From 61de34a11de24a3a6464569b38cc8645fc4e1bd2 Mon Sep 17 00:00:00 2001 From: parth-gr Date: Wed, 8 Jan 2025 19:24:09 +0530 Subject: [PATCH 01/49] external: fix rados namespace sc name Currently, the sc name is hardcoded, in future if we support multiple rados namespace per tenant we need a variable name updating sc names to contain rados-namespace name ocs pr: https://github.com/red-hat-storage/ocs-operator/pull/2955 Signed-off-by: parth-gr --- deploy/examples/create-external-cluster-resources.py | 2 +- deploy/examples/import-external-cluster.sh | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy/examples/create-external-cluster-resources.py b/deploy/examples/create-external-cluster-resources.py index d059a1456462..2f82df5437f0 100644 --- a/deploy/examples/create-external-cluster-resources.py +++ b/deploy/examples/create-external-cluster-resources.py @@ -1896,7 +1896,7 @@ def gen_json_out(self): ) json_out.append( { - "name": "ceph-rbd-rados-namespace", + "name": f"ceph-rbd-rados-namespace-{self.out_map['RADOS_NAMESPACE']}", "kind": "StorageClass", "data": { "pool": self.out_map["RBD_POOL_NAME"], diff --git a/deploy/examples/import-external-cluster.sh b/deploy/examples/import-external-cluster.sh index f13c10931011..5435ccaa62d3 100644 --- a/deploy/examples/import-external-cluster.sh +++ b/deploy/examples/import-external-cluster.sh @@ -127,11 +127,13 @@ function importClusterID() { createRadosNamespaceCR timeout 20 sh -c "until [ $($KUBECTL -n "$NAMESPACE" get CephBlockPoolRadosNamespace/"$RADOS_NAMESPACE" -o jsonpath='{.status.phase}' | grep -c "Ready") -eq 1 ]; do echo "waiting for radosNamespace to get created" && sleep 1; done" CLUSTER_ID_RBD=$($KUBECTL -n "$NAMESPACE" get cephblockpoolradosnamespace.ceph.rook.io/"$RADOS_NAMESPACE" -o jsonpath='{.status.info.clusterID}') + RBD_STORAGE_CLASS_NAME=ceph-rbd-$RADOS_NAMESPACE fi if [ -n "$SUBVOLUME_GROUP" ]; then createSubvolumeGroupCR timeout 20 sh -c "until [ $($KUBECTL -n "$NAMESPACE" get CephFilesystemSubVolumeGroup/"$SUBVOLUME_GROUP" -o jsonpath='{.status.phase}' | grep -c "Ready") -eq 1 ]; do echo "waiting for radosNamespace to get created" && sleep 1; done" CLUSTER_ID_CEPHFS=$($KUBECTL -n "$NAMESPACE" get cephfilesystemsubvolumegroup.ceph.rook.io/"$SUBVOLUME_GROUP" -o jsonpath='{.status.info.clusterID}') + CEPHFS_STORAGE_CLASS_NAME=cephfs-$SUBVOLUME_GROUP fi } From 795e188024989461f4bfaac92391db4006d20a63 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 5 Dec 2024 19:46:24 +0100 Subject: [PATCH 02/49] ci: rework docs-related workflow and make targets a bit This change continues an effort started earlier to make some make targets and ci workflows more consistent and systematic. see https://github.com/rook/rook/pull/14922 it adds a make target gen.helm-docs as an alias to helm-docs. Additionally, gen.docs is added as alias to docs. targets check.docs and check.helm-docs are removed because it was agreed that targets using git are of little value to developers. Their functionality is moved back into the corresponding docs workflow. xiFinally, the redundant "Check helm-docs" check is removed from the docs-check workflow Signed-off-by: Michael Adam --- .github/workflows/docs-check.yml | 6 +++--- Makefile | 14 ++------------ tests/scripts/validate_modified_files.sh | 6 +++++- 3 files changed, 10 insertions(+), 16 deletions(-) diff --git a/.github/workflows/docs-check.yml b/.github/workflows/docs-check.yml index af352b097b70..6261504f1c5e 100644 --- a/.github/workflows/docs-check.yml +++ b/.github/workflows/docs-check.yml @@ -42,10 +42,10 @@ jobs: Documentation/**/*.md !Documentation/Helm-Charts - - name: Check helm-docs - run: make check.helm-docs - name: Check docs - run: make check.docs + run: | + make gen.docs + tests/scripts/validate_modified_files.sh docs - name: Install mkdocs and dependencies run: cd build/release/ && make deps.docs diff --git a/Makefile b/Makefile index 413f33f6189b..7d2b5e65b350 100644 --- a/Makefile +++ b/Makefile @@ -194,6 +194,7 @@ gen-rbac: $(HELM) $(YQ) ## Generate RBAC from Helm charts gen.docs: docs docs: helm-docs +gen.helm-docs: helm-docs helm-docs: $(HELM_DOCS) ## Use helm-docs to generate documentation from helm charts $(HELM_DOCS) -c deploy/charts/rook-ceph \ -o ../../../Documentation/Helm-Charts/operator-chart.md \ @@ -204,17 +205,6 @@ helm-docs: $(HELM_DOCS) ## Use helm-docs to generate documentation from helm cha -t ../../../Documentation/Helm-Charts/ceph-cluster-chart.gotmpl.md \ -t ../../../Documentation/Helm-Charts/_templates.gotmpl -check.helm-docs: - @$(MAKE) helm-docs - @git diff --exit-code || { \ - echo "Please run 'make helm-docs' locally, commit the updated docs, and push the change. See https://rook.io/docs/rook/latest/Contributing/documentation/#making-docs" ; \ - exit 2 ; \ - }; -check.docs: - @$(MAKE) docs - @tests/scripts/validate_modified_files.sh docs - - docs-preview: ## Preview the documentation through mkdocs mkdocs serve @@ -229,7 +219,7 @@ generate: gen.codegen gen.crds gen.rbac gen.docs gen.crd-docs ## Update all gene .PHONY: all build.common -.PHONY: build build.all install test check vet fmt codegen gen.codegen gen.rbac gen.crds gen.crd-docs gen.docs generate mod.check clean distclean prune +.PHONY: build build.all install test check vet fmt codegen gen.codegen gen.rbac gen.crds gen.crd-docs gen.docs gen.helm-docs generate mod.check clean distclean prune # ==================================================================================== # Help diff --git a/tests/scripts/validate_modified_files.sh b/tests/scripts/validate_modified_files.sh index 27cdb13f7279..9e117e791ec2 100755 --- a/tests/scripts/validate_modified_files.sh +++ b/tests/scripts/validate_modified_files.sh @@ -10,6 +10,7 @@ CRD_ERR="changes found by 'make crds'. please run 'make crds' locally and update BUILD_ERR="changes found by make build', please commit your go.sum or other changed files" HELM_ERR="changes found by 'make gen-rbac'. please run 'make gen-rbac' locally and update your PR" DOCS_ERR="changes found by 'make docs'. please run 'make docs' locally and update your PR" +HELM_DOCS_ERR="changes found by 'make helm-docs'. please run 'make helm-docs' locally and update your PR" ############# # FUNCTIONS # @@ -33,6 +34,9 @@ case "$1" in docs) validate "$DOCS_ERR" ;; + helm-docs) + validate "$HELM_DOCS_ERR" + ;; codegen) validate "$CODEGEN_ERR" ;; @@ -49,6 +53,6 @@ case "$1" in validate "$HELM_ERR" ;; *) - echo $"Usage: $0 {docs|codegen|modcheck|crd|build|gen-rbac}" + echo $"Usage: $0 {docs|helm-docs|codegen|modcheck|crd|build|gen-rbac}" exit 1 esac From 80eee60d9c2bf1f8af456d67a34cf0b5792a2c9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 12:19:41 +0000 Subject: [PATCH 03/49] build(deps): bump sigs.k8s.io/controller-runtime Bumps the k8s-dependencies group with 1 update: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). Updates `sigs.k8s.io/controller-runtime` from 0.19.3 to 0.19.4 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.19.3...v0.19.