Commit Graph

3472 Commits

Author SHA1 Message Date
Benoît Knecht
0ec6e10bf2 util: Limit cryptsetup PBKDF memory usage
By default, `cryptsetup luksFormat` uses Argon2i as Password-Based Key
Derivation Function (PBKDF), which not only has a CPU cost, but also a memory
cost (to make brute-force attacks harder).

The memory cost is based on the available system memory by default, which in
the context of Ceph CSI can be a problem for two reasons:

1. Pods can have a memory limit (much lower that the memory available on the
   node, usually) which isn't taken into account by `cryptsetup`, so it can get
   OOM-killed when formating a new volume;
2. The amount of memory that was used during `cryptsetup luksFormat` will then
   be needed for `cryptsetup luksOpen`, so if the volume was formated on a node
   with a lot of memory, but then needs to be opened on a different node with
   less memory, `cryptsetup` will get OOM-killed.

This commit sets the PBKDF memory limit to a fixed value to ensure consistent
memory usage regardless of the specifications of the nodes where the volume
happens to be formatted in the first place.

The limit is set to a relatively low value (32 MiB) so that the `csi-rbdplugin`
container in the `nodeplugin` pod doesn't require an extravagantly high memory
limit in order to format/open volumes (particularly with operations happening
in parallel), while at the same time not being so low as to render it
completely pointless.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit 1852e977f8)
2023-04-27 16:47:12 +00:00
Madhu Rajanna
4859a9e361 ci: update minikube to 1.30.1
updating minikube to latest release
1.30.1

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 09a858d51d)
2023-04-27 14:15:26 +00:00
Niels de Vos
1fbaa22085 doc: use the Ceph Slack instance and not our silo'ed own one
Currently the Ceph-CSI community is on the 'free' Slack instance at
https://cephcsi.slack.com. The Ceph project uses a Slack instance that
we can use for Ceph-CSI as well. In order to integrate more with other
Ceph projects, we should ideally be active on the same Slack instance.

For now, we have `#ceph-csi` as only channel on the
https://ceph-storage-slack.com, we can add more channels if needed.

See-also: https://ceph.io/en/community/connect/
Signed-off-by: Niels de Vos <ndevos@ibm.com>
(cherry picked from commit ea3cd2b5e4)
2023-04-27 11:21:31 +00:00
riya-singhal31
546cb24a58 ci: update github actions for k8s 1.27
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
(cherry picked from commit 1bc090d975)
2023-04-27 13:11:39 +02:00
Rakshith R
393a0ab959 build: update golang to 1.19.8
CephCSI may be vulnerable to
https://github.com/advisories/GHSA-8v5j-pwr7-w5f8.
Update golang to 1.19.8 since it contains
fixes for mentioned CVE.

Signed-off-by: Rakshith R <rar@redhat.com>
(cherry picked from commit 4fb13b9328)
2023-04-25 13:31:05 +00:00
riya-singhal31
bd7ecc880e ci: fix shell check failures
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
(cherry picked from commit 44612fe34c)
2023-04-25 11:48:19 +00:00
riya-singhal31
9c1ca71ed0 ci: fix codespell failure
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
(cherry picked from commit f12cd9c986)
2023-04-25 11:48:19 +00:00
Madhu Rajanna
3668037797 revert: revert back 3.8.0 template changes
revert back the template changes for 3.8.0
release and use canary 3.8 tag

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-23 08:35:00 +00:00
Madhu Rajanna
e13e72af0b deploy: update templates to 3.8.0
updating templates to 3.8.0 for new
v3.8.0 release.

fixes: #3336

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-22 13:49:48 +00:00
Madhu Rajanna
5de4c2a970 doc: upgrade doc from 3.7 to 3.8
updating upgrade document from 3.7
to 3.8.0

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-22 08:38:25 +00:00
Madhu Rajanna
ef6aabbfb0 doc: update README for 3.8.0 release
updated README to deprecate 3.6.x release
and pin latest release to 3.8.0

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-22 08:38:25 +00:00
dependabot[bot]
dc0e09caea rebase: bump github.com/aws/aws-sdk-go from 1.44.195 to 1.44.205
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.195 to 1.44.205.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.195...v1.44.205)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-22 08:24:00 +00:00
riya-singhal31
b28b5e6c84 cephfs: use shallow volumes for the ROX accessMode
this commit makes shallow volume as default feature for ROX volumes.

Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-02-21 20:09:13 +00:00
dependabot[bot]
8854c8523d rebase: bump github.com/ceph/go-ceph from 0.19.0 to 0.20.0
Bumps [github.com/ceph/go-ceph](https://github.com/ceph/go-ceph) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/ceph/go-ceph/releases)
- [Changelog](https://github.com/ceph/go-ceph/blob/master/docs/release-process.md)
- [Commits](https://github.com/ceph/go-ceph/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/ceph/go-ceph
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-21 15:49:34 +00:00
Niels de Vos
b7d2d28e69 ci: only add ok-to-test if there are no pending CentOS jobs
After the `ok-to-test` label was added, the commenter will remove the
label again. There is no need for Mergify to re-add the label while CI
jobs are still running.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-21 13:25:16 +01:00
Niels de Vos
c84b4a15ba ci: only run test-retest-action if the PR modifies the action
There is no need to run the `test-retest-action` GitHub Workflow if
there are no changes under the `actions/retest` directory.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-21 10:58:52 +00:00
Niels de Vos
3325e5045e ci: do not run commitlint GitHub Action on dependabot PRs
Currently commitlint is only skipped for PR at the time dependabot
creates them. Once Mergify rebases them, commitlint is started anyway.
This causes failed CI runs, which then need to be ignored. It is cleaner
to not run commitlint on any PR that dependabot owns.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-21 10:58:52 +00:00
dependabot[bot]
17a342261e rebase: bump github.com/kubernetes-csi/csi-lib-utils
Bumps [github.com/kubernetes-csi/csi-lib-utils](https://github.com/kubernetes-csi/csi-lib-utils) from 0.11.0 to 0.13.0.
- [Release notes](https://github.com/kubernetes-csi/csi-lib-utils/releases)
- [Commits](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.11.0...v0.13.0)

---
updated-dependencies:
- dependency-name: github.com/kubernetes-csi/csi-lib-utils
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-21 09:37:05 +00:00
dependabot[bot]
58c4d0bdc5 rebase: bump github.com/onsi/gomega from 1.26.0 to 1.27.1
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.26.0 to 1.27.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.26.0...v1.27.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 22:07:55 +00:00
dependabot[bot]
5b825d5a28 rebase: bump k8s.io/api from 0.25.4 to 0.26.1 in /api
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.25.4 to 0.26.1.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](https://github.com/kubernetes/api/compare/v0.25.4...v0.26.1)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 16:55:19 +00:00
dependabot[bot]
e0c4304baf rebase: bump github.com/stretchr/testify from 1.8.0 to 1.8.1 in /api
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 15:23:31 +00:00
dependabot[bot]
868d0cffcf rebase: bump golang.org/x/net from 0.2.0 to 0.7.0 in /api
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.2.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 14:57:39 +00:00
Niels de Vos
773d2df564 ci: no need to run multi-arch-build for /actions/retest
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 14:18:15 +00:00
Niels de Vos
3a28b0f370 ci: add /api to dependabot configuration
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 14:18:15 +00:00
Niels de Vos
48822d942d ci: use context.issue.number for removing ok-to-test
`github.event.pull_request.number` does not seem to be valid as a script
object/variable.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 12:34:15 +00:00
Niels de Vos
56c8f1ea0b ci: do not let Mergify remove the ok-to-test label
Sometimes Mergify removed the `ok-to-test` label before the Pull Request
Commentor action have been run. With the updated commentor action, the
`ok-to-test` label is removed after leaving comments. There is no need
for Mergify to remove the label anymore.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 11:10:23 +01:00
Niels de Vos
3252c1e782 ci: remove ok-to-test label after commenting
Once the comments have been added, the `ok-to-test` label can be
removed. This makes it possible to simplify the Mergify configuration.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 11:10:23 +01:00
dependabot[bot]
d9a70d696e rebase: bump golang.org/x/net from 0.6.0 to 0.7.0 in /actions/retest
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 08:55:53 +00:00
dependabot[bot]
f654066bfe rebase: bump golang.org/x/net from 0.6.0 to 0.7.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-15 19:01:10 +00:00
dependabot[bot]
17a9451b2e rebase: bump golang.org/x/crypto from 0.5.0 to 0.6.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-15 14:57:21 +00:00
dependabot[bot]
17cc47a4ba rebase: bump golang.org/x/oauth2 from 0.4.0 to 0.5.0 in /actions/retest
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-15 12:27:14 +00:00
Madhu Rajanna
150d1a5ebb build: add check for go list
Added a check for go list to
verify the dependencies

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-15 10:09:49 +00:00
Madhu Rajanna
b57937661f rebase: pin dynamic-resource-allocation to v0.26.1
ping dynamic-resource-allocation
dependency to v0.26.1 as build fails sometimes
with below error message in offline builds

```
[🎩︎]mrajanna@fedora ceph-csi $]go list -mod=readonly -m all
go: k8s.io/dynamic-resource-allocation@v0.0.0:
invalid version: unknown revision v0.0.0
```

