Commit Graph

4419 Commits

Author SHA1 Message Date
Ruslan Khizhnyak
d56c9abbce helm: CSIDriver add labels and seLinuxMount disabling method
Signed-off-by: Ruslan Khizhnyak <rkhizhnyak@ptsecurity.com>
2024-03-21 10:07:23 +00:00
Madhu Rajanna
cd18490451 rebase: update go-ceph to latest commit
updating go-ceph to latest commit to
pull the changes required for ceph fs
quiesce. This is also updating aws
sdk dependency.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
aa2094ba30 cephfs: unit test for validateVolumeGroupSnapshotRequest
Added unit test for
validateVolumeGroupSnapshotRequest API which
validates the input VolumeGroupSnapshotRequest
request

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
728a7f5ac7 util: add UnimplementedGroupControllerServer
adding UnimplementedGroupControllerServer to
the DefaultControllerServer struct to avoid
build errors when some non mandatory RPC's
are not implemented.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
0f724480f5 cephfs: implement DeleteVolumeGroupSnapshot RPC
implemented DeleteVolumeGroupSnapshot RPC which
does below operations

* Basic request validation
* Get the snapshotId's and volumeId's
mapping reserved for the UUID
* Delete snapshot and remove its mapping
from the omap
* Repeat above steps until all the mapping
are removed
* Remove the reserved uuid from the omap
* Reset the filesystem quiesce, This might be
required as cephfs doesnt provide any options to
remove the quiesce, if we get any request with same
ID again we can reuse the quiesce API for same set-id
* Return success if the received error is
Pool not found or key not found.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
df770e4139 cephfs: implement CreateVolumeGroupSnapshot RPC
implemented CreateVolumeGroupSnapshot RPC which
does below operations

* Basic request validation
* Reserve the UUID for the group name
* Quiesce the filesystem for all the subvolumes
from the input volumeId's
* Take the snapshot for all the input volumeId's
* Add the mapping between volumeId's and snapshot
Id's in omap
* Release the quiesce for the filesystem for
all the subvolumes from the input volumeId's

Undo all the operations if anything fails.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
ffb2b1144d cephfs: add helper for group options
volumegroup.go holders all the helpers
to extra the group details from the request
and also to extra group details from the
groupID.

This also provide helpers to reserve group
for the request Name and also an undo function
incase if somethings goes wrong and we need to
cleanup the reserved omap entries.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
86bf74bb5c cephfs: add helper function to getVolumeOptions
added helper function to extract basic
details from the parameters related to volume
options.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
6a4c45deeb cephfs: add helper for quiesce api
added helper function which calls
the go-ceph API for the quiesce
operations.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
eff0fe3a23 cephfs: add error for quiesce operation
added ErrInProgress to indicate the
the quiesce operation is in progress.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
ef25a816a7 cephfs: add locks for volumegroup
Adding a lock for the volumegroup so
that we can take care of serializing
the same requests to ensure same requests
are not served in parallel.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
b30da094b0 build: add ceph_preview to GO_TAGS_LIST
added required ceph_preview tag to the
GO_TAGS_LIST in Makefile which is
required for FSQuiesce API.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
6ec86879e6 cephfs: register group controller
register the group controller service
for the cephfs.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
ff6eda0de1 cephfs: initialize VolumeGroupJournal
initialize VolumeGroupJournal which is
required for volumegroup rados communication

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
445de7926d cephfs: add validateCreateVolumeGroupSnapshotRequest
added validateCreateVolumeGroupSnapshotRequest
to validate the CreateVolumeGroupSnapshotRequest
request and ensure that all the requirement
options are set. if not, reject the RPC request.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
68e93a31cc journal: fix connection problem with groupjournal
Same group jounral config need to be reused
for multiple connection where different monitors
and users are used, for that reason create a unique
connection each time.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
f17ea38736 cephfs: advertise group snapshot capability
Advertise VOLUME_GROUP_SNAPSHOT capability
from the cephfs driver.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
Madhu Rajanna
6b3484f285 cephfs: add volumegroup service capability
Add GROUP_CONTROLLER_SERVICE capabilities to
the GetPluginCapabilities of the cephFS
plugin.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-03-21 06:16:42 +00:00
dependabot[bot]
3ad922dbae rebase: bump the k8s-dependencies group in /api with 1 update
Bumps the k8s-dependencies group in /api with 1 update: [k8s.io/api](https://github.com/kubernetes/api).


