Merge pull request #780 from red-hat-storage/sync_us--master

Syncing latest changes from upstream master for rook

.github/workflows/scorecards.yml

@@ -64,6 +64,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           sarif_file: results.sarif

deploy/charts/rook-ceph-cluster/templates/deployment.yaml

@@ -9,6 +9,9 @@ metadata:
     app: rook-ceph-tools
 spec:
   replicas: 1
+{{- if .Values.revisionHistoryLimit }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+{{- end }}
   selector:
     matchLabels:
       app: rook-ceph-tools

deploy/charts/rook-ceph/templates/deployment.yaml

@@ -9,6 +9,9 @@ metadata:
     {{- include "library.rook-ceph.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.scaleDownOperator | ternary 0 1 }}
+{{- if .Values.revisionHistoryLimit }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+{{- end }}
   selector:
     matchLabels:
       app: rook-ceph-operator

design/ceph/ceph-nfs-ganesha.md

@@ -44,7 +44,7 @@ This allows the NFS-Ganesha server cluster to be scalable and highly available.
   ```
 
 - An existing RADOS pool (e.g., CephFS's data pool) or a pool created with a
-  [Ceph Pool CRD] to store NFS client recovery data.
+  [Ceph Block Pool CRD] to store NFS client recovery data.
 
 ### Ceph NFS-Ganesha CRD
 
@@ -340,13 +340,11 @@ EXPORT {
 [NFS-Ganesha]: https://github.com/nfs-ganesha/nfs-ganesha/wiki
 [CephFS]: http://docs.ceph.com/docs/master/cephfs/nfs/
 [RGW]: http://docs.ceph.com/docs/master/radosgw/nfs/
-[Rook toolbox]: (/Documentation/ceph-toolbox.md)
-[Ceph manager]: (http://docs.ceph.com/docs/master/mgr/)
-[OpenStack]: (https://www.openstack.org/software/)
-[Manila]: (https://wiki.openstack.org/wiki/Manila)
-[CephFS driver]: (https://github.com/openstack/manila/blob/master/doc/source/admin/cephfs_driver.rst)
-[k8s ConfigMaps]: (https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/)
-[k8s Service]: (https://kubernetes.io/docs/concepts/services-networking/service)
-[Ceph Pool CRD]: (https://github.com/rook/rook/blob/master/Documentation/ceph-pool-crd.md)
-[k8s Deployments]: (https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)
-[SSSD]: (https://sssd.io)
+[OpenStack]: https://www.openstack.org/software/
+[Manila]: https://wiki.openstack.org/wiki/Manila
+[CephFS driver]: https://github.com/openstack/manila/blob/master/doc/source/admin/cephfs_driver.rst
+[k8s ConfigMaps]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/
+[k8s Service]: https://kubernetes.io/docs/concepts/services-networking/service
+[Ceph Block Pool CRD]: https://github.com/rook/rook/blob/master/Documentation/CRDs/Block-Storage/ceph-block-pool-crd.md
+[k8s Deployments]: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
+[SSSD]: https://sssd.io

pkg/operator/ceph/cluster/nodedaemon/crash.go

@@ -126,7 +126,7 @@ func (r *ReconcileNode) createOrUpdateCephCrash(node corev1.Node, tolerations []
 			},
 		}
 		cephv1.GetCrashCollectorAnnotations(cephCluster.Spec.Annotations).ApplyToObjectMeta(&deploy.Spec.Template.ObjectMeta)
-
+		deploy.Spec.RevisionHistoryLimit = controller.RevisionHistoryLimit()
 		return nil
 	}
 

pkg/operator/ceph/controller/controller_utils.go

@@ -54,8 +54,7 @@ const (
