b866bd491c
The new `vaultAuthNamespace` configuration parameter can be set to the
Vault Namespace where the authentication is setup in the service. Some
Hashicorp Vault deployments use sub-namespaces for their users/tenants,
with a 'root' namespace where the authentication is configured. This
requires passing of different Vault namespaces for different operations.
Example:
- the Kubernetes Auth mechanism is configured for in the Vault
Namespace called 'devops'
- a user/tenant has a sub-namespace called 'devops/website' where the
encryption passphrases can be placed in the key-value store
The configuration for this, then looks like:
vaultAuthNamespace: devops
vaultNamespace: devops/homepage
Note that Vault Namespaces are a feature of the Hashicorp Vault
Enterprise product, and not part of the Open Source version. This
prevents adding e2e tests that validate the Vault Namespace
configuration.
Signed-off-by: Niels de Vos <ndevos@redhat.com>
(cherry picked from commit
|
||
|---|---|---|
| .github | ||
| assets | ||
| charts | ||
| cmd | ||
| deploy | ||
| docs | ||
| e2e | ||
| examples | ||
| internal | ||
| scripts | ||
| troubleshooting/tools | ||
| vendor | ||
| .commitlintrc.yml | ||
| .gitignore | ||
| .mergify.yml | ||
| .pre-commit-config.yaml | ||
| build.env | ||
| deploy.sh | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
Ceph CSI
This repo contains Ceph Container Storage Interface (CSI) driver for RBD, CephFS and kubernetes sidecar deployment yamls of provisioner, attacher, resizer, driver-registrar and snapshotter for supporting CSI functionalities.
Overview
Ceph CSI plugins implement an interface between CSI enabled Container Orchestrator (CO) and Ceph cluster. It allows dynamically provisioning Ceph volumes and attaching them to workloads.
Independent CSI plugins are provided to support RBD and CephFS backed volumes,
- For details about configuration and deployment of RBD plugin, please refer rbd doc and for CephFS plugin configuration and deployment please refer cephfs doc.
- For example usage of RBD and CephFS CSI plugins, see examples in
examples/. - Stale resource cleanup, please refer cleanup doc.
NOTE:
- Ceph CSI
Arm64support is experimental.
Project status
Status: GA
Supported CO platforms
Ceph CSI drivers are currently developed and tested exclusively on Kubernetes environments. There is work in progress to make this CO independent and thus support other orchestration environments in the future.
NOTE:
csiv0.3is deprecated with release ofcsi v1.1.0
Support Matrix
Ceph-CSI features and available versions
Please refer rbd nbd mounter for its support details.
| Plugin | Features | Feature Status | CSI Driver Version | CSI Spec Version | Ceph Cluster Version | Kubernetes Version |
|---|---|---|---|---|---|---|
| RBD | Dynamically provision, de-provision Block mode RWO volume | GA | >= v1.0.0 | >= v1.0.0 | Nautilus (>=14.0.0) | >= v1.14.0 |
| Dynamically provision, de-provision Block mode RWX volume | GA | >= v1.0.0 | >= v1.0.0 | Nautilus (>=14.0.0) | >= v1.14.0 | |
| Dynamically provision, de-provision File mode RWO volume | GA | >= v1.0.0 | >= v1.0.0 | Nautilus (>=14.0.0) | >= v1.14.0 | |
| Provision File Mode ROX volume from snapshot | Alpha | >= v3.0.0 | >= v1.0.0 | Nautilus (>=v14.2.2) | >= v1.17.0 | |
| Provision File Mode ROX volume from another volume | Alpha | >= v3.0.0 | >= v1.0.0 | Nautilus (>=v14.2.2) | >= v1.16.0 | |
| Provision Block Mode ROX volume from snapshot | Alpha | >= v3.0.0 | >= v1.0.0 | Nautilus (>=v14.2.2) | >= v1.17.0 | |
| Provision Block Mode ROX volume from another volume | Alpha | >= v3.0.0 | >= v1.0.0 | Nautilus (>=v14.2.2) | >= v1.16.0 | |
| Creating and deleting snapshot | Beta | >= v1.0.0 | >= v1.0.0 | Nautilus (>=14.0.0) | >= v1.17.0 | |
| Provision volume from snapshot | Beta | >= v1.0.0 | >= v1.0.0 | Nautilus (>=14.0.0) | >= v1.17.0 | |
| Provision volume from another volume | Beta | >= v1.0.0 | >= v1.0.0 | Nautilus (>=14.0.0) | >= v1.16.0 | |
