Since CentOS Stream 8 is EOL, this commit updates the
config to use vault.centos.org for CentOS Stream 8.
This should be removed once the base image (ceph) is
updated to a version with a newer CentOS.
Signed-off-by: Praveen M <m.praveen@ibm.com>
(cherry picked from commit 5809628523)
When issues or bugs are reported, users often share the logs of the
default container in a Pod. These logs do not contain the required
information, as that mostly only can be found in the logs of the
Ceph-CSI container (named csi-cephfsplugin or csi-rbdplugin).
By moving the Ceph-CSI containers in the Pods to the 1st in the list,
they become the default container for commands like `kubectl logs`.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Sometimes the Ceph container images seem to have a broken scriptlet
while installing/updating Ceph packages. It is relatively common for
them to fail when `/etc/selinux/config` does not exist. By ensuring the
file directory and file exist (even if empty), the package installation
or upgrades succeed.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The image is now available in the release repository and can be fetched from
there instead of the staging repository.
Signed-off-by: Sebastian Hoß <seb@xn--ho-hia.de>
This commit makes use of crush location labels from node
labels to supply `crush_location` and `read_from_replica=localize`
options during mount. Using these options, cephfs
will be able to redirect reads to the closest OSD,
improving performance.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Implemented the capability to include kernel mount options and
fuse mount options for individual clusters within the ceph-csi-config
ConfigMap.This allows users to configure the kernel/fuse mount options
for each cluster separately. The mount options specified in the ConfigMap
will supersede those provided via command line arguments.
Signed-off-by: Praveen M <m.praveen@ibm.com>
This commit adds GetCephFSMountOptions util method which returns
KernelMountOptions and fuseMountOptions for cluster `clusterID`.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Ceph is minimizing their container-images, which can cause the
`nfs-utils` package to be dropped. As Ceph-CSI supports mounting NFS, it
needs the `/sbin/mount.nfs` executable, so install the package (or a
no-op if it is installed already).
See-also: https://rook-io.slack.com/archives/C46Q5UC05/p1699188662893109
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Implemented the capability to include read affinity options
for individual clusters within the ceph-csi-config ConfigMap.
This allows users to configure the crush location for each
cluster separately. The read affinity options specified in
the ConfigMap will supersede those provided via command line arguments.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Some packages have dependencies on other repositories. On occasion these
repositories seem to be out-of-sync. In that case, install updates with
an older version, instead of erroring out.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The ceph-iscsi repository seems to provide broken metadata or packages.
Ceph-CSI does not need to install them, so disable the repository for
now.
It seems that other repositories gave issues before too, but these
repositories were disabled after installing all available updates. For
ceph-iscsi updating fails already, so disable the repositories before
updating.
Updates: #2034
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Setting seLinuxMount:true in csidriver objects advertize
that the driver supports passing selinux label in mount
options.
refer: https://kubernetes.io/blog/2023/04/18/ \
kubernetes-1-27-efficient-selinux-relabeling-beta/
Signed-off-by: Rakshith R <rar@redhat.com>
Few common files related to deployments were kept
in the examples folder initially. Moving them to
deploy folder and updating the relevant files.
Signed-off-by: karthik-us <ksubrahm@redhat.com>
This will get updates released after the base image was built. This adds a layer
and increase the image size, but significantly reduce the number of CVEs in the
resultant image.
Signed-off-by: Gert van den Berg <github@mohag.net>
this commit update the packages and then do installation of the
packages in docker build process.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
this fsgrouppolicy setting was missing in api/deploy/* which
caused the yamlgen to not pickup this. this commit address the
same.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
deploy: remove beta storage group mention from csidriver yaml
the kubernetes version based enablement of storage api group
enablement is no longer requried and its already on v1 for
supported kubernetes versions.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Below sidecars are updated with this commit.
csi-provisioner: v3.3.0
csi-snapshotter: v6.1.0
This commit change the sidecar versions in build.env setup.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit change the default fsgroup policy for csi driver object
to "File" type which is the better/correct setting for the CSI volumes.
We have been using default value which is "ReadWriteOnceWithFSType".
with this change backward compatibility should be preserved.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
as PSP is deprecated in kubernetes 1.21
and will be removed in kubernetes 1.25
removing the existing PSP related templates
from the repo and updated the required documents.
fixes#1988
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
NFS volume similar to CephFs volumes can support
fsGroupPolicy as File, now Kubernetes Kubernetes may
use fsGroup to change permissions and ownership of the
volume to match user requested fsGroup in the pod's
SecurityPolicy regardless of fstype or access mode.
Signed-off-by: Rakshith R <rar@redhat.com>
This commit makes modification to nfs daemonset to use
nfs nodeserver. `nfs.NetNamespaceFilePath` example is
added.
Signed-off-by: Rakshith R <rar@redhat.com>