We are excited to announce another feature packed release of Ceph CSI , v3.7.0. This is another great step towards making it possible to use enhanced features of Container Storage Interface ( CSI) with Ceph Cluster in the backend. With this release, we are introducing many brand new features and enhancements to Ceph CSI driver. Also this release enabled a smooth integration to various projects. Here are the changelog / release highlights..
Changelog and Highlights:
Features
- KMIP integration for RBD PVC encryption
- The Key Management Interoperability Protocol (KMIP)
is an extensible communication protocol
that defines message formats for the manipulation
of cryptographic keys on a key management server.
Ceph-CSI can now be configured to connect to
various KMS using KMIP for encrypting RBD volumes.
- The Key Management Interoperability Protocol (KMIP)
- NFS
- Added support for volume expansion, snapshot, restore and clone.
- Added NFS nodeserver within CephCSI with support for pod networking with nsenter.
- Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes
- For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details
- For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details
- Shallow Read Only support for Ceph CSI driver:
- cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data (https://github.com/ceph/ceph-csi/blob/devel/docs/design/proposals/cephfs-snapshot-shallow-ro-vol.md ) which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup.
Enhancements
- All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version.
- snapshot API support has been lifted to GA version in this release.
- From this release onwards, the CSI driver make use of
File
fsgroup policy for its fsgroup based operations. - New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments.
Bug Fixes
- While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ).
- Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678)
- Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176)
- RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on.
E2E
- many tests are added for making sure we stay with backward compatibility for existing features of v3.6.
- new tests are added for features introduced in this release
- lots of cleanup and deprecated API removals done on the test framework
- Dropped support for kubernetes v<=1.22 tests in the framework
Deprecation
- Volumereplication service running on controller server is deprecated and replaced by CSI-Addons, see #3314 for more details
- cephfs provisioner will not make use of attacher sidecar from this release onwards. See #3149 for more details
Breaking Changes
- NFS daemonset is renamed from
csi-nfs-node
tocsi-nfsplugin
, refer to upgrade steps for more details.
NOTE
Helm upgrade may fail with message:
UPGRADE FAILED: cannot patch "rbd.csi.ceph.com" with kind CSIDriver: CSIDriver.storage.k8s.io "rbd.csi.ceph.com" is invalid: spec.fsGroupPolicy: Invalid value: "File": field is immutable"
FAILED! => {"changed": false, "command": "/usr/sbin/helm --version=v3.7.0 upgrade -i --reset-values --create-namespace -f=/tmp/tmp2sr2me9a.yml ceph-csi ceph-csi/ceph-csi-rbd", "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable\n", "stderr": "Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable\n", "stderr_lines": ["Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable"], "stdout": "", "stdout_lines": []}
If so, delete the csidriver object
kubectl delete csidriver rbd.csi.ceph.com
Then do helm upgrade
Release Image : docker pull quay.io/cephcsi/cephcsi:v3.7.0
New Contributors ( Thanks !! 👍 )
- @losil made their first contribution in #2993
- @Cytrian made their first contribution in #3091
- @naveensrinivasan made their first contribution in #3127
- @irq0 made their first contribution in #2912
- @iceman91176 made their first contribution in #3177
- @BenoitKnecht made their first contribution in #3232
- @takmatsu made their first contribution in #3233
- @anthonyeleven made their first contribution in #3274
- @palvarez89 made their first contribution in #3273
Full Changelog: v3.6.2...v3.7.0
Thanks to awesome Ceph CSI community for this great release 👍 🎉