| Expand volume | Beta | >= v2.0.0 | >= v1.1.0 | Nautilus (>=14.0.0) | >= v1.15.0 | |
| Volume/PV Metrics of File Mode Volume | Beta | >= v1.2.0 | >= v1.1.0 | Nautilus (>=14.0.0) | >= v1.15.0 | |
| Volume/PV Metrics of Block Mode Volume | Beta | >= v1.2.0 | >= v1.1.0 | Nautilus (>=14.0.0) | >= v1.21.0 | |
| Topology Aware Provisioning Support | Alpha | >= v2.1.0 | >= v1.1.0 | Nautilus (>=14.0.0) | >= v1.14.0 | |
| CephFS | Dynamically provision, de-provision File mode RWO volume | Beta | >= v1.1.0 | >= v1.0.0 | Nautilus (>=14.2.2) | >= v1.14.0 |
| Dynamically provision, de-provision File mode RWX volume | Beta | >= v1.1.0 | >= v1.0.0 | Nautilus (>=v14.2.2) | >= v1.14.0 | |
| Dynamically provision, de-provision File mode ROX volume | Alpha | >= v3.0.0 | >= v1.0.0 | Nautilus (>=v14.2.2) | >= v1.14.0 | |
| Creating and deleting snapshot | Beta | >= v3.1.0 | >= v1.0.0 | Octopus (>=v15.2.3) | >= v1.17.0 | |
| Provision volume from snapshot | Beta | >= v3.1.0 | >= v1.0.0 | Octopus (>=v15.2.3) | >= v1.17.0 | |
| Provision volume from another volume | Beta | >= v3.1.0 | >= v1.0.0 | Octopus (>=v15.2.3) | >= v1.16.0 | |
| Expand volume | Beta | >= v2.0.0 | >= v1.1.0 | Nautilus (>=v14.2.2) | >= v1.15.0 | |
| Volume/PV Metrics of File Mode Volume | Beta | >= v1.2.0 | >= v1.1.0 | Nautilus (>=v14.2.2) | >= v1.15.0 |
NOTE: The Alpha status reflects possible non-backward
compatible changes in the future, and is thus not recommended
for production use.
CSI spec and Kubernetes version compatibility
Please refer to the matrix in the Kubernetes documentation.
Ceph CSI Container images and release compatibility
| Ceph CSI Release/Branch | Container image name | Image Tag |
|---|---|---|
| devel (Branch) | quay.io/cephcsi/cephcsi | canary |
| v3.3.1 (Release) | quay.io/cephcsi/cephcsi | v3.3.1 |
| v3.3.0 (Release) | quay.io/cephcsi/cephcsi | v3.3.0 |
| v3.2.2 (Release) | quay.io/cephcsi/cephcsi | v3.2.2 |
| v3.2.1 (Release) | quay.io/cephcsi/cephcsi | v3.2.1 |
| v3.2.0 (Release) | quay.io/cephcsi/cephcsi | v3.2.0 |
| v3.1.2 (Release) | quay.io/cephcsi/cephcsi | v3.1.2 |
| v3.1.1 (Release) | quay.io/cephcsi/cephcsi | v3.1.1 |
| v3.1.0 (Release) | quay.io/cephcsi/cephcsi | v3.1.0 |
| v3.0.0 (Release) | quay.io/cephcsi/cephcsi | v3.0.0 |
| v2.1.2 (Release) | quay.io/cephcsi/cephcsi | v2.1.2 |
| v2.1.1 (Release) | quay.io/cephcsi/cephcsi | v2.1.1 |
| v2.1.0 (Release) | quay.io/cephcsi/cephcsi | v2.1.0 |
| v2.0.1 (Release) | quay.io/cephcsi/cephcsi | v2.0.1 |
| v2.0.0 (Release) | quay.io/cephcsi/cephcsi | v2.0.0 |
| v1.2.2 (Release) | quay.io/cephcsi/cephcsi | v1.2.2 |
| v1.2.1 (Release) | quay.io/cephcsi/cephcsi | v1.2.1 |
| v1.2.0 (Release) | quay.io/cephcsi/cephcsi | v1.2.0 |
| v1.1.0 (Release) | quay.io/cephcsi/cephcsi | v1.1.0 |
| v1.0.0 (Branch) | quay.io/cephcsi/cephfsplugin | v1.0.0 |
| v1.0.0 (Branch) | quay.io/cephcsi/rbdplugin | v1.0.0 |
Contributing to this repo
Please follow development-guide and coding style guidelines if you are interested to contribute to this repo.
Troubleshooting
Please submit an issue at: Issues
Weekly Bug Triage call
We conduct weekly bug triage calls at our slack channel on Tuesdays. More details are available here
Dev standup
A regular dev standup takes place every other Monday,Tuesday,Thursday at
12:00 PM UTC. Convert to your local
timezone by executing command date -d "12:00 UTC" on terminal
Any changes to the meeting schedule will be added to the agenda doc.
Anyone who wants to discuss the direction of the project, design and implementation reviews, or general questions with the broader community is welcome and encouraged to join.
- Meeting link: https://redhat.bluejeans.com/702977652
- Current agenda
Contact
Please use the following to reach members of the community:
- Slack: Join our slack channel to discuss about anything related to this project. You can join the slack by this invite link
- Forums: ceph-csi
- Twitter: @CephCsi