Commit Graph

4063 Commits

Author SHA1 Message Date
Niels de Vos
268ac42850 rebase: update k8s external-snapshotter to v6.2.2
All changes are listed here:
https://github.com/kubernetes-csi/external-snapshotter/compare/v6.1.0...v6.2.2

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-06-01 06:43:20 +00:00
Niels de Vos
360df61eb0 ci: github.event.pull_request.merged is a boolean, not a string
With the updates to the pull-request-commenter, all strings were placed
within `'` to prevent syntax issues. It seems that
`github.event.pull_request.merged` really is a boolean (or `null`), and
not a string.

Doc: https://docs.github.com/en/webhooks-and-events/ ("payloads" section)
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-31 09:44:25 +00:00
Niels de Vos
b804181a3d ci: remove \ from GitHub Workflow if condition
Backslashes (`\`) cause issues in the `if` statment with GitHub
Workflows.

    Unexpected symbol: '\'. Located at position 53 within expression:
    (github.event.pull_request.label == 'ok-to-test' && \

Using the `>` YAML syntax to replace linebreaks with spaces should
address this problem.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-31 07:44:13 +00:00
Niels de Vos
27dc4f0fde ci: fix syntax error in pull-request-commenter GitHub Workflow
The `ok-to-test` label does not work anymore, and the GitHub Workflow
contains the following error:

    The workflow is not valid.
    .github/workflows/pull-request-commentor.yaml (Line: 15, Col: 9):
    Unrecognized named-value: 'ok-to-test'.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-30 14:00:27 +00:00
Rakshith R
cf0fd2bfeb ci: fix pull-request-commentor workflow
Fix if condition in workflow to account
for ok-to-test label on newly created prs.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-26 12:15:07 +00:00
Rakshith R
b157b1a7c2 ci: trigger Add comment workflow for "opened" prs
The `Add comment` workflow was triggered only
when labels were added to the pr and failed
to be run on prs which were created with the
required label.
This commit makes sure the workflow is triggered
on pr creation too.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-26 09:22:16 +00:00
riya-singhal31
54fa028465 deploy: move cephfs/csidriver to API
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-05-25 12:24:28 +00:00
riya-singhal31
802df8f69b deploy: move cephfs/csi-config-map to API
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-05-25 12:24:28 +00:00
dependabot[bot]
5f996ff040 rebase: bump golang.org/x/crypto from 0.8.0 to 0.9.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.8.0 to 0.9.0.
- [Commits](https://github.com/golang/crypto/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-24 10:21:01 +00:00
dependabot[bot]
db531cb50b rebase: bump golang.org/x/net from 0.9.0 to 0.10.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.9.0 to 0.10.0.
- [Commits](https://github.com/golang/net/compare/v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-23 17:58:25 +00:00
dependabot[bot]
7224b3f165 rebase: bump github.com/aws/aws-sdk-go from 1.44.259 to 1.44.267
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.259 to 1.44.267.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.259...v1.44.267)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-23 09:14:53 +00:00
Niels de Vos
bc167cc6f4 ci: install Helm with script located on GitHub
Installing Helm fails often in the CI. The Helm documentation does not
point to `https://git.io/get_helm.sh` anymore, but to a location on
GitHub. To make it easier to update the location in the future, it has
now been added to `build.env`, just like the `HELM_VERSION`.

See-also: https://helm.sh/docs/intro/install/
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-22 13:27:12 +00:00
dependabot[bot]
1e2c01d24f rebase: bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 in /actions/retest
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-22 07:36:07 +00:00
DashJay
9df4634fd0 deploy: fix bug of ceph-csi-rbd helm chart
fix bug that make provisioner get dup affinities
when deploy helm chart ceph-csi-rbd and ceph-csi-cephfs.

Signed-off-by: DashJay <45532257+dashjay@users.noreply.github.com>
2023-05-22 06:34:19 +00:00
dependabot[bot]
f4f6b7ae60 rebase: bump k8s.io/klog/v2 from 2.90.0 to 2.100.1
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.90.0 to 2.100.1.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.90.0...v2.100.1)

---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-19 13:46:38 +00:00
dependabot[bot]
7740cd5c36 rebase: bump github.com/aws/aws-sdk-go-v2/service/sts
Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.18.10 to 1.19.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.10...service/s3/v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-19 08:25:49 +00:00
Rakshith R
c63af2108e ci: switch back to official label copier & always add ok-to-test label
Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-19 07:40:10 +00:00
dependabot[bot]
c675171098 rebase: bump github.com/docker/distribution
Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-16 05:43:27 +00:00
Niels de Vos
9a9296efa1 ci: check for mergify/merge-queue/ string, with -
It seems that the `-` in `mergify/merge-queue/` was dropped somehow :-(

