v3.11.0

3.11.0 release notes

We are excited to announce another release of Ceph CSI, v3.11.0. This is another significant step towards using enhanced Container Storage Interface (CSI) features with Ceph Cluster in the backend. With this release, we are introducing many brand-new features and enhancements to the Ceph CSI driver. Here are the changelog/release highlights.

Changelog and Highlights:

Features

RBD

• kms: added Azure Key Vault as a supported KMS by @iPraveenParihar in #4455

CephFS

• cephfs: add support for encryption in ceph-csi-cephfs chart by @NymanRobin in #4504
• kms: added Azure Key Vault as a supported KMS by @iPraveenParihar in #4455

Enhancements

• rebase: all the dependencies have been updated to latest available release.
• rbd: log sitestatuses and description by @yati1998 in #4431
• rbd: make pool optional in rbd sc if topologyconstraints are present by @parth-gr in #4459
• rbd: free snapshot resources after allocation by @nixpanic in #4514
• added permission to get nodes for rbd by @nemcikjan in #4302
• cleanup: simplify rbdGetDeviceList() by @nixpanic in #4364
• cephfs: make fsName as optional for static PVC by @Madhu-1 in #4372
• cephfs: do not run modprobe if support is compiled into the kernel by @nixpanic in #4378
• kms: refactor functions to accept a context parameter by @iPraveenParihar in #4477
• util: Add helper functions for GroupController by @Madhu-1 in #4417
• util: log repication RequestID by @Madhu-1 in #4429
• deploy: use release repository for csi-resizer by @sebhoss in #4319
• deploy: added json field tags for csi config map by @iPraveenParihar in #4329
• helm: align seLinuxMount option w/ deploy folder by @sebhoss in #4346
• deploy: update csi sidecars to latest versions by @riya-singhal31 in #4352
• deploy: update CSI sidecars to latest versions available by @iPraveenParihar in #4420
• deploy: make the csi-*plugin containers the default for kubectl commands by @nixpanic in #4434
• cleanup: simplify rbdGetDeviceList() by @nixpanic in #4364
• cleanup: use real version for k8s.io/pod-security-admission instead of v0.0.0 by @nixpanic in #4483
• cleanup: don't return an internal type from VolumeGroupJournal.Connect() by @nixpanic in #4491
• cleanup: correct typo in NewCSIVolumeroupJournal() function by @nixpanic in #4495
• cleanup: do not pass EncodingVersion to GenerateVolID() by @nixpanic in #4498
• cleanup: use standard Golang "slices" instead of k8s package by @nixpanic in #4521
• api: add CSIProvisionerRBAC functions for the NFS-provisioner by @nixpanic in #4395
• build: use Go 1.21.5 by @nixpanic in #4332

Bug Fixes

• deploy: use release repository for csi-resizer by @sebhoss in #4319

E2E

• e2e: address regression in NFS deployment by @nixpanic in #4500

CI

• ci: update pr-commentor and mergify rules for v3.10 by @Rakshith-R in #4293
• ci: allow Mergify to merge PRs that modify the mergify configuration by @nixpanic in #4294
• ci: the release-v3.10 branch needs Kubernetes 1.28 jobs by @nixpanic in #4295
• ci: Change upgrade version by @karthik-us in #4301
• ci: update Mergify config for automatic merging of backports to 3.10 by @nixpanic in #4308
• ci: Update the upgrade_version by @karthik-us in #4338
• ci: update github actions for k8s-1.29 by @riya-singhal31 in #4354
• ci: update the upgrade_version by @karthik-us in #4424
• ci: update mergify rules for kubernetes 1.29 by @riya-singhal31 in #4355
• ci: update install-snapshot script to deploy newer version of snapshotter by @Madhu-1 in #4438
• ci: update the mergify rule to exclude k8s 1.25 by @yati1998 in #4452

Documentation

• doc: add Go API documentation index files for storage backends by @nixpanic in #4377
• doc: Update README.md with slack invite and channel links by @switchboardOp in #4405
• doc: Update capabilities readme to solve to open permissions in it by @dragoangel in #4469
• doc: csi driver object options by @iPraveenParihar in #4527
• doc : modify README and upgrade docs for v3.11.0 by @Rakshith-R in #4528