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-15 10:09:49 +00:00
riya-singhal31
60c98837ca e2e: fix typo
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-02-15 08:13:41 +00:00
dependabot[bot]
cb74487f75 rebase: bump github.com/hashicorp/vault/api from 1.8.3 to 1.9.0
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.8.3 to 1.9.0.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.8.3...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 21:10:47 +00:00
Rakshith R
3dd6fb40f1 ci: remove deprecated rebase_fallback from .mergify.yml
This commit removes the deprecated `rebase_fallback` option
from .mergify.yml .

refer: https://docs.mergify.com/actions/merge/#options

Signed-off-by: Rakshith R <rar@redhat.com>
2023-02-14 20:03:05 +01:00
dependabot[bot]
d09eae2efa rebase: bump google.golang.org/grpc from 1.52.3 to 1.53.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.52.3 to 1.53.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.52.3...v1.53.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 13:19:44 +00:00
Rakshith R
db8320ce51 doc: add documentation regarding read affinity
This commit adds documentation about read affinity supported
for rbd volumes.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-02-14 08:29:46 +00:00
Rakshith R
95682522ee rbd: add capability to automatically enable read affinity
This commit makes use of crush location labels from node
labels to supply `crush_location` and `read_from_replica=localize`
options during rbd map cmd. Using these options, ceph
will be able to redirect reads to the closest OSD,
improving performance.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-02-14 08:29:46 +00:00
dependabot[bot]
6e6cddb096 rebase: bump github.com/aws/aws-sdk-go from 1.44.190 to 1.44.195
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.190 to 1.44.195.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.190...v1.44.195)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-08 13:52:35 +00:00
Niels de Vos
c452b56285 ci: prevent always removing ok-to-test label
The check for a rebase always hits, but the actions for that inspect the
event for a real rebase. Removing the `ok-to-test` label is not suitable
in the Mergify check, as the label action does not inspect the event.
This caused the `ok-to-test` label to be removed on every Mergify
validation of the PR.

Fixes: ba68ce6 (ci: drop `ok-to-test` label when a PR is rebased)
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-08 14:09:33 +01:00
Christian Kugler
ae278797be doc: Add basic upgrade documentation for Helm Charts
Without this patch the READMEs for the Helm Charts do not provide any
documentation on how to upgrade to a newer version. There is at least
one known issue when updating to a newer versions that is unavoidable as
of writing. There is a workaround for the issue which should be
documented in the upgrade section.

This is a problem because currently the only way to find this workaround
is to go through closed GitHub issues. These might not be around at the
time someone needs this information. Furthermore the issue should be
communicated to the operator before it occurs.

This patch adds basic documentation for updating the Helm repository,
and upgrading the installed release of the Helm Chart. How values can be
set is not part of the documentation. If an operator used custom values,
e.g. for the secret, they probably already know how to deal with setting
values. However, the docs still remind the reader to take values into
account.
Reusing the installed values (`--reuse-values`) has lead to problems in
past, which is why it is explicitly discouraged. An example for this
would be the value `logLevel` which was changed to `sidecarLogLevel`.
Reusing values lead to `.Values.sidecarLogLevel` being empty and the
`csi-provisioner` not being started due to invalid value `-v=""`.
Comparing new values with set values is encouraged.

The workaround for issue #3397 from GitHub is being addressed in the
section Know Issues Upgrading.

Signed-off-by: Christian Kugler <syphdias+git@gmail.com>
2023-02-08 12:59:23 +00:00
dependabot[bot]
5adea309f2 rebase: bump k8s.io/klog/v2 from 2.80.1 to 2.90.0
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.80.1 to 2.90.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.80.1...v2.90.0)

---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-07 20:08:35 +00:00
dependabot[bot]
ce49d88e51 rebase: bump google.golang.org/grpc from 1.52.0 to 1.52.3
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.52.0 to 1.52.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.52.0...v1.52.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-07 16:25:57 +00:00
dependabot[bot]
7d9ab0ba8a rebase: bump sigs.k8s.io/controller-runtime from 0.14.2 to 0.14.4
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.2 to 0.14.4.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.2...v0.14.4)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-07 11:54:50 +00:00
dependabot[bot]
94e416af4b rebase: bump github.com/aws/aws-sdk-go-v2/service/sts
Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.18.2 to 1.18.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.2...config/v1.18.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-07 09:23:48 +00:00
Madhu Rajanna
650c522ce0 build: update golang to 1.19.5
kubernetes 1.26.1 requires golang
1.19

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-03 08:55:43 +00:00
Madhu Rajanna
3967e4dae9 cleanup: fix static checks
fix SA1019 static check to replace
io/utils with os package and sets
with generic sets

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-03 08:55:43 +00:00
Madhu Rajanna
9c8de9471e rebase: update kubernetes to 1.26.1
update kubernetes and its dependencies
to v1.26.1

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-03 08:55:43 +00:00
Madhu Rajanna
e9e33fb851 cleanup: fix static checks
fix SA1019 static check to replace
io/utils with os package

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-02 14:53:59 +00:00