customized log directory path
- Now update rbd StorageClass for `cephLogDir`, for example