Add the new parameter encryptionType and a hint to the encrypted
parameter that RBD now supports fscrypt on ext4 as an alternative
encryption scheme.
Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
the pre-commit version in the developement guide was too outdated
which has been updated and this commit also addressed a typo.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
this issue has been already fixed long back and available with
ceph backports. We no longer require this mention in the docs.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
based on the discussion on the slack
channel. we are adding a github action
to trigger the CI jobs when a ok-to-test
label is added on the PR.
This action is based on below github action
https://github.com/peter-evans/create-or-update-comment
Sample Demo avaiable at
https://github.com/Madhu-1/
\label-commentor-action-testing/pull/4
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
As we dont need to delete the nfs daemonset
which was present in 3.6.x release in 3.8.x
release as user will upgrade from 3.6.x to
3.7.x and delete the nfs daemonset.
fixes#3324
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
as PSP is deprecated in kubernetes 1.21
and will be removed in kubernetes 1.25
removing the existing PSP related templates
from the repo and updated the required documents.
fixes#1988
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit add upgrade documentation for release 3.7.0
and also update support matrix for v3.7.0.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
The Key Management Interoperability Protocol (KMIP)
is an extensible communication protocol
that defines message formats for the manipulation
of cryptographic keys on a key management server.
Ceph-CSI can now be configured to connect to
various KMS using KMIP for encrypting RBD volumes.
https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol
Signed-off-by: Rakshith R <rar@redhat.com>
RBD supports creating rbd images with
object size, stripe unit and stripe count
to support striping. This PR adds the support
for the same.
More details about striping at
https://docs.ceph.com/en/quincy/man/8/rbd/#stripingfixes: #3124
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
If the `ci/skip/multi-arch-build` label is set on a PR, the GitHub
Workflow only builds for the local architecture. This makes it possible
to merge PRs faster.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
updated doc for 3.6.1 release, this will
be backported to release-v3.6 branch and
we will make deployment changes and do release.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
As radosNamespace is more specific to
RBD not the general ceph configuration. Now
we introduced a new RBD section for RBD specific
options, Moving the radosNamespace to RBD section
and keeping the radosNamespace still under the
global ceph level configration for backward
compatibility.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit add upgrade documentation for release 3.6.0
and also update support matrix for v3.6.0.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
The design for NFS-provising of volumes explains how the existing NFS
CSI Node-Plugin can be used, and what the steps are to create the
NFS-export with Ceph Mgr.
Updates: #2913
Signed-off-by: Niels de Vos <ndevos@redhat.com>
With Amazon STS and kubernetes cluster is configured with
OIDC identity provider, credentials to access Amazon KMS
can be fetched using oidc-token(serviceaccount token).
Each tenant/namespace needs to create a secret with aws region,
role and CMK ARN.
Ceph-CSI will assume the given role with oidc token and access
aws KMS, with given CMK to encrypt/decrypt DEK which will stored
in the image metdata.
Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.htmlResolves: #2879
Signed-off-by: Rakshith R <rar@redhat.com>
avoid specifying the image feature dependencies
and add a link to rbd official document for
reference to the image feature dependencies.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Makes the rbd images features in the storageclass
as optional so that default image features of librbd
can be used. and also kept the option to user
to specify the image features in the storageclass.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
as deep-flatten is long supported in ceph and its
enabled by default in the librbd, providing an option
to enable it in cephcsi for the rbd images we are
creating.
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
alpha1 version is deprecated and this commit correct the
example doc and make it GAd version
Additional note: we have already moved the artifacts to v1 version.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit removes the thick provisioning
code as thick provisioning is deprecated in
cephcsi 3.5.0.
fixes: #2795
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
Without commit [1] Kernel doesn't handle io-timeout=0 correctly
Hence we recommend Kernel version 5.4 or higher that has commit [1]
[1] https://bit.ly/34CFh06
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
This commit adds optional BaseURL and TokenURL configuration to
key protect/hpcs configuration and client connections, if not
provided default values are used.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>