We are excited to announce another feature packed release of Ceph CSI , v3.5.0. This is another great step towards making it possible to use enhanced features of Container Storage Interface ( CSI) with Ceph Cluster in the backend. With this release, we are introducing many brand new features and enhancements to Ceph CSI driver. Also this release enabled a smooth integration to various projects. Here are the changelog / release highlights..
Ceph CSI 3.5.0 Release Changelog/Highlights
New features
IBM HPCS/Key Protect KMS Support
Ceph CSI added support for IBM HPCS/Key protect KMS services. This enables admins to enable PV encryption by making use of IBM key protect services in a kubernetes or openshift cluster. ( #2723)
Network Fencing
Ceph CSI now supports Network Fencing; which allows admins to blocklist any malicious clients. (#2738)
Kubernetes in-tree RBD volume migration
Ceph CSI support in-tree kubernetes volume migration to CSI driver ( kubernetes.io/rbd to rbd.ceph.csi.com
) which is available with kube 1.23 release. All requests to the kubernetes in-tree provisioner will be redirected to the Ceph CSI RBD driver for its operations. Refer here for more details.
Support for Reclaimspace operation
The Ceph CSI driver has added support for csi addon's nodeReclaimSpace
and controllerReclaimSpace
operation while csi addons sidecar request these services from the CSI driver. (#2724 )
Ephemeral Volume
Ephermeral Volume Support have been validated with this release, With ephemeral volume support a user can specify ephemeral volumes in its pod spec and tie the lifecycle of the PVC with the POD.
RWOP PVC access mode
By advertising proper capabilities introduced in latest CSI spec 1.5, the Ceph CSI driver have been validated against RWOP PVC access mode which is introduced recently in kubernetes release.
Enhancements
Go-Ceph
Ceph CSI now uses go-ceph API for adding task to flatten image and remove image from trash instead of cmdline. This is expected to improve performance.
RBD krbd mounter
This release added RBD feature support for object-map, fast-diff
..etc with krbd mounter.
RBD nbd mounter
rbd-nbd can now support expansion of volumes, encrypted volumes and journal based mirroring. rbd-nbd log strategies can be tuned to, preserve, compress, remove
on detach, read more about it here. nbd mounter utilize rbd-nbd cookie support at ceph-csi, to avoid any misconfiguration issues on nodeplugin restart, this adds to more reliable functionality of volume healer.
StorageClass Enhancements
The fixed security context can be enabled for PVs by mount options in the SC. This make it possible to specify selinux-related mount options like context.
Ceph CSI now provides a way to supply multiple mounters mapOption
from storageclass, like mapOption: "kbrd:v1,v2,v3;nbd:v1,v2,v3"
Expansion of Volumes
The user can create the bigger PVC from an existing PVC and restore a snapshot to a bigger size PVC
Rebase
Along with many other dependency update of go packages which Ceph CSI uses, Ceph CSI have been rebased to make use of latest code release of kubernetes (v1.23) and also to make use of latest available sidecars.
e2e
- rwop validation for cephfs and rbd volumes
- added tests for bigger size rbd and cephfs Volumes
- ephemeral validation have been enabled for rbd and cephfs in the e2e
- test is added to validate encrypted image mount inside the nodeplugin
- validation added for thick encrypted PVC restore
- added tests to validate PVC restore from vaultKMS to vaulttenantSAKMS
- intree migration tests are part of the e2e
- ceph.conf deployment model has been accommodated in the tests
- test cases added for pvc-pvcclone chain with depth 2
- added tests for volume expansion, encrypted volumes with rbd-nbd mounter
- covered tests for different accessModes and volumeModes with rbd-nbd mounter
- added cases for snapshot restore chain with depth 2
...etc.
Documentation
- design doc added for, CephFS snapshots as shallow RO volumes, in-tree migration, hpcs/key protect integration, clusterid poolid mapping,..etc
- updated support matrix for deprecated ceph csi releases
- updated development guide for new rules
- updated rbd-nbd documentation with volume expansion, encryption volume support, various rbd-nbd log strategies..etc
- support matrix update to readme
....etc
Breaking Changes
None
Release Image : docker pull quay.io/cephcsi/cephcsi:v3.5.0
Thanks to awesome Ceph CSI community for this great release 👍 🎉