New Contributors

• @nemcikjan made their first contribution in #4302
• @sebhoss made their first contribution in #4319
• @maximus13th made their first contribution in #4363
• @switchboardOp made their first contribution in #4405
• @mgfritch made their first contribution in #4464
• @dragoangel made their first contribution in #4475
• @muxuelanKK made their first contribution in #4291
• @NymanRobin made their first contribution in #4504
• @parth-gr made their first contribution in #4459

Full Changelog: v3.10.2...v3.11.0

Thanks to the fantastic Ceph CSI community for this great release 👍 🎉

Ceph-CSI v3.10.2 Release

What's Changed

• helm: align seLinuxMount option w/ deploy folder (backport #4346) by @mergify in #4358
• cephfs: do not run modprobe if support is compiled into the kernel (backport #4378) by @mergify in #4381
• cephfs: make fsName as optional for static PVC (backport #4372) by @mergify in #4409

Full Changelog: v3.10.1...v3.10.2

Ceph-CSI v3.10.1 Release

What's Changed

• revert: revert to 3.10-canary by @Rakshith-R in #4296
• helm: add default false value for --enable-read-affinity (backport #4298) by @mergify in #4307
• added permission to get nodes for rbd (backport #4302) by @mergify in #4310
• cephfs: fix network fencing admin id (backport #4316) by @mergify in #4318
• deploy: use release repository for csi-resizer (backport #4319) by @mergify in #4320
• build: create /etc/selinux/config in case it is missing by @nixpanic in #4335
• cephFS: fix fetchIP to support more formats (backport #4321) by @mergify in #4333
• deploy: update templates to v3.10.1 by @riya-singhal31 in #4336

Full Changelog: v3.10.0...v3.10.1

Ceph-CSI v3.10.0 Release

3.10.0 release notes

We are excited to announce another feature-packed release of Ceph CSI, v3.10.0. This is another significant step towards using enhanced Container Storage Interface (CSI) features with Ceph Cluster in the backend. With this release, we are introducing many brand-new features and enhancements to the Ceph CSI driver. Here are the changelog/release highlights.

Changelog and Highlights:

Features

RBD

• deploy: support for read affinity options per cluster by @iPraveenParihar in #4165

CephFS

• cephfs: Add support to create RWX PVC from ROX PVC by @Madhu-1 in #4094
• cephfs: enable read affinity by @iPraveenParihar in #4153
• deploy: support for read affinity options per cluster by @iPraveenParihar in #4165
• cephfs: kernel and fuse mount options per cluster by @iPraveenParihar in #4245

NFS

• nfs: add support for clients in the StorageClass by @spuiuk in #3895

Breaking Changes

• Removed the deprecated grpc metrics flag's in #4225
• Support for pre-creation of cephFS subvolumegroup before creating subvolume
  is removed in #4195. Users will need to create the specified(or default csi) subvolumegroup before provisioning CephFS PVC on a new ceph. Refer to deploy-cephfs.md for more details.

Note:

• Support is limited to only the active Ceph releases. Support for EOLed Ceph
  releases are removed in #4262

Enhancements

• rbd: do not execute rbd sparsify when volume is in use by @Rakshith-R in #3985
• rbd: Don't depend on image state to issue resync by @Madhu-1 in #4076
• rebase: all the dependencies have been updated to latest available release.
• cephfs: handle cephfs clone limit error by @karthik-us in #4276
• cephfs: remove snapshot protect/unprotect by @iPraveenParihar in #4202
• cephfs: Update fetchIP() to add support for IPv6 address by @riya-singhal31 in #4230
• helm: add option to enable read affinity for rbd by @iPraveenParihar in #4111
• helm: Allow templating of RBD striping parameters by @KingJ in #4229
• helm: add annotations for ceph-csi-rbd secret by @mustdiechik in #4248
• util: Remove deprecated grpc metrics code by @Madhu-1 in #4225
• util: include request-IDs in all gRPC calls for the Controller by @nixpanic in #4263
• deploy: allow mkfsOptions by @Sea-you in #4233
• deploy: update CSI sidecars to latest versions available by @iPraveenParihar in #4132
• deploy: enable featuregate for volume expansion recovery by @iPraveenParihar in #4279
• deploy: API for CSI Config Struct by @iPraveenParihar in #4278

