When issues or bugs are reported, users often share the logs of the
default container in a Pod. These logs do not contain the required
information, as that mostly only can be found in the logs of the
Ceph-CSI container (named csi-cephfsplugin or csi-rbdplugin).
By moving the Ceph-CSI containers in the Pods to the 1st in the list,
they become the default container for commands like `kubectl logs`.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Sometimes the Ceph container images seem to have a broken scriptlet
while installing/updating Ceph packages. It is relatively common for
them to fail when `/etc/selinux/config` does not exist. By ensuring the
file directory and file exist (even if empty), the package installation
or upgrades succeed.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The image is now available in the release repository and can be fetched from
there instead of the staging repository.
Signed-off-by: Sebastian Hoß <seb@xn--ho-hia.de>
This commit makes use of crush location labels from node
labels to supply `crush_location` and `read_from_replica=localize`
options during mount. Using these options, cephfs
will be able to redirect reads to the closest OSD,
improving performance.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Implemented the capability to include kernel mount options and
fuse mount options for individual clusters within the ceph-csi-config
ConfigMap.This allows users to configure the kernel/fuse mount options
for each cluster separately. The mount options specified in the ConfigMap
will supersede those provided via command line arguments.
Signed-off-by: Praveen M <m.praveen@ibm.com>
This commit adds GetCephFSMountOptions util method which returns
KernelMountOptions and fuseMountOptions for cluster `clusterID`.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Ceph is minimizing their container-images, which can cause the
`nfs-utils` package to be dropped. As Ceph-CSI supports mounting NFS, it
needs the `/sbin/mount.nfs` executable, so install the package (or a
no-op if it is installed already).
See-also: https://rook-io.slack.com/archives/C46Q5UC05/p1699188662893109
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Implemented the capability to include read affinity options
for individual clusters within the ceph-csi-config ConfigMap.
This allows users to configure the crush location for each
cluster separately. The read affinity options specified in
the ConfigMap will supersede those provided via command line arguments.
Signed-off-by: Praveen M <m.praveen@ibm.com>
Some packages have dependencies on other repositories. On occasion these
repositories seem to be out-of-sync. In that case, install updates with
an older version, instead of erroring out.
Signed-off-by: Niels de Vos <ndevos@ibm.com>
The ceph-iscsi repository seems to provide broken metadata or packages.
Ceph-CSI does not need to install them, so disable the repository for
now.
It seems that other repositories gave issues before too, but these
repositories were disabled after installing all available updates. For
ceph-iscsi updating fails already, so disable the repositories before
updating.
Updates: #2034
Signed-off-by: Niels de Vos <ndevos@ibm.com>
Setting seLinuxMount:true in csidriver objects advertize
that the driver supports passing selinux label in mount
options.
refer: https://kubernetes.io/blog/2023/04/18/ \
kubernetes-1-27-efficient-selinux-relabeling-beta/
Signed-off-by: Rakshith R <rar@redhat.com>
Few common files related to deployments were kept
in the examples folder initially. Moving them to
deploy folder and updating the relevant files.
Signed-off-by: karthik-us <ksubrahm@redhat.com>
This will get updates released after the base image was built. This adds a layer
and increase the image size, but significantly reduce the number of CVEs in the
resultant image.
Signed-off-by: Gert van den Berg <github@mohag.net>
this commit update the packages and then do installation of the
packages in docker build process.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
this fsgrouppolicy setting was missing in api/deploy/* which
caused the yamlgen to not pickup this. this commit address the
same.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
deploy: remove beta storage group mention from csidriver yaml
the kubernetes version based enablement of storage api group
enablement is no longer requried and its already on v1 for
supported kubernetes versions.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Below sidecars are updated with this commit.
csi-provisioner: v3.3.0
csi-snapshotter: v6.1.0
This commit change the sidecar versions in build.env setup.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit change the default fsgroup policy for csi driver object
to "File" type which is the better/correct setting for the CSI volumes.
We have been using default value which is "ReadWriteOnceWithFSType".
with this change backward compatibility should be preserved.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
as PSP is deprecated in kubernetes 1.21
and will be removed in kubernetes 1.25
removing the existing PSP related templates
from the repo and updated the required documents.
fixes#1988
Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
NFS volume similar to CephFs volumes can support
fsGroupPolicy as File, now Kubernetes Kubernetes may
use fsGroup to change permissions and ownership of the
volume to match user requested fsGroup in the pod's
SecurityPolicy regardless of fstype or access mode.
Signed-off-by: Rakshith R <rar@redhat.com>
This commit makes modification to nfs daemonset to use
nfs nodeserver. `nfs.NetNamespaceFilePath` example is
added.
Signed-off-by: Rakshith R <rar@redhat.com>
This argument in csi-snapshotter sidecar allows us to receive
snapshot-name/snapshot-namespace/snapshotcontent-name metadata in the
CreateSnapshot() request.
For ex:
csi.storage.k8s.io/volumesnapshot/name
csi.storage.k8s.io/volumesnapshot/namespace
csi.storage.k8s.io/volumesnapshotcontent/name
This is a useful information which can be used depend on the use case we
have at our driver. The features like adding metadata to snapshot image
can consume this based on the need.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
At present we have single log level configuration for all the containers
running for our CSI pods, which has been defaulted to log Level 5.
However this cause many logs to be spitted in a cluster and cause log
spamming to an extent. This commit introduce one more log level control
for CSI pods called sidecarLogLevel which defaults to log Level 1.
The sidecar controllers like snapshotter, resizer, attacher..etc has
been configured with this new log level and driver pods are with old
configruation value.
This allow us to have different configuration options for sidecar
constrollers and driver pods.
With this, we will also have a choice of different configuation setting
instead of locking onto one variable for the containers deployed via CSI driver.
To summarize the CSI containers maintained by Ceph CSI driver has log
level 5 and controllers/sidecars not maintained by Ceph CSI driver has
log level 1 configuration.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
Cmd to disable apache arrow repo is removed, since
it is no longer needed.
Cmd to disable tcmu repo is added to make build pass.
refer: https://github.com/ceph/ceph-container/issues/2034
Signed-off-by: Rakshith R <rar@redhat.com>
This commit adds the update rbac rule to persistent
volume resource as the ci was failing with below error:
cannot update resource "persistentvolumes" in API group
"" at the cluster scope
Signed-off-by: Yati Padia <ypadia@redhat.com>
While creating subvolumes, CephFS driver set the mode to `777`
and pass it along to go ceph apis which cause the subvolume
permission to be on 777, however if we create a subvolume
directly in the ceph cluster, the default permission bits are
set which is 755 for the subvolume. This commit try to stick
to the default behaviour even while creating the subvolume.
This also means that we can work with fsgrouppolicy set to
`File` in csiDriver object which is also addressed in this commit.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
The sidecars in the NFS deployment has latest versions which is
also updated for RBD and CephFS drivers. This commit update
the versions in the NFS deployment too.
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