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] --- go.mod | 3 ++- go.sum | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index df947748ede2..eb9d04485bc5 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( k8s.io/client-go v0.32.0 k8s.io/cloud-provider v0.32.0 k8s.io/utils v0.0.0-20241210054802-24370beab758 - sigs.k8s.io/controller-runtime v0.19.3 + sigs.k8s.io/controller-runtime v0.19.4 sigs.k8s.io/mcs-api v0.1.0 sigs.k8s.io/yaml v1.4.0 ) @@ -66,6 +66,7 @@ require ( github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect diff --git a/go.sum b/go.sum index 98ff21f849c6..6b8b49939536 100644 --- a/go.sum +++ b/go.sum @@ -1704,8 +1704,8 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/controller-runtime v0.2.2/go.mod h1:9dyohw3ZtoXQuV1e766PHUn+cmrRCIcBh6XIMFNMZ+I= sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gEORz0efEja7A= -sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw= -sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM= +sigs.k8s.io/controller-runtime v0.19.4 h1:SUmheabttt0nx8uJtoII4oIP27BVVvAKFvdvGFwV/Qo= +sigs.k8s.io/controller-runtime v0.19.4/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/controller-tools v0.3.0/go.mod h1:enhtKGfxZD1GFEoMgP8Fdbu+uKQ/cq1/WGJhdVChfvI= sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= From 59c5c045b76a2c5061fe5e7eb21749d6c9542113 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Mon, 13 Jan 2025 10:55:38 -0700 Subject: [PATCH 04/49] doc: add basic obc bucketPolicy description Signed-off-by: Joshua Hoblitt --- .../ceph-object-bucket-claim.md | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/Documentation/Storage-Configuration/Object-Storage-RGW/ceph-object-bucket-claim.md b/Documentation/Storage-Configuration/Object-Storage-RGW/ceph-object-bucket-claim.md index a119b4c7144b..1e3df9890085 100644 --- a/Documentation/Storage-Configuration/Object-Storage-RGW/ceph-object-bucket-claim.md +++ b/Documentation/Storage-Configuration/Object-Storage-RGW/ceph-object-bucket-claim.md @@ -34,6 +34,26 @@ spec: maxSize: "2G" bucketMaxObjects: "3000" bucketMaxSize: "4G" + bucketPolicy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam:::user/bar" + }, + "Action": [ + "s3:GetObject", + "s3:ListBucket", + "s3:GetBucketLocation" + ], + "Resource": [ + "arn:aws:s3:::bucket-policy-test/*" + ] + } + ] + } ``` 1. `name` of the `ObjectBucketClaim`. This name becomes the name of the Secret and ConfigMap. @@ -51,6 +71,7 @@ If both `bucketName` and `generateBucketName` are blank or omitted then the stor * `maxSize`: The maximum size of the bucket as a quota on the user account automatically created for the bucket. Please note minimum recommended value is 4K. * `bucketMaxObjects`: The maximum number of objects in the bucket as an individual bucket quota. This is useful when the bucket is shared among multiple users. * `bucketMaxSize`: The maximum size of the bucket as an individual bucket quota. + * `bucketPolicy`: A raw JSON format string that defines an AWS S3 format the bucket policy. If set, the policy string will override any existing policy set on the bucket and any default bucket policy that the bucket provisioner potentially would have automatically generated. ### OBC Custom Resource after Bucket Provisioning From f9ebaf3418155fa5999490777a42dbd5c02a73eb Mon Sep 17 00:00:00 2001 From: Travis Nielsen Date: Mon, 13 Jan 2025 16:32:06 -0700 Subject: [PATCH 05/49] csi: set driver name to same as the operator namespace The operator namespace is where the csi driver resources are being created. The prefix is expected to match the namespace where the driver is being created. It was an incorrect change from 15245 where it had been assumed that the cluster prefix name was required instead. Signed-off-by: Travis Nielsen --- pkg/operator/ceph/csi/operator_driver.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/operator/ceph/csi/operator_driver.go b/pkg/operator/ceph/csi/operator_driver.go index ae111c6a8434..f5457be45ab9 100644 --- a/pkg/operator/ceph/csi/operator_driver.go +++ b/pkg/operator/ceph/csi/operator_driver.go @@ -77,7 +77,7 @@ func (r *ReconcileCSI) createOrUpdateDriverResources(cluster cephv1.CephCluster, } func (r *ReconcileCSI) createOrUpdateRBDDriverResource(cluster cephv1.CephCluster, clusterInfo *cephclient.ClusterInfo) error { - resourceName := fmt.Sprintf("%s.rbd.csi.ceph.com", cluster.Namespace) + resourceName := fmt.Sprintf("%s.rbd.csi.ceph.com", r.opConfig.OperatorNamespace) spec, err := r.generateDriverSpec(cluster.Name) if err != nil { return err @@ -123,7 +123,7 @@ func (r *ReconcileCSI) createOrUpdateRBDDriverResource(cluster cephv1.CephCluste } func (r *ReconcileCSI) createOrUpdateCephFSDriverResource(cluster cephv1.CephCluster, clusterInfo *cephclient.ClusterInfo) error { - resourceName := fmt.Sprintf("%s.cephfs.csi.ceph.com", cluster.Namespace) + resourceName := fmt.Sprintf("%s.cephfs.csi.ceph.com", r.opConfig.OperatorNamespace) spec, err := r.generateDriverSpec(cluster.Name) if err != nil { return err @@ -175,7 +175,7 @@ func (r *ReconcileCSI) createOrUpdateCephFSDriverResource(cluster cephv1.CephClu } func (r *ReconcileCSI) createOrUpdateNFSDriverResource(cluster cephv1.CephCluster, clusterInfo *cephclient.ClusterInfo) error { - resourceName := fmt.Sprintf("%s.nfs.csi.ceph.com", cluster.Namespace) + resourceName := fmt.Sprintf("%s.nfs.csi.ceph.com", r.opConfig.OperatorNamespace) spec, err := r.generateDriverSpec(cluster.Name) if err != nil { return err From d389a0eea648167633b40bc8e66d5a96f9a8b8b3 Mon Sep 17 00:00:00 2001 From: licheng Date: Tue, 14 Jan 2025 09:57:27 +0800 Subject: [PATCH 06/49] doc: add adopter Signed-off-by: licheng --- ADOPTERS.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ADOPTERS.md b/ADOPTERS.md index 9c2a31a265d1..33dfd9b75d50 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -67,6 +67,8 @@ If submitting a description, the addition will be at the end of first part of th * [Radio Sound](https://radiosound.com/) uses Rook to power their website and GitLab for their CI/CD pipeline, because of the truly cloud-native experience, like *"a little drop of the Google magic in our own server rack"*. +* [Alauda](https://www.alauda.io/) Our container platform product(ACP) uses Rook Ceph to provide data + persistence for applications, in addition to middleware backups, virtual machine disks, and more. * [CyCore Systems](https://www.cycoresys.com/) * [Datacom](http://datacom.co.nz/Home.aspx) * [Turtle Network (BLACK TURTLE BVBA)](https://www.turtlenetwork.eu/#home) From 86a287030cbcb54cf1bdab8815a34ff44226f7b7 Mon Sep 17 00:00:00 2001 From: Travis Nielsen Date: Tue, 14 Jan 2025 09:57:27 -0700 Subject: [PATCH 07/49] docs: reset pending release notes For the upcoming 4.17 release, we reset the pending release notes so we can add new features to the list. Signed-off-by: Travis Nielsen --- PendingReleaseNotes.md | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/PendingReleaseNotes.md b/PendingReleaseNotes.md index 7683a1a5867a..f40151ba6d06 100644 --- a/PendingReleaseNotes.md +++ b/PendingReleaseNotes.md @@ -1,15 +1,6 @@ -# v1.16 Pending Release Notes +# v1.17 Pending Release Notes ## Breaking Changes -- Removed support for Ceph Quincy (v17) since it has reached end of life -- Minimum K8s version updated to v1.27 ## Features - -- Added supported for K8s version v1.32 -- Enable mirroring for CephBlockPoolRadosNamespaces (see [#14701](https://github.com/rook/rook/pull/14701)). -- Enable periodic monitoring for CephBlockPoolRadosNamespaces mirroring (see [#14896](https://github.com/rook/rook/pull/14896)). -- Allow migration of PVC based OSDs to enable or disable encryption (see [#14776](https://github.com/rook/rook/pull/14776)). -- Support `rgw_enable_apis` option for CephObjectStore (see [#15064](https://github.com/rook/rook/pull/15064)). -- ObjectBucketClaim management of s3 bucket policy via the `bucketPolicy` field (see [#15138](https://github.com/rook/rook/pull/15138)). From a44ae0fdc69c01509d08de1b8319c02a44a45242 Mon Sep 17 00:00:00 2001 From: Artem Torubarov Date: Tue, 14 Jan 2025 18:14:04 +0100 Subject: [PATCH 08/49] operator: omit values from mon db config logs Signed-off-by: Artem Torubarov --- pkg/operator/ceph/config/monstore.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/operator/ceph/config/monstore.go b/pkg/operator/ceph/config/monstore.go index ac2e9d39e508..8bede46335ce 100644 --- a/pkg/operator/ceph/config/monstore.go +++ b/pkg/operator/ceph/config/monstore.go @@ -93,7 +93,7 @@ func (m *MonStore) SetIfChanged(who, option, value string) (bool, error) { // Set sets a config in the centralized mon configuration database. // https://docs.ceph.com/docs/master/rados/configuration/ceph-conf/#monitor-configuration-database func (m *MonStore) Set(who, option, value string) error { - logger.Infof("setting %q=%q=%q option to the mon configuration database", who, option, value) + logger.Infof("setting %q=%q option to the mon configuration database", who, option) args := []string{"config", "set", who, normalizeKey(option), value} cephCmd := client.NewCephCommand(m.context, m.clusterInfo, args) out, err := cephCmd.RunWithTimeout(exec.CephCommandsTimeout) @@ -102,7 +102,7 @@ func (m *MonStore) Set(who, option, value string) error { "you may need to use the rook-config-override ConfigMap. output: %s", string(out)) } - logger.Infof("successfully set %q=%q=%q option to the mon configuration database", who, option, value) + logger.Infof("successfully set %q=%q option to the mon configuration database", who, option) return nil } @@ -199,7 +199,7 @@ func (m *MonStore) DeleteAll(options ...Option) error { // spaces, underscores, dashes, and slashes. // See: https://docs.ceph.com/en/latest/man/8/ceph/#config-key func (m *MonStore) SetKeyValue(key, value string) error { - logger.Debugf("setting %q=%q option in the mon config-key store", key, value) + logger.Debugf("setting %q option in the mon config-key store", key) args := []string{"config-key", "set", key, value} cephCmd := client.NewCephCommand(m.context, m.clusterInfo, args) out, err := cephCmd.RunWithTimeout(exec.CephCommandsTimeout) From b33598f5303602d7789c021dcd7cf51ce3ff2127 Mon Sep 17 00:00:00 2001 From: Travis Nielsen Date: Tue, 14 Jan 2025 13:56:40 -0700 Subject: [PATCH 09/49] docs: update roadmap for release 1.17 For the upcoming 1.17 release, update the high level features that are targeted. Signed-off-by: Travis Nielsen --- ROADMAP.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index ec480f678c26..9a507dfaf377 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -8,19 +8,15 @@ We hope that the items listed below will inspire further engagement from the com Any dates listed below and the specific issues that will ship in a given milestone are subject to change but should give a general idea of what we are planning. See the [GitHub project boards](https://github.com/rook/rook/projects) for the most up-to-date issues and their status. -## Rook Ceph 1.16 +## Rook Ceph 1.17 -The following high level features are targeted for Rook v1.16 (December 2024). For more detailed project tracking see the [v1.16 board](https://github.com/orgs/rook/projects/6). +The following high level features are targeted for Rook v1.17 (April 2025). For more detailed project tracking see the [v1.17 board](https://github.com/orgs/rook/projects/7). -* Removed support for Ceph Quincy since at end of life [#14795](https://github.com/rook/rook/pull/14795) -* Enable mirroring for RADOS namespaces [#14701](https://github.com/rook/rook/pull/14701) +* Allow Rook operator to run in multiple namespaces for improved multi-cluster reconcile [#15014](https://github.com/rook/rook/issues/15014) * Replace a single OSD when a metadataDevice is configured with multiple OSDs [#13240](https://github.com/rook/rook/issues/13240) -* Remove multus-enabled "holder" pods [#14289](https://github.com/rook/rook/issues/14289) -* OSD migration to enable encryption as a day 2 operation [#14719](https://github.com/rook/rook/pull/14719) -* Key rotation for Ceph object store users [#11563](https://github.com/rook/rook/issues/11563) * CSI Driver - * Continue integration of the new Ceph-CSI operator, targeted for stable in v1.17 [#14766](https://github.com/rook/rook/pull/14766) - * Ceph-CSI [v3.13](https://github.com/ceph/ceph-csi/issues?q=is%3Aopen+is%3Aissue+milestone%3Arelease-v3.13.0) + * Enable the stable Ceph-CSI operator by default, after it is declared stable [#14766](https://github.com/rook/rook/issues/15271) + * Integrate Ceph-CSI [v3.14](https://github.com/ceph/ceph-csi/) ## Kubectl Plugin From 955fa9cae40b0c49bbb1c74b383661b9f7578088 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Wed, 15 Jan 2025 10:16:59 +0100 Subject: [PATCH 10/49] csi: update Kubernetes CSI sidecar images to current versions The Kubernetes CSI sidecars have had several releases that were not included in deployments by Rook yet, update them to the versions that are available today: - csi-node-driver-registrar:v2.13.0 - csi-provisioner:v5.1.0 - csi-attacher:v4.8.0 - csi-resizer:v1.13.1 Signed-off-by: Niels de Vos --- Documentation/Helm-Charts/operator-chart.md | 8 ++++---- .../Storage-Configuration/Ceph-CSI/custom-images.md | 8 ++++---- deploy/charts/rook-ceph/values.yaml | 8 ++++---- deploy/examples/images.txt | 8 ++++---- deploy/examples/operator-openshift.yaml | 8 ++++---- deploy/examples/operator.yaml | 8 ++++---- pkg/operator/ceph/csi/spec.go | 8 ++++---- 7 files changed, 28 insertions(+), 28 deletions(-) diff --git a/Documentation/Helm-Charts/operator-chart.md b/Documentation/Helm-Charts/operator-chart.md index 53bbd50b08f8..45f360ea1ffc 100644 --- a/Documentation/Helm-Charts/operator-chart.md +++ b/Documentation/Helm-Charts/operator-chart.md @@ -53,7 +53,7 @@ The following table lists the configurable parameters of the rook-operator chart | `containerSecurityContext` | Set the container security context for the operator | `{"capabilities":{"drop":["ALL"]},"runAsGroup":2016,"runAsNonRoot":true,"runAsUser":2016}` | | `crds.enabled` | Whether the helm chart should create and update the CRDs. If false, the CRDs must be