Commit Graph

167 Commits

Author SHA1 Message Date
Antoine C
3e9b438e7c helm: add least privileges logic for secrets on ceph-csi-cephfs chart
this allows the encryption KMS config to be granted secret access with
a least privilges policy.

Signed-off-by: Antoine C <hi@acolombier.dev>
2024-11-18 15:28:23 +00:00
Antoine C
cc407d157e helm: support encryption config in ceph-csi-cephfs chart
this chart currently lack the ability to properly configure encryption,
as well as granting sufficent permission to allow controllers to access
secret when needed.

Signed-off-by: Antoine C <hi@acolombier.dev>
2024-11-18 15:28:23 +00:00
尤理衡 (Li-Heng Yu)
dc4ca2015e doc: fixed broken doc links
The deploy link in the README is broken.
Fixed more broken links requested by iPraveenParihar in #4958

Signed-off-by: 尤理衡 (Li-Heng Yu) <007seadog@gmail.com>
2024-11-18 09:36:41 +00:00
Praveen M
3bcf6afe30 helm: add example for cephFS radosnamespace
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-10-21 14:11:27 +00:00
Mike Vollman
d1c28fa57a helm: Support setting annotations for nodePlugin and provisioner
Adding annotation support to both the CephFS and RBD charts.  Support
setting the DaemonSet and Pod level annotations for the nodeplugin.
Support setting the Deployment and Pod level annotations for the
provisioner.

Signed-off-by: Mike Vollman <mike@reportallusa.com>
2024-10-15 11:35:56 +00:00
Nikhil-Ladha
dfd8550667 cephfs: expose csi metrics of sidecars
Expose csi metrics of sidecars deployed by cephfs driver

Signed-off-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
2024-10-10 15:11:20 +00:00
Robert Vasek
d250be4c39 helm: added logSlowOperationInterval value to cephfs and rbd charts
Signed-off-by: Robert Vasek <robert.vasek@clyso.com>
2024-09-20 08:55:17 +00:00
Madhu Rajanna
88ce2c625b helm: remove kube version check
kubernetes 1.25 is EOL and we dont
support it in cephcsi anymore, Removing
the checks for the same.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-09-02 13:57:11 +00:00
james-choncholas
3fbe7a8c77 helm: optionally set userID and userKey in cephfs chart
According to https://github.com/ceph/ceph-csi/issues/4467 the cephfs
static provisioner expect userID and userKey in the credential secret.
Add these values to the helm chart so that they are only included in the
templated yaml if the values are non-empty.

Signed-off-by: james-choncholas <jim@choncholas.com>
2024-08-28 15:29:15 +00:00
Niraj Yadav
0092a47586 doc: Remove podSecurityPolicy from helm docs
Fixes: #4714

Signed-off-by: Niraj Yadav <niryadav@redhat.com>
2024-08-05 09:53:42 +00:00
Andreas
7afddb41d6 deploy: support omap data store in radosnamespace via cli argument
Signed-off-by: Andreas <zerotens@users.noreply.github.com>
2024-07-30 07:13:48 +00:00
Praveen M
0e4d455e54 deploy: update CSI sidecar driver-registrar to v2.11.1
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-07-17 12:05:41 +00:00
Andreas
1f192ac3da helm: add cli argument instanceid
Signed-off-by: Andreas <zerotens@users.noreply.github.com>
2024-07-01 13:32:33 +00:00
Praveen M
5709b45b3a deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.10.1
csi-resizer: v1.11.1
csi-provisioner: v5.0.1
csi-attacher: v4.6.1
csi-snapshotter: v8.0.1

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-06-13 10:08:15 +00:00
1602077
ea42a0e873 deploy: configurable podSecurityContexts in ceph-csi-cephfs
pod-level security contexts for nodeplugin daemonset and provisioner
deployment can be set via helm values.yaml

Signed-off-by: 1602077 <62025739+1602077@users.noreply.github.com>
2024-06-10 14:29:48 +00:00
Praveen M
b095e0441a deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.10.1
csi-resizer: v1.10.1
csi-provisioner: v4.0.1
csi-attacher: v4.5.1
csi-snapshotter: v7.0.2

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-04-23 13:49:14 +00:00
Praveen M
3c8ea475ec doc: csi driver object options
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-04-01 09:27:01 +00:00
Praveen M
33a888f9ec helm: fix seLinuxMount option for csi driver
This commit fixes the typo from `.Values.seLinuxMount` to
`.Values.CSIDriver.seLinuxMount` used in helm charts.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-29 10:46:18 +00:00
NymanRobin
5224d58c13 cephfs: add support for encryption in ceph-csi-cephfs chart
the chart currently lacks access to configmap and secrets
this causes the mounting of encrypted file systems to fail