 	enforceHostNetworkSettingName  string = "ROOK_ENFORCE_HOST_NETWORK"
 	enforceHostNetworkDefaultValue string = "false"
 
-	revisionHistoryLimitSettingName  string = "ROOK_REVISION_HISTORY_LIMIT"
-	revisionHistoryLimitDefaultValue string = ""
+	revisionHistoryLimitSettingName string = "ROOK_REVISION_HISTORY_LIMIT"
 
 	// UninitializedCephConfigError refers to the error message printed by the Ceph CLI when there is no ceph configuration file
 	// This typically is raised when the operator has not finished initializing
@@ -138,18 +137,21 @@ func EnforceHostNetwork() bool {
 }
 
 func SetRevisionHistoryLimit(data map[string]string) {
-	strval := k8sutil.GetValue(data, revisionHistoryLimitSettingName, revisionHistoryLimitDefaultValue)
-	if strval != "" {
-		numval, err := strconv.ParseInt(strval, 10, 32)
-		if err != nil {
-			logger.Warningf("failed to parse value %q for %q. assuming default value.", strval, revisionHistoryLimitSettingName)
-			revisionHistoryLimit = nil
-			return
-
-		}
-		limit := int32(numval)
-		revisionHistoryLimit = &limit
+	strval := k8sutil.GetValue(data, revisionHistoryLimitSettingName, "")
+	var limit int32
+	if strval == "" {
+		logger.Debugf("not parsing empty string to int for %q. assuming default value.", revisionHistoryLimitSettingName)
+		revisionHistoryLimit = nil
+		return
+	}
+	numval, err := strconv.ParseInt(strval, 10, 32)
+	if err != nil {
+		logger.Warningf("failed to parse value %q for %q. assuming default value. %v", strval, revisionHistoryLimitSettingName, err)
+		revisionHistoryLimit = nil
+		return
 	}
+	limit = int32(numval)
+	revisionHistoryLimit = &limit
 
 }
 

pkg/operator/ceph/csi/ceph_connection.go

@@ -17,10 +17,13 @@ limitations under the License.
 package csi
 
 import (
+	"os"
+
 	"github.com/pkg/errors"
 
 	cephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1"
 	cephclient "github.com/rook/rook/pkg/daemon/ceph/client"
+	"github.com/rook/rook/pkg/operator/k8sutil"
 
 	csiopv1a1 "github.com/ceph/ceph-csi-operator/api/v1alpha1"
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
@@ -34,18 +37,13 @@ func CreateUpdateCephConnection(c client.Client, clusterInfo *cephclient.Cluster
 	csiCephConnection := &csiopv1a1.CephConnection{}
 
 	csiCephConnection.Name = clusterInfo.NamespacedName().Name
-	csiCephConnection.Namespace = clusterInfo.NamespacedName().Namespace
+	csiCephConnection.Namespace = os.Getenv(k8sutil.PodNamespaceEnvVar)
 
 	spec, err := generateCephConnSpec(c, clusterInfo, csiCephConnection.Spec, clusterSpec)
 	if err != nil {
 		return errors.Wrapf(err, "failed to set ceph connection CR %q in namespace %q", csiCephConnection.Name, clusterInfo.Namespace)
 	}
 
-	err = clusterInfo.OwnerInfo.SetOwnerReference(csiCephConnection)
-	if err != nil {
-		return errors.Wrapf(err, "failed to set owner reference for ceph connection CR %q", csiCephConnection.Name)
-	}
-
 	err = c.Get(clusterInfo.Context, types.NamespacedName{Name: csiCephConnection.Name, Namespace: csiCephConnection.Namespace}, csiCephConnection)
 	if err != nil {
 		if kerrors.IsNotFound(err) {

pkg/operator/ceph/csi/ceph_connection_test.go

@@ -24,6 +24,7 @@ import (
