Commit Graph

3647 Commits

Author SHA1 Message Date
Rakshith R
c63af2108e ci: switch back to official label copier & always add ok-to-test label
Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-19 07:40:10 +00:00
dependabot[bot]
c675171098 rebase: bump github.com/docker/distribution
Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-16 05:43:27 +00:00
Niels de Vos
9a9296efa1 ci: check for mergify/merge-queue/ string, with -
It seems that the `-` in `mergify/merge-queue/` was dropped somehow :-(

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 18:10:06 +00:00
Niels de Vos
6547868611 ci: checkout the local mergify-merge-queue-labels-copier
Without checking out the repository, it is not possible to run the local
action.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 16:37:11 +00:00
Niels de Vos
e46f65640c ci: rename gha-mergify-merge-queue-labels-copier.yaml to action.yaml
It seems to be required to have the GitHub Action called `action.yaml`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 15:22:12 +00:00
Niels de Vos
b371337287 ci: use modified gha-mergify-merge-queue-labels-copier Action
The original Mergifyio/gha-mergify-merge-queue-labels-copier@main
contains `startsWith()` that has the arguments reversed. This prevents
the action from working as intended.

See-also: https://docs.github.com/en/actions/learn-github-actions/expressions
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 14:47:53 +00:00
Niels de Vos
52ebfa6b97 ci: include ci/skip/.. labels for copying into merge queue PRs
Setting an empty `labels:` fails to work as intended, no labels get
copied ad all. Now setting the `ci/skip/..` labels, as those are most
important for speeding up merging.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 12:47:40 +00:00
Niels de Vos
745d2ace92 ci: Mergify copy-labels requires empty string for labels:
Instead of leaving the `labels:` empty, pass an empty string `""`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 08:03:28 +00:00
Rakshith R
be57cf9d94 ci: fix author=mergify[bot]
Author of mergifyio created pr is mergify[bot].
It needs the suffix `[bot]` for the condition
to be evaluated to true.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-05-15 09:26:32 +02:00
Niels de Vos
40eff59d45 ci: Mergify copy-labels requires empty labels: value
See-also: Mergifyio/mergify#5088
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-15 07:24:04 +00:00
Niels de Vos
287a854f7f ci: add ok-to-test label to all PRs in the merge queue
It seems that some PRs still get rebased by Mergify, whereas others get
tested for the **merge queue** by creating a new temporary PR. In both
cases the `ok-to-test` label should get set automatically.

Fixes: c4d372e (ci: automatically add `ok-to-test` to PRs created by Mergify)
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-11 17:37:25 +02:00
Niels de Vos
c37ac53cbb ci: add GitHub Workflow to copy labels in Mergify created PRs
When Mergify creates a PR, the `ok-to-test` label needs to be added
before CI runs. Not all PRs need complete testing, and they may have
some `ci/skip/..` labels too. With this new GitHub Workflow, the labels
get copied from the original PR into the newly created PR.

See-also: https://github.com/Mergifyio/mergify/discussions/5088
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-11 11:05:46 +00:00
dependabot[bot]
9b6795c6d6 rebase: bump github.com/hashicorp/vault from 1.9.9 to 1.11.9
Bumps [github.com/hashicorp/vault](https://github.com/hashicorp/vault) from 1.9.9 to 1.11.9.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.9.9...v1.11.9)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 10:34:11 +00:00
dependabot[bot]
001703e901 rebase: bump golang.org/x/sys from 0.7.0 to 0.8.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/sys/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-10 13:57:37 +00:00
Niels de Vos
3d489781a0 rebase: grpc_middleware.WithUnaryServerChain is deprecated
golangci-lint reports that `grpc_middleware.WithUnaryServerChain` is
deprecated and `google.golang.org/grpc.ChainUnaryInterceptor` should be
used instead.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-10 09:28:26 +00:00
dependabot[bot]
257ce599f7 rebase: bump github.com/grpc-ecosystem/go-grpc-middleware
Bumps [github.com/grpc-ecosystem/go-grpc-middleware](https://github.com/grpc-ecosystem/go-grpc-middleware) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases)
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-10 09:28:26 +00:00
dependabot[bot]
449c6ad24c rebase: bump github.com/aws/aws-sdk-go from 1.44.254 to 1.44.259
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.254 to 1.44.259.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.254...v1.44.259)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-09 13:06:18 +00:00
dependabot[bot]
85929c44c4 rebase: bump google.golang.org/grpc from 1.54.0 to 1.55.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.54.0 to 1.55.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.54.0...v1.55.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-09 09:34:13 +00:00
Niels de Vos
c4d372e207 ci: automatically add ok-to-test to PRs created by Mergify
Mergify does not automatically rebase PRs that are queued for merging
(anymore?). Instead, it creates a new draft PR that is expected to get
tested by the CI. At the moment someone needs to add the `ok-to-test`
label to the PR. This is cumbersome and can cause delays in the merge
process.

