Commit Graph

174 Commits

Author SHA1 Message Date
ShyamsundarR
44f7b1fe4b Use "rbd device list" to list and find rbd images and their device paths
This change also starts mapping nbd based access using ther rbd CLI
as, it is a prerequisite to get device listing for nbd as well.

Signed-off-by: ShyamsundarR <srangana@redhat.com>
2019-08-13 14:07:52 +00:00
Madhu Rajanna
02bcb5f16a Enable leader election in v1.14+
Use Deployment with leader election instead of StatefulSet

Deployment behaves better when a node gets disconnected
from the rest of the cluster - new provisioner leader
is elected in ~15 seconds, while it may take up to
5 minutes for StatefulSet to start a new replica.

Refer: kubernetes-csi/external-provisioner@52d1fbc

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-08-05 07:11:44 +00:00
ShyamsundarR
bd204d7d45 Use --keyfile option to pass keys to all Ceph CLIs
Every Ceph CLI that is invoked at present passes the key via the
--key option, and hence is exposed to key being displayed on
the host using a ps command or such means.

This commit addresses this issue by stashing the key in a tmp
file, which is again created on a tmpfs (or empty dir backed by
memory). Further using such tmp files as arguments to the --keyfile
option for every CLI that is invoked.

This prevents the key from being visible as part of the argument list
of the invoked program on the system.

Fixes: #318

Signed-off-by: ShyamsundarR <srangana@redhat.com>
2019-07-25 12:46:15 +00:00
Madhu Rajanna
f4c80dec9a Implement NodeStage and NodeUnstage for rbd
in NodeStage RPC call  we  have to map the
device to the node plugin and make  sure  the
the device will be mounted to  the global path

in  nodeUnstage request unmount the device from
global path and unmap the device

if the volume mode is block  we will be creating
a file inside a stageTargetPath  and it will be
considered  as the global path

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-07-24 12:49:21 +00:00
ShyamsundarR
c4a3675cec Move locks to more granular locking than CPU count based
As detailed in issue #279, current lock scheme has hash
buckets that are count of CPUs. This causes a lot of contention
when parallel requests are made to the CSI plugin. To reduce
lock contention, this commit introduces granular locks per
identifier.

The commit also changes the timeout for gRPC requests to Create
and Delete volumes, as the current timeout is 10s (kubernetes
documentation says 15s but code defaults are 10s). A virtual
setup takes about 12-15s to complete a request at times, that leads
to unwanted retries of the same request, hence the increased
timeout to enable operation completion with minimal retries.

Tests to create PVCs before and after these changes look like so,

Before:
Default master code + sidecar provisioner --timeout option set
to 30 seconds

20 PVCs
Creation: 3 runs, 396/391/400 seconds
Deletion: 3 runs, 218/271/118 seconds
  - Once was stalled for more than 8 minutes and cancelled the run

After:
Current commit + sidecar provisioner --timeout option set to 30 sec
20 PVCs
Creation: 3 runs, 42/59/65 seconds
Deletion: 3 runs, 32/32/31 seconds

Fixes: #279
Signed-off-by: ShyamsundarR <srangana@redhat.com>
2019-07-01 14:10:14 +00:00
Humble Chirammal
027331c186 Use sidecar which support cloning
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2019-06-28 01:11:06 +00:00
Madhu Rajanna
59d3365d3b update statefulset and daemonset api-version
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-06-25 14:00:46 +00:00
Madhu Rajanna
983f28ad2f Revert "Use Deployment with leader election instead of StatefulSet"
This reverts commit a151bec94b.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-06-14 13:39:03 +00:00
Madhu Rajanna
bccfafdfb2 update helm chart version
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-06-10 16:54:05 +05:30
Madhu Rajanna
a151bec94b Use Deployment with leader election instead of StatefulSet
Deployment behaves better when a node gets disconnected from the rest of
the cluster - new provisioner leader is elected in ~15 seconds, while
it may take up to 5 minutes for StatefulSet to start a new replica.

Refer: 52d1fbcf9d

Fixes: #335

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-06-10 09:51:22 +05:30
Humble Devassy Chirammal
95252dd9f6
Merge pull request #390 from ShyamsundarR/stateless-cephfs
Make CephFS plugin stateless reusing RADOS based journal scheme
2019-06-07 10:44:18 +05:30
Humble Chirammal
45ae1c56e4 Promote sidecars to latest available version tags.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2019-06-02 15:01:34 +05:30
ShyamsundarR
b9cd0e18ad Make CephFS plugin stateless reusing RADOS based journal scheme
This is a part of the stateless set of commits for CephCSI.