Updates `k8s.io/api` from 0.29.2 to 0.29.3
- [Commits](https://github.com/kubernetes/api/compare/v0.29.2...v0.29.3)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-19 12:31:13 +00:00
dependabot[bot]
5b9730ce6e rebase: bump the k8s-dependencies group with 1 update
Bumps the k8s-dependencies group with 1 update: [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes).

Updates `k8s.io/kubernetes` from 1.29.2 to 1.29.3
- [Release notes](https://github.com/kubernetes/kubernetes/releases)
- [Commits](https://github.com/kubernetes/kubernetes/compare/v1.29.2...v1.29.3)

---
updated-dependencies:
- dependency-name: k8s.io/kubernetes
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-19 11:43:39 +00:00
Praveen M
b9543d3fd3 helm: update template for rbd volumegroupsnapshot
This commit updates template for rbd VolumeGroupSnapshot.
The value is set to false by default.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-18 17:00:45 +00:00
Praveen M
bd07dd4e71 rbd: deployment changes to support VGS
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-18 17:00:45 +00:00
Niels de Vos
991343d9e5 cleanup: do not pass EncodingVersion to GenerateVolID()
The only encoding version that exists is `1`. There is no need to have
multiple constants for that version across different packages. Because
there is only one version, `GenerateVolID()` does not really require it,
and it can use a default version.

If there is a need in the future to support an other encoding version,
this can be revisited with a cleaner solution.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-18 06:23:28 +00:00
Niels de Vos
c32dfc0ae6 cleanup: correct typo in NewCSIVolumeroupJournal() function
The name of the function should be `NewCSIVolumeGroupJournal()`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-15 11:05:10 +00:00
muxuelan
4f04748c87 rbd: support nbd on euler or arm
Signed-off-by: muxuelan <muxuelan@cmss.chinamobile.com>
2024-03-15 10:39:50 +00:00
Niels de Vos
6f0d9a5d59 deploy: include ServiceAccount in the NFS provisioner RBAC artifact
It seems that the ServiceAccount was not created anymore, this causes
problems with provisioning volumes.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-15 08:02:25 +00:00
Niels de Vos
a469a66f9d e2e: replace quoted namespace in templates too
Some templates are now generated with the API, and these include
namespaces as "quotes" values. Namespace replacing in the templates need
to replace both the unquoted and quoted strings.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-15 08:02:25 +00:00
Niels de Vos
32de26828f cleanup: don't return an internal type from VolumeGroupJournal.Connect()
The VolumeGroupJournal interface does not need to return anything except
for a potential error. Any instance that implements the
VolumeGroupJournal interface can be used to call all functions.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-14 10:39:36 +00:00
dependabot[bot]
9276aeb7fc rebase: bump google.golang.org/protobuf in /actions/retest
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-14 10:12:28 +00:00
Niels de Vos
1cb2ccd704 rebase: update vendored Ceph-CSI API
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-14 09:27:07 +00:00
Niels de Vos
a6466fb1ca build: add NFS provisioner RBAC to generated artifacts
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-14 09:27:07 +00:00
Niels de Vos
6b13352c9b api: add CSIProvisionerRBAC functions for the NFS-provisioner
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-14 09:27:07 +00:00
Niels de Vos
35da67be45 vendor: include k8s.io/api/rbac/v1
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-14 09:27:07 +00:00
Dmitriy Alekseev
6c43789de4 doc: Update capabilities readme to solve to open permissions
Signed-off-by: Dmytro Alieksieiev <1865999+dragoangel@users.noreply.github.com>
2024-03-13 17:07:28 +00:00
Praveen M
47b202554e rebase: Azure key vault module dependency update
This commit adds the Azure SDK for Azure key vault KMS
integration to the Ceph CSI driver.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-13 14:46:41 +00:00
Praveen M
b2087e4517 doc: added docs for Azure KMS
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-13 14:46:41 +00:00
Praveen M
8901b456fd kms: Implement Azure key vault as KMS provider
This commit adds the Azure Key Vault as a supported
KMS provider.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-13 14:46:41 +00:00
dependabot[bot]
d93c75517e rebase: bump google.golang.org/grpc from 1.62.0 to 1.62.1
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.0 to 1.62.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.62.0...v1.62.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 09:54:50 +00:00
Dmytro Alieksieiev
fcaac58a1e helm: Include seLinuxMount only if KubeVersion greater or equal of 1.25
Signed-off-by: Dmytro Alieksieiev <1865999+dragoangel@users.noreply.github.com>
2024-03-13 07:40:19 +00:00
dependabot[bot]
948d5e0b5d rebase: bump the github-dependencies group in /api with 1 update
Bumps the github-dependencies group in /api with 1 update: [github.com/stretchr/testify](https://github.com/stretchr/testify).

