SUSE-RU-2022:3720-1: important: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Oct 25 13:26:31 UTC 2022 

   SUSE Recommended Update: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm
______________________________________________________________________________

Announcement ID:    SUSE-RU-2022:3720-1
Rating:             important
References:         #1203599 #1204072 
Affected Products:
                    SUSE Enterprise Storage 7.1
______________________________________________________________________________

   An update that has two recommended fixes can now be
   installed.

Description:

   This update for ceph-csi, csi-external-attacher, csi-external-provisioner,
   csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar,
   rook, rook-helm fixes the following issues:

   - Regular upgarde bsc#1204072
   - Due to bsc#1203599 we need to build with go1.18

   - Update to v1.10.1 Rook v1.10.1 is a patch release limited in scope and
     focusing on feature additions and bug fixes to the Ceph operator.
     * nfs: Add support for NFS snapshots, restore clone & resize
     * docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25
     * operator: Improve ProbeHandler error message
     * helm: Set OBC storageclass name to correct namespace. If the operator
       is in a different namespace from the cluster, will require deleting
       the OBC storage class before upgrade.
     * manifest: Fix unexpected end of stream
     * rbd-mirror: Move volume replication sidecar to CSI-Addons
     * csi: Trigger CSI driver reconcile for every update to the configmap
       rook-ceph-operator-config
     * csi: Use cephcsi image for nfs nodeserver + holder design
     * osd: Small refactor for maintainability
     * csi: Change the default fsgroup policy for CSI driver object to File
     * csi: Fix holder pod creation in openshift multus cluster
     * docs: Sharing a CephFS PVC across namespaces
     * docs: Add example for configuring pg_num and pgp_num
     * osd: Disallow to create OSDs on an LV with metadata device
     * docs: Add missed sssdConfigFile params for NFS CRD
   - Upgrade to v1.10 To upgrade from previous versions of Rook, see the Ceph
     upgrade guide.
     - Breaking Changes
       - Remove support for Ceph Octopus (v15). Before upgrading to v1.10
         please confirm you are running on at least v16.
       - Minimum K8s version supported is v1.19.
     - Features
       - The Ceph-CSI driver v3.7 is the default driver configured with Rook.
         See all the new CSI features in the v3.7 release notes.
       - Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW.
       - Added customEndpoints setting to specify a list of custom endpoint
         list for Object Multi-site connections in the CephObjectZone CR.
       - Support OSDs on logical volumes in host-based clusters in addition
         to raw volumes and partitions.
       - The toolbox pod now uses the Ceph image directly instead of the Rook
         image. This allows the same version of Ceph to be available in the
         toolbox as in your cluster.
     - Krew Plugin v0.2 See the new tools in the Rook Krew Plugin released
       recently in v0.2 as well:
       - Show the health of the Rook cluster: kubectl rook-ceph health
       - Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug
         rook-ceph-osd-0

   - Update to 3.7.0 Features:
     * KMIP integration for RBD PVC encryption
        * The Key Management Interoperability Protocol (KMIP) is an
   extensible communication protocol that defines message formats for the
   manipulation
         of cryptographic keys on a key management server. Ceph-CSI can now
   be configured to connect to various KMS using KMIP for encrypting RBD
   volumes.
     * NFS
       * Added support for volume expansion, snapshot, restore and clone.
       * Added NFS nodeserver within CephCSI with support for pod networking
         with nsenter.
     * Support enabling PV and snapshot metadata on the RBD images and CephFS
       subvolumes
       * For persistent volumes, clones and volume restores we support adding
         PVName/PVCName/PVCNamespace and ClusterName details
       * For snapshot volumes we support adding
         snapshot-name/snapshot-namespace/snapshotcontent-name and
         ClusterName details
     * Shallow Read Only support for Ceph CSI driver:
       * cephfs-csi expose CephFS snapshots as shallow, read-only volumes,
         without needing to clone the underlying snapshot data which enables
         users to Restore snapshots selectively - users may want to traverse
         snapshots, restoring data to a writable volume more selectively
         instead of restoring the whole snapshot and this feature also help
         to perform more efficient Volume backup. Enhancements:
       * All kubernetes sidecars ( external provisioner,snapshotter,
         resizer..etc) are rebased to latest available versions. Along with
         other dependency module updates this release consume go-ceph v0.17.0
         and kubernetes 1.24.4 version.
       * snapshot API support has been lifted to GA version in this release.
       * From this release onwards, the CSI driver make use of File fsgroup
         policy for its fsgroup based operations.
       * New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the
         sidecar deployments. Bug Fixes:
       * While mounting the volume, CSI drivers no longer open world wide
         permission on mount path ( See ).
       * Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is
         part of Linux kernel v4.11.0, prepare the supported feature
         attributes and use them in case if supported_features file is
         missing (See #2678)
       * Fix volume healer for StagingTargetPath issue for Kubernetes 1.24
         (See #3176)
       * RBACs are restricted to a great extend in this release version
         compared to previous. The CSI driver operate on least required RBAC
         in a cluster from now on.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Enterprise Storage 7.1:

      zypper in -t patch SUSE-Storage-7.1-2022-3720=1



Package List:

   - SUSE Enterprise Storage 7.1 (noarch):

      rook-ceph-helm-charts-1.10.1+git16.a83ed27c4-150300.3.6.1
      rook-k8s-yaml-1.10.1+git16.a83ed27c4-150300.3.6.1


References:

   https://bugzilla.suse.com/1203599
   https://bugzilla.suse.com/1204072

More information about the sle-updates mailing list