This commit removes the dependency on config maps to store cephFS provisioned
volumes, and instead relies on RADOS based objects and keys, and required
CSI VolumeID encoding to detect the provisioned volumes.

Changes:
- Provide backward compatibility to provisioned volumes by older plugin versions (1.0.0 or older)
- Remove Create/Delete support for statically provisioned volumes (fixes #382)
- Added namespace support to RADOS OMaps and used the same to store RADOS CSI objects and keys in the CephFS metadata pool
- Added support to mention fsname for CephFS provisioning (fixes #359)
- Changed field name in CSI Identifier to 'location', to denote a pool or fscid
- Updated mounter cache to use new scheme
- Required Helm manifests are updated
- Required documentation and other manifests are updated
- Made driver option 'metadatastorage' as optional, as fresh installs do not need to specify the same

Testing done:
- Create/Mount/Delete PVC
- Create/Delete 5 PVCs
- Mount version 1.0.0 PVC
- Delete version 1.0.0 PV
- Mount Statically defined PV/PVC/Pod
- Mount Statically defined version 1.0.0 PV/PVC/Pod
- Delete Statically defined version 1.0.0 PV/PVC/Pod
- Node restart when mounted to test mountcache
- Use InstanceID other than 'default'
- RBD basic round of tests, as namespace is added to OMaps
- csitest against ceph-fs plugin
  - NOTE: CephFS plugin still does not detect and address already created
  volumes but of a different size
- Test not providing any value to the metadata storage parameter

Signed-off-by: ShyamsundarR <srangana@redhat.com>
2019-05-30 06:20:35 -04:00
Madhu Rajanna
2d560ba087 update ceph-csi to build and use a single docker image
currently, we have 3 docker files(cephcsi,rbd,cephfs) in the ceph-csi repo.
[commit ](85e121ebfe)
added by John to build a single image which can act as rbd or
cephfs based on the input configuration.

This PR updates the makefile and kubernetes templates to use
the unified image and also its deletes the other two dockerfiles.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-05-28 18:10:22 +00:00
ShyamsundarR
d02e50aa9b Removed config maps and replaced with rados omaps
Existing config maps are now replaced with rados omaps that help
store information regarding the requested volume names and the rbd
image names backing the same.

Further to detect cluster, pool and which image a volume ID refers
to, changes to volume ID encoding has been done as per provided
design specification in the stateless ceph-csi proposal.

Additional changes and updates,
- Updated documentation
- Updated manifests
- Updated Helm chart
- Addressed a few csi-test failures

Signed-off-by: ShyamsundarR <srangana@redhat.com>
2019-05-19 12:29:33 +00:00
Humble Chirammal
68ff602391 Resolve merge conflict
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2019-05-07 15:27:34 +05:30
Humble Chirammal
1eff2e1490 Merge branch 'master' of http://github.com/ceph/ceph-csi into csi-v1.0
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2019-05-07 15:14:14 +05:30
Miao Zhou
00e7e29996 bump up the chart version 2019-05-06 15:52:45 +08:00
Zhou Miao
a01c01b01b fix helm value pullPolicy mismatch bug 2019-04-25 12:03:44 +08:00
Kaushal M
63d00afb28
deploy: Use aggregated ClusterRoles
The kubernetes manifests and Helm templates have been updated to use
aggregated ClusterRoles. The same change has been done in Rook as well.

Refer rook/rook#2634 and rook/rook#2975

Signed-off-by: Kaushal M <kshlmster@gmail.com>
2019-04-17 11:15:08 +05:30
Yuxiang Zhu
35c55aeb68 add missing PV update permission for rbd attacher
PR #290 missed the update permission to persistentvolumes.