Bug Fixes

• cephfs: Fix cephfs PVC sizing by @karthik-us in #4180
• cephfs: prevent hanging NodeGetVmolumeStats on stat() syscall when an MDS is slow by @nixpanic in #4200
• cephfs: remove subvolume during clone by @Madhu-1 in #4223
• cephfs: set Pool parameter to empty for Snapshot-backed volumes by @Rakshith-R in #4047
• cephfs: safeguard localClusterState struct from race conditions by @Rakshith-R in #4163
• rbd: do not try to run resizefs on an encrypted BlockMode volume by @nixpanic in #3958
• rbd: discard not found error from GetMetadata by @Madhu-1 in #4097
• rbd: update snap RbdImageName by @iPraveenParihar in #4152
• rbd: update snap RbdImageName in createSnapshot by @iPraveenParihar in #4156

E2E

• e2e: add test for validation of fuseMountOptions and kernelMountOptions by @riya-singhal31 in #3970
• e2e: Fixing the TODO in createCephfsStorageClass by @karthik-us in #3995
• e2e: add timeout for pvc deletion in ephemeral e2e by @riya-singhal31 in #4058
• e2e: add option to enable read affinity for rbd by @iPraveenParihar in #4111
• e2e: add multiple labels to node by @Madhu-1 in #4224

CI

• ci: run tickgit after merging a PR in the devel branch by @nixpanic in #4241
• ci: skip ./api/vendor in codespell runs by @nixpanic in #4201
• ci: group golang.org/x/ under golang dependencies by @nixpanic in #4178
• ci: disable addons after cluster creation by @Madhu-1 in #4170
• ci: add CSI_UPGRADE_VERSION var to build.env by @Rakshith-R in #4008
• ci: use podman for simple GitHub workflows by @nixpanic in #4035
• mergify: add support for 3.9 backports by @Rakshith-R in #3936
• ci: run versioned k8s jobs only on selected branches by @nixpanic in #4061
• ci: exclude branches from the testing matrix for ok-to-test comments by @nixpanic in #4068
• ci: only add /test .. comment if the branch for the PR matches by @nixpanic in #4070
• ci: enable debug logs in kubelet by @Madhu-1 in #4074
• ci: use dependabot group feature by @Madhu-1 in #4087
• ci: add snyk for security scanning by @Madhu-1 in #4259
• ci: add snyk for container image by @Madhu-1 in #4261
• ci: add ci bot for auto assigning issue by @riya-singhal31 in #4275
• ci: update minikube to v1.32.0 by @nixpanic in #4284
• build: disable ceph-iscsi repository by @nixpanic in #3959
• build: disable ceph-iscsi repository for test-container builds too by @nixpanic in #3965
• build: make sure nfs-utils is installed by @nixpanic in #4243

Documentation

• doc: remove /retest all command for Jenkins jobs by @nixpanic in #3957
• doc: update documentation for v3.8.1 release by @Rakshith-R in #4006
• doc: adding empty storageClassName in static pvc by @subhamkrai in #4010
• doc: fix helm doc of ceph-csi deployment by @astraw99 in #4036
• doc: Update cephcsi.go by @runzhliu in #4096
• doc: adding empty storageClassName in static pvc by @Rakshith-R in #4110
• doc: add design doc for RBD QoS by @Madhu-1 in #4089
• doc: Remove unwanted steps/details from upgrade doc by @Madhu-1 in #4123
• doc: remove storageclass details for shallow volume by @Madhu-1 in #4124
• doc:add reference to CSI snapshot deployment guide by @iPraveenParihar in #4119
• doc: remove unwanted steps from upgrade by @Madhu-1 in #4133
• doc: Clarify default values for mountOptions and mkfsOptions in storageclass example by @MaGaroo in #4197
• doc: add pending release notes by @Madhu-1 in #4222
• doc: remove use of XXX in example descriptions by @nixpanic in #4228
• doc: update release notes for grpc metrics by @Madhu-1 in #4237
• doc: modify README and upgrade docs for release v3.10.0 by @Rakshith-R in #4286

New Contributors ( Thanks !! 👍 )

• @spuiuk made their first contribution in #3895
• @subhamkrai made their first contribution in #4010
• @astraw99 made their first contribution in #4036
• @runzhliu made their first contribution in #4096
• @crazytaxii made their first contribution in #4099
• @MaGaroo made their first contribution in #4197
• @mustdiechik made their first contribution in #4248

Full Changelog: v3.9.0...v3.10.0

Thanks to the fantastic Ceph CSI community for this great release 👍 🎉

Ceph-CSI v3.8.1 Release

Changelog and Highlights:

