Commit Graph

4244 Commits

Author SHA1 Message Date
Niels de Vos
6f0d9a5d59 deploy: include ServiceAccount in the NFS provisioner RBAC artifact
It seems that the ServiceAccount was not created anymore, this causes
problems with provisioning volumes.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-15 08:02:25 +00:00
Niels de Vos
a469a66f9d e2e: replace quoted namespace in templates too
Some templates are now generated with the API, and these include
namespaces as "quotes" values. Namespace replacing in the templates need
to replace both the unquoted and quoted strings.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-15 08:02:25 +00:00
Niels de Vos
32de26828f cleanup: don't return an internal type from VolumeGroupJournal.Connect()
The VolumeGroupJournal interface does not need to return anything except
for a potential error. Any instance that implements the
VolumeGroupJournal interface can be used to call all functions.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-14 10:39:36 +00:00
dependabot[bot]
9276aeb7fc rebase: bump google.golang.org/protobuf in /actions/retest
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-14 10:12:28 +00:00
Niels de Vos
1cb2ccd704 rebase: update vendored Ceph-CSI API
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-14 09:27:07 +00:00
Niels de Vos
a6466fb1ca build: add NFS provisioner RBAC to generated artifacts
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-14 09:27:07 +00:00
Niels de Vos
6b13352c9b api: add CSIProvisionerRBAC functions for the NFS-provisioner
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-14 09:27:07 +00:00
Niels de Vos
35da67be45 vendor: include k8s.io/api/rbac/v1
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-14 09:27:07 +00:00
Dmitriy Alekseev
6c43789de4 doc: Update capabilities readme to solve to open permissions
Signed-off-by: Dmytro Alieksieiev <1865999+dragoangel@users.noreply.github.com>
2024-03-13 17:07:28 +00:00
Praveen M
47b202554e rebase: Azure key vault module dependency update
This commit adds the Azure SDK for Azure key vault KMS
integration to the Ceph CSI driver.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-13 14:46:41 +00:00
Praveen M
b2087e4517 doc: added docs for Azure KMS
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-13 14:46:41 +00:00
Praveen M
8901b456fd kms: Implement Azure key vault as KMS provider
This commit adds the Azure Key Vault as a supported
KMS provider.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-13 14:46:41 +00:00
dependabot[bot]
d93c75517e rebase: bump google.golang.org/grpc from 1.62.0 to 1.62.1
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.0 to 1.62.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.62.0...v1.62.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 09:54:50 +00:00
Dmytro Alieksieiev
fcaac58a1e helm: Include seLinuxMount only if KubeVersion greater or equal of 1.25
Signed-off-by: Dmytro Alieksieiev <1865999+dragoangel@users.noreply.github.com>
2024-03-13 07:40:19 +00:00
dependabot[bot]
948d5e0b5d rebase: bump the github-dependencies group in /api with 1 update
Bumps the github-dependencies group in /api with 1 update: [github.com/stretchr/testify](https://github.com/stretchr/testify).

Updates `github.com/stretchr/testify` from 1.8.4 to 1.9.0
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-12 14:48:34 +00:00
dependabot[bot]
65954fa563 rebase: bump golang.org/x/oauth2 in /actions/retest
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-12 14:22:14 +00:00
Praveen M
e345b26340 cleanup: refactor functions to accept a context parameter
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-12 13:54:19 +00:00
Niels de Vos
c90f7ed777 cleanup: use latest version for k8s.io/pod-security-admission
The version v0.0.0 looks incorrect in go.mod, use the latest version
like all other Kubernetes modules.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-12 10:00:36 +00:00
dependabot[bot]
5298762c4c rebase: bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.1 to 3.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.1...v3.0.3)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-08 11:48:21 +00:00
dependabot[bot]
f12b6064d6 rebase: bump the golang-dependencies group with 4 updates
Bumps the golang-dependencies group with 4 updates: [github.com/golang/protobuf](https://github.com/golang/protobuf), [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/sys](https://github.com/golang/sys).


Updates `github.com/golang/protobuf` from 1.5.3 to 1.5.4
- [Release notes](https://github.com/golang/protobuf/releases)
- [Commits](https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4)

Updates `golang.org/x/crypto` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.21.0)

Updates `golang.org/x/net` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.22.0)

Updates `golang.org/x/sys` from 0.17.0 to 0.18.0
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: github.com/golang/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: golang-dependencies
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-07 13:37:04 +00:00
Michael Fritch
3410687855 cephfs: create a new blank key sized according to the passphrase
Padding a passphrase with null chars to arrive at a 32-byte length
later forces a user to also pass null chars via the term when
attempting to manually unlock a subvolume via the fscrypt cli tools.