Without that permission, you will get the following error when attaching a RBD volume to a pod:

```
Warning  FailedAttachVolume  100s (x11 over 7m52s)  attachdetach-controller  AttachVolume.Attach failed for volume "pvc-d23f8745-60bb-11e9-bd35-5254001c78d6" : could not add PersistentVolume finalizer: persistentvolumes "pvc-d23f8745-60bb-11e9-bd35-5254001c78d6" is forbidden: User "system:serviceaccount:kube-system:rbd-csi-provisioner" cannot update resource "persistentvolumes" in API group "" at the cluster scope
```
2019-04-17 11:16:43 +08:00
John Mulligan
a44714fdfb deploy: create a new Dockerfile for unified cephcsi image
Signed-off-by: John Mulligan <jmulligan@redhat.com>
2019-04-10 20:36:51 +00:00
John Mulligan
d969dada3e deploy: create a new Dockerfile for unified cephcsi image
Signed-off-by: John Mulligan <jmulligan@redhat.com>
2019-04-10 08:04:48 +00:00
Madhu Rajanna
849de000f4 updated helm chat version
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-04-04 11:13:16 +05:30
Madhu Rajanna
3767375b6a Add csidriver CRD
if attacher is not enabled, we need to
create the csidriver CRD with spec
to make attachRequired as false to
skip volume attach check in kube.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-04-04 11:11:29 +05:30
Madhu Rajanna
e4d830a2c2 remove extra node rules in provisioner
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-04-04 11:11:29 +05:30
Madhu Rajanna
c6b4e47723 add if condition for attacher
adding the condition will help us
to easily remove the attacher later.
or even we can add else condition
if we have an alternate to attacher.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-04-04 11:11:29 +05:30
Madhu Rajanna
54d52bb411 update attacher endpoint
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-04-04 11:11:29 +05:30
Madhu Rajanna
94f7ac3d4e update cephfs helm template to deploy attacher sidecar container in provisioner.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-04-04 11:11:29 +05:30
Madhu Rajanna
168468a934 deploy cssi-attacher as sidecar container in provisioner
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-04-04 11:11:29 +05:30
Madhu Rajanna
5c600a1bc5 update rbd helm chats to deploy attacher as sidecar container in provisioner pod
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-04-04 11:11:29 +05:30
Madhu Rajanna
3ef11e06c3 deploy attacher sidecar in rbd provisioner sts
currently we are deploying external-attacher
as a seperate statefulset, which leads to
attacher communicating with the node provisoner
daemonset, This PR deploys external-attacher
as a sidecar container inside provisioner
statefulset, so that external-provisioner
always communicates with the plugin responsible
for the provision controller capcabilities.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-04-04 11:11:29 +05:30
Róbert Vašek
d0d5da83c9
Merge pull request #282 from huaizong/improve-remount-pv-path-when-exit-v2
remount old mount point when csi plugin unexpect exit
2019-04-02 08:36:07 +02:00
王怀宗
acdc759029 bump up the chart version 2019-04-01 16:48:30 +00:00
王怀宗
4228ceb51e rbd deploy csi-provisioner rbac add resources nodes get, list, watch #293 2019-04-01 16:48:30 +00:00
王怀宗
bb6754fb37 csi-provisioner rbac add resources nodes get, list, watch #293 2019-04-01 16:48:30 +00:00
王怀宗
1ccbb5b6a5 cephfs driver deploy support remount volume 2019-03-29 16:12:09 +08:00
ShyamsundarR
2064e674a4 Addressed using k8s client APIs to fetch secrets
Based on the review comments addressed the following,
- Moved away from having to update the pod with volumes
when a new Ceph cluster is added for provisioning via the
CSI driver

- The above now used k8s APIs to fetch secrets
  - TBD: Need to add a watch mechanisim such that these
secrets can be cached and updated when changed

- Folded the Cephc configuration and ID/key config map
and secrets into a single secret

- Provided the ability to read the same config via mapped
or created files within the pod

Tests:
- Ran PV creation/deletion/attach/use using new scheme
StorageClass
- Ran PV creation/deletion/attach/use using older scheme
to ensure nothing is broken
- Did not execute snapshot related tests

Signed-off-by: ShyamsundarR <srangana@redhat.com>
2019-03-26 16:19:24 +00:00
Madhu Rajanna
52397b4dc4 rename socket directory to a common name
as the socket directory will be created
inside the container no need to follow
the plugin name in for the directory
creation, this will also reduce the code
changes if we want to change driver name.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-03-22 09:58:21 +05:30
Madhu Rajanna
497411b26c update readme to delete namespace
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-03-13 12:04:30 +05:30
Madhu Rajanna
d61a87b42e Fix driver name as per CSI spec
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-03-13 12:04:30 +05:30
Madhu Rajanna
c0745486a7 add event rules for provisioner
Fixes: #https://github.com/ceph/ceph-csi/pull/234#issuecomment-468967752