 	cephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1"
 	"github.com/rook/rook/pkg/client/clientset/versioned/scheme"
 	clienttest "github.com/rook/rook/pkg/daemon/ceph/client/test"
+	"github.com/rook/rook/pkg/operator/k8sutil"
 	"github.com/stretchr/testify/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -37,6 +38,7 @@ func TestCreateUpdateCephConnection(t *testing.T) {
 	c.Namespace = ns
 	c.SetName("testcluster")
 	c.NamespacedName()
+	t.Setenv(k8sutil.PodNamespaceEnvVar, ns)
 
 	cluster := &cephv1.CephCluster{
 		ObjectMeta: metav1.ObjectMeta{

pkg/operator/ceph/csi/config.go

@@ -18,9 +18,14 @@ package csi
 
 import (
 	"context"
+	"os"
+	"reflect"
+	"runtime/debug"
 	"strings"
 
+	cephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1"
 	cephclient "github.com/rook/rook/pkg/daemon/ceph/client"
+	"github.com/rook/rook/pkg/operator/k8sutil"
 
 	csiopv1a1 "github.com/ceph/ceph-csi-operator/api/v1alpha1"
 	"github.com/pkg/errors"
@@ -36,7 +41,7 @@ func CreateUpdateClientProfileRadosNamespace(ctx context.Context, c client.Clien
 
 	csiOpClientProfile := &csiopv1a1.ClientProfile{}
 	csiOpClientProfile.Name = clusterID
-	csiOpClientProfile.Namespace = cephBlockPoolRadosNamespacedName.Namespace
+	csiOpClientProfile.Namespace = os.Getenv(k8sutil.PodNamespaceEnvVar)
 	csiOpClientProfile.Spec = csiopv1a1.ClientProfileSpec{
 		CephConnectionRef: v1.LocalObjectReference{
 			Name: clusterName,
@@ -46,12 +51,7 @@ func CreateUpdateClientProfileRadosNamespace(ctx context.Context, c client.Clien
 		},
 	}
 
-	err := clusterInfo.OwnerInfo.SetOwnerReference(csiOpClientProfile)
-	if err != nil {
-		return errors.Wrapf(err, "failed to set owner reference for clientProfile CR %q for radosNamespace", csiOpClientProfile.Name)
-	}
-
-	err = c.Get(ctx, types.NamespacedName{Name: csiOpClientProfile.Name, Namespace: csiOpClientProfile.Namespace}, csiOpClientProfile)
+	err := c.Get(ctx, types.NamespacedName{Name: csiOpClientProfile.Name, Namespace: csiOpClientProfile.Namespace}, csiOpClientProfile)
 	if err != nil {
 		if apierrors.IsNotFound(err) {
 			err = c.Create(ctx, csiOpClientProfile)
@@ -79,12 +79,7 @@ func CreateUpdateClientProfileSubVolumeGroup(ctx context.Context, c client.Clien
 
 	csiOpClientProfile := generateProfileSubVolumeGroupSpec(clusterInfo, cephFilesystemNamespacedName, clusterID, clusterName)
 
-	err := clusterInfo.OwnerInfo.SetOwnerReference(csiOpClientProfile)
-	if err != nil {
-		return errors.Wrapf(err, "failed to set owner reference for clientProfile CR %q for subVolGrp", csiOpClientProfile.Name)
-	}
-
-	err = c.Get(ctx, types.NamespacedName{Name: csiOpClientProfile.Name, Namespace: csiOpClientProfile.Namespace}, csiOpClientProfile)
+	err := c.Get(ctx, types.NamespacedName{Name: csiOpClientProfile.Name, Namespace: csiOpClientProfile.Namespace}, csiOpClientProfile)
 	if err != nil {
 		if apierrors.IsNotFound(err) {
 			err = c.Create(ctx, csiOpClientProfile)
@@ -109,7 +104,7 @@ func CreateUpdateClientProfileSubVolumeGroup(ctx context.Context, c client.Clien
 func generateProfileSubVolumeGroupSpec(clusterInfo *cephclient.ClusterInfo, cephFilesystemNamespacedName types.NamespacedName, clusterID, clusterName string) *csiopv1a1.ClientProfile {
