SUSE-RU-2023:3720-1: moderate: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu Sep 21 08:30:09 UTC 2023
# Recommended update for ceph-csi, csi-external-attacher, csi-external-
provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-
registrar, rook
Announcement ID: SUSE-RU-2023:3720-1
Rating: moderate
References:
* #1204072
* #1209279
Affected Products:
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Server 15 SP3
An update that has two fixes can now be installed.
## Description:
This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-
external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook
fixes the following issues:
* Update to v4.1.0
* Updated Kubernetes dependencies to 1.26.0 (#395, @sunnylovestiramisu)
* Update version to 3.4.0
Feature
* Add support for cross-namespace data sources alpha feature (#805,
[@ttakahashi21]
* Register metrics exposed by sig-storage-lib (#792, @RaunakShah)
* Update the annotation that needs to be applies to VolumeSnapshotContents
from snapshot.storage.kubernetes.io/allowVolumeModeChange to
snapshot.storage.kubernetes.io/allow-volume-mode-change (#791, @RaunakShah)
Bug or Regression
* Fix string pointer comparison for source volume mode conversion (#793,
@RaunakShah)
* Fix nil pointer crash for PV without ClaimRef (#796, @zezaeoh)
Uncategorized
* Update go to 1.19 and dependencies for k8s v1.26.0 (#834,
@sunnylovestiramisu)
* Update to version 1.7.0
* Fix panic in recovery path if marking pvc as resize in progress fails (#246,
@gnufied)
* Update to version 6.2.1
Feature
* Add --retry-crd-interval-max flag to the snapshot-controller in order to
allow customization of CRD detection on startup. (#777, @mattcary)
Uncategorized
* Change webhook example to be compatible with TLS-type secrets. (#793,
@haslersn)
* Fixes an issue introduced by PR 793 by respecting the format of TLS-type
secrets in the script. (#796, @haslersn)
* Update go to v1.19 and kubernetes dependencies to 1.26.0. (#797,
@sunnylovestiramisu)
* Update to version 2.7.0
* Revert of #214, node-driver-registrar will create the path specified by
--kubelet-registration-path (#247, @mauriciopoppe)
* Regular upgrade bsc#1204072
* Update to 1.11.9
Rook v1.11.9 is a patch release limited in scope and focusing on feature
additions and bug fixes to the Ceph operator.
* multus: Fix "deletecollection" permission not present (#12437,
@sudharsanomprakash)
* dashboard: Remove deprecated kubernetes.io/ingress.class annotation (#12418,
@Jeansen)
* external: Make import script idempotent (#12417, @parth-gr)
* exporter: Ignore failed deletion of service monitor (#12430, @travisn)
* multus: Add config file for validation tool (#12396, @BlaineEXE)
* object: Clarify success message when reconciling CephObjectStoreUser
(#12406, @polyedre)
* docs: Update storage architecture diagram (#12252, @galexrt)
* operator: Add ceph image version label to PVC (#12372, @YZ775)
* object : Add SSL ref in cephobjectstore user secret (#12341, @thotz)
* Update to 1.11.8
Rook v1.11.8 is a patch release limited in scope and focusing on feature
additions and bug fixes to the Ceph operator.
* helm: add EC Block Pool config in helm chart (#12324, @Javlopez)
* pool: Add .mgr pool to the stretch cluster examples (#12360, @travisn)
* nfs: Add Spec.Security.Kerberos.DomainName to the CRD to configure
/etc/idmapd.conf (#12220, @spuiuk)
* mgr: Removing unnecessary rook-ceph-mgr rbac entries (#12337, @rkachach)
* core: typo in logs to print fullname of CephCluster (#12217, @takirala)
* core: empty ceph-daemons-sock-dir for osd onPVC (#12299, @avanthakkar)
* docs: prevent to delete other clusters data on cluster deletion (#12334,
@satoru-takeuchi)
* docs: improve external doc format (#12383, @parth-gr)
* docs: Suggest qemu driver for minikube on apple silicon (#11722, @BlaineEXE)
* Update to 1.11.7
Rook v1.11.7 is a patch release limited in scope and focusing on feature
additions and bug fixes to the Ceph operator.