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-03-04 14:34:14 +00:00
Madhu Rajanna
eb14742874 bump helm chat version from 0.4.0 to 0.5.0
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-02-28 13:41:11 +05:30
Huamin Chen
4d55d5b8ad
Merge pull request #235 from Madhu-1/fix-rbac-cephfs
Add role and rolebinding for cephfs
2019-02-27 12:29:23 -05:00
Madhu Rajanna
2ab1f3e82d add csinodeinfos rules
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-02-27 19:32:07 +05:30
Madhu Rajanna
b629b22cf0 Add csinodeinfos rules
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-02-27 19:29:11 +05:30
Madhu Rajanna
f4a0726226 Fix rbac issue in rbd plugin
remove unwanted rules and update
rbac to have permission to modify
endpoints and configmaps in the
current namespace.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-02-27 16:45:34 +05:30
Madhu Rajanna
119504c004 Add role and rolebinding for cephfs
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-02-27 16:44:46 +05:30
Madhu Rajanna
c9815e99a9 Fix rbac issue in cephfs plugin
remove unwanted rules and update
rbac to have permission to modify
endpoints and configmaps in the
current namespace.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-02-27 16:38:20 +05:30
Madhu Rajanna
55ad4924b3 update readme to deploy cephfs in namespace
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-02-25 21:24:50 +05:30
Madhu Rajanna
3ac5af6ce6 Fix formatting in helm rbd readme
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-02-21 10:38:25 +05:30
Madhu Rajanna
27b46aba08 Add helm chat for cephfs
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2019-02-21 10:38:25 +05:30
Kevin Fox
e000dff1ea Fix identified issues
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
2019-02-08 12:16:30 +00:00
Kevin Fox
10af7e357d Add readme and notes to the chart
This adds a basic readme file and notes to the helm chart

Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
2019-02-08 12:16:30 +00:00
Madhu Rajanna
cee9c4f8b2 Fix yamllint issues
Signed-off-by: Madhu Rajanna <mrajanna@redhat.com>
2019-02-07 12:19:14 +00:00
Kevin Fox
f172f089cc Update helm chart to match static files
This updates the helm chart to match all the changes that have
been made to the static manifest files.

Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
2019-02-06 12:35:33 +00:00
Huamin Chen
6df22b38ba
Merge branch 'csi-v1.0' into fix-134 2019-02-04 10:57:56 -05:00
Huamin Chen
211d78974e
Merge pull request #142 from rootfs/node-reg
cope with latest changes in csi provisioner and deprecations
2019-02-04 09:04:14 -05:00
Madhu Rajanna
9ba501617d update sidecar images to stable version (v1.0.1)
Fixes: #157

Signed-off-by: Madhu Rajanna <mrajanna@redhat.com>
2019-02-04 15:37:28 +05:30
Madhu Rajanna
ad06507aca update sidecar containers to v1.0.1 stable release
Fixes: #134

Signed-off-by: Madhu Rajanna <mrajanna@redhat.com>
2019-02-04 15:34:12 +05:30
Madhu Rajanna
5b512cd48c Add snapshot yaml files and volume clone
capabilities to provisioner.