 	csiOpClientProfile := &csiopv1a1.ClientProfile{}
 	csiOpClientProfile.Name = clusterID
-	csiOpClientProfile.Namespace = cephFilesystemNamespacedName.Namespace
+	csiOpClientProfile.Namespace = os.Getenv(k8sutil.PodNamespaceEnvVar)
 	csiOpClientProfile.Spec = csiopv1a1.ClientProfileSpec{
 		CephConnectionRef: v1.LocalObjectReference{
 			Name: clusterName,
@@ -119,15 +114,14 @@ func generateProfileSubVolumeGroupSpec(clusterInfo *cephclient.ClusterInfo, ceph
 		},
 	}
 
-	kernelMountKeyVal := strings.Split(clusterInfo.CSIDriverSpec.CephFS.KernelMountOptions, "=")
-	fuseMountKeyVal := strings.Split(clusterInfo.CSIDriverSpec.CephFS.FuseMountOptions, "=")
-
-	if len(kernelMountKeyVal) == 2 {
-		csiOpClientProfile.Spec.CephFs.KernelMountOptions = map[string]string{kernelMountKeyVal[0]: kernelMountKeyVal[1]}
-	}
-
-	if len(fuseMountKeyVal) == 2 {
-		csiOpClientProfile.Spec.CephFs.FuseMountOptions = map[string]string{fuseMountKeyVal[0]: fuseMountKeyVal[1]}
+	if !reflect.DeepEqual(clusterInfo.CSIDriverSpec.CephFS, cephv1.CSICephFSSpec{}) {
+		if clusterInfo.CSIDriverSpec.CephFS.KernelMountOptions != "" {
+			kernelMountKeyVal := strings.Split(clusterInfo.CSIDriverSpec.CephFS.KernelMountOptions, "=")
+			csiOpClientProfile.Spec.CephFs.KernelMountOptions = map[string]string{kernelMountKeyVal[0]: kernelMountKeyVal[1]}
+		} else if clusterInfo.CSIDriverSpec.CephFS.FuseMountOptions != "" {
+			fuseMountKeyVal := strings.Split(clusterInfo.CSIDriverSpec.CephFS.FuseMountOptions, "=")
+			csiOpClientProfile.Spec.CephFs.FuseMountOptions = map[string]string{fuseMountKeyVal[0]: fuseMountKeyVal[1]}
+		}
 	}
 
 	return csiOpClientProfile
@@ -136,22 +130,42 @@ func generateProfileSubVolumeGroupSpec(clusterInfo *cephclient.ClusterInfo, ceph
 // CreateDefaultClientProfile creates a default client profile for csi-operator to connect driver
 func CreateDefaultClientProfile(c client.Client, clusterInfo *cephclient.ClusterInfo, namespaced types.NamespacedName) error {
 	logger.Info("Creating ceph-csi clientProfile default CR")
+	defer func() {
+		if r := recover(); r != nil {
+			logger.Errorf("Panic when creating the default client profile: %+v", r)
+			logger.Errorf("Stack trace:")
+			logger.Errorf(string(debug.Stack()))
+		}
+	}()
 
 	csiOpClientProfile := &csiopv1a1.ClientProfile{}
 	csiOpClientProfile.Name = clusterInfo.Namespace
-	csiOpClientProfile.Namespace = clusterInfo.Namespace
+	csiOpClientProfile.Namespace = os.Getenv(k8sutil.PodNamespaceEnvVar)
 	csiOpClientProfile.Spec = csiopv1a1.ClientProfileSpec{
 		CephConnectionRef: v1.LocalObjectReference{
 			Name: namespaced.Name,
 		},
 	}
 
-	err := clusterInfo.OwnerInfo.SetOwnerReference(csiOpClientProfile)
-	if err != nil {
-		return errors.Wrapf(err, "failed to set owner reference for default clientProfile CR %q", csiOpClientProfile.Name)
+	if !reflect.DeepEqual(clusterInfo.CSIDriverSpec.CephFS, cephv1.CSICephFSSpec{}) {
+		if clusterInfo.CSIDriverSpec.CephFS.KernelMountOptions != "" {
+			kernelMountKeyVal := strings.Split(clusterInfo.CSIDriverSpec.CephFS.KernelMountOptions, "=")
+			if len(kernelMountKeyVal) >= 2 {
+				csiOpClientProfile.Spec.CephFs = &csiopv1a1.CephFsConfigSpec{