* core: Delete exporter resources if ceph version is not supported (#12271,
@avanthakkar)
* external: FQDN should be persisted instead of using the ip endpoint (#12264,
@parth-gr)
* object: Implement more capabilities for object store users (#12256, @thotz)
* test: Add CI e2e test for multus validation test (#12282, @BlaineEXE)
* core: Use default-* logging flags for ceph daemons so they can be overridden
(#12302, @Javlopez)
* helm: Add exporter resource entry to ceph cluster documentation (#12251,
@galexrt)
* mgr: Allow other namespaces in the ServiceMonitor resource (#12293,
@kerryeon)
* object: Add missing cephcluster spec addition in object controller (#12273,
@thotz)
* monitoring: Service monitor should not use mgr_role label (#12268, @travisn)
* test: Allow specifying custom nginx image for multus validation (#12231,
@iPraveenParihar)
* operator: Pull multus validation test images before test (#12211,
@BlaineEXE)
* rbdmirror: Ensure rbd mirror daemon is upgraded (#12247, @travisn)
* Update to 1.11.6
Rook v1.11.6 is a patch release limited in scope and focusing on feature
additions and bug fixes to the Ceph operator.
* osd: Support expanding lvm osd on pvc (#12164, @satoru-takeuchi)
* monitoring: Skip creating the service monitor for the exporter if monitoring
is not enabled (#12216, @travisn)
* docs: Generate documentation for CRDs (#12110 #12179, @Javlopez)
* core: Add termination grace period for exporter pods (#12215, @avanthakkar)
* csi: servicemonitor for rook-ceph csi drivers (#12170, @jouve)
* monitoring: Configurable option to disable prometheus metrics (#12193,
@travisn)
* mgr: Default to active mgr label if only one mgr is running (#12137,
@travisn)
* osd: Allow scanning devices with filter (#11976, @Javlopez)
* core: Disable controller runtime metrics server (#12194, @Madhu-1)
* mgr: Use mgr_role dynamic label to tag the active ceph manager (#11845,
@rkachach)
* operator: use KUBECONFIG context for cli if present (#12192, @BlaineEXE)
* external: fix rgw multisite config check (#12182 #12238, @parth-gr)
* operator: validate multus validation networks in cli (#12187, @BlaineEXE)
* operator: Fix package logger name for rookcli (#12186, @BlaineEXE)
* ceph: Unset the encryption configuration before updating the setting
(#12181, @Madhu-1)
* Update to 1.11.5
Rook v1.11.5 is a patch release limited in scope and focusing on feature
additions and bug fixes to the Ceph operator.
* mgr: Retry creating ceph dashboard credentials (#12149, @parth-gr)
* nfs: Reduce size CephNFS CRD from unnecessary file volume sources (#12155,
@BlaineEXE)
* core: Update k8s API references to more recent version (#12161, @subhamkrai)
* test: Add multus validation test routine to rook binary (#12069, @BlaineEXE)
* external: check that the pool and cluster name is provided (#12132, @parth-
gr)
* core: Skip OBC controllers if not needed based (#12075, @sp98)
* Add an ingress for Ceph object stores (#12109, @jouve)
* core: Disable the exporter service (#12118, @avanthakkar)
* nfs: Fixes for mounting CephNFS using Kerberos auth (#12086, @spuiuk)
* Update to 1.11.4
Rook v1.11.4 is a patch release limited in scope and focusing on feature
additions and bug fixes to the Ceph operator.
* core: Update default image to Ceph v17.2.6 (#12068, @travisn)
* core: Disable the Ceph exporter daemon (#12077, @avanthakkar)
* helm: Add option to scale down rook operator (#12048, @TomHellier)
* helm: Drop snapshot.storage.k8s.io/v1beta1 (#12051, @sathieu)
* external: Add support for RGW multisite in external cluster script (#12037,
@parth-gr)
* external: Do not require the monitoring endpoint (#12061, @neoaggelos)
* external: Allow creating pools with special characters in name (#12056,
@parth-gr)
* external: Do not enforce rbd, cephfs and rgw flags for the external cluster
(#12028, @parth-gr)
* core: Use cluster ID for ns lookup on exported multi-cluster service
(#12064, @sp98)
* docs: Add scenario for deleted namespace to the disaster recovery guide
(#11895, @gaord)
* mgr: Failed to update the port of dashboard (#11932, @zhucan)
* Update to 1.11.3
Rook v1.11.3 is a patch release limited in scope and focusing on feature
additions and bug fixes to the Ceph operator.
* csi: Make AttachRequired as configurable for RWX volumes (#11899, @Madhu-1)
* nfs: Add support for nfs-ganesha metrics monitoring (#12007, @synarete)
* mgr: Add option to disable the prometheus mgr module (#11980,
@thenamehasbeentake)
* object: Check OBC provisioner for bucket notification (#11975, @thotz)
* external: Make rgw call separate from cephfs and rbd in export script
(#11947, @parth-gr)
* core: Update vault pkg to 1.13.1 (#12013, @subhamkrai)
* core: Fix config format for msgr2 ipv6 monitors (#11993, @heliochronix)
* osd: Handle global or node-local device class configuration correctly
(#11966, @satoru-takeuchi)
* csi: IPv6 compatibility for requiring msgr2 (#11992, @travisn)
* mon: Remove condition to use 6790 mon port (#11963, @sp98)
* Update to 1.11.2
Rook v1.11.2 is a patch release limited in scope and focusing on feature
additions and bug fixes to the Ceph operator.
