Syncing latest changes from upstream master for rook

.mergify.yml

@@ -15,111 +15,6 @@ pull_request_rules:
       comment:
         message: Hi @{{author}}, this pull request was opened against a release branch, is it expected? Normally patches should go in the master branch first and then be backported to release branches.
 
-  # release-1.11 branch
-  - name: automerge backport release-1.11
-    conditions:
-      - author=mergify[bot]
-      - base=release-1.11
-      - label!=do-not-merge
-      - "status-success=DCO"
-      - "check-success=linux-build-all (1.19)"
-      - "check-success=unittests"
-      - "check-success=golangci-lint"
-      - "check-success=codegen"
-      - "check-success=codespell"
-      - "check-success=lint"
-      - "check-success=modcheck"
-      - "check-success=Shellcheck"
-      - "check-success=yaml-linter"
-      - "check-success=lint-test"
-      - "check-success=gen-rbac"
-      - "check-success=crds-gen"
-      - "check-success=docs-check"
-      - "check-success=pylint"
-      - "check-success=canary"
-      - "check-success=raw-disk"
-      - "check-success=two-osds-in-device"
-      - "check-success=osd-with-metadata-device"
-      - "check-success=encryption"
-      - "check-success=lvm"
-      - "check-success=pvc"
-      - "check-success=pvc-db"
-      - "check-success=pvc-db-wal"
-      - "check-success=encryption-pvc"
-      - "check-success=encryption-pvc-db"
-      - "check-success=encryption-pvc-db-wal"
-      - "check-success=encryption-pvc-kms-vault-token-auth"
-      - "check-success=encryption-pvc-kms-vault-k8s-auth"
-      - "check-success=lvm-pvc"
-      - "check-success=rgw-multisite-testing"
-      - "check-success=TestCephSmokeSuite (v1.21.14)"
-      - "check-success=TestCephSmokeSuite (v1.26.1)"
-      - "check-success=TestCephHelmSuite (v1.21.14)"
-      - "check-success=TestCephHelmSuite (v1.26.1)"
-      - "check-success=TestCephMultiClusterDeploySuite (v1.26.1)"
-      - "check-success=TestCephUpgradeSuite (v1.21.14)"
-      - "check-success=TestCephUpgradeSuite (v1.26.1)"
-      - "check-success=TestHelmUpgradeSuite (v1.21.14)"
-      - "check-success=TestHelmUpgradeSuite (v1.26.1)"
-    actions:
-      merge:
-        method: merge
-      dismiss_reviews: {}
-      delete_head_branch: {}
-
-  # release-1.12 branch
-  - name: automerge backport release-1.12
-    conditions:
-      - author=mergify[bot]
-      - base=release-1.12
-      - label!=do-not-merge
-      - "status-success=DCO"
-      - "check-success=linux-build-all (1.21)"
-      - "check-success=unittests"
-      - "check-success=golangci-lint"
-      - "check-success=codegen"
-      - "check-success=codespell"
-      - "check-success=lint"
-      - "check-success=modcheck"
-      - "check-success=Shellcheck"
-      - "check-success=yaml-linter"
-      - "check-success=lint-test"
-      - "check-success=gen-rbac"
-      - "check-success=crds-gen"
-      - "check-success=docs-check"
-      - "check-success=pylint"
-      - "check-success=canary"
-      - "check-success=raw-disk"
-      - "check-success=two-osds-in-device"
-      - "check-success=osd-with-metadata-device"
-      - "check-success=encryption"
-      - "check-success=lvm"
-      - "check-success=pvc"
-      - "check-success=pvc-db"
-      - "check-success=pvc-db-wal"
-      - "check-success=encryption-pvc"
-      - "check-success=encryption-pvc-db"
-      - "check-success=encryption-pvc-db-wal"
-      - "check-success=encryption-pvc-kms-vault-token-auth"
-      - "check-success=encryption-pvc-kms-vault-k8s-auth"
-      - "check-success=lvm-pvc"
-      - "check-success=rgw-multisite-testing"
-      - "check-success=TestCephSmokeSuite (v1.22.17)"
-      - "check-success=TestCephSmokeSuite (v1.28.0)"
-      - "check-success=TestCephHelmSuite (v1.22.17)"
-      - "check-success=TestCephHelmSuite (v1.28.0)"
-      - "check-success=TestCephMultiClusterDeploySuite (v1.28.0)"
-      - "check-success=TestCephObjectSuite (v1.27.2)"
-      - "check-success=TestCephUpgradeSuite (v1.22.17)"
-      - "check-success=TestCephUpgradeSuite (v1.28.0)"
-      - "check-success=TestHelmUpgradeSuite (v1.22.17)"
-      - "check-success=TestHelmUpgradeSuite (v1.28.0)"
-    actions:
-      merge:
-        method: merge
-      dismiss_reviews: {}
-      delete_head_branch: {}
-
   # release-1.13 branch
   - name: automerge backport release-1.13
     conditions:
@@ -291,23 +186,64 @@ pull_request_rules:
       dismiss_reviews: {}
       delete_head_branch: {}
 
