Commit Graph

3487 Commits

Author SHA1 Message Date
karthik-us
71925d553e rebase: bump k8s.io dependencies to v0.26.7
Bumping the k8s.io dependencies to v0.26.7. The main intention
is to update the client-go library dependency for kube 1.27+,
where aggregated discovery is enabled. With client-go lower than
v0.26.4 in some cases it is possible that the discovery response
comes with the malformed response with nil GVK leading to Crash
Loop Back Off state.

Upstream kubernetes issue:
https://github.com/kubernetes/kubernetes/pull/116603

Signed-off-by: karthik-us <ksubrahm@redhat.com>
2023-08-17 10:26:59 +00:00
Rakshith R
a9415f82e9 revert: revert template changes done for v3.8.1 release
This commit reverts the changes made for 3.8.1 release
back to v3.8-canary.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-07-24 13:15:31 +00:00
Rakshith R
fd10290fb8 ci: template changes for v3.8.1 release
This commit makes necessary template changes
for v3.8.1 release

Signed-off-by: Rakshith R <rar@redhat.com>
2023-07-21 16:09:51 +00:00
Rakshith R
374e1742f8 ci: add CSI_UPGRADE_VERSION var to build.env
Currently, upgrade version for upgrade tests
need to be set in ci/centos branch.
This commit adds a variable in build.env,
so that we have the flexibility to use
this value instead.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-07-21 16:09:51 +00:00
Rakshith R
4d6c495194 doc: update documentation for v3.8.1 release
This commit updates upgrade doc for v3.8.1 release.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-07-21 16:09:51 +00:00
Rakshith R
3a1d55db16 rbd: do not execute rbd sparsify when volume is in use
This commit makes sure sparsify() is not run when rbd
image is in use.
Running rbd sparsify with workload doing io and too
frequently is not desirable.
When a image is in use fstrim is run and sparsify will
be run only when image is not mapped.

Signed-off-by: Rakshith R <rar@redhat.com>
(cherry picked from commit 98fdadfde7)

# Conflicts:
#	internal/rbd/errors.go
2023-07-12 10:42:49 +00:00
Niels de Vos
37d54cf425 build: disable ceph-iscsi repository for test-container builds too
The ceph-iscsi repository seems to provide broken metadata or packages.
Ceph-CSI does not need to install them, so disable the repository for
now.

It seems that other repositories gave issues before too, but these
repositories were disabled after installing all available updates. For
ceph-iscsi updating fails already, so disable the repositories before
updating.

Updates: #2034
Signed-off-by: Niels de Vos <ndevos@ibm.com>
(cherry picked from commit ebfd915ad6)
2023-07-04 19:34:38 +00:00
Niels de Vos
782cbcae57 build: disable ceph-iscsi repository
The ceph-iscsi repository seems to provide broken metadata or packages.
Ceph-CSI does not need to install them, so disable the repository for
now.

It seems that other repositories gave issues before too, but these
repositories were disabled after installing all available updates. For
ceph-iscsi updating fails already, so disable the repositories before
updating.

Updates: #2034
Signed-off-by: Niels de Vos <ndevos@ibm.com>
(cherry picked from commit 0efe8e4711)
2023-07-03 17:15:12 +00:00
riya-singhal31
d7cf3a8084 rbd: add unit test for ParseEncryptionOpts
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
(cherry picked from commit b5e68c810e)
2023-06-07 08:36:47 +00:00
riya-singhal31
71265e32a3 rbd: add e2e for encryption as false
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
(cherry picked from commit e92edd09ef)
2023-06-07 08:36:47 +00:00
riya-singhal31
d700274f3e rbd: remove context where its not being used
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
(cherry picked from commit 347b4d2885)
2023-06-07 08:36:47 +00:00
riya-singhal31
826f392a9f rbd: add check for EncryptionTypeNone
this commit adds the validation for encryption
value as false, and sets the type as none

Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
(cherry picked from commit 38f5e860e2)
2023-06-07 08:36:47 +00:00
Madhu Rajanna
aa4271a32a rebase: update vault to latest release
even 1.9.9 i havign security vulnerabilities
https://github.com/ceph/ceph-csi/actions/
\runs/5088482029/jobs/9144940410?pr=3859

updating the vault to latest release and all other
updates are due to the dependency update by `go mod tidy`

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-05-26 16:16:57 +00:00
dependabot[bot]
41a61efee4 rebase: Bump github.com/hashicorp/vault from 1.4.2 to 1.9.9
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.4.2 to 1.9.9.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.4.2...v1.9.9)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit ba40da7e36)
2023-05-26 16:16:57 +00:00
Niels de Vos
9ec78a63f3 ci: install Helm with script located on GitHub
Installing Helm fails often in the CI. The Helm documentation does not
point to `https://git.io/get_helm.sh` anymore, but to a location on
GitHub. To make it easier to update the location in the future, it has
now been added to `build.env`, just like the `HELM_VERSION`.

