Commit Graph

246 Commits

Author SHA1 Message Date
Antoine C
3e9b438e7c helm: add least privileges logic for secrets on ceph-csi-cephfs chart
this allows the encryption KMS config to be granted secret access with
a least privilges policy.

Signed-off-by: Antoine C <hi@acolombier.dev>
2024-11-18 15:28:23 +00:00
Antoine C
cc407d157e helm: support encryption config in ceph-csi-cephfs chart
this chart currently lack the ability to properly configure encryption,
as well as granting sufficent permission to allow controllers to access
secret when needed.

Signed-off-by: Antoine C <hi@acolombier.dev>
2024-11-18 15:28:23 +00:00
尤理衡 (Li-Heng Yu)
dc4ca2015e doc: fixed broken doc links
The deploy link in the README is broken.
Fixed more broken links requested by iPraveenParihar in #4958

Signed-off-by: 尤理衡 (Li-Heng Yu) <007seadog@gmail.com>
2024-11-18 09:36:41 +00:00
Praveen M
3bcf6afe30 helm: add example for cephFS radosnamespace
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-10-21 14:11:27 +00:00
Mike Vollman
d1c28fa57a helm: Support setting annotations for nodePlugin and provisioner
Adding annotation support to both the CephFS and RBD charts.  Support
setting the DaemonSet and Pod level annotations for the nodeplugin.
Support setting the Deployment and Pod level annotations for the
provisioner.

Signed-off-by: Mike Vollman <mike@reportallusa.com>
2024-10-15 11:35:56 +00:00
Nikhil-Ladha
209240de91 rbd: expose csi metrics of sidecars
Expose csi metrics of sidecars deployed by rbd driver

Signed-off-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
2024-10-10 15:11:20 +00:00
Nikhil-Ladha
dfd8550667 cephfs: expose csi metrics of sidecars
Expose csi metrics of sidecars deployed by cephfs driver

Signed-off-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
2024-10-10 15:11:20 +00:00
Robert Vasek
d250be4c39 helm: added logSlowOperationInterval value to cephfs and rbd charts
Signed-off-by: Robert Vasek <robert.vasek@clyso.com>
2024-09-20 08:55:17 +00:00
Madhu Rajanna
88ce2c625b helm: remove kube version check
kubernetes 1.25 is EOL and we dont
support it in cephcsi anymore, Removing
the checks for the same.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-09-02 13:57:11 +00:00
james-choncholas
3fbe7a8c77 helm: optionally set userID and userKey in cephfs chart
According to https://github.com/ceph/ceph-csi/issues/4467 the cephfs
static provisioner expect userID and userKey in the credential secret.
Add these values to the helm chart so that they are only included in the
templated yaml if the values are non-empty.

Signed-off-by: james-choncholas <jim@choncholas.com>
2024-08-28 15:29:15 +00:00
Dmytro Alieksieiev
601c40b1d8 helm: Always add nodes read permissions to provisioner ClusterRole
Signed-off-by: Dmytro Alieksieiev <1865999+dragoangel@users.noreply.github.com>
2024-08-27 09:16:31 +00:00
Praveen M
9181d20d33 helm: add immediate-topology flag to external-provisioner
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-08-21 13:39:53 +00:00
Mark Glines
2c0e65b828 helm: don't specify default topology domainlabels in rbd chart
Remove the bad default, add commented-out standard labels as a suggestion.

Fixes: #4775
Signed-off-by: Mark Glines <mark@glines.org>
2024-08-19 10:23:06 +00:00
Niraj Yadav
0092a47586 doc: Remove podSecurityPolicy from helm docs
Fixes: #4714

Signed-off-by: Niraj Yadav <niryadav@redhat.com>
2024-08-05 09:53:42 +00:00
Andreas
7afddb41d6 deploy: support omap data store in radosnamespace via cli argument
Signed-off-by: Andreas <zerotens@users.noreply.github.com>
2024-07-30 07:13:48 +00:00
Madhu Rajanna
8083a966b6 helm: fix typo in document
fix typo in document for helm values.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-07-18 05:23:32 +00:00
Praveen M
0e4d455e54 deploy: update CSI sidecar driver-registrar to v2.11.1
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-07-17 12:05:41 +00:00
Andreas
1f192ac3da helm: add cli argument instanceid
Signed-off-by: Andreas <zerotens@users.noreply.github.com>
2024-07-01 13:32:33 +00:00
Praveen M
97b847fd6a helm: remove feature gate topology
This commit removes the Topology feature gate as it is now enabled
by default and will be removed in a future release.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-06-13 10:08:15 +00:00
Praveen M
5709b45b3a deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.10.1
csi-resizer: v1.11.1
csi-provisioner: v5.0.1
csi-attacher: v4.6.1
csi-snapshotter: v8.0.1