Bug Fixes

• Do not execute rbd sparsify when volume is in use #3985
• Fix invalid "invalid encryption kms configuration" error #3854
• Limit cryptsetup PBKDF memory usage #3781

CI

• Install Helm with script located on GitHub #3843
• Disable ceph-iscsi repository #3959
• Disable ceph-iscsi repository for test-container builds too #3965
• Fix codespell and shell check failures #3762
• Update github actions for k8s 1.27 #3745

Vendor Updates

• Update golang to 1.19.8 #3768
• Update minikube to 1.30 #3734
• Bump github.com/hashicorp/vault from 1.4.2 to 1.9.9 #3712

Documentation

• Use the Ceph Slack instance and not our silo'ed own one #3782

Full Changelog: v3.8.0...v3.8.1

Ceph-CSI v3.9.0 Release

We are excited to announce another feature-packed release of Ceph CSI, v3.9.0. This is another significant step towards using enhanced Container Storage Interface (CSI) features with Ceph Cluster in the backend. With this release, we are introducing many brand-new features and enhancements to the Ceph CSI driver. Here are the changelog/release highlights.

Changelog and Highlights:

Features

RBD

• Add mkfsOptions to the StorageClass and pass them to mkfs by @nixpanic in #3692
• Get lastsyncbytes and lastsycduration for volume replication by @yati1998 in #3894
• Complete removal and migration of replication server into csiaddons by @riya-singhal31 in #3924 #3884 #3608
• Add support for efficient selinux relabelling support by @Rakshith-R in #3902

CephFS

• Honor MountOptions during NodeStageVolume request and add support for efficient selinux relabelling support by @Rakshith-R in #3902
• Add cephFS/CSIDriver and cephFS/csi-config-map to API by @riya-singhal31 in #3837

NFS

• Add support for secTypes parameters in StorageClass by @nixpanic in #3434
• Add support for efficient selinux relabelling support by @Rakshith-R in #3902

Breaking Changes

• #3902 introduced a breaking change in CephFS driver. Please follow the steps mentioned in the upgrade guide to ensure a smooth upgrade.
• Volumereplication service running on the controller server is now completely removed and replaced by CSI-Addons. See #3314 for more details

Enhancements

• Exit early if image-meta.json does not exist by @microyahoo in #3788
• Update golang to 1.20 #3879
• Rebase: bump k8s.io/kubernetes from 1.26.2 to 1.27.2 by @dependabot in #3848
• Update various dependencies #3896 #3850 #3917
• Add support & e2e for mountOptions & efficient selinux relabelling support by @Rakshith-R in #3902
• Helm: add imagePullSecrets for helm charts by @fungaren in #3906
• Deploy: update CSI sidecars to the latest versions available by @iPraveenParihar in #3871
• Cleanup: Move common files to the deploy folder by @karthik-us in #3860

Bug Fixes

• Helm chart rendered duplicate affinities in rbd and cephFS by @dashjay in #3751
• Invalid "invalid encryption KMS configuration" error by @riya-singhal31 in #3854
• Configuring cephFS snapshots and clones by @riya-singhal31 in #3742
• Limit cryptsetup PBKDF memory usage by @BenoitKnecht in #3781
• Set pid limit only for nodeserver by @Madhu-1 in #3776

E2E

• Remove extra check for snapshot count by @riya-singhal31 in #3735
• Fix codespell and shell check failures by @riya-singhal31 in #3762
• Add test cases for pv.Spec.MountOptions by @rakshith in #3902

CI

• Install Helm with a script located on GitHub by @nixpanic in #3843
• Many Mergify enhancements for better CI resource utilization #3672 #3797
• Added gha-mergify-merge-queue-labels-copier action to better handle merge queue prs #3809
• Use the "ceph-csi-bot" account for commenting on PRs by @nixpanic in #3877
• Prevent Retest Workflow from running on forked repos by @nixpanic in #3883
• Do not add ok-to-test if CentOS jobs were successful by @nixpanic in #3688
• Run ci tests on latest k8s versions v1.25, v1.26 and v1.27

New Contributors ( Thanks !! 👍 )

• @karthik-us made their first contribution in #3761
• @microyahoo made their first contribution in #3788
• @dashjay made their first contribution in #3751
• @iPraveenParihar made their first contribution in #3871
• @fungaren made their first contribution in #3906

Full Changelog: v3.8.0...v3.9.0

Thanks to the fantastic Ceph CSI community for this great release 👍 🎉

Ceph-CSI v3.8.0 Release

We are excited to announce another feature-packed release of Ceph CSI, v3.8.0. This is another significant step towards using enhanced Container Storage Interface ( CSI) features with Ceph Cluster in the backend. With this release, we are introducing many brand-new features and enhancements to the Ceph CSI driver. Also, this release enabled smooth integration into various projects. Here are the changelog/release highlights.