See-also: https://helm.sh/docs/intro/install/
Signed-off-by: Niels de Vos <ndevos@ibm.com>
(cherry picked from commit bc167cc6f4)
2023-05-23 04:54:42 +00:00
Benoît Knecht
0ec6e10bf2 util: Limit cryptsetup PBKDF memory usage
By default, `cryptsetup luksFormat` uses Argon2i as Password-Based Key
Derivation Function (PBKDF), which not only has a CPU cost, but also a memory
cost (to make brute-force attacks harder).

The memory cost is based on the available system memory by default, which in
the context of Ceph CSI can be a problem for two reasons:

1. Pods can have a memory limit (much lower that the memory available on the
   node, usually) which isn't taken into account by `cryptsetup`, so it can get
   OOM-killed when formating a new volume;
2. The amount of memory that was used during `cryptsetup luksFormat` will then
   be needed for `cryptsetup luksOpen`, so if the volume was formated on a node
   with a lot of memory, but then needs to be opened on a different node with
   less memory, `cryptsetup` will get OOM-killed.

This commit sets the PBKDF memory limit to a fixed value to ensure consistent
memory usage regardless of the specifications of the nodes where the volume
happens to be formatted in the first place.

The limit is set to a relatively low value (32 MiB) so that the `csi-rbdplugin`
container in the `nodeplugin` pod doesn't require an extravagantly high memory
limit in order to format/open volumes (particularly with operations happening
in parallel), while at the same time not being so low as to render it
completely pointless.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit 1852e977f8)
2023-04-27 16:47:12 +00:00
Madhu Rajanna
4859a9e361 ci: update minikube to 1.30.1
updating minikube to latest release
1.30.1

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
(cherry picked from commit 09a858d51d)
2023-04-27 14:15:26 +00:00
Niels de Vos
1fbaa22085 doc: use the Ceph Slack instance and not our silo'ed own one
Currently the Ceph-CSI community is on the 'free' Slack instance at
https://cephcsi.slack.com. The Ceph project uses a Slack instance that
we can use for Ceph-CSI as well. In order to integrate more with other
Ceph projects, we should ideally be active on the same Slack instance.

For now, we have `#ceph-csi` as only channel on the
https://ceph-storage-slack.com, we can add more channels if needed.

See-also: https://ceph.io/en/community/connect/
Signed-off-by: Niels de Vos <ndevos@ibm.com>
(cherry picked from commit ea3cd2b5e4)
2023-04-27 11:21:31 +00:00
riya-singhal31
546cb24a58 ci: update github actions for k8s 1.27
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
(cherry picked from commit 1bc090d975)
2023-04-27 13:11:39 +02:00
Rakshith R
393a0ab959 build: update golang to 1.19.8
CephCSI may be vulnerable to
https://github.com/advisories/GHSA-8v5j-pwr7-w5f8.
Update golang to 1.19.8 since it contains
fixes for mentioned CVE.

Signed-off-by: Rakshith R <rar@redhat.com>
(cherry picked from commit 4fb13b9328)
2023-04-25 13:31:05 +00:00
riya-singhal31
bd7ecc880e ci: fix shell check failures
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
(cherry picked from commit 44612fe34c)
2023-04-25 11:48:19 +00:00
riya-singhal31
9c1ca71ed0 ci: fix codespell failure
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
(cherry picked from commit f12cd9c986)
2023-04-25 11:48:19 +00:00
Madhu Rajanna
3668037797 revert: revert back 3.8.0 template changes
revert back the template changes for 3.8.0
release and use canary 3.8 tag

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-23 08:35:00 +00:00
Madhu Rajanna
e13e72af0b deploy: update templates to 3.8.0
updating templates to 3.8.0 for new
v3.8.0 release.

fixes: #3336

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-22 13:49:48 +00:00
Madhu Rajanna
5de4c2a970 doc: upgrade doc from 3.7 to 3.8
updating upgrade document from 3.7
to 3.8.0

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-22 08:38:25 +00:00
Madhu Rajanna
ef6aabbfb0 doc: update README for 3.8.0 release
updated README to deprecate 3.6.x release
and pin latest release to 3.8.0

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-22 08:38:25 +00:00
dependabot[bot]
dc0e09caea rebase: bump github.com/aws/aws-sdk-go from 1.44.195 to 1.44.205
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.195 to 1.44.205.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.195...v1.44.205)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-22 08:24:00 +00:00
riya-singhal31
b28b5e6c84 cephfs: use shallow volumes for the ROX accessMode
this commit makes shallow volume as default feature for ROX volumes.

Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-02-21 20:09:13 +00:00
dependabot[bot]
8854c8523d rebase: bump github.com/ceph/go-ceph from 0.19.0 to 0.20.0
Bumps [github.com/ceph/go-ceph](https://github.com/ceph/go-ceph) from 0.19.0 to 0.20.0.
- [Release notes](https://github.com/ceph/go-ceph/releases)
- [Changelog](https://github.com/ceph/go-ceph/blob/master/docs/release-process.md)
- [Commits](https://github.com/ceph/go-ceph/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/ceph/go-ceph
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-21 15:49:34 +00:00
Niels de Vos
b7d2d28e69 ci: only add ok-to-test if there are no pending CentOS jobs
After the `ok-to-test` label was added, the commenter will remove the
label again. There is no need for Mergify to re-add the label while CI
jobs are still running.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-21 13:25:16 +01:00
Niels de Vos
c84b4a15ba ci: only run test-retest-action if the PR modifies the action
There is no need to run the `test-retest-action` GitHub Workflow if
there are no changes under the `actions/retest` directory.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-21 10:58:52 +00:00
Niels de Vos
3325e5045e ci: do not run commitlint GitHub Action on dependabot PRs
Currently commitlint is only skipped for PR at the time dependabot
creates them. Once Mergify rebases them, commitlint is started anyway.
This causes failed CI runs, which then need to be ignored. It is cleaner
to not run commitlint on any PR that dependabot owns.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-21 10:58:52 +00:00
dependabot[bot]
17a342261e rebase: bump github.com/kubernetes-csi/csi-lib-utils
Bumps [github.com/kubernetes-csi/csi-lib-utils](https://github.com/kubernetes-csi/csi-lib-utils) from 0.11.0 to 0.13.0.
- [Release notes](https://github.com/kubernetes-csi/csi-lib-utils/releases)
- [Commits](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.11.0...v0.13.0)

---
updated-dependencies:
- dependency-name: github.com/kubernetes-csi/csi-lib-utils
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-21 09:37:05 +00:00
dependabot[bot]
58c4d0bdc5 rebase: bump github.com/onsi/gomega from 1.26.0 to 1.27.1
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.26.0 to 1.27.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.26.0...v1.27.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 22:07:55 +00:00
dependabot[bot]
5b825d5a28 rebase: bump k8s.io/api from 0.25.4 to 0.26.1 in /api
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.25.4 to 0.26.1.
- [Release notes](https://github.com/kubernetes/api/releases)
- [Commits](https://github.com/kubernetes/api/compare/v0.25.4...v0.26.1)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 16:55:19 +00:00
dependabot[bot]
e0c4304baf rebase: bump github.com/stretchr/testify from 1.8.0 to 1.8.1 in /api
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 15:23:31 +00:00
dependabot[bot]
868d0cffcf rebase: bump golang.org/x/net from 0.2.0 to 0.7.0 in /api
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.2.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 14:57:39 +00:00
Niels de Vos
773d2df564 ci: no need to run multi-arch-build for /actions/retest
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 14:18:15 +00:00
Niels de Vos
3a28b0f370 ci: add /api to dependabot configuration
Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 14:18:15 +00:00
Niels de Vos
48822d942d ci: use context.issue.number for removing ok-to-test
`github.event.pull_request.number` does not seem to be valid as a script
object/variable.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 12:34:15 +00:00
Niels de Vos
56c8f1ea0b ci: do not let Mergify remove the ok-to-test label
Sometimes Mergify removed the `ok-to-test` label before the Pull Request
Commentor action have been run. With the updated commentor action, the
`ok-to-test` label is removed after leaving comments. There is no need
for Mergify to remove the label anymore.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 11:10:23 +01:00
Niels de Vos
3252c1e782 ci: remove ok-to-test label after commenting
Once the comments have been added, the `ok-to-test` label can be
removed. This makes it possible to simplify the Mergify configuration.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-02-20 11:10:23 +01:00
dependabot[bot]
d9a70d696e rebase: bump golang.org/x/net from 0.6.0 to 0.7.0 in /actions/retest
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 08:55:53 +00:00
dependabot[bot]
f654066bfe rebase: bump golang.org/x/net from 0.6.0 to 0.7.0
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-15 19:01:10 +00:00
dependabot[bot]
17a9451b2e rebase: bump golang.org/x/crypto from 0.5.0 to 0.6.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-15 14:57:21 +00:00
dependabot[bot]
17cc47a4ba rebase: bump golang.org/x/oauth2 from 0.4.0 to 0.5.0 in /actions/retest
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-15 12:27:14 +00:00
Madhu Rajanna
150d1a5ebb build: add check for go list
Added a check for go list to
verify the dependencies

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-15 10:09:49 +00:00
Madhu Rajanna
b57937661f rebase: pin dynamic-resource-allocation to v0.26.1
ping dynamic-resource-allocation
dependency to v0.26.1 as build fails sometimes
with below error message in offline builds

```
[🎩︎]mrajanna@fedora ceph-csi $]go list -mod=readonly -m all
go: k8s.io/dynamic-resource-allocation@v0.0.0:
invalid version: unknown revision v0.0.0
```

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-02-15 10:09:49 +00:00
riya-singhal31
60c98837ca e2e: fix typo
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-02-15 08:13:41 +00:00
dependabot[bot]
cb74487f75 rebase: bump github.com/hashicorp/vault/api from 1.8.3 to 1.9.0
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.8.3 to 1.9.0.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.8.3...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 21:10:47 +00:00