managed independently with deploy/examples/crds.yaml. **WARNING** Only set during first deployment. If later disabled the cluster may be DESTROYED. If the CRDs are deleted in this case, see [the disaster recovery guide](https://rook.io/docs/rook/latest/Troubleshooting/disaster-recovery/#restoring-crds-after-deletion) to restore them. | `true` | | `csi.attacher.repository` | Kubernetes CSI Attacher image repository | `"registry.k8s.io/sig-storage/csi-attacher"` | -| `csi.attacher.tag` | Attacher image tag | `"v4.6.1"` | +| `csi.attacher.tag` | Attacher image tag | `"v4.8.0"` | | `csi.cephFSAttachRequired` | Whether to skip any attach operation altogether for CephFS PVCs. See more details [here](https://kubernetes-csi.github.io/docs/skip-attach.html#skip-attach-with-csi-driver-object). If cephFSAttachRequired is set to false it skips the volume attachments and makes the creation of pods using the CephFS PVC fast. **WARNING** It's highly discouraged to use this for CephFS RWO volumes. Refer to this [issue](https://github.com/kubernetes/kubernetes/issues/103305) for more details. | `true` | | `csi.cephFSFSGroupPolicy` | Policy for modifying a volume's ownership or permissions when the CephFS PVC is being mounted. supported values are documented at https://kubernetes-csi.github.io/docs/support-fsgroup.html | `"File"` | | `csi.cephFSKernelMountOptions` | Set CephFS Kernel mount options to use https://docs.ceph.com/en/latest/man/8/mount.ceph/#options. Set to "ms_mode=secure" when connections.encrypted is enabled in CephCluster CR | `nil` | @@ -111,7 +111,7 @@ The following table lists the configurable parameters of the rook-operator chart | `csi.pluginPriorityClassName` | PriorityClassName to be set on csi driver plugin pods | `"system-node-critical"` | | `csi.pluginTolerations` | Array of tolerations in YAML format which will be added to CephCSI plugin DaemonSet | `nil` | | `csi.provisioner.repository` | Kubernetes CSI provisioner image repository | `"registry.k8s.io/sig-storage/csi-provisioner"` | -| `csi.provisioner.tag` | Provisioner image tag | `"v5.0.1"` | +| `csi.provisioner.tag` | Provisioner image tag | `"v5.1.0"` | | `csi.provisionerNodeAffinity` | The node labels for affinity of the CSI provisioner deployment [^1] | `nil` | | `csi.provisionerPriorityClassName` | PriorityClassName to be set on csi driver provisioner pods | `"system-cluster-critical"` | | `csi.provisionerReplicas` | Set replicas for csi provisioner deployment | `2` | @@ -123,9 +123,9 @@ The following table lists the configurable parameters of the rook-operator chart | `csi.rbdPluginUpdateStrategyMaxUnavailable` | A maxUnavailable parameter of CSI RBD plugin daemonset update strategy. | `1` | | `csi.rbdPodLabels` | Labels to add to the CSI RBD Deployments and DaemonSets Pods | `nil` | | `csi.registrar.repository` | Kubernetes CSI registrar image repository | `"registry.k8s.io/sig-storage/csi-node-driver-registrar"` | -| `csi.registrar.tag` | Registrar image tag | `"v2.11.1"` | +| `csi.registrar.tag` | Registrar image tag | `"v2.13.0"` | | `csi.resizer.repository` | Kubernetes CSI resizer image repository | `"registry.k8s.io/sig-storage/csi-resizer"` | -| `csi.resizer.tag` | Resizer image tag | `"v1.11.1"` | +| `csi.resizer.tag` | Resizer image tag | `"v1.13.1"` | | `csi.serviceMonitor.enabled` | Enable ServiceMonitor for Ceph CSI drivers | `false` | | `csi.serviceMonitor.interval` | Service monitor scrape interval | `"10s"` | | `csi.serviceMonitor.labels` | ServiceMonitor additional labels | `{}` | diff --git a/Documentation/Storage-Configuration/Ceph-CSI/custom-images.md b/Documentation/Storage-Configuration/Ceph-CSI/custom-images.md index bf941c36e6fb..88b5b68403ca 100644 --- a/Documentation/Storage-Configuration/Ceph-CSI/custom-images.md +++ b/Documentation/Storage-Configuration/Ceph-CSI/custom-images.md @@ -19,10 +19,10 @@ The default upstream images are included below, which you can change to your des ```yaml ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.13.0" -ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1" -ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v5.0.1" -ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.6.1" -ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v1.11.1" +ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0" +ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v5.1.0" +ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.8.0" +ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v1.13.1" ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0" ROOK_CSIADDONS_IMAGE: "quay.io/csiaddons/k8s-sidecar:v0.11.0" ``` diff --git a/deploy/charts/rook-ceph/values.yaml b/deploy/charts/rook-ceph/values.yaml index e79d958b0753..2151064545d8 100644 --- a/deploy/charts/rook-ceph/values.yaml +++ b/deploy/charts/rook-ceph/values.yaml @@ -486,13 +486,13 @@ csi: # -- Kubernetes CSI registrar image repository repository: registry.k8s.io/sig-storage/csi-node-driver-registrar # -- Registrar image tag - tag: v2.11.1 + tag: v2.13.0 provisioner: # -- Kubernetes CSI provisioner image repository repository: registry.k8s.io/sig-storage/csi-provisioner # -- Provisioner image tag - tag: v5.0.1 + tag: v5.1.0 snapshotter: # -- Kubernetes CSI snapshotter image repository @@ -504,13 +504,13 @@ csi: # -- Kubernetes CSI Attacher image repository repository: registry.k8s.io/sig-storage/csi-attacher # -- Attacher image tag - tag: v4.6.1 + tag: v4.8.0 resizer: # -- Kubernetes CSI resizer image repository repository: registry.k8s.io/sig-storage/csi-resizer # -- Resizer image tag - tag: v1.11.1 + tag: v1.13.1 # -- Image pull policy imagePullPolicy: IfNotPresent diff --git a/deploy/examples/images.txt b/deploy/examples/images.txt index bab2b330ccf8..a54eecc83df6 100644 --- a/deploy/examples/images.txt +++ b/deploy/examples/images.txt @@ -4,8 +4,8 @@ quay.io/ceph/cosi:v0.1.2 quay.io/cephcsi/cephcsi:v3.13.0 quay.io/csiaddons/k8s-sidecar:v0.11.0 - registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1 - registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + registry.k8s.io/sig-storage/csi-attacher:v4.8.0 + registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0 + registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 + registry.k8s.io/sig-storage/csi-resizer:v1.13.1 registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 diff --git a/deploy/examples/operator-openshift.yaml b/deploy/examples/operator-openshift.yaml index baf0d61e71e4..cea5a6fabe94 100644 --- a/deploy/examples/operator-openshift.yaml +++ b/deploy/examples/operator-openshift.yaml @@ -190,11 +190,11 @@ data: # of the CSI driver to something other than what is officially supported, change # these images to the desired release of the CSI driver. # ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.13.0" - # ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1" - # ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v1.11.1" - # ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v5.0.1" + # ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0" + # ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v1.13.1" + # ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v5.1.0" # ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0" - # ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.6.1" + # ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.8.0" # (Optional) set user created priorityclassName for csi plugin pods. CSI_PLUGIN_PRIORITY_CLASSNAME: "system-node-critical" diff --git a/deploy/examples/operator.yaml b/deploy/examples/operator.yaml index 59dc52397bef..d9d9bfc13f94 100644 --- a/deploy/examples/operator.yaml +++ b/deploy/examples/operator.yaml @@ -120,11 +120,11 @@ data: # of the CSI driver to something other than what is officially supported, change # these images to the desired release of the CSI driver. # ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.13.0" - # ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1" - # ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v1.11.1" - # ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v5.0.1" + # ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0" + # ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v1.13.1" + # ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v5.1.0" # ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0" - # ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.6.1" + # ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.8.0" # To indicate the image pull policy to be applied to all the containers in the csi driver pods. # ROOK_CSI_IMAGE_PULL_POLICY: "IfNotPresent" diff --git a/pkg/operator/ceph/csi/spec.go b/pkg/operator/ceph/csi/spec.go index 81d421ec4db4..9381619ccba7 100644 --- a/pkg/operator/ceph/csi/spec.go +++ b/pkg/operator/ceph/csi/spec.go @@ -132,11 +132,11 @@ var ( var ( // image names DefaultCSIPluginImage = "quay.io/cephcsi/cephcsi:v3.13.0" - DefaultRegistrarImage = "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1" - DefaultProvisionerImage = "registry.k8s.io/sig-storage/csi-provisioner:v5.0.1" - DefaultAttacherImage = "registry.k8s.io/sig-storage/csi-attacher:v4.6.1" + DefaultRegistrarImage = "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0" + DefaultProvisionerImage = "registry.k8s.io/sig-storage/csi-provisioner:v5.1.0" + DefaultAttacherImage = "registry.k8s.io/sig-storage/csi-attacher:v4.8.0" DefaultSnapshotterImage = "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0" - DefaultResizerImage = "registry.k8s.io/sig-storage/csi-resizer:v1.11.1" + DefaultResizerImage = "registry.k8s.io/sig-storage/csi-resizer:v1.13.1" DefaultCSIAddonsImage = "quay.io/csiaddons/k8s-sidecar:v0.11.0" // image pull policy From 0649cd38acda6508bc1a508575e44509b0d7ef42 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 14 Jan 2025 19:05:11 +0100 Subject: [PATCH 11/49] build: move a Makefile comment to a more appropriate place in the image building Makefile, a comment explaining the construction of the operator-sdk download URL was in a wrong place. Now it is moved to the lines that it actually explains. Signed-off-by: Michael Adam --- images/ceph/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/images/ceph/Makefile b/images/ceph/Makefile index e2aaa7880d4d..c97f6078cafb 100755 --- a/images/ceph/Makefile +++ b/images/ceph/Makefile @@ -35,14 +35,14 @@ ifeq ($(BUILD_CONTEXT_DIR),) BUILD_CONTEXT_DIR := $(shell mktemp -d) endif -# Note: as of version 1.3 of operator-sdk, the url format changed to: -# ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} -# (see: https://sdk.operatorframework.io/docs/installation/) S5CMD_ARCH = Linux-64bit # s5cmd's version S5CMD_VERSION = 2.3.0 +# Note: as of version 1.3 of operator-sdk, the url format changed to: +# ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} +# (see: https://sdk.operatorframework.io/docs/installation/) OPERATOR_SDK := $(TOOLS_HOST_DIR)/operator-sdk-$(OPERATOR_SDK_VERSION) YQv3 := $(TOOLS_HOST_DIR)/yq-$(YQv3_VERSION) export OPERATOR_SDK YQv3 From e34c41ce2c58b1452fd7afa46b1143cf6ab12c6f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 14 Jan 2025 19:17:06 +0100 Subject: [PATCH 12/49] build: fix S5CMD_ARCH calculation In image building, when building on arm based systems, the s5cmd tool was added with the wrong architecture (amd64 instead of arm64). This change fixes the architecture of the s5cmd to match the architecture of the image built. Fixes: #15262 Signed-off-by: Michael Adam --- images/ceph/Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/images/ceph/Makefile b/images/ceph/Makefile index c97f6078cafb..70522d92ebbb 100755 --- a/images/ceph/Makefile +++ b/images/ceph/Makefile @@ -35,7 +35,12 @@ ifeq ($(BUILD_CONTEXT_DIR),) BUILD_CONTEXT_DIR := $(shell mktemp -d) endif + +ifeq ($(GOARCH),amd64) S5CMD_ARCH = Linux-64bit +else +S5CMD_ARCH = Linux-arm64 +endif # s5cmd's version S5CMD_VERSION = 2.3.0 From 2e0901ba289c18a76e998d447d0aaee2bb757999 Mon Sep 17 00:00:00 2001 From: Travis Nielsen Date: Wed, 15 Jan 2025 11:19:36 -0700 Subject: [PATCH 13/49] docs: simplify adopters instructions No need for adopters to send mail to the steering committee, maintainers can manage the adopters just fine. Signed-off-by: Travis Nielsen --- ADOPTERS.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ADOPTERS.md b/ADOPTERS.md index 33dfd9b75d50..a7a9587dbf37 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -13,9 +13,8 @@ To add your organization to this list, choose one of the following options: - [Open a PR](https://rook.io/docs/rook/latest/Contributing/development-flow/#submitting-a-pull-request) to directly update this list - [Open a new issue](https://github.com/rook/rook/issues/new/choose) with the information -- Send an email to [Steering committee members](https://github.com/rook/rook/blob/master/OWNERS.md#steering-committee) with the information -For the latter two options, a maintainer will submit a PR to update the table. +For the latter option, a maintainer will submit a PR to update the table on your behalf. Please reach out to us on [Slack](https://slack.rook.io) with any questions. If submitting a description, the addition will be at the end of first part of the list. If a description is not provided, the addition will be at the end of the full list. From 8817a1a703eb11d3fd304c36e8dce74911d54821 Mon Sep 17 00:00:00 2001 From: Oded Viner Date: Sat, 11 Jan 2025 23:14:43 +0200 Subject: [PATCH 14/49] core: add tolerations to crashcollector pruner cronJob pod This PR addresses an issue where the CrashCollector Pruner CronJob pods were stuck in a Pending state due to missing tolerations in their PodTemplateSpec. These tolerations were not being propagated from the cephClusterSpec.placement.all field. Added tolerations to the PodTemplateSpec of the CrashCollector Pruner CronJob. Signed-off-by: Oded Viner --- .../ceph/cluster/nodedaemon/pruner.go | 8 +++--- .../ceph/cluster/nodedaemon/pruner_test.go | 25 +++++++++++++++++-- .../ceph/cluster/nodedaemon/reconcile.go | 4 +-- 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/pkg/operator/ceph/cluster/nodedaemon/pruner.go