Changelog and Highlights:

Features

RBD

• fscrypt support #3310
  • Add fscrypt integration with the Ceph CSI KMS. Supports ext4 on RBD. Snapshots are supported as well.
  • Brief docs for fscrypt support #3571
• Provide new command line configuration to enable read affinity #3639

CephFS

• Shallow volumes for the ROX accessModes by default #3651
  • Shallow volumes as default for cephfs ROX clones/restore for better performance.
• Add fscrypt support for volumes, snapshots, and clones #3460
  • There are dependencies with kernel and ceph

Enhancements

• Update kubernetes dependencies to 1.26.1 #3638
• Update go-ceph to 0.20.0 #3678
• Update packages in release image #3635
• Add basic upgrade documentation for Helm Charts #3655
• Update rook installation to default latest version #3610
• Add extraArgs for sidecars #3560
• csidriver added to helper scripts #3573
• Lift the minimum supported version of ceph to v15.0.0 #3513
• Update csi spec to v1.7.0 #3503
• Add commonLabels value to helm charts #3438

Bug Fixes

• Make inode metrics optional in FilesystemNodeGetVolumeStats for CephFS #3407
• Discover if StagingTargetPath in NodeExpandVolume exists #3624
• Set disableInUseChecks on rbd volume #3605
• Skip expanding for BackingSnapshot volume #3586
• Fix CVEs in image #3526
• Ignore stderr for ceph osd blocklist when there is no error #3524
• Check volume details from original volumeID #2931
• Setup encryption if rbdVol exits during CreateVol #3422
• Return error if last sync time is not present #3489
• Return abnormal if the mount is corrupted #3462
• Fix namespace name update in metadata and rados object #3477
• Remove dummy image workaround #3413
• Get description from remote status #3392
• Fix mdl configuration #3447
• ParseAcceptLanguage takes a long time to parse complex tags #3439

E2E

• Run E2E tests with kubernetes v1.26 release
• Many tests are added to make sure we stay with backward compatibility for existing features of v3.7
• New tests are added for features introduced in this release
• Lots of cleanup and deprecated API removals were done on the test framework

CI

• Update golang to 1.19.5 #3640
• Many Mergify enhancements for better CI resource utilization #3672 #3671 #3684 #3681
• Add GitHub action to trigger E2E #3468

Breaking Changes

• Removal of option to run cephcsi as both controller and node server.

New Contributors ( Thanks !! 👍 )

• @saiprashanth173 made their first contribution in #3377
• @bastienbosser made their first contribution in #3438
• @riya-singhal31 made their first contribution in #3510
• @Sea-you made their first contribution in #3560
• @lentzi90 made their first contribution in #3595
• @mohag made their first contribution in #3635
• @Syphdias made their first contribution in #3655

Full Changelog: v3.7.2...v3.8.0

Thanks to the awesome Ceph CSI community for this great release 👍 🎉

Ceph-CSI v3.7.2 Release

Changelog or Highlights:

Bug Fixes:

CephFS

• Delete subvolume if SetAllMetadata fails #3435
• Allow subvolume creation if ceph cluster doesnt support metadata API #3423

RBD

• Fix volume leak if metadata operation fails #3436

Vendor Update

• Rebase: golang.org/x/text/language to v0.3.8 to fix a vulnerability #3439

CI improvements

• Create kubernetes cluster with podman driver #3420

Breaking Changes

None.