Signed-off-by: NymanRobin <nyman.robin@gmail.com>
2024-03-21 14:58:33 +00:00
Ruslan Khizhnyak
d56c9abbce helm: CSIDriver add labels and seLinuxMount disabling method
Signed-off-by: Ruslan Khizhnyak <rkhizhnyak@ptsecurity.com>
2024-03-21 10:07:23 +00:00
Dmytro Alieksieiev
fcaac58a1e helm: Include seLinuxMount only if KubeVersion greater or equal of 1.25
Signed-off-by: Dmytro Alieksieiev <1865999+dragoangel@users.noreply.github.com>
2024-03-13 07:40:19 +00:00
Madhu Rajanna
e6d913970b helm: template changes for cephfs volumegroupsnapshot
tempalate changes for cephfs volumegroupsnapshot
the default is set to false and user can set
the value to true to get the support for VGS.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-22 15:21:07 +00:00
Niels de Vos
c9e64f9478 deploy: make the csi-*plugin containers the default for kubectl commands
When issues or bugs are reported, users often share the logs of the
default container in a Pod. These logs do not contain the required
information, as that mostly only can be found in the logs of the
Ceph-CSI container (named csi-cephfsplugin or csi-rbdplugin).

By moving the Ceph-CSI containers in the Pods to the 1st in the list,
they become the default container for commands like `kubectl logs`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-02-14 16:23:52 +00:00
Praveen M
fc6d34abaf deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.10.0
csi-resizer: v1.10.0
csi-provisioner: v4.0.0
csi-attacher: v4.5.0
csi-snapshotter: v7.0.0

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-02-10 14:37:34 +00:00
maximus13th
51decb097c cephfs: allow modify fsGroupPolicy for csidriver
allow to change value of fsGroupPolicy parameter for CSI Driver spec

Signed-off-by: maximus13th <maxym.pariy@gmail.com>
2024-01-08 11:11:39 +00:00
Riya Singhal
3cc47f37dc deploy: update csi sidecars to latest versions
Signed-off-by: Riya Singhal <rsinghal@redhat.com>
2024-01-04 12:24:46 +00:00
Sebastian Hoß
017dddcbfc helm: align seLinuxMount option w/ deploy folder
Signed-off-by: Sebastian Hoß <seb@xn--ho-hia.de>
2024-01-03 18:48:13 +00:00
Sebastian Hoß
b25a02e0df deploy: use release repository for csi-resizer
The image is now available in the release repository and can be fetched from
there instead of the staging repository.

Signed-off-by: Sebastian Hoß <seb@xn--ho-hia.de>
2023-12-14 17:40:32 +00:00
Jan Nemcik
1fb6d8f891 helm: update node plugin cluster role
added permission to get nodes for rbd and cephfs nodeplugin daemonset

Signed-off-by: Jan Nemcik <jan.nemcik@solargis.com>
2023-12-11 10:59:50 +00:00
Praveen M
2309168943 helm: add default false value for --enable-read-affinity
Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-12-06 18:18:21 +00:00
Ruslan Khizhnyak
ec29ec1ac2 helm: add extraDeploy option
To deploy additional manifests with the release.

Signed-off-by: Ruslan Khizhnyak <mustdiechik@gmail.com>
2023-11-23 13:50:44 +00:00
Praveen M
00c12b396f doc: add documentation for read affinity
This commit adds documentation about read affinity supported
for CephFS subvolumes.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-22 13:13:01 +00:00
Praveen M
7e26beb51e helm: add option to enable read affinity for CephFS
This commit adds --enable-read-affinity flag to
enable read affinity for CephFS.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-22 13:13:01 +00:00
Praveen M
afe3873947 deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.9.1
csi-resizer: v1.9.2
csi-provisioner: v3.6.2
csi-attacher: v4.4.2
csi-snapshotter: v6.3.2

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-20 11:42:52 +00:00
Ruslan Khizhnyak
802f22f0ae helm: add annotations secret manifest
To use mutating webhook to modify secrets.
For example banzaicloud vault webhook:
https://bank-vaults.dev/docs/mutating-webhook/annotations/

Signed-off-by: Ruslan Khizhnyak <mustdiechik@gmail.com>
2023-11-09 17:18:33 +00:00
Praveen M
cf577e39af deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.9.0
csi-resizer: v1.9.0
csi-provisioner: v3.6.0
csi-attacher: v4.4.0
csi-snapshotter: v6.3.0

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-09-20 08:20:38 +00:00
runzhliu
3be99d6477 doc: Update README.md and fix typo
Unified hump stylek

Signed-off-by: runzhliu <runzhliu@163.com>
2023-09-04 12:45:10 +00:00
Madhu Rajanna
ff030f12e1 deploy: use resizer canary image
use resizer canary image to as it
might contain fix for pvc resize
with kubernetes 1.28

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-08-25 11:43:03 +00:00
Cheng Wang
874d0bcf4b doc: fix helm doc of ceph-csi deployment
To make the doc better.

