SUSE-CU-2022:2682-1: Recommended update of ses/7.1/cephcsi/cephcsi

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Oct 26 07:19:45 UTC 2022 

SUSE Container Update Advisory: ses/7.1/cephcsi/cephcsi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2682-1
Container Tags        : ses/7.1/cephcsi/cephcsi:3.7.0 , ses/7.1/cephcsi/cephcsi:3.7.0.0.3.2.425 , ses/7.1/cephcsi/cephcsi:latest , ses/7.1/cephcsi/cephcsi:sle15.3.pacific , ses/7.1/cephcsi/cephcsi:v3.7.0 , ses/7.1/cephcsi/cephcsi:v3.7.0.0
Container Release     : 3.2.425
Severity              : important
Type                  : recommended
References            : 1203599 1204072 
-----------------------------------------------------------------

The container ses/7.1/cephcsi/cephcsi was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3720-1
Released:    Tue Oct 25 10:56:12 2022
Summary:     Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm
Type:        recommended
Severity:    important
References:  1203599,1204072
This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm fixes the following issues:

- Regular upgarde bsc#1204072
- Due to bsc#1203599 we need to build with go1.18

- Update to v1.10.1
  Rook v1.10.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
  * nfs: Add support for NFS snapshots, restore clone & resize
  * docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25
  * operator: Improve ProbeHandler error message 
  * helm: Set OBC storageclass name to correct namespace. If the operator is in a different namespace from the cluster, will require deleting the OBC storage class before upgrade. 
  * manifest: Fix unexpected end of stream 
  * rbd-mirror: Move volume replication sidecar to CSI-Addons 
  * csi: Trigger CSI driver reconcile for every update to the configmap rook-ceph-operator-config
  * csi: Use cephcsi image for nfs nodeserver + holder design 
  * osd: Small refactor for maintainability 
  * csi: Change the default fsgroup policy for CSI driver object to File 
  * csi: Fix holder pod creation in openshift multus cluster 
  * docs: Sharing a CephFS PVC across namespaces 
  * docs: Add example for configuring pg_num and pgp_num 
  * osd: Disallow to create OSDs on an LV with metadata device 
  * docs: Add missed sssdConfigFile params for NFS CRD 
- Upgrade to v1.10
  To upgrade from previous versions of Rook, see the Ceph upgrade guide.
  - Breaking Changes
    - Remove support for Ceph Octopus (v15).
      Before upgrading to v1.10 please confirm you are running on at least v16.
    - Minimum K8s version supported is v1.19.
  - Features
    - The Ceph-CSI driver v3.7 is the default driver configured with Rook.
      See all the new CSI features in the v3.7 release notes.
    - Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW.
    - Added customEndpoints setting to specify a list of custom endpoint
      list for Object Multi-site connections in the CephObjectZone CR.
    - Support OSDs on logical volumes in host-based clusters in addition to raw volumes and partitions.
    - The toolbox pod now uses the Ceph image directly instead of the Rook image.
      This allows the same version of Ceph to be available in the toolbox as in your cluster.
  - Krew Plugin v0.2
    See the new tools in the Rook Krew Plugin released recently in v0.2 as well:
    - Show the health of the Rook cluster: kubectl rook-ceph health
    - Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug rook-ceph-osd-0

- Update to 3.7.0
  Features:
  * KMIP integration for RBD PVC encryption
     * The Key Management Interoperability Protocol (KMIP)
      is an extensible communication protocol
      that defines message formats for the manipulation
      of cryptographic keys on a key management server.
      Ceph-CSI can now be configured to connect to
      various KMS using KMIP for encrypting RBD volumes.
  * NFS
    * Added support for volume expansion, snapshot, restore and clone.
    * Added NFS nodeserver within CephCSI with support for pod networking with nsenter.
  * Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes
    * For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details
    * For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details
  * Shallow Read Only support for Ceph CSI driver:
    * cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data
  which enables users
      to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more
      selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup.
  Enhancements:
    * All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions.
      Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version.
    * snapshot API support has been lifted to GA version in this release.
    * From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations.
    * New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments.
  Bug Fixes:
    * While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ).
    * Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the
      supported feature attributes and use them in case if supported_features file is missing (See #2678)
    * Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176)
    * RBACs are restricted to a great extend in this release version compared to previous.
      The CSI driver operate on least required RBAC in a cluster from now on.


The following package changes have been done:

- ceph-csi-3.7.0+git0.34fd27bbd-150300.3.3.1 updated

More information about the sle-updates mailing list