Commit Graph

98 Commits

Author SHA1 Message Date
Antoine C
3e9b438e7c helm: add least privileges logic for secrets on ceph-csi-cephfs chart
this allows the encryption KMS config to be granted secret access with
a least privilges policy.

Signed-off-by: Antoine C <hi@acolombier.dev>
2024-11-18 15:28:23 +00:00
Antoine C
cc407d157e helm: support encryption config in ceph-csi-cephfs chart
this chart currently lack the ability to properly configure encryption,
as well as granting sufficent permission to allow controllers to access
secret when needed.

Signed-off-by: Antoine C <hi@acolombier.dev>
2024-11-18 15:28:23 +00:00
Praveen M
3bcf6afe30 helm: add example for cephFS radosnamespace
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-10-21 14:11:27 +00:00
Mike Vollman
d1c28fa57a helm: Support setting annotations for nodePlugin and provisioner
Adding annotation support to both the CephFS and RBD charts.  Support
setting the DaemonSet and Pod level annotations for the nodeplugin.
Support setting the Deployment and Pod level annotations for the
provisioner.

Signed-off-by: Mike Vollman <mike@reportallusa.com>
2024-10-15 11:35:56 +00:00
Nikhil-Ladha
dfd8550667 cephfs: expose csi metrics of sidecars
Expose csi metrics of sidecars deployed by cephfs driver

Signed-off-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
2024-10-10 15:11:20 +00:00
Robert Vasek
d250be4c39 helm: added logSlowOperationInterval value to cephfs and rbd charts
Signed-off-by: Robert Vasek <robert.vasek@clyso.com>
2024-09-20 08:55:17 +00:00
james-choncholas
3fbe7a8c77 helm: optionally set userID and userKey in cephfs chart
According to https://github.com/ceph/ceph-csi/issues/4467 the cephfs
static provisioner expect userID and userKey in the credential secret.
Add these values to the helm chart so that they are only included in the
templated yaml if the values are non-empty.

Signed-off-by: james-choncholas <jim@choncholas.com>
2024-08-28 15:29:15 +00:00
Andreas
7afddb41d6 deploy: support omap data store in radosnamespace via cli argument
Signed-off-by: Andreas <zerotens@users.noreply.github.com>
2024-07-30 07:13:48 +00:00
Praveen M
0e4d455e54 deploy: update CSI sidecar driver-registrar to v2.11.1
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-07-17 12:05:41 +00:00
Andreas
1f192ac3da helm: add cli argument instanceid
Signed-off-by: Andreas <zerotens@users.noreply.github.com>
2024-07-01 13:32:33 +00:00
Praveen M
5709b45b3a deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.10.1
csi-resizer: v1.11.1
csi-provisioner: v5.0.1
csi-attacher: v4.6.1
csi-snapshotter: v8.0.1

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-06-13 10:08:15 +00:00
1602077
ea42a0e873 deploy: configurable podSecurityContexts in ceph-csi-cephfs
pod-level security contexts for nodeplugin daemonset and provisioner
deployment can be set via helm values.yaml

Signed-off-by: 1602077 <62025739+1602077@users.noreply.github.com>
2024-06-10 14:29:48 +00:00
Praveen M
b095e0441a deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.10.1
csi-resizer: v1.10.1
csi-provisioner: v4.0.1
csi-attacher: v4.5.1
csi-snapshotter: v7.0.2

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-04-23 13:49:14 +00:00
Ruslan Khizhnyak
d56c9abbce helm: CSIDriver add labels and seLinuxMount disabling method
Signed-off-by: Ruslan Khizhnyak <rkhizhnyak@ptsecurity.com>
2024-03-21 10:07:23 +00:00
Madhu Rajanna
e6d913970b helm: template changes for cephfs volumegroupsnapshot
tempalate changes for cephfs volumegroupsnapshot
the default is set to false and user can set
the value to true to get the support for VGS.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-22 15:21:07 +00:00
Praveen M
fc6d34abaf deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.10.0
csi-resizer: v1.10.0
csi-provisioner: v4.0.0
csi-attacher: v4.5.0
csi-snapshotter: v7.0.0

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-02-10 14:37:34 +00:00
maximus13th
51decb097c cephfs: allow modify fsGroupPolicy for csidriver
allow to change value of fsGroupPolicy parameter for CSI Driver spec

Signed-off-by: maximus13th <maxym.pariy@gmail.com>
2024-01-08 11:11:39 +00:00
Riya Singhal
3cc47f37dc deploy: update csi sidecars to latest versions
Signed-off-by: Riya Singhal <rsinghal@redhat.com>
2024-01-04 12:24:46 +00:00
Sebastian Hoß
b25a02e0df deploy: use release repository for csi-resizer
The image is now available in the release repository and can be fetched from
there instead of the staging repository.