The configuration for Mergify now includes a rule that any PR created by
Mergify, will automatically get the `ok-to-test` label. This should make
it easier to get PR merged.

See-also: #3796
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-05-08 14:23:42 +02:00
dependabot[bot]
d0626d42e0 rebase: bump github.com/prometheus/client_golang from 1.14.0 to 1.15.1
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.14.0 to 1.15.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.15.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-04 17:22:30 +00:00
Niels de Vos
8265abc2c9 nfs: add support for secTypes parameter in StorageClass
CephNFS can enable different security flavours for exported volumes.
This can be configured in the optional `secTypes` parameter in the
StorageClass.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
2023-05-04 12:21:46 +00:00
dependabot[bot]
3d6cdce353 rebase: bump github.com/aws/aws-sdk-go from 1.44.249 to 1.44.254
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.249 to 1.44.254.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.249...v1.44.254)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-03 12:31:45 +00:00
dependabot[bot]
6a4f847af6 rebase: bump golang.org/x/crypto from 0.6.0 to 0.8.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.8.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-03 10:58:52 +00:00
Liang Zheng
5a079122f4 rbd: can exit early if image-meta.json does not exist
Signed-off-by: Liang Zheng <zhengliang0901@gmail.com>
2023-05-02 20:36:24 +00:00
dependabot[bot]
7d4295b298 rebase: bump github.com/aws/aws-sdk-go-v2/service/sts
Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.18.6 to 1.18.10.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.6...config/v1.18.10)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-02 09:57:26 +00:00
Benoît Knecht
1852e977f8 util: Limit cryptsetup PBKDF memory usage
By default, `cryptsetup luksFormat` uses Argon2i as Password-Based Key
Derivation Function (PBKDF), which not only has a CPU cost, but also a memory
cost (to make brute-force attacks harder).

The memory cost is based on the available system memory by default, which in
the context of Ceph CSI can be a problem for two reasons:

1. Pods can have a memory limit (much lower that the memory available on the
   node, usually) which isn't taken into account by `cryptsetup`, so it can get
   OOM-killed when formating a new volume;
2. The amount of memory that was used during `cryptsetup luksFormat` will then
   be needed for `cryptsetup luksOpen`, so if the volume was formated on a node
   with a lot of memory, but then needs to be opened on a different node with
   less memory, `cryptsetup` will get OOM-killed.

This commit sets the PBKDF memory limit to a fixed value to ensure consistent
memory usage regardless of the specifications of the nodes where the volume
happens to be formatted in the first place.

The limit is set to a relatively low value (32 MiB) so that the `csi-rbdplugin`
container in the `nodeplugin` pod doesn't require an extravagantly high memory
limit in order to format/open volumes (particularly with operations happening
in parallel), while at the same time not being so low as to render it
completely pointless.

Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
2023-04-27 10:43:45 +00:00
riya-singhal31
014f81495b ci: update mergify rules for kubernetes 1.27
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-04-27 10:11:29 +02:00
Niels de Vos
ea3cd2b5e4 doc: use the Ceph Slack instance and not our silo'ed own one
Currently the Ceph-CSI community is on the 'free' Slack instance at
https://cephcsi.slack.com. The Ceph project uses a Slack instance that
we can use for Ceph-CSI as well. In order to integrate more with other
Ceph projects, we should ideally be active on the same Slack instance.

For now, we have `#ceph-csi` as only channel on the
https://ceph-storage-slack.com, we can add more channels if needed.

See-also: https://ceph.io/en/community/connect/
Signed-off-by: Niels de Vos <ndevos@ibm.com>
2023-04-27 07:58:15 +00:00
dependabot[bot]
d05847ee73 rebase: bump github.com/ceph/go-ceph from 0.20.0 to 0.21.0
Bumps [github.com/ceph/go-ceph](https://github.com/ceph/go-ceph) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/ceph/go-ceph/releases)
- [Changelog](https://github.com/ceph/go-ceph/blob/master/docs/release-process.md)
- [Commits](https://github.com/ceph/go-ceph/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/ceph/go-ceph
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-26 17:29:31 +00:00
riya-singhal31
c8f6878570 doc: update readme as kubernetes 1.27 is released
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-04-26 15:13:54 +00:00
dependabot[bot]
fa684f9e95 rebase: bump github.com/hashicorp/vault/api from 1.9.0 to 1.9.1
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.9.0...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-26 15:00:24 +00:00
dependabot[bot]
a0213a94fe rebase: bump google.golang.org/protobuf from 1.28.1 to 1.30.0
Bumps google.golang.org/protobuf from 1.28.1 to 1.30.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-25 22:46:19 +00:00
Madhu Rajanna
b71beb7ad0 util: set pid limit only for nodeserver
setting pod limit only for nodeserver for below
reasons