+					KernelMountOptions: map[string]string{kernelMountKeyVal[0]: kernelMountKeyVal[1]},
+				}
+			}
+		} else if clusterInfo.CSIDriverSpec.CephFS.FuseMountOptions != "" {
+			fuseMountKeyVal := strings.Split(clusterInfo.CSIDriverSpec.CephFS.FuseMountOptions, "=")
+			if len(fuseMountKeyVal) >= 2 {
+				csiOpClientProfile.Spec.CephFs = &csiopv1a1.CephFsConfigSpec{
+					FuseMountOptions: map[string]string{fuseMountKeyVal[0]: fuseMountKeyVal[1]},
+				}
+			}
+		}
 	}
 
-	err = c.Get(clusterInfo.Context, types.NamespacedName{Name: csiOpClientProfile.Name, Namespace: csiOpClientProfile.Namespace}, csiOpClientProfile)
+	err := c.Get(clusterInfo.Context, types.NamespacedName{Name: csiOpClientProfile.Name, Namespace: csiOpClientProfile.Namespace}, csiOpClientProfile)
 	if err != nil {
 		if apierrors.IsNotFound(err) {
 			err = c.Create(clusterInfo.Context, csiOpClientProfile)

pkg/operator/ceph/csi/config_test.go

@@ -25,6 +25,7 @@ import (
 	cephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1"
 	"github.com/rook/rook/pkg/client/clientset/versioned/scheme"
 	clienttest "github.com/rook/rook/pkg/daemon/ceph/client/test"
+	"github.com/rook/rook/pkg/operator/k8sutil"
 	"github.com/stretchr/testify/assert"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
@@ -48,6 +49,9 @@ func TestCreateUpdateClientProfile(t *testing.T) {
 	c.Namespace = ns
 	c.SetName("testcluster")
 	c.NamespacedName()
+	c.SetName(c.Namespace)
+	t.Setenv(k8sutil.PodNamespaceEnvVar, ns)
+
 	clusterName := "testClusterName"
 	cephBlockPoolRadosNamespacedName := types.NamespacedName{Namespace: ns, Name: "cephBlockPoolRadosNames"}
 	cephSubVolGrpNamespacedName := types.NamespacedName{Namespace: ns, Name: "cephSubVolumeGroupNames"}

pkg/operator/ceph/csi/operator_config.go

@@ -17,8 +17,6 @@ limitations under the License.
 package csi
 
 import (
-	"reflect"
-
 	cephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1"
 
 	csiopv1a1 "github.com/ceph/ceph-csi-operator/api/v1alpha1"
@@ -119,14 +117,11 @@ func (r *ReconcileCSI) generateCSIOpConfigSpec(cluster cephv1.CephCluster, opCon
 			CephFsClientType: cephfsClientType,
 		},
 	}
-	if !reflect.DeepEqual(cluster.Spec.Network, cephv1.NetworkSpec{}) {
-
-		if cluster.Spec.Network.Connections.Encryption.Enabled {
-			opConfig.Spec.DriverSpecDefaults.Encryption = &csiopv1a1.EncryptionSpec{
-				ConfigMapRef: v1.LocalObjectReference{
-					Name: "rook-ceph-csi-kms-config",
-				},
-			}
+	if CSIParam.EnableCSIEncryption {
+		opConfig.Spec.DriverSpecDefaults.Encryption = &csiopv1a1.EncryptionSpec{
+			ConfigMapRef: v1.LocalObjectReference{
+				Name: "rook-ceph-csi-kms-config",
+			},
 		}
 	}
 

pkg/operator/ceph/csi/operator_config_test.go

@@ -88,5 +88,4 @@ func TestReconcileCSI_createOrUpdateOperatorConfig(t *testing.T) {
 	err = cl.Get(context.TODO(), types.NamespacedName{Name: opConfigCRName, Namespace: r.opConfig.OperatorNamespace}, opConfig)
 	assert.NoError(t, err)
 	assert.Equal(t, *opConfig.Spec.DriverSpecDefaults.EnableMetadata, false)
-	assert.Equal(t, opConfig.Spec.DriverSpecDefaults.Encryption.ConfigMapRef, v1.LocalObjectReference{Name: "rook-ceph-csi-kms-config"})
 }