Signed-off-by: Sebastian Hoß <seb@xn--ho-hia.de>
2023-12-14 17:40:32 +00:00
Ruslan Khizhnyak
ec29ec1ac2 helm: add extraDeploy option
To deploy additional manifests with the release.

Signed-off-by: Ruslan Khizhnyak <mustdiechik@gmail.com>
2023-11-23 13:50:44 +00:00
Praveen M
7e26beb51e helm: add option to enable read affinity for CephFS
This commit adds --enable-read-affinity flag to
enable read affinity for CephFS.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-22 13:13:01 +00:00
Praveen M
afe3873947 deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.9.1
csi-resizer: v1.9.2
csi-provisioner: v3.6.2
csi-attacher: v4.4.2
csi-snapshotter: v6.3.2

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-20 11:42:52 +00:00
Ruslan Khizhnyak
802f22f0ae helm: add annotations secret manifest
To use mutating webhook to modify secrets.
For example banzaicloud vault webhook:
https://bank-vaults.dev/docs/mutating-webhook/annotations/

Signed-off-by: Ruslan Khizhnyak <mustdiechik@gmail.com>
2023-11-09 17:18:33 +00:00
Praveen M
cf577e39af deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.9.0
csi-resizer: v1.9.0
csi-provisioner: v3.6.0
csi-attacher: v4.4.0
csi-snapshotter: v6.3.0

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-09-20 08:20:38 +00:00
Madhu Rajanna
ff030f12e1 deploy: use resizer canary image
use resizer canary image to as it
might contain fix for pvc resize
with kubernetes 1.28

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2023-08-25 11:43:03 +00:00
Garen Fang
37018a2eef helm: add imagePullSecrets option
Currently the Helm chart does not contain a
imagePullSecrets option when you are using
private container registry, this is very inconvenient.
This PR add this option for both CephFS and RBD.

Signed-off-by: Garen Fang <fungaren@qq.com>
2023-06-16 04:37:03 +00:00
iPraveenParihar
40c1d32518 deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.8.0
csi-attacher: v4.3.0
csi-resizer: v1.8.0
csi-snapshotter: v6.2.2
csi-provisioner: v3.5.0

Signed-off-by: iPraveenParihar <praveenparihar68@gmail.com>
2023-06-01 19:06:53 +00:00
Domonkos Cinke
b7b491c097 deploy: add extraArgs for sidecars
Add the ability to control more arguments for CSI sidecar components.

Signed-off-by: Domonkos Cinke <seayou@gmail.com>
2023-01-05 15:58:48 +00:00
Humble Chirammal
31f0ac6e2d deploy: update node-driver-registrar to v2.6.2
This version has a fix for an important bug at kubelet
registration path.
https://github.com/kubernetes-csi/node-driver-registrar/pull/247

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-12-08 11:50:40 +00:00
Humble Chirammal
eff8a9b3be helm: fuse_set_user_groups need not be part of the config
this setting in ceph.conf is no longer required and this commit
remove it from the chart.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-11-11 16:41:24 +00:00
Humble Chirammal
6bba64c872 rebase: update node driver registar to latest version
v2.6.0 is the latest version of the same and this commit
update it.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-11-03 14:31:26 +00:00
BOSSER, Bastien
dea07aa184 deploy: add commonLabels value
Signed-off-by: BOSSER, Bastien <bastien.bosser@atos.net>
2022-11-02 11:28:18 +00:00
Humble Chirammal
d1acae7209 deploy: update sidecars to latest versions available
Below sidecars are updated with this commit.

csi-provisioner: v3.3.0
csi-snapshotter: v6.1.0

This commit change the sidecar versions in build.env setup.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-09-29 10:24:26 +00:00
Humble Chirammal
5fa606b14d deploy: update resizer to v1.6.0 version
This commit make deployment changes to consume v1.6.0
version of the resizer controller.