Signed-off-by: Madhu Rajanna <mrajanna@redhat.com>
2019-01-28 10:26:57 +05:30
Huamin Chen
e4b24711f6 cope with latest changes in csi provisioner and deprecations 2019-01-23 10:58:50 -05:00
Huamin Chen
e0e764b3a1 review feedback: tune rbd provisioner rbac
Signed-off-by: Huamin Chen <hchen@redhat.com>
2019-01-23 10:05:15 -05:00
Huamin Chen
7caf03b556 review feedback: tune cephfs provisioner and driver rbac, de-escalate privilage
Signed-off-by: Huamin Chen <hchen@redhat.com>
2019-01-23 09:14:11 -05:00
Huamin Chen
c6c496ff59 switch to node registrar 2019-01-22 14:46:41 -05:00
Kevin Fox
2774109bf6 Update the helm chart for csi 1.0
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
2019-01-18 17:06:32 -08:00
Huamin Chen
48407e2484 add csi volume device mount path to csi plugin
Signed-off-by: Huamin Chen <hchen@redhat.com>
2019-01-17 08:57:18 -05:00
Huamin Chen
263c45bb45 enable csi block; use canary external-provisioner image to pick up block volume provisioning
Signed-off-by: Huamin Chen <hchen@redhat.com>
2019-01-16 13:52:45 -05:00
Masaki Kimura
165b82a44c Add block supports to rbd driver 2019-01-16 12:49:02 -05:00
Huamin Chen
aed7506d88 fix merge leftovers; use canary driver-registrar image, as v1.0.0 is not hosted in quay.io
Signed-off-by: Huamin Chen <hchen@redhat.com>
2019-01-15 13:31:06 -05:00
Huamin Chen
85b8415024 Merge branch 'master' into master-to-1.0 2019-01-15 16:15:30 +00:00
mickymiek
b23ee70d7f fix rbac rules for configmaps 2019-01-14 20:15:09 +00:00
mickymiek
7d47bb0698 make k8s_configmap default metadatastorage for k8s deployments 2019-01-14 20:15:09 +00:00
mickymiek
d64dc3a1b2 modified cephfs deployment 2019-01-14 20:15:09 +00:00
mickymiek
62d65ad0cb cm metadata persist for rbd and cephfs 2019-01-14 20:15:09 +00:00
Peter Nordquist
c0e775a49b Changed version to 0.1 2019-01-14 20:15:09 +00:00
Peter Nordquist
c359753416 Added Helm chart for RBD plugin
Signed-off-by: Peter Nordquist <peter.nordquist@pnnl.gov>
2019-01-14 20:15:09 +00:00
Huamin Chen
095044fc90 switch to centos base image 2019-01-14 20:15:09 +00:00
Mike Cronce
a0be6e27d3 deploy/cephfs/kubernetes/csi-cephfsplugin.yaml: Add /var/lib/kubelet/plugins/kubernetes.io/csi bidirectional mount into plugin container 2018-12-14 15:16:11 -05:00
Mike Cronce
5ae81821e4 deploy/cephfs/kubernetes/csi-cephfsplugin.yaml: Made volumeMounts for plugin container slightly more readable 2018-12-14 15:06:42 -05:00
Mike Cronce
d5c6f889c5 deploy/rbd/kubernetes: Use CSI 1.x plugin directory 2018-12-04 15:38:16 -05:00
Mike Cronce
82b7904542 deploy/cephfs/kubernetes: Use CSI 1.x plugin directory 2018-12-04 15:38:10 -05:00
Mike Cronce
c552b24c49 deploy/rbd: Updated all image tags from v0.3.0 to v1.0.0 2018-11-29 13:16:25 -05:00
Mike Cronce
d46dc33611 deploy/cephfs: Updated all image tags from v0.3.0 to v1.0.0 2018-11-29 13:16:19 -05:00
Huamin Chen
b2459574ee switch to centos base image 2018-11-20 14:46:29 +00:00
Huamin Chen
188cdd1d68
Merge pull request #89 from rootfs/containerized
support nsmounter when running in containerized mode
2018-10-15 20:25:40 -04:00
Huamin Chen
3436a094f7 support nsmounter when running in containerized mode
Signed-off-by: Huamin Chen <hchen@redhat.com>
2018-10-15 14:59:41 +00:00
George Kraft
b43108f35b csi-rbdplugin: Install xfsprogs to support fsType: xfs 2018-10-12 11:35:34 -05:00
Huamin Chen
4453cfce5b set dns policy in csi plugin so storage class can use mons' FQDN
Signed-off-by: Huamin Chen <hchen@redhat.com>
2018-09-19 14:39:43 +00:00
Huamin Chen
8955eb03bc support rbd-nbd
Signed-off-by: Huamin Chen <hchen@redhat.com>
2018-09-17 18:12:22 +00:00
Masaki Kimura
02fdf238b0 Add configurations to handle kubelet-plugin-watcher to sample yaml files
Fixes: #73
2018-09-10 19:16:17 +00:00
gman
e2910f1c18 deployment update for 0.3.0 2018-08-07 15:11:22 +02:00
Huamin Chen
51642c9a3a
Merge pull request #43 from alvistack/ceph_version-mimic
Update CEPH_VERSION to mimic
2018-07-21 15:35:03 -04:00
Seungcheol Ko
bc34bd389e support image features for csi-rbdplugin 2018-07-21 00:59:54 +09:00
Wong Hoi Sing Edison
1fbd3e69de Update CEPH_VERSION to mimic 2018-07-04 12:20:56 +08:00
gman
a6181200c1 cephfs/deploy: bump csi-provisioner to 0.2.1 2018-06-12 17:10:54 +02:00
chun wang
c0847ce868 fix CSI plugin pvc.yaml file storageClassName Error
Signed-off-by: chunwang Lin <q60563@gmail.com>
2018-04-26 13:32:24 +08:00
gman
9bbabc2f5d cephfs/deploy: updates storage class, secrets 2018-04-13 15:25:13 +02:00
gman
f881bf5249 cephfs/Dockerfile: added attr package 2018-04-13 14:35:38 +02:00
gman
48b4177949 cephfs/Makefile: renamed image to quay.io/cephcsi/cephfsplugin 2018-03-26 15:02:20 +02:00