-  # release-1.11 branch
-  - actions:
-      backport:
-        branches:
-          - release-1.11
+  # release-1.16 branch
+  - name: automerge backport release-1.16
     conditions:
-      - label=backport-release-1.11
-    name: backport release-1.11
-
-  # release-1.12 branch
-  - actions:
-      backport:
-        branches:
-          - release-1.12
-    conditions:
-      - label=backport-release-1.12
-    name: backport release-1.12
+      - author=mergify[bot]
+      - base=release-1.16
+      - label!=do-not-merge
+      - "status-success=DCO"
+      - "check-success=linux-build-all (1.22)"
+      - "check-success=unittests"
+      - "check-success=golangci-lint"
+      - "check-success=codegen"
+      - "check-success=codespell"
+      - "check-success=lint"
+      - "check-success=modcheck"
+      - "check-success=Shellcheck"
+      - "check-success=yaml-linter"
+      - "check-success=lint-test"
+      - "check-success=gen-rbac"
+      - "check-success=crds-gen"
+      - "check-success=docs-check"
+      - "check-success=pylint"
+      - "check-success=canary-tests / canary (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / raw-disk-with-object (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / two-osds-in-device (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / osd-with-metadata-partition-device (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / osd-with-metadata-device (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / encryption (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / lvm (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / pvc (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / pvc-db (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / pvc-db-wal (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / encryption-pvc (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / encryption-pvc-db (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / encryption-pvc-db-wal (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / encryption-pvc-kms-vault-token-auth (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / encryption-pvc-kms-vault-k8s-auth (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / lvm-pvc (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / multi-cluster-mirroring (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / rgw-multisite-testing (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / encryption-pvc-kms-ibm-kp (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / multus-public-and-cluster (quay.io/ceph/ceph:v18)"
+      - "check-success=canary-tests / csi-hostnetwork-disabled (quay.io/ceph/ceph:v18)"
+      - "check-success=TestCephSmokeSuite (v1.27.16)"
+      - "check-success=TestCephSmokeSuite (v1.31.0)"
+      - "check-success=TestCephHelmSuite (v1.27.16)"
+      - "check-success=TestCephHelmSuite (v1.31.0)"
+      - "check-success=TestCephMultiClusterDeploySuite (v1.31.0)"
+      - "check-success=TestCephObjectSuite (v1.27.16)"
+      - "check-success=TestCephObjectSuite (v1.31.0)"
+      - "check-success=TestCephUpgradeSuite (v1.27.16)"
+      - "check-success=TestCephUpgradeSuite (v1.31.0)"
+      - "check-success=TestHelmUpgradeSuite (v1.27.16)"
+      - "check-success=TestHelmUpgradeSuite (v1.31.0)"
+    actions:
+      merge:
+        method: merge
+      dismiss_reviews: {}
+      delete_head_branch: {}
 
   # release-1.13 branch
   - actions:
@@ -335,3 +271,12 @@ pull_request_rules:
     conditions:
       - label=backport-release-1.15
     name: backport release-1.15
+
+  # release-1.16 branch
+  - actions:
+      backport:
+        branches:
+          - release-1.16
+    conditions:
+      - label=backport-release-1.16
+    name: backport release-1.16

Documentation/Helm-Charts/operator-chart.md

@@ -60,7 +60,7 @@ The following table lists the configurable parameters of the rook-operator chart
 | `csi.cephFSPluginUpdateStrategy` | CSI CephFS plugin daemonset update strategy, supported values are OnDelete and RollingUpdate | `RollingUpdate` |
 | `csi.cephFSPluginUpdateStrategyMaxUnavailable` | A maxUnavailable parameter of CSI cephFS plugin daemonset update strategy. | `1` |
 | `csi.cephcsi.repository` | Ceph CSI image repository | `"quay.io/cephcsi/cephcsi"` |
-| `csi.cephcsi.tag` | Ceph CSI image tag | `"v3.12.2"` |
+| `csi.cephcsi.tag` | Ceph CSI image tag | `"v3.12.3"` |
 | `csi.cephfsLivenessMetricsPort` | CSI CephFS driver metrics port | `9081` |
 | `csi.cephfsPodLabels` | Labels to add to the CSI CephFS Deployments and DaemonSets Pods | `nil` |
 | `csi.clusterName` | Cluster name identifier to set as metadata on the CephFS subvolume and RBD images. This will be useful in cases like for example, when two container orchestrator clusters (Kubernetes/OCP) are using a single ceph cluster | `nil` |