Reference:
https://github.com/kubernetes-csi/external-resizer/releases/tag/v1.6.0

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-09-20 10:32:28 +00:00
Madhu Rajanna
96a3aabe5a deploy: remove psp from cephcsi
as PSP is deprecated in kubernetes 1.21
and will be removed in kubernetes 1.25
removing the existing PSP related templates
from the repo and updated the required documents.

fixes #1988

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-08-23 07:53:46 +00:00
Prasanna Kumar Kalever
c0a566b5ed deploy: add setmetadata=true in the templates
setmetadata on the volume by default, otherwise e2e will fail

Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
2022-08-01 07:15:29 +00:00
Humble Chirammal
76ddf8e306 deploy: introduce new log level for sidecar controllers
At present we have single log level configuration for all the containers
running for our CSI pods, which has been defaulted to log Level 5.
However this cause many logs to be spitted in a cluster and cause log
spamming to an extent. This commit introduce one more log level control
for CSI pods called sidecarLogLevel which defaults to log Level 1.

The sidecar controllers like snapshotter, resizer, attacher..etc has
been configured with this new log level and driver pods are with old
configruation value.

This allow us to have different configuration options for sidecar
constrollers and driver pods.

With this, we will also have a choice of different configuation setting
instead of locking onto one variable for the containers deployed via CSI driver.

To summarize the CSI containers maintained by Ceph CSI driver has log
level 5 and controllers/sidecars not maintained by Ceph CSI driver has
log level 1 configuration.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-07-28 08:31:37 +00:00
Prasanna Kumar Kalever
cc9e8aa7b6 deploy: add cluster name in the templates
added in helm charts which should help users.

Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
2022-07-28 04:07:52 +00:00
Yati Padia
776821f17f deploy: update csi-provisioner to latest version
This commits updates csi-provisioner sidecar to
latest version i.e., v3.2.0.

fixes: #3184

Signed-off-by: Yati Padia <ypadia@redhat.com>
2022-07-19 14:42:21 +00:00
takeaki-matsumoto
1025871021 cephfs: Support mount option on nodeplugin
add mount options on nodeplugin side

Signed-off-by: takeaki-matsumoto <takeaki.matsumoto@linecorp.com>
2022-07-18 22:04:12 +00:00
Carsten Buchberger
b262f06c33 helm: enable host networking for provisioner
Adds the possibility in the helm-chart to enable hostNetworking
for provider pods.

Signed-off-by: Carsten Buchberger <c.buchberger@witcom.de>
2022-07-04 15:14:59 +00:00
Humble Chirammal
fa0da71ce2 deploy: update external resizer to v1.5.0
Refer#
https://github.com/kubernetes-csi/external-resizer/releases/tag/v1.5.0

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-06-21 07:43:15 +00:00
Humble Chirammal
c0fa88435f deploy: remove external-attacher sidecar from cephfs deployment
CephFS CSI driver dont need attacher sidecar for its operations.
This commit remove the same. The RBAC has also got adjusted.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-06-06 12:25:11 +00:00
Humble Chirammal
f558f4d1a6 helm: update external-snapshotter to v6.0.1
The extenal snapshotter has a new version which address some of the
issues in v6.0.0.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-05-31 15:37:14 +00:00
Madhu Rajanna
80eb7d3fd0 helm: update snapshotter to v6
As snapshotter v6.0.0 is released updating
snapshot to v6.0.0

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-05-31 07:23:49 +00:00
Humble Chirammal
85ed268530 helm: updated node driver registrar to latest version
the helm chart template value has been updated to latest
version of node driver registrar container.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-05-25 07:27:03 +00:00
Humble Chirammal
29870cdbcc helm: remove topology RBAC section for cephfs deployment
At present CephFS does not support topology aware provisioning and this
commit remove the same.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-05-23 10:57:56 +00:00
Humble Chirammal
1ced736447 cephfs: change the image registry for sidecars
This commit change the image registry URL for sidecars in the
CephFS deployment from `k8s.gcr.io` to `registry.k8s.io` as
the migration is happening from former to the latter.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
2022-04-20 10:05:13 +00:00
Madhu Rajanna
d2bc9743f7 cephfs: add netNamespaceFilePath for CephFS
as same host directory is not shared between
the cephfs and the rbd plugin pod. we need
to keep the netNamespaceFilePath separately
for both cephfs and rbd. CephFS plugin will
use this path to execute mount -t commands.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-04-19 12:28:46 +00:00
Madhu Rajanna
7b2aef0d81 util: add support for the nsenter
add support to run rbd map and mount -t
commands with the nsenter.

complete design of pod/multus network
is added here https://github.com/rook/rook/
blob/master/design/ceph/multus-network.md#csi-pods

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2022-04-08 10:23:21 +00:00