Syncing latest changes from master for rook #765
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Praveen M <[email protected]>
Signed-off-by: Praveen M <[email protected]>
Signed-off-by: Praveen M <[email protected]>
This is similar to rook#14052 we did for radosnamespace and this is an extension to support cleanup at the blockpool level to cleanup the images and the snapshots in a pool. Signed-off-by: Madhu Rajanna <[email protected]>
Two new keys are added to ObjectBucketClaim.spec.additionalConfig to support the configuration of bucket scope quota(s). This differs from the existing maxObjects & maxSize keys, which manage a user scope quota(s) on the automatically generated rgw user. Signed-off-by: Joshua Hoblitt <[email protected]>
Signed-off-by: Joshua Hoblitt <[email protected]>
Finish the process of deprecating holder pods by removing Rook's ability to deploy them. The intent of this change is to make the most superficial changes possible to accomplish this. There are still remnants of code in Rook (particularly the CSI controller) that helped configure or deploy holder pods. Due to the risk of breaking some features, cleanup work of hose remnants will be deferred for future work. Signed-off-by: Blaine Gardner <[email protected]>
object: add bucketMaxObjects & bucketMaxSize to obc
Syncing latest changes from upstream master for rook
The /run/udev directory is now mounted in the OSD init container. This change is necessary because `ceph-volume activate` needs access to /run/udev [1] in order to properly handle devices. Without this mount, `ceph-volume activate` could fail to discover devices during OSD initialization. [1] ceph/ceph@c2e8c29 Signed-off-by: Guillaume Abrioux <[email protected]>
core: Cleanup blockpool with annotation
multus: finish deprecating holder pods
kms: key rotation support for vault kms
osd: mount /run/udev in the init container for ceph-volume activate
introduce Default flag to CRD Signed-off-by: Artem Torubarov <[email protected]>
`encryption-pvc-kms-ibm-kp` workflow replaces the name of ceph-image. Since the dest value is always empty by mistake, this workflow always fails. Signed-off-by: Satoru Takeuchi <[email protected]>
The mon canaries may be created even when the mon daemons are not created thereafter during the integration tests. Therefore, the integration tests need to also query a label specific to the mon daemon so the canaries are not a distraction to the test. Signed-off-by: Travis Nielsen <[email protected]>
test: Wait for mon daemons rather than mon canaries
rgw: support custom name for default pool placement
When generating the HTTP client used for RGW admin ops, use both system certs as well as the user-given cert. As a real world example, admins may use ACME to rotate Letsencrypt certs every 2 months. For an external CephObjectStore, the cert used by Rook and RGW may not be rotated at the same time. This can cause the Rook operator to fail CephObjectStore reconciliation until both certs agree. When Rook also relies on system certs in the container, Rook's reconciliation will not have reconciliation failures because Letsencrypt's well-known and trusted root certificates can be loaded from the system to validate the RGW's newly-rotated cert. Signed-off-by: Blaine Gardner <[email protected]>
…-tls object: also use system certs for validating RGW cert
…-master Signed-off-by: Ceph Jenkins <[email protected]>
add generated csv changes Signed-off-by: Ceph Jenkins <[email protected]>
Syncing latest changes from upstream master for rook
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@eef6144...11bd719) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@f677139...0b93645) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@f779452...6624720) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.2 to 5.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@0a12ed9...41dfa10) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
The roadmap doc is now updated for v1.16 with potential features and fixes we hope to include. Signed-off-by: Travis Nielsen <[email protected]>
osd: Allow scheduling on unschedulable nodes
core: Set resources on the detect version job
mds: Wait for mds standby upgrade for same fs
The devel images have been fairly stable for Rook to test against, but on occasion there are regressions from Ceph development that affect the Rook CI. For stability during Rook development, use the latest stable version of ceph for PRs, master, and release tests. The daily CI will still use the devel images from Ceph. Signed-off-by: Travis Nielsen <[email protected]>
ci: Default to the latest stable squid instead of devel
subhamkrai
approved these changes
Nov 5, 2024
enable monitoring for rados namespace Signed-off-by: parth-gr <[email protected]>
Signed-off-by: Artem Torubarov <[email protected]>
Resolves CIS benchmark 5.2.8 rule by adding capabilities with explicitly defined empty "add" list (where it needed) and with NET_RAW capability in "drop" list. 5.2.8 Minimize the admission of containers with added capabilities Containers must drop the `NET_RAW` capability and are not permitted to add back any capabilities. Signed-off-by: Peter Razumovsky <[email protected]>
This PR fixes an issue where disabling enableRBDStats in CephBlockPool did not remove the pool from rbd_stats_pools, leading to unnecessary monitoring. The update ensures that when enableRBDStats is set to false, the pool is properly removed from rbd_stats_pools, optimizing resource tracking. Signed-off-by: Oded Viner <[email protected]>
rbd: enable periodic monitoring for rados namespace mirroring
rgw: keep default-placement in zone config
rbd: CephBlockPool enableRBDStats not clearing rbd_stats_pools
core: add capabilities to securityContext to fix CIS 5.2.8
csiaddons required new RBAC in the next release to create/update the csiaddonsnode object based on the owner deployment/daemonset names of the pods its running with. Signed-off-by: Madhu Rajanna <[email protected]>
multus: remove csi holder pods key
csi: add new RBAC required for csiaddons
|
/approve |
Signed-off-by: Nikhil-Ladha <[email protected]>
add generated csv, crds changes Signed-off-by: Nikhil-Ladha <[email protected]>
Manual sync of upstream to downstream master
subhamkrai
approved these changes
Nov 11, 2024
subhamkrai
added
the
approved
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: df-build-team, Madhu-1, subhamkrai The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR containing the latest commits from master branch