Documentation/Storage-Configuration/Ceph-CSI/ceph-csi-drivers.md

@@ -217,10 +217,10 @@ CSI-Addons supports the following operations:
 
 Ceph-CSI supports encrypting PersistentVolumeClaims (PVCs) for both RBD and CephFS.
 This can be achieved using LUKS for RBD and fscrypt for CephFS. More details on encrypting RBD PVCs can be found
-[here](https://github.com/ceph/ceph-csi/blob/v3.12.2/docs/deploy-rbd.md#encryption-for-rbd-volumes),
+[here](https://github.com/ceph/ceph-csi/blob/v3.12.3/docs/deploy-rbd.md#encryption-for-rbd-volumes),
 which includes a full list of supported encryption configurations.
-More details on encrypting CephFS PVCs can be found [here](https://github.com/ceph/ceph-csi/blob/v3.12.2/docs/deploy-cephfs.md#cephfs-volume-encryption).
-A sample KMS configmap can be found [here](https://github.com/ceph/ceph-csi/blob/v3.12.2/examples/kms/vault/kms-config.yaml).
+More details on encrypting CephFS PVCs can be found [here](https://github.com/ceph/ceph-csi/blob/v3.12.3/docs/deploy-cephfs.md#cephfs-volume-encryption).
+A sample KMS configmap can be found [here](https://github.com/ceph/ceph-csi/blob/v3.12.3/examples/kms/vault/kms-config.yaml).
 
 !!! note
     Not all KMS are compatible with fscrypt. Generally, KMS that either store secrets to use directly (like Vault)

Documentation/Storage-Configuration/Ceph-CSI/custom-images.md

@@ -18,7 +18,7 @@ kubectl -n $ROOK_OPERATOR_NAMESPACE edit configmap rook-ceph-operator-config
 The default upstream images are included below, which you can change to your desired images.
 
 ```yaml
-ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.12.2"
+ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.12.3"
 ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1"
 ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v5.0.1"
 ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.6.1"

deploy/charts/rook-ceph/values.yaml

@@ -480,7 +480,7 @@ csi:
     # -- Ceph CSI image repository
     repository: quay.io/cephcsi/cephcsi
     # -- Ceph CSI image tag
-    tag: v3.12.2
+    tag: v3.12.3
 
   registrar:
     # -- Kubernetes CSI registrar image repository

deploy/examples/images.txt

@@ -2,7 +2,7 @@
  gcr.io/k8s-staging-sig-storage/objectstorage-sidecar:v20240513-v0.1.0-35-gefb3255
  quay.io/ceph/ceph:v18.2.4
  quay.io/ceph/cosi:v0.1.2
- quay.io/cephcsi/cephcsi:v3.12.2
+ quay.io/cephcsi/cephcsi:v3.12.3
  quay.io/csiaddons/k8s-sidecar:v0.10.0
  registry.k8s.io/sig-storage/csi-attacher:v4.6.1
  registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1

deploy/examples/operator-openshift.yaml

@@ -189,7 +189,7 @@ data:
   # The default version of CSI supported by Rook will be started. To change the version
   # of the CSI driver to something other than what is officially supported, change
   # these images to the desired release of the CSI driver.
-  # ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.12.2"
+  # ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.12.3"
   # ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1"
   # ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v1.11.1"
   # ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v5.0.1"

deploy/examples/operator.yaml

@@ -119,7 +119,7 @@ data:
   # The default version of CSI supported by Rook will be started. To change the version
   # of the CSI driver to something other than what is officially supported, change
   # these images to the desired release of the CSI driver.
-  # ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.12.2"
+  # ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.12.3"
   # ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1"
   # ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v1.11.1"
   # ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v5.0.1"

pkg/operator/ceph/csi/spec.go

@@ -131,7 +131,7 @@ var (
 // manually challenging.
 var (
 	// image names
-	DefaultCSIPluginImage   = "quay.io/cephcsi/cephcsi:v3.12.2"
+	DefaultCSIPluginImage   = "quay.io/cephcsi/cephcsi:v3.12.3"
 	DefaultRegistrarImage   = "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1"
 	DefaultProvisionerImage = "registry.k8s.io/sig-storage/csi-provisioner:v5.0.1"
 	DefaultAttacherImage    = "registry.k8s.io/sig-storage/csi-attacher:v4.6.1"

pkg/operator/ceph/csi/util_test.go

@@ -284,7 +284,7 @@ func Test_getImage(t *testing.T) {
 			args: args{
 				data:         map[string]string{},
 				settingName:  "ROOK_CSI_CEPH_IMAGE",
-				defaultImage: "quay.io/cephcsi/cephcsi:v3.12.2",
+				defaultImage: "quay.io/cephcsi/cephcsi:v3.12.3",
 			},
 			want: DefaultCSIPluginImage,
 		},