* osd: Implemented encryption key rotation (#11749, @Rakshith-R)
* core: Remove unnecessary ceph-conf-dir volume mount from exporter (#11950,
@avanthakkar)
* core: Set key rotation default in code instead of in CRDs (#11951, @travisn)
* external: Use f-strings for formatting (#11944, @Sheetalpamecha)
* core: Use msgr2 if compression is enabled (#11928, @uhthomas)
* ci: Skip building csv on arm64 (#11906, @subhamkrai)
* osd: Validate and remove duplicate topology labels (#11823, @parth-gr)
* rgw: RGW dashboard can be disabled in the object CR (#11908,
@thenamehasbeentake)
* external: Pool and metadata EC pools were reversed in scripts (#11919,
@dragon2611)
* rgw: Skip objectstore name length validation when cluster is external
(#11911, @parth-gr)
* nfs: Network mode can be set separately for cephcluster and nfs (#11777,
@taxilian)
* csi: Update port to 3300 if msgr2 is required (#11859, @travisn)
* core: Add FSID to the additionalPrinterColumns on cephcluster CRD (#11864,
@thenamehasbeentake)
* core: Add missing labels in exporter deployment (#11866, @avanthakkar)
* Update to 1.11.1
Rook v1.11.1 is a patch release limited in scope and focusing on feature
additions and bug fixes to the Ceph operator.
* ceph: Fix host networking by only adding OSD ports when required for multi-
cluster config (#11797, @sp98)
* core: Ceph exporter requires ceph config where OSDs are not running (#11848,
@avanthakkar)
* monitoring: Remove prometheus alerts that don't apply to rook (#11842,
@travisn)
* mgr: Revert readiness probe and go back to the original sidecar HA
implementation (#11829, @rkachach)
* manifest: Align whitespace in example cluster.yaml (#11804, @gauravsitlani)
* external: Add realm support for external cluster (#11584, @parth-gr)
* object: Make OBC genUserID unique across clusters (#11665, @BlaineEXE)
* file: Check if a filesystem exists before checking dependencies during
deletion (#11221, @zhucan)
* core: On crash pod ensure rook version label is not set (#11760, @gaord)
* Update to 1.11.0
Breaking Changes
* The minimum version of K8s version supported is v1.21.
* The minimum version of the Ceph-CSI driver is v3.7.
* Removed support for MachineDisruptionBudgets, including settings removed
from the CephCluster CR:
* manageMachineDisruptionBudgets
* machineDisruptionBudgetNamespace
* Versions of golang supported during development are v1.19 and v1.20.
Features
* Ceph-CSI v3.8 is now the version deployed by default with Rook. The driver
has a number of important updates to add more storage features available to
clients.
* Added setting requireMsgr2 on the CephCluster CR to allow clusters with a
kernel of 5.11 or newer to fully communicate with msgr2 and disable the
msgr1 port. This allows for more flexibility to enable msgr2 features such
as encryption and compression on the wire.
* Change pspEnable default value to false in helm charts, and remove
documentation for enabling PSP. If still using a version of K8s where PSPs
are required, see the v1.10 documentation.
* Object store bucket notifications and topics are now marked as stable
features.
* The Ceph exporter daemon is configured as the source of metrics based on
performance counters from Ceph daemons. The exporter daemon provides more
scalability of metrics collection to reduce load on the Ceph mgr.
* Read affinity for RBD volumes is now available, leveraging the krbd map
options to allow serving reads from an OSD in proximity to the client,
according to OSD locations defined in the CRUSH map and topology labels on
nodes.
* Mirroring data across clusters with overlapping networks is now supported.
Mon and OSD services will be configured with global IPs across multiple
clusters with overlapping CIDRs. The clusters must be configured using an
MCS API-compatible applications such as submariner globalnet. This feature
is supported for Ceph version v17.2.6 or later.
* The Ceph Mgr standby now is managed with a readiness probe instead of a
sidecar. Note that the standby mgr is expected to fail the readiness probe,
while the active mgr passes the readiness probe.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-3720=1
## Package List:
* SUSE Enterprise Storage 7.1 (noarch)
* rook-ceph-helm-charts-1.11.9+git0.483b15e2-150300.3.9.1
* rook-k8s-yaml-1.11.9+git0.483b15e2-150300.3.9.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1204072
* https://bugzilla.suse.com/show_bug.cgi?id=1209279
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20230921/b297018b/attachment.htm>
More information about the sle-updates
mailing list