b/pkg/operator/ceph/cluster/nodedaemon/pruner.go index 9c2209e582d5..9c089275e7a3 100644 --- a/pkg/operator/ceph/cluster/nodedaemon/pruner.go +++ b/pkg/operator/ceph/cluster/nodedaemon/pruner.go @@ -32,7 +32,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" ) -func (r *ReconcileNode) reconcileCrashPruner(namespace string, cephCluster cephv1.CephCluster) error { +func (r *ReconcileNode) reconcileCrashPruner(namespace string, cephCluster cephv1.CephCluster, tolerations []corev1.Toleration) error { if cephCluster.Spec.CrashCollector.Disable { logger.Debugf("crash collector is disabled in namespace %q so skipping crash retention reconcile", namespace) return nil @@ -60,7 +60,7 @@ func (r *ReconcileNode) reconcileCrashPruner(namespace string, cephCluster cephv } } else { logger.Debugf("daysToRetain set to: %d", cephCluster.Spec.CrashCollector.DaysToRetain) - op, err := r.createOrUpdateCephCron(cephCluster) + op, err := r.createOrUpdateCephCron(cephCluster, tolerations) if err != nil { return errors.Wrapf(err, "node reconcile failed on op %q", op) } @@ -68,7 +68,7 @@ func (r *ReconcileNode) reconcileCrashPruner(namespace string, cephCluster cephv } return nil } -func (r *ReconcileNode) createOrUpdateCephCron(cephCluster cephv1.CephCluster) (controllerutil.OperationResult, error) { +func (r *ReconcileNode) createOrUpdateCephCron(cephCluster cephv1.CephCluster, tolerations []corev1.Toleration) (controllerutil.OperationResult, error) { objectMeta := metav1.ObjectMeta{ Name: prunerName, Namespace: cephCluster.GetNamespace(), @@ -82,7 +82,6 @@ func (r *ReconcileNode) createOrUpdateCephCron(cephCluster cephv1.CephCluster) ( k8sutil.AppAttr: prunerName, } cronJobLabels[k8sutil.ClusterAttr] = cephCluster.GetNamespace() - podTemplateSpec := corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: cronJobLabels, @@ -96,6 +95,7 @@ func (r *ReconcileNode) createOrUpdateCephCron(cephCluster cephv1.CephCluster) ( Volumes: volumes, SecurityContext: &corev1.PodSecurityContext{}, ServiceAccountName: k8sutil.DefaultServiceAccount, + Tolerations: tolerations, }, } diff --git a/pkg/operator/ceph/cluster/nodedaemon/pruner_test.go b/pkg/operator/ceph/cluster/nodedaemon/pruner_test.go index 4d197292defb..f03d97b23ca8 100644 --- a/pkg/operator/ceph/cluster/nodedaemon/pruner_test.go +++ b/pkg/operator/ceph/cluster/nodedaemon/pruner_test.go @@ -27,6 +27,7 @@ import ( "github.com/rook/rook/pkg/operator/test" "github.com/stretchr/testify/assert" v1 "k8s.io/api/batch/v1" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -34,7 +35,26 @@ import ( ) func TestCreateOrUpdateCephCron(t *testing.T) { - cephCluster := cephv1.CephCluster{ObjectMeta: metav1.ObjectMeta{Namespace: "rook-ceph"}} + tolerations := []corev1.Toleration{ + { + Key: "key", + Operator: corev1.TolerationOpEqual, + Value: "value", + Effect: corev1.TaintEffectNoSchedule, + }, + } + cephCluster := cephv1.CephCluster{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "rook-ceph", + }, + Spec: cephv1.ClusterSpec{ + Placement: cephv1.PlacementSpec{ + "all": { + Tolerations: tolerations, + }, + }, + }, + } ctx := context.TODO() context := &clusterd.Context{ Clientset: test.New(t, 1), @@ -61,10 +81,11 @@ func TestCreateOrUpdateCephCron(t *testing.T) { } // check if cronJob is created - cntrlutil, err := r.createOrUpdateCephCron(cephCluster) + cntrlutil, err := r.createOrUpdateCephCron(cephCluster, tolerations) assert.NoError(t, err) assert.Equal(t, cntrlutil, controllerutil.OperationResult("created")) err = r.client.Get(ctx, types.NamespacedName{Namespace: "rook-ceph", Name: prunerName}, cronV1) assert.NoError(t, err) + assert.Equal(t, tolerations, cronV1.Spec.JobTemplate.Spec.Template.Spec.Tolerations, "Tolerations do not match") } diff --git a/pkg/operator/ceph/cluster/nodedaemon/reconcile.go b/pkg/operator/ceph/cluster/nodedaemon/reconcile.go index 0608695a55e6..63c21f44edad 100644 --- a/pkg/operator/ceph/cluster/nodedaemon/reconcile.go +++ b/pkg/operator/ceph/cluster/nodedaemon/reconcile.go @@ -190,8 +190,8 @@ func (r *ReconcileNode) reconcile(request reconcile.Request) (reconcile.Result, } // If the node has Ceph pods we create the daemons + tolerations := uniqueTolerations.ToList() if hasCephPods { - tolerations := uniqueTolerations.ToList() err := r.createOrUpdateNodeDaemons(*node, tolerations, cephCluster, cephVersion) if err != nil { return reconcile.Result{}, errors.Wrap(err, "node reconcile failed") @@ -219,7 +219,7 @@ func (r *ReconcileNode) reconcile(request reconcile.Request) (reconcile.Result, } } - if err := r.reconcileCrashPruner(namespace, cephCluster); err != nil { + if err := r.reconcileCrashPruner(namespace, cephCluster, tolerations); err != nil { return reconcile.Result{}, err } } From db88970641e950c02652d97a36d120e37e99f5a7 Mon Sep 17 00:00:00 2001 From: Artem Date: Tue, 14 Jan 2025 18:53:19 +0100 Subject: [PATCH 15/49] operator: omit mon db config value log Co-authored-by: Travis Nielsen Signed-off-by: Artem Torubarov --- pkg/operator/ceph/config/monstore.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/operator/ceph/config/monstore.go b/pkg/operator/ceph/config/monstore.go index 8bede46335ce..5ca698298fd5 100644 --- a/pkg/operator/ceph/config/monstore.go +++ b/pkg/operator/ceph/config/monstore.go @@ -93,7 +93,7 @@ func (m *MonStore) SetIfChanged(who, option, value string) (bool, error) { // Set sets a config in the centralized mon configuration database. // https://docs.ceph.com/docs/master/rados/configuration/ceph-conf/#monitor-configuration-database func (m *MonStore) Set(who, option, value string) error { - logger.Infof("setting %q=%q option to the mon configuration database", who, option) + logger.Infof("setting option %q (user %q) to the mon configuration database", option, who) args := []string{"config", "set", who, normalizeKey(option), value} cephCmd := client.NewCephCommand(m.context, m.clusterInfo, args) out, err := cephCmd.RunWithTimeout(exec.CephCommandsTimeout) @@ -102,7 +102,7 @@ func (m *MonStore) Set(who, option, value string) error { "you may need to use the rook-config-override ConfigMap. output: %s", string(out)) } - logger.Infof("successfully set %q=%q option to the mon configuration database", who, option) + logger.Infof("successfully set option %q (user %q) to the mon configuration database", option, who) return nil } From 4fbe3f20b56015c9b19d4c72fdf9c0fcfb7204f9 Mon Sep 17 00:00:00 2001 From: Travis Nielsen Date: Thu, 16 Jan 2025 13:24:11 -0700 Subject: [PATCH 16/49] build: auto merge backports without multisite test The rgw multisite testing job is consistently failing and blocking the backport of PRs that are passing all other CI. Until issue 15177 is fixed let's disable this check. Signed-off-by: Travis Nielsen --- .mergify.