Ceph-CSI v3.7.1 Release

Bug Fixes:

• rbd: fix bug in kmip kms Decrypt function & improve error msg #3341
• rbd: modify stripSecret mechanism in logGRPC() #3350
• cephfs: return success if metadata operation not supported #3352
• rbd: change default FsGroupPolicy to "File" for RBD CSI driver #3364
• rbd: map only primary image #3373
• ci: use resync to sync helm charts #3374
• cephfs: Fix subvolumegroup creation #3376
• rbd: create token and use it for vault SA everytime possible #3378
• rbd: use blocklist range cmd, fallback if it fails #3386

NOTE

Helm upgrade may fail with message:

UPGRADE FAILED: cannot patch "rbd.csi.ceph.com" with kind CSIDriver: CSIDriver.storage.k8s.io "rbd.csi.ceph.com" is invalid: spec.fsGroupPolicy: Invalid value: "File": field is immutable"
 FAILED! => {"changed": false, "command": "/usr/sbin/helm --version=v3.7.1 upgrade -i --reset-values --create-namespace -f=/tmp/tmp2sr2me9a.yml ceph-csi ceph-csi/ceph-csi-rbd", "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable\n", "stderr": "Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable\n", "stderr_lines": ["Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable"], "stdout": "", "stdout_lines": []}

If so, delete the csidriver object

kubectl delete csidriver rbd.csi.ceph.com

Then do helm upgrade

Ceph-CSI v3.7.0 Release

We are excited to announce another feature packed release of Ceph CSI , v3.7.0. This is another great step towards making it possible to use enhanced features of Container Storage Interface ( CSI) with Ceph Cluster in the backend. With this release, we are introducing many brand new features and enhancements to Ceph CSI driver. Also this release enabled a smooth integration to various projects. Here are the changelog / release highlights..

Changelog and Highlights:

Features

• KMIP integration for RBD PVC encryption
  • The Key Management Interoperability Protocol (KMIP)
    is an extensible communication protocol
    that defines message formats for the manipulation
    of cryptographic keys on a key management server.
    Ceph-CSI can now be configured to connect to
    various KMS using KMIP for encrypting RBD volumes.
• NFS
  • Added support for volume expansion, snapshot, restore and clone.
  • Added NFS nodeserver within CephCSI with support for pod networking with nsenter.
• Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes
  • For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details
  • For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details
• Shallow Read Only support for Ceph CSI driver:
  • cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data (https://github.com/ceph/ceph-csi/blob/devel/docs/design/proposals/cephfs-snapshot-shallow-ro-vol.md ) which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup.

Enhancements

• All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version.
• snapshot API support has been lifted to GA version in this release.
• From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations.
• New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments.

Bug Fixes

• While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ).
• Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678)
• Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176)
• RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on.

E2E

• many tests are added for making sure we stay with backward compatibility for existing features of v3.6.
• new tests are added for features introduced in this release
• lots of cleanup and deprecated API removals done on the test framework
• Dropped support for kubernetes v<=1.22 tests in the framework

Deprecation

• Volumereplication service running on controller server is deprecated and replaced by CSI-Addons, see #3314 for more details
• cephfs provisioner will not make use of attacher sidecar from this release onwards. See #3149 for more details

Breaking Changes

• NFS daemonset is renamed from csi-nfs-node to csi-nfsplugin, refer to upgrade steps for more details.

NOTE

Helm upgrade may fail with message:

UPGRADE FAILED: cannot patch "rbd.csi.ceph.com" with kind CSIDriver: CSIDriver.storage.k8s.io "rbd.csi.ceph.com" is invalid: spec.fsGroupPolicy: Invalid value: "File": field is immutable"
 FAILED! => {"changed": false, "command": "/usr/sbin/helm --version=v3.7.0 upgrade -i --reset-values --create-namespace -f=/tmp/tmp2sr2me9a.yml ceph-csi ceph-csi/ceph-csi-rbd", "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable\n", "stderr": "Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable\n", "stderr_lines": ["Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable"], "stdout": "", "stdout_lines": []}

If so, delete the csidriver object

kubectl delete csidriver rbd.csi.ceph.com

Then do helm upgrade

Release Image : docker pull quay.io/cephcsi/cephcsi:v3.7.0

New Contributors ( Thanks !! 👍 )

• @losil made their first contribution in #2993
• @Cytrian made their first contribution in #3091
• @naveensrinivasan made their first contribution in #3127
• @irq0 made their first contribution in #2912
• @iceman91176 made their first contribution in #3177
• @BenoitKnecht made their first contribution in #3232
• @takmatsu made their first contribution in #3233
• @anthonyeleven made their first contribution in #3274
• @palvarez89 made their first contribution in #3273

Full Changelog: v3.6.2...v3.7.0

Thanks to awesome Ceph CSI community for this great release 👍 🎉