Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Syncing latest changes from master for rook #531

Merged
merged 48 commits into from
Oct 30, 2023
Merged

Conversation

df-build-team
Copy link

PR containing the latest commits from master branch

BlaineEXE and others added 30 commits October 11, 2023 16:42
There are 2 cases of randomly generated secrets copied into Rook's unit
test code that have been flagged by Gitleaks. Add a comment to both
cases to help the tool understand that these aren't real production
secrets -- just unit test stand-ins.

Signed-off-by: Blaine Gardner <[email protected]>
test: mark unit test secrets as not secret
rook#11845 added dynamic label `mgr_role`.
The example yaml files are updated but this doc is missed.

I think it would be better to refer to `deploy/examples` but I find all
other places are not doing that. So keep it inlined to be consistent.

Signed-off-by: Bin Wang <[email protected]>
Bumps the github-dependencies group with 3 updates: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go), [github.com/ceph/go-ceph](https://github.com/ceph/go-ceph) and [github.com/google/go-cmp](https://github.com/google/go-cmp).


Updates `github.com/aws/aws-sdk-go` from 1.45.24 to 1.45.25
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](aws/aws-sdk-go@v1.45.24...v1.45.25)

Updates `github.com/ceph/go-ceph` from 0.23.0 to 0.24.0
- [Release notes](https://github.com/ceph/go-ceph/releases)
- [Changelog](https://github.com/ceph/go-ceph/blob/master/docs/release-process.md)
- [Commits](ceph/go-ceph@v0.23.0...v0.24.0)

Updates `github.com/google/go-cmp` from 0.5.9 to 0.6.0
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](google/go-cmp@v0.5.9...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-dependencies
- dependency-name: github.com/ceph/go-ceph
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
…dependencies-1878a07e91

build(deps): bump the github-dependencies group with 3 updates
doc: fix document about viewing dashboard outside of cluster
As seen in rook#1988, it's a common
mistake to configure rook nodes with names that don't match Kubernetes's
node label. This PR prints more detailed message to help debugging
problem.

Signed-off-by: Bin Wang <[email protected]>

Add break according to review comment

Co-authored-by: Travis Nielsen <[email protected]>

Update log message according to review comment

Co-authored-by: Travis Nielsen <[email protected]>
osd: print warning message if no matching node found for osd
migrate to using mkdocs-material's material.extensions.emoji.twemoji
and material.extensions.emoji.to_svg in place of the respective
materialx.emoji.twemoji and materialx.emoji.to_svg. Also, this requires
latest version of mkdocs-material.

Signed-off-by: subhamkrai <[email protected]>
docs: adding specific instructions to upgrade Rook toolbox
This reverts commit fab23d3.
The mgr requires rw access for the cron job that collects
the crashes.

Signed-off-by: Travis Nielsen <[email protected]>
Bumps the k8s-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.28.2` | `0.28.3` |
| [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.28.2` | `0.28.3` |
| [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.28.2` | `0.28.3` |
| [k8s.io/cloud-provider](https://github.com/kubernetes/cloud-provider) | `0.28.2` | `0.28.3` |
| [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.16.2` | `0.16.3` |


Updates `k8s.io/api` from 0.28.2 to 0.28.3
- [Commits](kubernetes/api@v0.28.2...v0.28.3)

Updates `k8s.io/apiextensions-apiserver` from 0.28.2 to 0.28.3
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.28.2...v0.28.3)

Updates `k8s.io/cli-runtime` from 0.28.2 to 0.28.3
- [Commits](kubernetes/cli-runtime@v0.28.2...v0.28.3)

Updates `k8s.io/cloud-provider` from 0.28.2 to 0.28.3
- [Commits](kubernetes/cloud-provider@v0.28.2...v0.28.3)

Updates `sigs.k8s.io/controller-runtime` from 0.16.2 to 0.16.3
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.16.2...v0.16.3)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
- dependency-name: k8s.io/cli-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
- dependency-name: k8s.io/cloud-provider
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: k8s-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps the github-dependencies group with 1 update: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go).

- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](aws/aws-sdk-go@v1.45.25...v1.46.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
…endencies-12c32a9cf1

build(deps): bump the k8s-dependencies group with 5 updates
…dependencies-1e6a735343

build(deps): bump the github-dependencies group with 1 update
Sometimes the pool is not enabled and the ceph cluster
shows health warning, so automatically initalize the pool
from the script

Signed-off-by: parth-gr <[email protected]>
external: automatically init the rbd pool
core: Crash collector keyring requires rw access for the mgr profile
if the monitoring endpoint is not present
we were not returning any error, but the
field is the mandatory output, so return error if not found

Signed-off-by: parth-gr <[email protected]>
To make it easier for the user to switch to a namespace other than the
default 'rook-ceph', the tag '# namespace:cluster' must be inserted in
all the places where this namespace is used. This way, a simple 'sed'
command can update all the Yaml files to the new namespace.

Signed-off-by: Redouane Kachach <[email protected]>
When a user attempts to adhere to the current documentation to use alternative
namespaces for both the operator and the cluster, they fail because
our common YAML file only has a single namespace for the cluster. This
change adds specific instructions to create operator namespace.

Closes: rook#13079

Signed-off-by: Redouane Kachach <[email protected]>
namespace: adding a dedicated entry for operator namespace in common
Update some old typos that say "synk" instead of "snyk".
out of sync. This should fix the top-level README.md to use the latest
snyk security scan badge -- as opposed to only referring to the last one
that used the misspelled file from about a month ago.

Signed-off-by: Blaine Gardner <[email protected]>
namespace: adding namespace to all rook-ceph namespaces references
Update the snyk ignores related to Vault MPL-2.0 licenses.

Signed-off-by: Blaine Gardner <[email protected]>
security: update snyk ignores for MPL-2.0
docs: update "synk" -> "snyk" spelling
BlaineEXE and others added 18 commits October 24, 2023 11:47
govulncheck is a static code analyzer that scans more deeply than Snyk.
Additionally, because govulncheck checks the code itself, it can rule
out vulnerabilities that are present in dependencies but that are not
used in Rook's code path.

Signed-off-by: Blaine Gardner <[email protected]>
Automatic PR from app.stepsecurity.io (initiated by BlaineEXE) to limit 
permissions in github actions to only those needed.

Signed-off-by: StepSecurity Bot <[email protected]>
test: add govulncheck to look for go vulnerabilities
…ediation_1698170726

ci: Harden GitHub Actions permissions
lvm packages should be required if `osdPerDevice` is set
to greater than 1.

Signed-off-by: sp98 <[email protected]>
Let's use the same technique based on 'sed' while employing two
different namespaces for the cluster and the operator when creating
the second cluster.

Signed-off-by: Redouane Kachach <[email protected]>
external: fix monitoring endpoint check
docs: unifying namespaces handling for the second cluster creation
mac build ci is failing during csv gen
when trying to move files to some folder.
Skipping csv gen for mac since it is not required.

Signed-off-by: subhamkrai <[email protected]>
It's convenient to visualize the supported OSD configurations.
In addition, remove the reference to the common issue section
about OSD on LV-backed PVC because this issue doesn't happen anymore
for new OSDs.

Closes: rook#10859

Signed-off-by: Satoru Takeuchi <[email protected]>
…pported-osd-configuration

doc: add the table to know supported osd configuration
manifests: fix rook-ceph-mgr-system role and namespace
when creating networkFence, rbd command was loading
admin config and hence running rbd command use client.admin
in case of external cluster also. With this commit instead
of client.admin user it will use what is being passed to
config.

Signed-off-by: subhamkrai <[email protected]>
pool: rbd cmd shouldn't use admin in external mode
@travisn
Copy link

travisn commented Oct 30, 2023

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 30, 2023
@openshift-ci
Copy link

openshift-ci bot commented Oct 30, 2023

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: df-build-team, travisn

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@travisn travisn merged commit 742172b into release-4.15 Oct 30, 2023
43 of 48 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.