In csi-external-provisioner: v5.0.1, topology-aware
provisioning is enabled by default. As a result provisioner
now expects toologyKeys to be present in CSINode object which
must be passed by user via `--domainlabels` flag in RBD nodeplugin.
Issue: Users upgrading to v3.12.0 who were not previously using
topology-aware provisioning may encounter issues when provisionining
RBD PVCs, as the `--domainlabels` flag might not be set.
Fix: To address this, add `--immediate-topology=false` to disable
topology-aware provisioning. User requiring topology-aware
provisioning should provided the volumeBindingMode as
`WaitForFirstConsumer` and `TopologyConstrainedPools` as required in
the StorageClass and configure `--domainlabels` flag in RBD nodeplugin.
Signed-off-by: Praveen M <m.praveen@ibm.com>
This commit removes the Topology feature gate as it is now enabled by default
and will be removed in a future release. It is CSI driver's responsibility to
report capability `VOLUME_ACCESSIBILITY_CONSTRAINTS` so that topology gets
enabled in external-provisioner. When driver doesn't report it,
external-provisioner disables topology support.
As of this change, Only RBD driver supports topology based volume provisioning
and it reports the `VOLUME_ACCESSIBILITY_CONSTRAINTS` capability,
enabling topology support in the external-provisioner.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Since CentOS Stream 8 is EOL, this commit updates the
config to use vault.centos.org for CentOS Stream 8.
This should be removed once the base image (ceph) is
updated to a version with a newer CentOS.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Currently we are assuming that only one
rbd mirror daemon running on the ceph cluster
but that is not true for many cases and it
can be more that one, this PR make this as a
configurable parameter.
fixes: #4312
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
When issues or bugs are reported, users often share the logs of the
default container in a Pod. These logs do not contain the required
information, as that mostly only can be found in the logs of the
Ceph-CSI container (named csi-cephfsplugin or csi-rbdplugin).
By moving the Ceph-CSI containers in the Pods to the 1st in the list,
they become the default container for commands like `kubectl logs`.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Sometimes the Ceph container images seem to have a broken scriptlet
while installing/updating Ceph packages. It is relatively common for
them to fail when `/etc/selinux/config` does not exist. By ensuring the
file directory and file exist (even if empty), the package installation
or upgrades succeed.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The image is now available in the release repository and can be fetched from
there instead of the staging repository.
Signed-off-by: Sebastian Hoß <seb@xn--ho-hia.de>
This commit makes use of crush location labels from node
labels to supply `crush_location` and `read_from_replica=localize`
options during mount. Using these options, cephfs
will be able to redirect reads to the closest OSD,
improving performance.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Implemented the capability to include kernel mount options and
fuse mount options for individual clusters within the ceph-csi-config
ConfigMap.This allows users to configure the kernel/fuse mount options
for each cluster separately. The mount options specified in the ConfigMap
will supersede those provided via command line arguments.
Signed-off-by: Praveen M <m.praveen@ibm.com>
This commit adds GetCephFSMountOptions util method which returns
KernelMountOptions and fuseMountOptions for cluster `clusterID`.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Ceph is minimizing their container-images, which can cause the
`nfs-utils` package to be dropped. As Ceph-CSI supports mounting NFS, it
needs the `/sbin/mount.nfs` executable, so install the package (or a
no-op if it is installed already).
See-also: https://rook-io.slack.com/archives/C46Q5UC05/p1699188662893109
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Implemented the capability to include read affinity options
for individual clusters within the ceph-csi-config ConfigMap.
This allows users to configure the crush location for each
cluster separately. The read affinity options specified in
the ConfigMap will supersede those provided via command line arguments.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Some packages have dependencies on other repositories. On occasion these
repositories seem to be out-of-sync. In that case, install updates with
an older version, instead of erroring out.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The ceph-iscsi repository seems to provide broken metadata or packages.
Ceph-CSI does not need to install them, so disable the repository for
now.
It seems that other repositories gave issues before too, but these
repositories were disabled after installing all available updates. For
ceph-iscsi updating fails already, so disable the repositories before
updating.
Updates: #2034
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Setting seLinuxMount:true in csidriver objects advertize
that the driver supports passing selinux label in mount
options.
refer: https://kubernetes.io/blog/2023/04/18/ \
kubernetes-1-27-efficient-selinux-relabeling-beta/
Signed-off-by: Rakshith R <rar@redhat.com>
Few common files related to deployments were kept
in the examples folder initially. Moving them to
deploy folder and updating the relevant files.
Signed-off-by: karthik-us <ksubrahm@redhat.com>
This will get updates released after the base image was built. This adds a layer
and increase the image size, but significantly reduce the number of CVEs in the
resultant image.
Signed-off-by: Gert van den Berg <github@mohag.net>
this commit update the packages and then do installation of the
packages in docker build process.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
this fsgrouppolicy setting was missing in api/deploy/* which
caused the yamlgen to not pickup this. this commit address the
same.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
deploy: remove beta storage group mention from csidriver yaml
the kubernetes version based enablement of storage api group
enablement is no longer requried and its already on v1 for
supported kubernetes versions.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Below sidecars are updated with this commit.
csi-provisioner: v3.3.0
csi-snapshotter: v6.1.0
This commit change the sidecar versions in build.env setup.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit change the default fsgroup policy for csi driver object
to "File" type which is the better/correct setting for the CSI volumes.
We have been using default value which is "ReadWriteOnceWithFSType".
with this change backward compatibility should be preserved.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