Signed-off-by: astraw99 <wangchengiscool@gmail.com>
2023-08-08 12:40:22 +00:00
Garen Fang
37018a2eef helm: add imagePullSecrets option
Currently the Helm chart does not contain a
imagePullSecrets option when you are using
private container registry, this is very inconvenient.
This PR add this option for both CephFS and RBD.

Signed-off-by: Garen Fang <fungaren@qq.com>
2023-06-16 04:37:03 +00:00
iPraveenParihar
40c1d32518 deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.8.0
csi-attacher: v4.3.0
csi-resizer: v1.8.0
csi-snapshotter: v6.2.2
csi-provisioner: v3.5.0

Signed-off-by: iPraveenParihar <praveenparihar68@gmail.com>
2023-06-01 19:06:53 +00:00
DashJay
9df4634fd0 deploy: fix bug of ceph-csi-rbd helm chart
fix bug that make provisioner get dup affinities
when deploy helm chart ceph-csi-rbd and ceph-csi-cephfs.

Signed-off-by: DashJay <45532257+dashjay@users.noreply.github.com>
2023-05-22 06:34:19 +00:00
Christian Kugler
ae278797be doc: Add basic upgrade documentation for Helm Charts
Without this patch the READMEs for the Helm Charts do not provide any
documentation on how to upgrade to a newer version. There is at least
one known issue when updating to a newer versions that is unavoidable as
of writing. There is a workaround for the issue which should be
documented in the upgrade section.

This is a problem because currently the only way to find this workaround
is to go through closed GitHub issues. These might not be around at the
time someone needs this information. Furthermore the issue should be
communicated to the operator before it occurs.

This patch adds basic documentation for updating the Helm repository,
and upgrading the installed release of the Helm Chart. How values can be
set is not part of the documentation. If an operator used custom values,
e.g. for the secret, they probably already know how to deal with setting
values. However, the docs still remind the reader to take values into
account.
Reusing the installed values (`--reuse-values`) has lead to problems in
past, which is why it is explicitly discouraged. An example for this
would be the value `logLevel` which was changed to `sidecarLogLevel`.
Reusing values lead to `.Values.sidecarLogLevel` being empty and the
`csi-provisioner` not being started due to invalid value `-v=""`.
Comparing new values with set values is encouraged.

The workaround for issue #3397 from GitHub is being addressed in the
section Know Issues Upgrading.

Signed-off-by: Christian Kugler <syphdias+git@gmail.com>
2023-02-08 12:59:23 +00:00
Domonkos Cinke
b7b491c097 deploy: add extraArgs for sidecars
Add the ability to control more arguments for CSI sidecar components.

Signed-off-by: Domonkos Cinke <seayou@gmail.com>
2023-01-05 15:58:48 +00:00
Humble Chirammal
31f0ac6e2d deploy: update node-driver-registrar to v2.6.2
This version has a fix for an important bug at kubelet
registration path.
https://github.com/kubernetes-csi/node-driver-registrar/pull/247

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-12-08 11:50:40 +00:00
Humble Chirammal
b258628b05 helm: get rid of storage group enablement based on the version
deploy: remove beta storage group mention from csidriver yaml

the kubernetes version based enablement of storage api group
enablement is no longer requried and its already on v1 for
supported kubernetes versions.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-11-11 16:41:24 +00:00
Humble Chirammal
eff8a9b3be helm: fuse_set_user_groups need not be part of the config
this setting in ceph.conf is no longer required and this commit
remove it from the chart.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-11-11 16:41:24 +00:00
Humble Chirammal
6bba64c872 rebase: update node driver registar to latest version
v2.6.0 is the latest version of the same and this commit
update it.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-11-03 14:31:26 +00:00
BOSSER, Bastien
dea07aa184 deploy: add commonLabels value
Signed-off-by: BOSSER, Bastien <bastien.bosser@atos.net>
2022-11-02 11:28:18 +00:00
Humble Chirammal
d1acae7209 deploy: update sidecars to latest versions available
Below sidecars are updated with this commit.

csi-provisioner: v3.3.0
csi-snapshotter: v6.1.0

This commit change the sidecar versions in build.env setup.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-09-29 10:24:26 +00:00