Ceph-CSI v3.7.0 Release

We are excited to announce another feature packed release of Ceph CSI , v3.7.0. This is another great step towards making it possible to use enhanced features of Container Storage Interface ( CSI) with Ceph Cluster in the backend. With this release, we are introducing many brand new features and enhancements to Ceph CSI driver. Also this release enabled a smooth integration to various projects. Here are the changelog / release highlights..

Changelog and Highlights:

Features

• KMIP integration for RBD PVC encryption
  • The Key Management Interoperability Protocol (KMIP)
    is an extensible communication protocol
    that defines message formats for the manipulation
    of cryptographic keys on a key management server.
    Ceph-CSI can now be configured to connect to
    various KMS using KMIP for encrypting RBD volumes.
• NFS
  • Added support for volume expansion, snapshot, restore and clone.
  • Added NFS nodeserver within CephCSI with support for pod networking with nsenter.
• Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes
  • For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details
  • For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details
• Shallow Read Only support for Ceph CSI driver:
  • cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data (https://github.com/ceph/ceph-csi/blob/devel/docs/design/proposals/cephfs-snapshot-shallow-ro-vol.md ) which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup.

Enhancements

• All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version.
• snapshot API support has been lifted to GA version in this release.
• From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations.
• New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments.

Bug Fixes

• While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ).
• Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678)
• Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176)
• RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on.

E2E

• many tests are added for making sure we stay with backward compatibility for existing features of v3.6.
• new tests are added for features introduced in this release
• lots of cleanup and deprecated API removals done on the test framework
• Dropped support for kubernetes v<=1.22 tests in the framework

Deprecation

• Volumereplication service running on controller server is deprecated and replaced by CSI-Addons, see #3314 for more details
• cephfs provisioner will not make use of attacher sidecar from this release onwards. See #3149 for more details

Breaking Changes

• NFS daemonset is renamed from csi-nfs-node to csi-nfsplugin, refer to upgrade steps for more details.

NOTE

Helm upgrade may fail with message:

UPGRADE FAILED: cannot patch "rbd.csi.ceph.com" with kind CSIDriver: CSIDriver.storage.k8s.io "rbd.csi.ceph.com" is invalid: spec.fsGroupPolicy: Invalid value: "File": field is immutable"
 FAILED! => {"changed": false, "command": "/usr/sbin/helm --version=v3.7.0 upgrade -i --reset-values --create-namespace -f=/tmp/tmp2sr2me9a.yml ceph-csi ceph-csi/ceph-csi-rbd", "msg": "Failure when executing Helm command. Exited 1.\nstdout: \nstderr: Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable\n", "stderr": "Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable\n", "stderr_lines": ["Error: UPGRADE FAILED: cannot patch \"rbd.csi.ceph.com\" with kind CSIDriver: CSIDriver.storage.k8s.io \"rbd.csi.ceph.com\" is invalid: spec.fsGroupPolicy: Invalid value: \"File\": field is immutable"], "stdout": "", "stdout_lines": []}

If so, delete the csidriver object

kubectl delete csidriver rbd.csi.ceph.com

Then do helm upgrade

Release Image : docker pull quay.io/cephcsi/cephcsi:v3.7.0

New Contributors ( Thanks !! 👍 )

• @losil made their first contribution in #2993
• @Cytrian made their first contribution in #3091
• @naveensrinivasan made their first contribution in #3127
• @irq0 made their first contribution in #2912
• @iceman91176 made their first contribution in #3177
• @BenoitKnecht made their first contribution in #3232
• @takmatsu made their first contribution in #3233
• @anthonyeleven made their first contribution in #3274
• @palvarez89 made their first contribution in #3273

Full Changelog: v3.6.2...v3.7.0

Thanks to awesome Ceph CSI community for this great release 👍 🎉