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-06-13 10:08:15 +00:00
1602077
6b21263efd deploy: configurable podSecurityContexts in ceph-csi-rbd
Signed-off-by: 1602077 <62025739+1602077@users.noreply.github.com>
2024-06-11 04:54:07 +00:00
1602077
ea42a0e873 deploy: configurable podSecurityContexts in ceph-csi-cephfs
pod-level security contexts for nodeplugin daemonset and provisioner
deployment can be set via helm values.yaml

Signed-off-by: 1602077 <62025739+1602077@users.noreply.github.com>
2024-06-10 14:29:48 +00:00
Praveen M
b095e0441a deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.10.1
csi-resizer: v1.10.1
csi-provisioner: v4.0.1
csi-attacher: v4.5.1
csi-snapshotter: v7.0.2

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-04-23 13:49:14 +00:00
Madhu Rajanna
4c2d2caf9f util: add support to configure mirror daemon count
Currently we are assuming that only one
rbd mirror daemon running on the ceph cluster
but that is not true for many cases and it
can be more that one, this PR make this as a
configurable parameter.

fixes: #4312

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-04-22 09:49:59 +00:00
Praveen M
3c8ea475ec doc: csi driver object options
Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-04-01 09:27:01 +00:00
Praveen M
33a888f9ec helm: fix seLinuxMount option for csi driver
This commit fixes the typo from `.Values.seLinuxMount` to
`.Values.CSIDriver.seLinuxMount` used in helm charts.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-29 10:46:18 +00:00
parth-gr
063319f6e5 rbd: make pool optional in rbd sc if topologyconstraints are present
if rbd storage class is created with topologyconstraintspools
replicated pool was still mandatory, making the pool optional if the
topologyconstraintspools is requested

Closes: https://github.com/ceph/ceph-csi/issues/4380

Signed-off-by: parth-gr <partharora1010@gmail.com>
2024-03-22 13:15:50 +00:00
NymanRobin
5224d58c13 cephfs: add support for encryption in ceph-csi-cephfs chart
the chart currently lacks access to configmap and secrets
this causes the mounting of encrypted file systems to fail

Signed-off-by: NymanRobin <nyman.robin@gmail.com>
2024-03-21 14:58:33 +00:00
Ruslan Khizhnyak
d56c9abbce helm: CSIDriver add labels and seLinuxMount disabling method
Signed-off-by: Ruslan Khizhnyak <rkhizhnyak@ptsecurity.com>
2024-03-21 10:07:23 +00:00
Praveen M
b9543d3fd3 helm: update template for rbd volumegroupsnapshot
This commit updates template for rbd VolumeGroupSnapshot.
The value is set to false by default.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-03-18 17:00:45 +00:00
Dmytro Alieksieiev
fcaac58a1e helm: Include seLinuxMount only if KubeVersion greater or equal of 1.25
Signed-off-by: Dmytro Alieksieiev <1865999+dragoangel@users.noreply.github.com>
2024-03-13 07:40:19 +00:00
Madhu Rajanna
e6d913970b helm: template changes for cephfs volumegroupsnapshot
tempalate changes for cephfs volumegroupsnapshot
the default is set to false and user can set
the value to true to get the support for VGS.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-02-22 15:21:07 +00:00
Niels de Vos
c9e64f9478 deploy: make the csi-*plugin containers the default for kubectl commands
When issues or bugs are reported, users often share the logs of the
default container in a Pod. These logs do not contain the required
information, as that mostly only can be found in the logs of the
Ceph-CSI container (named csi-cephfsplugin or csi-rbdplugin).

By moving the Ceph-CSI containers in the Pods to the 1st in the list,
they become the default container for commands like `kubectl logs`.