This also had a side-effect of truncating any longer length passphrase
down to a shorter 32-byte length.

fixup for:
cfea8d7562
dd0e1988c0

Signed-off-by: Michael Fritch <mfritch@suse.com>
2024-03-06 19:23:30 +00:00
Michael Fritch
2368df7e69 cephfs: return ErrBadAuth during keyFn retry
fscrypt will infinitely retry the keyFn during an auth failure,
preventing the csi driver from progressing when configured with
an invalid passphrase

See also:
8c12cd64ab/actions/callback.go (L102-L106)

Signed-off-by: Michael Fritch <mfritch@suse.com>
2024-03-06 19:23:30 +00:00
dependabot[bot]
b8ab1c8bd8 rebase: bump google.golang.org/grpc from 1.61.1 to 1.62.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.61.1 to 1.62.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.61.1...v1.62.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-06 13:51:38 +00:00
dependabot[bot]
328e4e5a0f rebase: bump the github-dependencies group with 2 updates
Bumps the github-dependencies group with 2 updates: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) and [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go` from 1.50.21 to 1.50.26
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.50.21...v1.50.26)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.27.0 to 1.28.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/ecs/v1.28.1/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.0...service/ecs/v1.28.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-27 08:36:05 +00:00
dependabot[bot]
3a91487c8a rebase: bump the golang-dependencies group with 1 update
Bumps the golang-dependencies group with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `golang.org/x/crypto` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/crypto/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-27 07:53:48 +00:00
Madhu Rajanna
e6d913970b helm: template changes for cephfs volumegroupsnapshot
tempalate changes for cephfs volumegroupsnapshot
the default is set to false and user can set
the value to true to get the support for VGS.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-22 15:21:07 +00:00
Madhu Rajanna
a36412e709 cephfs: deployment changes to support VGS
deployment changes to support VGS for
cephfs.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-22 15:21:07 +00:00
Niels de Vos
83ec7096b6 rebase: use Helm client 3.14.1 for generating charts
By using version 3.14.1 of the client for generating Helm charts, users
are prevented to run into a security issue when they manually create the
charts.

The automatically generated Helm charts are not affected by this issue.

Fixes: CVE-2024-25620
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-02-21 11:20:13 +00:00
dependabot[bot]
5286aab201 rebase: bump the k8s-dependencies group in /api with 1 update
Bumps the k8s-dependencies group in /api with 1 update: [k8s.io/api](https://github.com/kubernetes/api).


Updates `k8s.io/api` from 0.29.1 to 0.29.2
- [Commits](https://github.com/kubernetes/api/compare/v0.29.1...v0.29.2)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-21 09:12:39 +00:00
Yati Padia
53b62804f4 ci: remove the merfigy rule for devel branch
this commit removes the automatic merge rule
for devel branch as this is always overwritten
from the conditions above and is not required

Signed-off-by: Yati Padia <ypadia@redhat.com>
2024-02-21 07:31:08 +00:00
Yati Padia
7d2e05b1f4 ci: update the merfigy rule to exclude k8s 1.25
This commit excludes the k8s 1.25 check from the
mergify rules for ready-to-merge label

Signed-off-by: Yati Padia <ypadia@redhat.com>
2024-02-21 07:31:08 +00:00
dependabot[bot]
dcae46be26 rebase: bump the k8s-dependencies group with 2 updates
Bumps the k8s-dependencies group with 2 updates: [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) and [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime).

Updates `k8s.io/kubernetes` from 1.29.1 to 1.29.2
- [Release notes](https://github.com/kubernetes/kubernetes/releases)
- [Commits](https://github.com/kubernetes/kubernetes/compare/v1.29.1...v1.29.2)

Updates `sigs.k8s.io/controller-runtime` from 0.17.1 to 0.17.2
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.1...v0.17.2)