* We dont execute any commands  with CLI
anymore in controller service
* Controller deployment is not privileged
enough to set the pid limits.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-04-25 13:26:11 +00:00
Madhu Rajanna
5cd2930744 doc: remove reference to imageFormat
we dont support imageFormat anymore in
cephcsi and default is set to 2, removing
its reference from the repo.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-04-25 13:26:11 +00:00
dependabot[bot]
dbb680e77b rebase: bump github.com/aws/aws-sdk-go from 1.44.220 to 1.44.249
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.220 to 1.44.249.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.220...v1.44.249)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-25 12:42:13 +00:00
dependabot[bot]
c702264708 rebase: bump peter-evans/create-or-update-comment from 2 to 3
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 2 to 3.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v2...v3)

---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-25 11:34:17 +00:00
Rakshith R
4fb13b9328 build: update golang to 1.19.8
CephCSI may be vulnerable to
https://github.com/advisories/GHSA-8v5j-pwr7-w5f8.
Update golang to 1.19.8 since it contains
fixes for mentioned CVE.

Signed-off-by: Rakshith R <rar@redhat.com>
2023-04-25 10:19:33 +00:00
dependabot[bot]
08f32b8cf2 rebase: Bump sigs.k8s.io/controller-runtime from 0.14.4 to 0.14.6
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.14.4 to 0.14.6.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.4...v0.14.6)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-21 19:32:11 +00:00
dependabot[bot]
d8e6c37743 rebase: Bump google.golang.org/grpc from 1.53.0 to 1.54.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.53.0 to 1.54.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.53.0...v1.54.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-21 15:42:40 +00:00
riya-singhal31
304194a0c0 cleanup: migration of volrep to csi-addons
This commit moves the volrep logic from internal/rbd to
internal/csi-addons/rbd.

Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-04-21 13:05:20 +00:00
karthik-us
fb930243a8 doc: Correct few doc errors
Fixes the typos in deploy-cephfs and development-guide docs.

Signed-off-by: karthik-us <ksubrahm@redhat.com>
2023-04-21 10:56:26 +00:00
riya-singhal31
1bc090d975 ci: update github actions for k8s 1.27
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-04-21 08:18:33 +00:00
dependabot[bot]
57c5d09df5 rebase: Bump github.com/container-storage-interface/spec
Bumps [github.com/container-storage-interface/spec](https://github.com/container-storage-interface/spec) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/container-storage-interface/spec/releases)
- [Commits](https://github.com/container-storage-interface/spec/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/container-storage-interface/spec
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-21 07:51:25 +00:00
Madhu Rajanna
60248ce811 ci: remove kubernetes 1.23 from github action
Removed kubernetes 1.23 from github action
as 1.23 is not supported anymore.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-04-21 06:46:30 +00:00
dependabot[bot]
96d1754451 rebase: Bump golang.org/x/sys from 0.6.0 to 0.7.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-20 17:24:55 +00:00
karthik-us
ecbac2182b cleanup: fix the pre-commit-golang repo link
Initialization of pre-commit-golang environment is failing when
using the git://github.com/dnephin/pre-commit-golang repo link.
Changing it to https://github.com/dnephin/pre-commit-golang
fixed the issue.

Signed-off-by: karthik-us <ksubrahm@redhat.com>
Fixes: #3760
2023-04-20 15:38:12 +00:00
riya-singhal31
44612fe34c ci: fix shell check failures
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-04-20 15:24:35 +00:00
riya-singhal31
f12cd9c986 ci: fix codespell failure
Signed-off-by: riya-singhal31 <rsinghal@redhat.com>
2023-04-20 15:24:35 +00:00
dependabot[bot]
86a7acc2fb rebase: Bump github.com/onsi/gomega from 1.27.4 to 1.27.6
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.4 to 1.27.6.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.4...v1.27.6)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-20 10:50:12 +00:00
dependabot[bot]
7b44054a7e rebase: Bump github.com/IBM/keyprotect-go-client from 0.9.2 to 0.10.0
Bumps [github.com/IBM/keyprotect-go-client](https://github.com/IBM/keyprotect-go-client) from 0.9.2 to 0.10.0.
- [Release notes](https://github.com/IBM/keyprotect-go-client/releases)
- [Changelog](https://github.com/IBM/keyprotect-go-client/blob/master/CHANGELOG.md)
- [Commits](https://github.com/IBM/keyprotect-go-client/compare/v0.9.2...v0.10.0)

---
updated-dependencies:
- dependency-name: github.com/IBM/keyprotect-go-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-18 10:06:12 +02:00