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 18:10:06 +00:00
Niels de Vos
6547868611 ci: checkout the local mergify-merge-queue-labels-copier
Without checking out the repository, it is not possible to run the local
action.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 16:37:11 +00:00
Niels de Vos
e46f65640c ci: rename gha-mergify-merge-queue-labels-copier.yaml to action.yaml
It seems to be required to have the GitHub Action called `action.yaml`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 15:22:12 +00:00
Niels de Vos
b371337287 ci: use modified gha-mergify-merge-queue-labels-copier Action
The original Mergifyio/gha-mergify-merge-queue-labels-copier@main
contains `startsWith()` that has the arguments reversed. This prevents
the action from working as intended.

See-also: https://docs.github.com/en/actions/learn-github-actions/expressions
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 14:47:53 +00:00
Niels de Vos
52ebfa6b97 ci: include ci/skip/.. labels for copying into merge queue PRs
Setting an empty `labels:` fails to work as intended, no labels get
copied ad all. Now setting the `ci/skip/..` labels, as those are most
important for speeding up merging.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 12:47:40 +00:00
Niels de Vos
745d2ace92 ci: Mergify copy-labels requires empty string for labels:
Instead of leaving the `labels:` empty, pass an empty string `""`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 08:03:28 +00:00
Rakshith R
be57cf9d94 ci: fix author=mergify[bot]
Author of mergifyio created pr is mergify[bot].
It needs the suffix `[bot]` for the condition
to be evaluated to true.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-15 09:26:32 +02:00
Niels de Vos
40eff59d45 ci: Mergify copy-labels requires empty labels: value
See-also: Mergifyio/mergify#5088
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 07:24:04 +00:00
Niels de Vos
287a854f7f ci: add ok-to-test label to all PRs in the merge queue
It seems that some PRs still get rebased by Mergify, whereas others get
tested for the **merge queue** by creating a new temporary PR. In both
cases the `ok-to-test` label should get set automatically.

Fixes: c4d372e (ci: automatically add `ok-to-test` to PRs created by Mergify)
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-11 17:37:25 +02:00
Niels de Vos
c37ac53cbb ci: add GitHub Workflow to copy labels in Mergify created PRs
When Mergify creates a PR, the `ok-to-test` label needs to be added
before CI runs. Not all PRs need complete testing, and they may have
some `ci/skip/..` labels too. With this new GitHub Workflow, the labels
get copied from the original PR into the newly created PR.

See-also: https://github.com/Mergifyio/mergify/discussions/5088
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-11 11:05:46 +00:00
dependabot[bot]
9b6795c6d6 rebase: bump github.com/hashicorp/vault from 1.9.9 to 1.11.9
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.9.9 to 1.11.9.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.9.9...v1.11.9)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 10:34:11 +00:00
dependabot[bot]
001703e901 rebase: bump golang.org/x/sys from 0.7.0 to 0.8.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/sys/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-10 13:57:37 +00:00
Niels de Vos
3d489781a0 rebase: grpc_middleware.WithUnaryServerChain is deprecated
golangci-lint reports that `grpc_middleware.WithUnaryServerChain` is
deprecated and `google.golang.org/grpc.ChainUnaryInterceptor` should be
used instead.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-10 09:28:26 +00:00
dependabot[bot]
257ce599f7 rebase: bump github.com/grpc-ecosystem/go-grpc-middleware
Bumps [github.com/grpc-ecosystem/go-grpc-middleware](https://github.com/grpc-ecosystem/go-grpc-middleware) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases)
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-10 09:28:26 +00:00
dependabot[bot]
449c6ad24c rebase: bump github.com/aws/aws-sdk-go from 1.44.254 to 1.44.259
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.254 to 1.44.259.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.254...v1.44.259)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-09 13:06:18 +00:00
dependabot[bot]
85929c44c4 rebase: bump google.golang.org/grpc from 1.54.0 to 1.55.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-09 09:34:13 +00:00
Niels de Vos
c4d372e207 ci: automatically add ok-to-test to PRs created by Mergify
Mergify does not automatically rebase PRs that are queued for merging
(anymore?). Instead, it creates a new draft PR that is expected to get
tested by the CI. At the moment someone needs to add the `ok-to-test`
label to the PR. This is cumbersome and can cause delays in the merge
process.

The configuration for Mergify now includes a rule that any PR created by
Mergify, will automatically get the `ok-to-test` label. This should make
it easier to get PR merged.