Signed-off-by: Niels de Vos <ndevos@ibm.com>
2024-02-14 16:23:52 +00:00
Praveen M
fc6d34abaf deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.10.0
csi-resizer: v1.10.0
csi-provisioner: v4.0.0
csi-attacher: v4.5.0
csi-snapshotter: v7.0.0

Signed-off-by: Praveen M <m.praveen@ibm.com>
2024-02-10 14:37:34 +00:00
maximus13th
51decb097c cephfs: allow modify fsGroupPolicy for csidriver
allow to change value of fsGroupPolicy parameter for CSI Driver spec

Signed-off-by: maximus13th <maxym.pariy@gmail.com>
2024-01-08 11:11:39 +00:00
Riya Singhal
3cc47f37dc deploy: update csi sidecars to latest versions
Signed-off-by: Riya Singhal <rsinghal@redhat.com>
2024-01-04 12:24:46 +00:00
Sebastian Hoß
017dddcbfc helm: align seLinuxMount option w/ deploy folder
Signed-off-by: Sebastian Hoß <seb@xn--ho-hia.de>
2024-01-03 18:48:13 +00:00
Sebastian Hoß
b25a02e0df deploy: use release repository for csi-resizer
The image is now available in the release repository and can be fetched from
there instead of the staging repository.

Signed-off-by: Sebastian Hoß <seb@xn--ho-hia.de>
2023-12-14 17:40:32 +00:00
Jan Nemcik
1fb6d8f891 helm: update node plugin cluster role
added permission to get nodes for rbd and cephfs nodeplugin daemonset

Signed-off-by: Jan Nemcik <jan.nemcik@solargis.com>
2023-12-11 10:59:50 +00:00
Praveen M
2309168943 helm: add default false value for --enable-read-affinity
Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-12-06 18:18:21 +00:00
Ruslan Khizhnyak
ec29ec1ac2 helm: add extraDeploy option
To deploy additional manifests with the release.

Signed-off-by: Ruslan Khizhnyak <mustdiechik@gmail.com>
2023-11-23 13:50:44 +00:00
Praveen M
00c12b396f doc: add documentation for read affinity
This commit adds documentation about read affinity supported
for CephFS subvolumes.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-22 13:13:01 +00:00
Praveen M
7e26beb51e helm: add option to enable read affinity for CephFS
This commit adds --enable-read-affinity flag to
enable read affinity for CephFS.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-22 13:13:01 +00:00
Praveen M
afe3873947 deploy: update CSI sidecars to latest versions available
Below sidecars are updated with latest available versions

csi-node-driver-registrar: v2.9.1
csi-resizer: v1.9.2
csi-provisioner: v3.6.2
csi-attacher: v4.4.2
csi-snapshotter: v6.3.2

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-20 11:42:52 +00:00
Ruslan Khizhnyak
802f22f0ae helm: add annotations secret manifest
To use mutating webhook to modify secrets.
For example banzaicloud vault webhook:
https://bank-vaults.dev/docs/mutating-webhook/annotations/

Signed-off-by: Ruslan Khizhnyak <mustdiechik@gmail.com>
2023-11-09 17:18:33 +00:00
Domonkos Cinke
d0fea3baed deploy: allow mkfsOptions
Signed-off-by: Domonkos Cinke <seayou@gmail.com>
2023-11-09 15:16:28 +00:00
KJ
0a53b0d9ba helm: Allow templating of RBD striping parameters
Allow templating of stripeUnit, stripeCount and objectSize
storageClass parameters in ceph-csi-rbd chart

Signed-off-by: Kingsley Jarrett <kj@kingj.net>
2023-11-09 09:58:39 +00:00
Praveen M
c4e373c72f deploy: support for read affinity options per cluster
Implemented the capability to include read affinity options
for individual clusters within the ceph-csi-config ConfigMap.
This allows users to configure the crush location for each
cluster separately. The read affinity options specified in
the ConfigMap will supersede those provided via command line arguments.

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-11-08 21:17:00 +00:00
Praveen M
6719d6497f e2e: added test to verify read affinity functionality
e2e test case is added to test if read affinity is enabled by
verifying read_from_replica=localize option is passed

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-09-26 07:02:21 +00:00
Praveen M
1b20fec20d helm: add option to enable read affinity for rbd
This commit adds --enable-read-affinity flag to
enable read affinity for rbd

Signed-off-by: Praveen M <m.praveen@ibm.com>
2023-09-26 07:02:21 +00:00