---
updated-dependencies:
- dependency-name: k8s.io/kubernetes
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-20 18:38:25 +00:00
dependabot[bot]
3749b5c470 rebase: bump google.golang.org/grpc from 1.61.0 to 1.61.1
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.61.0 to 1.61.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.61.0...v1.61.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-20 16:51:06 +00:00
dependabot[bot]
700d9ee159 rebase: bump github.com/ceph/go-ceph from 0.25.0 to 0.26.0
Bumps [github.com/ceph/go-ceph](https://github.com/ceph/go-ceph) from 0.25.0 to 0.26.0.
- [Release notes](https://github.com/ceph/go-ceph/releases)
- [Changelog](https://github.com/ceph/go-ceph/blob/master/docs/release-process.md)
- [Commits](https://github.com/ceph/go-ceph/compare/v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: github.com/ceph/go-ceph
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-20 13:52:13 +00:00
dependabot[bot]
7926f8ebf6 rebase: bump the github-dependencies group with 2 updates
Bumps the github-dependencies group with 2 updates: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) and [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go` from 1.50.16 to 1.50.21
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.50.16...v1.50.21)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.26.7 to 1.27.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.26.7...config/v1.27.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-20 13:01:15 +00:00
Madhu Rajanna
a45ad5be9f rebase: update external-snapshotter client to v7
updating external-snapshotter client to
use the latest release

updates #4435

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-20 10:18:11 +00:00
Yati Padia
fbaf9d5485 rbd: log sitestatuses and description
This commit logs sitestatues and description in
GetVolumeReplicationInfo RPC call for better
debuging.

Fixes: #4430

Signed-off-by: Yati Padia <ypadia@redhat.com>
2024-02-19 12:58:42 +00:00
Madhu Rajanna
0a82f17671 ci: use new label for snapshot controller
with new release of snapshotter the
labels are changed, this commit uses
the new labels to list the snapshot
controller pod.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-15 20:21:14 +00:00
Madhu Rajanna
89501a8865 ci: use kubectl_retry helper for kubectl
use kubectl_retry helper to avoid
intermediate failure and retry again

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-15 20:21:14 +00:00
Madhu Rajanna
5c17d845b2 ci: fix image version replacement
canary tag is no more used in the
snapshotter yaml and latest version are
used, instead of searching for tag check
for the image name and do sed to replace
the required tag only.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-15 20:21:14 +00:00
Madhu Rajanna
11031091ef ci: remove unused function
remove unused function from the
install-snapshot script

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-15 20:21:14 +00:00
Madhu Rajanna
98b2a32767 ci: install latest version of snapshotter
Install latest version of snapshotter and also
take care of create/delete of new CRD's and
required flag for volumegroupsnapshot operation

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-15 20:21:14 +00:00
Madhu Rajanna
5f24d1634f ci: update snapshotter to latest version
updating csi snapshotter deployment to pull
image and rbac from latest released version.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-15 20:21:14 +00:00
Niels de Vos
fe050557c9 ci: no need to test the devel branch with k8s v1.26
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-02-15 08:22:16 +00:00
Riya Singhal
f464f0b85d ci: update mergify rules for release branches
Signed-off-by: Riya Singhal <rsinghal@redhat.com>
2024-02-15 08:22:16 +00:00
Riya Singhal
581efb3602 ci: update mergify rules for kubernetes 1.29
Signed-off-by: Riya Singhal <rsinghal@redhat.com>
2024-02-15 08:22:16 +00:00
Niels de Vos
c9e64f9478 deploy: make the csi-*plugin containers the default for kubectl commands
When issues or bugs are reported, users often share the logs of the
default container in a Pod. These logs do not contain the required
information, as that mostly only can be found in the logs of the
Ceph-CSI container (named csi-cephfsplugin or csi-rbdplugin).

By moving the Ceph-CSI containers in the Pods to the 1st in the list,
they become the default container for commands like `kubectl logs`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-02-14 16:23:52 +00:00
dependabot[bot]
c943a38a09 rebase: bump the k8s-dependencies group with 1 update
Bumps the k8s-dependencies group with 1 update: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime).


Updates `sigs.k8s.io/controller-runtime` from 0.17.0 to 0.17.1
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.0...v0.17.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-14 13:19:36 +00:00
dependabot[bot]
6eacbcd67f rebase: bump the golang-dependencies group with 3 updates
Bumps the golang-dependencies group with 3 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/sys](https://github.com/golang/sys).


Updates `golang.org/x/crypto` from 0.18.0 to 0.19.0
- [Commits](https://github.com/golang/crypto/compare/v0.18.0...v0.19.0)

Updates `golang.org/x/net` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.21.0)

Updates `golang.org/x/sys` from 0.16.0 to 0.17.0
- [Commits](https://github.com/golang/sys/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-14 10:50:38 +00:00
karthik-us
3c361be247 ci: update the upgrade_version
Setting the CSI_UPGRADE_VERSION to the latest release.

Signed-off-by: karthik-us <ksubrahm@redhat.com>
2024-02-13 17:37:20 +00:00