See-also: #3796
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-08 14:23:42 +02:00
dependabot[bot]
d0626d42e0 rebase: bump github.com/prometheus/client_golang from 1.14.0 to 1.15.1
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.14.0 to 1.15.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.15.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-04 17:22:30 +00:00
Niels de Vos
8265abc2c9 nfs: add support for secTypes parameter in StorageClass
CephNFS can enable different security flavours for exported volumes.
This can be configured in the optional `secTypes` parameter in the
StorageClass.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-05-04 12:21:46 +00:00
dependabot[bot]
3d6cdce353 rebase: bump github.com/aws/aws-sdk-go from 1.44.249 to 1.44.254
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.249 to 1.44.254.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.249...v1.44.254)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-03 12:31:45 +00:00
dependabot[bot]
6a4f847af6 rebase: bump golang.org/x/crypto from 0.6.0 to 0.8.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.8.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-03 10:58:52 +00:00
Liang Zheng
5a079122f4 rbd: can exit early if image-meta.json does not exist
Signed-off-by: Liang Zheng <zhengliang0901@gmail.com>
2023-05-02 20:36:24 +00:00
dependabot[bot]
7d4295b298 rebase: bump github.com/aws/aws-sdk-go-v2/service/sts
Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.18.6 to 1.18.10.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.6...config/v1.18.10)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-02 09:57:26 +00:00
Benoît Knecht
1852e977f8 util: Limit cryptsetup PBKDF memory usage
By default, `cryptsetup luksFormat` uses Argon2i as Password-Based Key
Derivation Function (PBKDF), which not only has a CPU cost, but also a memory
cost (to make brute-force attacks harder).

The memory cost is based on the available system memory by default, which in
the context of Ceph CSI can be a problem for two reasons:

1. Pods can have a memory limit (much lower that the memory available on the
   node, usually) which isn't taken into account by `cryptsetup`, so it can get
   OOM-killed when formating a new volume;
2. The amount of memory that was used during `cryptsetup luksFormat` will then
   be needed for `cryptsetup luksOpen`, so if the volume was formated on a node
   with a lot of memory, but then needs to be opened on a different node with
   less memory, `cryptsetup` will get OOM-killed.

This commit sets the PBKDF memory limit to a fixed value to ensure consistent
memory usage regardless of the specifications of the nodes where the volume
happens to be formatted in the first place.

The limit is set to a relatively low value (32 MiB) so that the `csi-rbdplugin`
container in the `nodeplugin` pod doesn't require an extravagantly high memory
limit in order to format/open volumes (particularly with operations happening
in parallel), while at the same time not being so low as to render it
completely pointless.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2023-04-27 10:43:45 +00:00
riya-singhal31
014f81495b ci: update mergify rules for kubernetes 1.27
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-04-27 10:11:29 +02:00
Niels de Vos
ea3cd2b5e4 doc: use the Ceph Slack instance and not our silo'ed own one
Currently the Ceph-CSI community is on the 'free' Slack instance at
https://cephcsi.slack.com. The Ceph project uses a Slack instance that
we can use for Ceph-CSI as well. In order to integrate more with other
Ceph projects, we should ideally be active on the same Slack instance.

For now, we have `#ceph-csi` as only channel on the
https://ceph-storage-slack.com, we can add more channels if needed.

See-also: https://ceph.io/en/community/connect/
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-04-27 07:58:15 +00:00
dependabot[bot]
d05847ee73 rebase: bump github.com/ceph/go-ceph from 0.20.0 to 0.21.0
Bumps [github.com/ceph/go-ceph](https://github.com/ceph/go-ceph) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/ceph/go-ceph/releases)
- [Changelog](https://github.com/ceph/go-ceph/blob/master/docs/release-process.md)
- [Commits](https://github.com/ceph/go-ceph/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/ceph/go-ceph
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-26 17:29:31 +00:00
riya-singhal31
c8f6878570 doc: update readme as kubernetes 1.27 is released
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-04-26 15:13:54 +00:00
dependabot[bot]
fa684f9e95 rebase: bump github.com/hashicorp/vault/api from 1.9.0 to 1.9.1
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.9.0...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-26 15:00:24 +00:00
dependabot[bot]
a0213a94fe rebase: bump google.golang.org/protobuf from 1.28.1 to 1.30.0
Bumps google.golang.org/protobuf from 1.28.1 to 1.30.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-25 22:46:19 +00:00
Madhu Rajanna
b71beb7ad0 util: set pid limit only for nodeserver
setting pod limit only for nodeserver for below
reasons

* We dont execute any commands  with CLI
anymore in controller service
* Controller deployment is not privileged
enough to set the pid limits.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-04-25 13:26:11 +00:00
Madhu Rajanna
5cd2930744 doc: remove reference to imageFormat
we dont support imageFormat anymore in
cephcsi and default is set to 2, removing
its reference from the repo.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-04-25 13:26:11 +00:00