SUSE-RU-2022:3720-1: important: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Tue Oct 25 13:26:31 UTC 2022
SUSE Recommended Update: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm
______________________________________________________________________________
Announcement ID: SUSE-RU-2022:3720-1
Rating: important
References: #1203599 #1204072
Affected Products:
SUSE Enterprise Storage 7.1
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for ceph-csi, csi-external-attacher, csi-external-provisioner,
csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar,
rook, rook-helm fixes the following issues:
- Regular upgarde bsc#1204072
- Due to bsc#1203599 we need to build with go1.18
- Update to v1.10.1 Rook v1.10.1 is a patch release limited in scope and
focusing on feature additions and bug fixes to the Ceph operator.
* nfs: Add support for NFS snapshots, restore clone & resize
* docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25
* operator: Improve ProbeHandler error message
* helm: Set OBC storageclass name to correct namespace. If the operator
is in a different namespace from the cluster, will require deleting
the OBC storage class before upgrade.
* manifest: Fix unexpected end of stream
* rbd-mirror: Move volume replication sidecar to CSI-Addons
* csi: Trigger CSI driver reconcile for every update to the configmap
rook-ceph-operator-config
* csi: Use cephcsi image for nfs nodeserver + holder design
* osd: Small refactor for maintainability
* csi: Change the default fsgroup policy for CSI driver object to File
* csi: Fix holder pod creation in openshift multus cluster
* docs: Sharing a CephFS PVC across namespaces
* docs: Add example for configuring pg_num and pgp_num
* osd: Disallow to create OSDs on an LV with metadata device
* docs: Add missed sssdConfigFile params for NFS CRD
- Upgrade to v1.10 To upgrade from previous versions of Rook, see the Ceph
upgrade guide.
- Breaking Changes
- Remove support for Ceph Octopus (v15). Before upgrading to v1.10
please confirm you are running on at least v16.
- Minimum K8s version supported is v1.19.
- Features
- The Ceph-CSI driver v3.7 is the default driver configured with Rook.
See all the new CSI features in the v3.7 release notes.
- Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW.
- Added customEndpoints setting to specify a list of custom endpoint
list for Object Multi-site connections in the CephObjectZone CR.
- Support OSDs on logical volumes in host-based clusters in addition
to raw volumes and partitions.
- The toolbox pod now uses the Ceph image directly instead of the Rook
image. This allows the same version of Ceph to be available in the
toolbox as in your cluster.
- Krew Plugin v0.2 See the new tools in the Rook Krew Plugin released
recently in v0.2 as well:
- Show the health of the Rook cluster: kubectl rook-ceph health
- Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug
rook-ceph-osd-0
- Update to 3.7.0 Features:
* KMIP integration for RBD PVC encryption
* The Key Management Interoperability Protocol (KMIP) is an
extensible communication protocol that defines message formats for the
manipulation
of cryptographic keys on a key management server. Ceph-CSI can now
be configured to connect to various KMS using KMIP for encrypting RBD
volumes.
* NFS
* Added support for volume expansion, snapshot, restore and clone.
* Added NFS nodeserver within CephCSI with support for pod networking
with nsenter.
* Support enabling PV and snapshot metadata on the RBD images and CephFS
subvolumes
* For persistent volumes, clones and volume restores we support adding
PVName/PVCName/PVCNamespace and ClusterName details
* For snapshot volumes we support adding
snapshot-name/snapshot-namespace/snapshotcontent-name and
ClusterName details
* Shallow Read Only support for Ceph CSI driver:
* cephfs-csi expose CephFS snapshots as shallow, read-only volumes,
without needing to clone the underlying snapshot data which enables
users to Restore snapshots selectively - users may want to traverse
snapshots, restoring data to a writable volume more selectively
instead of restoring the whole snapshot and this feature also help
to perform more efficient Volume backup. Enhancements:
* All kubernetes sidecars ( external provisioner,snapshotter,
resizer..etc) are rebased to latest available versions. Along with
other dependency module updates this release consume go-ceph v0.17.0
and kubernetes 1.24.4 version.
* snapshot API support has been lifted to GA version in this release.
* From this release onwards, the CSI driver make use of File fsgroup
policy for its fsgroup based operations.
* New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the
sidecar deployments. Bug Fixes:
* While mounting the volume, CSI drivers no longer open world wide
permission on mount path ( See ).
* Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is
part of Linux kernel v4.11.0, prepare the supported feature
attributes and use them in case if supported_features file is
missing (See #2678)
* Fix volume healer for StagingTargetPath issue for Kubernetes 1.24
(See #3176)
* RBACs are restricted to a great extend in this release version
compared to previous. The CSI driver operate on least required RBAC
in a cluster from now on.
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Enterprise Storage 7.1:
zypper in -t patch SUSE-Storage-7.1-2022-3720=1
Package List:
- SUSE Enterprise Storage 7.1 (noarch):
rook-ceph-helm-charts-1.10.1+git16.a83ed27c4-150300.3.6.1
rook-k8s-yaml-1.10.1+git16.a83ed27c4-150300.3.6.1
References:
https://bugzilla.suse.com/1203599
https://bugzilla.suse.com/1204072
More information about the sle-updates
mailing list