To be consistent with other components and also to explictly
state it belong to `ibm keyprotect` service introducing this
change
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit f822600689)
considering the pod has run as normal user, the fsgroup has also
set to the same.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit 7ff048bf1e)
currently we are overriding the permission to `0o777` at time of node
stage which is not the correct action. That said, this permission
change causes an extra permission correction at time of nodestaging
by the CO while the FSGROUP change policy has been set to
`OnRootMismatch`.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit bf4ba0ec84)
pull the ceph image from quay.io instead
of dockerhub.
From ceph doc, the images are available
in both quay and dockerhub
https://docs.ceph.com/en/latest/install/
containers/#official-releases but latest
images are not updated in dockerhub.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 6bdeffda59)
During CreateVolume from snapshot/volume,
its difficult to identify if the clone is
failed and a new clone is created. In case
of clone failure logging the error message
for better debugging.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 2daf2f9f0c)
This commit revert the template changes brought in for release-3.5
and making it refer to canary.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit updates the node driver registrar container to latest
version.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit 0078e5c8e7)
This commit adds latest versions of the sidecars to the build.env
to pass the latest versions on the deployment
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit c0c2d72933)
This commit update the csi-attacher sidecar version to v3.4.0
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit 0ab717f06f)
This commit updates sidecars to the latest available version
which is compatible with kubernetes 1.23 and csi spec 1.5
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit ea8e360888)
Without commit [1] Kernel doesn't handle io-timeout=0 correctly
Hence we recommend Kernel version 5.4 or higher that has commit [1]
[1] https://bit.ly/34CFh06
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
(cherry picked from commit 1c153b120c)
This commit adds the upgrade documentation from v3.4 to v3.5
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit b151325871)
Currently, as a workaround, we are calling
the resize volume on the cloned, restore volumes
to adjust the cloned, restored volumes.
With this fix, we are calling the resize volume
only if there is a size mismatch with requested
and the volume from which the new volume needs
to be created.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit add example yamls for RBD and CephFS Pod and PVCs
RBD:
Raw Block Volume and File Mode PVCs with RWOP accessmode
Raw Block Volume POD and FileMode POD yamls referring RWOP PVC
CephFS:
RWOP PVC and POD yaml referring RWOP PVC
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
The ReadWriteOncePod feature gate need to be enabled only when we
are operating on kube 1.22 or above cluster. This commit adds the
logic to parse the kubernetes cluster at time of minikube deployment
and if it is above v1.22, enable the RWOP feature gate
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
SINGLE_NODE_WRITER capability ambiguity has been fixed in csi spec v1.5
which allows the SP drivers to declare more granular WRITE capability in form
of SINGLE_NODE_SINGLE_WRITER or SINGLE_NODE_MULTI_WRITER.
These are not really new capabilities rather capabilities introduced to
get the desired functionality from CO side based on the capabilities SP
driver support for various CSI operations, this new capabilities also help
to address new access mode RWOP (readwriteoncepod).
This commit adds a helper function which identity the request is of
multiwriter mode and also validates whether it is filesystem mode or
block mode. Based on the inspection it fails to allow multi write
requests for filesystem mode and only allow multi write request against
block mode.
This commit also adds unit tests for isMultiWriterBlock function which
validates various accesstypes and accessmodes.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
SINGLE_NODE_WRITER capability ambiguity has been fixed in csi spec v1.5
which allows the SP drivers to declare more granular WRITE capability.
These are not really new capabilities rather capabilities introduced to
get the desired functionality from CO side based on the capabilities SP
driver support for various CSI operations.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit adds optional BaseURL and TokenURL configuration to
key protect/hpcs configuration and client connections, if not
provided default values are used.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
By the addition of the queue rules in the Mrgify configuration, all PRs
that require changes, or have been updated and review should be dropped,
are now added to the queue for merging. This is obviously not what we
want.
Fixes: 43fc945 ("ci: move from merge action to queue action")
Signed-off-by: Niels de Vos <ndevos@redhat.com>
as mentioned in the below blog the support for strict mode
and merge action will be done soon in mergify. This brings
the change requested for the same.
Ref# https://blog.mergify.com/strict-mode-deprecation/
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
implement UnfenceClusterNetwork grpc call
which allows to unblock the access to a
CIDR block by removing it from network fence.
Signed-off-by: Yug Gupta <yuggupta27@gmail.com>
implement FenceClusterNetwork grpc call which
allows to blocks access to a CIDR block by
creating a network fence.
Signed-off-by: Yug Gupta <yuggupta27@gmail.com>
Convert the CIDR block into a range of IPs,
and then add network fencing via "ceph osd blocklist"
for each IP in that range.
Signed-off-by: Yug Gupta <yuggupta27@gmail.com>
This commit removes rbdVol.getTrashPath() function
since it is no longer being used due to introduction
of go-ceph rbd admin task api for deletion.
Signed-off-by: Rakshith R <rar@redhat.com>
With introduction of go-ceph rbd admin task api, credentials are
no longer required to be passed as cli cmd is not invoked.
Signed-off-by: Rakshith R <rar@redhat.com>
This commit removes `rv.Connect(cr)` since the rbdVolume should
have an active connection in this stage of the function call.
`rv.getCloneDepth(ctx)` will work after a connect to the cluster.
Signed-off-by: Rakshith R <rar@redhat.com>
This commit adds support to go-ceph rbd task api
`trash remove` and `flatten` instead of using cli
cmds.
Fixes: #2186
Signed-off-by: Rakshith R <rar@redhat.com>