Updates `github.com/stretchr/testify` from 1.8.4 to 1.9.0
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-12 14:48:34 +00:00
dependabot[bot]
65954fa563 rebase: bump golang.org/x/oauth2 in /actions/retest
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-12 14:22:14 +00:00
Praveen M
e345b26340 cleanup: refactor functions to accept a context parameter
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-12 13:54:19 +00:00
Niels de Vos
c90f7ed777 cleanup: use latest version for k8s.io/pod-security-admission
The version v0.0.0 looks incorrect in go.mod, use the latest version
like all other Kubernetes modules.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-03-12 10:00:36 +00:00
dependabot[bot]
5298762c4c rebase: bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.1 to 3.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.1...v3.0.3)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-08 11:48:21 +00:00
dependabot[bot]
f12b6064d6 rebase: bump the golang-dependencies group with 4 updates
Bumps the golang-dependencies group with 4 updates: [github.com/golang/protobuf](https://github.com/golang/protobuf), [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/sys](https://github.com/golang/sys).


Updates `github.com/golang/protobuf` from 1.5.3 to 1.5.4
- [Release notes](https://github.com/golang/protobuf/releases)
- [Commits](https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4)

Updates `golang.org/x/crypto` from 0.20.0 to 0.21.0
- [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.21.0)

Updates `golang.org/x/net` from 0.21.0 to 0.22.0
- [Commits](https://github.com/golang/net/compare/v0.21.0...v0.22.0)

Updates `golang.org/x/sys` from 0.17.0 to 0.18.0
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: github.com/golang/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: golang-dependencies
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-07 13:37:04 +00:00
Michael Fritch
3410687855 cephfs: create a new blank key sized according to the passphrase
Padding a passphrase with null chars to arrive at a 32-byte length
later forces a user to also pass null chars via the term when
attempting to manually unlock a subvolume via the fscrypt cli tools.

This also had a side-effect of truncating any longer length passphrase
down to a shorter 32-byte length.

fixup for:
cfea8d7562
dd0e1988c0

Signed-off-by: Michael Fritch <mfritch@suse.com>
2024-03-06 19:23:30 +00:00
Michael Fritch
2368df7e69 cephfs: return ErrBadAuth during keyFn retry
fscrypt will infinitely retry the keyFn during an auth failure,
preventing the csi driver from progressing when configured with
an invalid passphrase

See also:
8c12cd64ab/actions/callback.go (L102-L106)

Signed-off-by: Michael Fritch <mfritch@suse.com>
2024-03-06 19:23:30 +00:00
dependabot[bot]
b8ab1c8bd8 rebase: bump google.golang.org/grpc from 1.61.1 to 1.62.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.61.1 to 1.62.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.61.1...v1.62.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-06 13:51:38 +00:00
dependabot[bot]
328e4e5a0f rebase: bump the github-dependencies group with 2 updates
Bumps the github-dependencies group with 2 updates: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) and [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2).


Updates `github.com/aws/aws-sdk-go` from 1.50.21 to 1.50.26
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.50.21...v1.50.26)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.27.0 to 1.28.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/service/ecs/v1.28.1/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.0...service/ecs/v1.28.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-27 08:36:05 +00:00
dependabot[bot]
3a91487c8a rebase: bump the golang-dependencies group with 1 update
Bumps the golang-dependencies group with 1 update: [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `golang.org/x/crypto` from 0.19.0 to 0.20.0
- [Commits](https://github.com/golang/crypto/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-27 07:53:48 +00:00