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.mergify.yml b/.mergify.yml index b6818c4e0db7..d22c745feb5b 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -224,7 +224,6 @@ pull_request_rules: - "check-success=canary-tests / encryption-pvc-kms-vault-k8s-auth (quay.io/ceph/ceph:v19)" - "check-success=canary-tests / lvm-pvc (quay.io/ceph/ceph:v19)" - "check-success=canary-tests / multi-cluster-mirroring (quay.io/ceph/ceph:v19)" - - "check-success=canary-tests / rgw-multisite-testing (quay.io/ceph/ceph:v19)" - "check-success=canary-tests / encryption-pvc-kms-ibm-kp (quay.io/ceph/ceph:v19)" - "check-success=canary-tests / multus-public-and-cluster (quay.io/ceph/ceph:v19)" - "check-success=TestCephSmokeSuite (v1.27.16)" From 3d7f5cff65be12cf016b20a15806abb817dafce6 Mon Sep 17 00:00:00 2001 From: Oded Viner Date: Tue, 17 Dec 2024 19:02:16 +0200 Subject: [PATCH 17/49] operator: improve operator error logging for ok-to-stop failures this PR improves the error logging when ok-to-stop requests fail in the Rook operator. Instead of only showing a generic exit status Signed-off-by: Oded Viner --- pkg/daemon/ceph/client/upgrade.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/daemon/ceph/client/upgrade.go b/pkg/daemon/ceph/client/upgrade.go index 0b9ffcc21a36..8de07b5d1b62 100644 --- a/pkg/daemon/ceph/client/upgrade.go +++ b/pkg/daemon/ceph/client/upgrade.go @@ -180,7 +180,7 @@ func okToStopDaemon(context *clusterd.Context, clusterInfo *ClusterInfo, deploym args := []string{daemonType, "ok-to-stop", daemonName} buf, err := NewCephCommand(context, clusterInfo, args).Run() if err != nil { - return errors.Wrapf(err, "deployment %s cannot be stopped", deployment) + return errors.Wrapf(err, "deployment %s cannot be stopped. %s", deployment, string(buf)) } output := string(buf) logger.Debugf("deployment %s is ok to be updated. %s", deployment, output) From f01b8b18c99a73b40b31a47092e0ae8f9cd2ca0d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 12:33:37 +0000 Subject: [PATCH 18/49] build(deps): bump github.com/aws/aws-sdk-go Bumps the github-dependencies group with 1 update: [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go). Updates `github.com/aws/aws-sdk-go` from 1.55.5 to 1.55.6 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.55.5...v1.55.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-dependencies ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index eb9d04485bc5..071d578aa407 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ replace ( require ( github.com/IBM/keyprotect-go-client v0.15.1 - github.com/aws/aws-sdk-go v1.55.5 + github.com/aws/aws-sdk-go v1.55.6 github.com/banzaicloud/k8s-objectmatcher v1.8.0 github.com/ceph/ceph-csi-operator/api v0.0.0-20241211130321-1c8ad98a7d6e github.com/ceph/go-ceph v0.31.0 diff --git a/go.sum b/go.sum index 6b8b49939536..c7c56eb20148 100644 --- a/go.sum +++ b/go.sum @@ -146,8 +146,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.44.164/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= -github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk= +github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/banzaicloud/k8s-objectmatcher v1.8.0 h1:Nugn25elKtPMTA2br+JgHNeSQ04sc05MDPmpJnd1N2A= github.com/banzaicloud/k8s-objectmatcher v1.8.0/go.mod h1:p2LSNAjlECf07fbhDyebTkPUIYnU05G+WfGgkTmgeMg= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= From 4d3556118d3cb7104b10d7b4dd9ae79528e188e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 12:42:04 +0000 Subject: [PATCH 19/49] build(deps): bump helm/kind-action from 1.11.0 to 1.12.0 Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb...a1b0e391336a6ee6713a0583f8c6240d70863de3) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/multus.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/multus.yaml b/.github/workflows/multus.yaml index 20f9fa5ceba3..6b8a447bff25 100644 --- a/.github/workflows/multus.yaml +++ b/.github/workflows/multus.yaml @@ -46,7 +46,7 @@ jobs: go-version: "1.23" - name: Create KinD Cluster - uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 with: config: tests/scripts/multus/kind-config.yaml cluster_name: kind From c99a910cfa9dfd0228c16a2d6c0156169424aefb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 12:42:06 +0000 Subject: [PATCH 20/49] build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.1.1 to 6.2.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/971e284b6050e8a5849b72094c50ab08da042db8...ec5d18412c0aeab7936cb16880d708ba2a64e1ae) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/golangci-lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml index 70faaa881478..37cd6b6a8b8a 100644 --- a/.github/workflows/golangci-lint.yaml +++ b/.github/workflows/golangci-lint.yaml @@ -31,7 +31,7 @@ jobs: with: go-version: "1.23" - name: golangci-lint - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 + uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6.2.0 with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. version: v1.62 From a154e98b75a064c37c061fb48f228c014c466ab2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 12:42:13 +0000 Subject: [PATCH 21/49] build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.3 to 4.6.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/daily-nightly-jobs.yml | 12 ++++++------ .github/workflows/integration-test-helm-suite.yaml | 2 +- .../integration-test-keystone-auth-suite.yaml | 2 +- .github/workflows/integration-test-mgr-suite.yaml | 2 +- .../integration-test-multi-cluster-suite.yaml | 2 +- .github/workflows/integration-test-object-suite.yaml | 2 +- .github/workflows/integration-test-smoke-suite.yaml | 2 +- .../workflows/integration-test-upgrade-suite.yaml | 4 ++-- .github/workflows/integration-tests-on-release.yaml | 12 ++++++------ .github/workflows/scorecards.yml | 2 +- 10 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/daily-nightly-jobs.yml b/.github/workflows/daily-nightly-jobs.yml index f79fcc5961b1..35beb92a4ecd 100644 --- a/.github/workflows/daily-nightly-jobs.yml +++ b/.github/workflows/daily-nightly-jobs.yml @@ -145,7 +145,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-smoke-suite-reef-artifact @@ -185,7 +185,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-smoke-suite-squid-artifact @@ -225,7 +225,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-smoke-suite-master-artifact @@ -265,7 +265,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-object-suite-master-artifact @@ -305,7 +305,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-upgrade-suite-squid-artifact @@ -346,7 +346,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-upgrade-suite-reef-artifact diff --git a/.github/workflows/integration-test-helm-suite.yaml b/.github/workflows/integration-test-helm-suite.yaml index fa9b2e965d94..5a847d84cebb 100644 --- a/.github/workflows/integration-test-helm-suite.yaml +++ b/.github/workflows/integration-test-helm-suite.yaml @@ -65,7 +65,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-helm-suite-artifact-${{ matrix.kubernetes-versions }} diff --git a/.github/workflows/integration-test-keystone-auth-suite.yaml b/.github/workflows/integration-test-keystone-auth-suite.yaml index e77e3bab7422..dd7aa3ebb2a7 100644 --- a/.github/workflows/integration-test-keystone-auth-suite.yaml +++ b/.github/workflows/integration-test-keystone-auth-suite.yaml @@ -63,7 +63,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-keystone-auth-suite-artifact-${{ matrix.kubernetes-versions }} diff --git a/.github/workflows/integration-test-mgr-suite.yaml b/.github/workflows/integration-test-mgr-suite.yaml index b6ad6820c168..2b2f2de38057 100644 --- a/.github/workflows/integration-test-mgr-suite.yaml +++ b/.github/workflows/integration-test-mgr-suite.yaml @@ -60,7 +60,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-mgr-suite-artifact-${{ matrix.kubernetes-versions }} diff --git a/.github/workflows/integration-test-multi-cluster-suite.yaml b/.github/workflows/integration-test-multi-cluster-suite.yaml index d740f1ff4a9f..3604195dd503 100644 --- a/.github/workflows/integration-test-multi-cluster-suite.yaml +++ b/.github/workflows/integration-test-multi-cluster-suite.yaml @@ -64,7 +64,7 @@ jobs: CLUSTER_NAMESPACE="multi-external" tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-multi-cluster-deploy-suite-artifact-${{ matrix.kubernetes-versions }} diff --git a/.github/workflows/integration-test-object-suite.yaml b/.github/workflows/integration-test-object-suite.yaml index 1f2aee71a27e..98c7b5adaffa 100644 --- a/.github/workflows/integration-test-object-suite.yaml +++ b/.github/workflows/integration-test-object-suite.yaml @@ -61,7 +61,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-object-suite-artifact-${{ matrix.kubernetes-versions }} diff --git a/.github/workflows/integration-test-smoke-suite.yaml b/.github/workflows/integration-test-smoke-suite.yaml index 49ef417448dd..d7822dd13ace 100644 --- a/.github/workflows/integration-test-smoke-suite.yaml +++ b/.github/workflows/integration-test-smoke-suite.yaml @@ -61,7 +61,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-smoke-suite-artifact-${{ matrix.kubernetes-versions }} diff --git a/.github/workflows/integration-test-upgrade-suite.yaml b/.github/workflows/integration-test-upgrade-suite.yaml index fe160392b867..16344d8d170b 100644 --- a/.github/workflows/integration-test-upgrade-suite.yaml +++ b/.github/workflows/integration-test-upgrade-suite.yaml @@ -61,7 +61,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-upgrade-suite-artifact-${{ matrix.kubernetes-versions }} @@ -109,7 +109,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-upgrade-helm-suite-artifact-${{ matrix.kubernetes-versions }} diff --git a/.github/workflows/integration-tests-on-release.yaml b/.github/workflows/integration-tests-on-release.yaml index d25644c84774..2ae2efac93fe 100644 --- a/.github/workflows/integration-tests-on-release.yaml +++ b/.github/workflows/integration-tests-on-release.yaml @@ -50,7 +50,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-helm-suite-artifact-${{ matrix.kubernetes-versions }} @@ -91,7 +91,7 @@ jobs: CLUSTER_NAMESPACE="multi-external" tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-multi-cluster-deploy-suite-artifact-${{ matrix.kubernetes-versions }} @@ -129,7 +129,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-smoke-suite-artifact-${{ matrix.kubernetes-versions }} @@ -167,7 +167,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-upgrade-suite-artifact-${{ matrix.kubernetes-versions }} @@ -208,7 +208,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-upgrade-suite-artifact-${{ matrix.kubernetes-versions }} @@ -246,7 +246,7 @@ jobs: tests/scripts/collect-logs.sh - name: Artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: failure() with: name: ceph-object-suite-artifact-${{ matrix.kubernetes-versions }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index daeee79e41b8..f1bf28cd06b1 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -55,7 +55,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif From 7eb3d3cad3d19054a13a7026c24c0149be9cc66b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 12:42:16 +0000 Subject: [PATCH 22/49] build(deps): bump wagoid/commitlint-github-action from 6.2.0 to 6.2.1 Bumps [wagoid/commitlint-github-action](https://github.com/wagoid/commitlint-github-action) from 6.2.0 to 6.2.1. - [Changelog](https://github.com/wagoid/commitlint-github-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/wagoid/commitlint-github-action/compare/0184f5a228ee06430bb9e67d65f73a1a6767496a...b948419dd99f3fd78a6548d48f94e3df7f6bf3ed) --- updated-dependencies: - dependency-name: wagoid/commitlint-github-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/commitlint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index 0b7a8cb0ea78..522325487305 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -31,7 +31,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - - uses: wagoid/commitlint-github-action@0184f5a228ee06430bb9e67d65f73a1a6767496a # v6.2.0 + - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1 with: configFile: "./.commitlintrc.json" helpURL: https://rook.io/docs/rook/latest/Contributing/development-flow/#commit-structure From cb885658f26077b003a8a6f25e5141fc2a0a42bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Jan 2025 12:42:18 +0000 Subject: [PATCH 23/49] build(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/e6669bcd63d7cb57cb4380c33043eebe5d111992...0d28d3144d3a25ea2cc349d6e59901c4ff469b3b) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml index b274a01038e1..40d6e36e0c7f 100644 --- a/.github/workflows/helm-lint.yaml +++ b/.github/workflows/helm-lint.yaml @@ -40,7 +40,7 @@ jobs: python-version: 3.9 - name: Set up chart-testing - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 - name: Run chart-testing (lint) run: ct lint --charts=./deploy/charts/rook-ceph --validate-yaml=false --validate-maintainers=false From e68a7ea561e23242ea9b80207428b80a0d3f7485 Mon Sep 17 00:00:00 2001 From: Eng Zer Jun Date: Mon, 20 Jan 2025 22:32:14 +0800 Subject: [PATCH 24/49] build: replace `golang.org/x/exp/slices` with stdlib `slices` The experimental functions in `golang.org/x/exp/slices` are now available in the standard library in Go 1.21. Reference: https://go.dev/doc/go1.21#slices Signed-off-by: Eng Zer Jun --- go.mod | 35 +++++++++++++--------------- pkg/apis/go.mod | 27 ++++++++++----------- pkg/daemon/ceph/client/pool_test.go | 3 +-- pkg/operator/ceph/config/monstore.go | 2 +- 4 files changed, 30 insertions(+), 37 deletions(-) diff --git a/go.mod b/go.mod index 071d578aa407..34535a4313d8 100644 --- a/go.mod +++ b/go.mod @@ -19,6 +19,7 @@ require ( github.com/aws/aws-sdk-go v1.55.6 github.com/banzaicloud/k8s-objectmatcher v1.8.0 github.com/ceph/ceph-csi-operator/api v0.0.0-20241211130321-1c8ad98a7d6e + github.com/ceph/ceph-csi/api v0.0.0-20241216133622-88b7e0d6684f github.com/ceph/go-ceph v0.31.0 github.com/coreos/pkg v0.0.0-20240122114842-bbd7aa9bf6fb github.com/csi-addons/kubernetes-csi-addons v0.11.0 @@ -41,7 +42,6 @@ require ( github.com/sykesm/zap-logfmt v0.0.4 go.uber.org/automaxprocs v1.6.0 go.uber.org/zap v1.27.0 - golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e golang.org/x/sync v0.10.0 gopkg.in/ini.v1 v1.67.0 gopkg.in/yaml.v2 v2.4.0 @@ -58,33 +58,19 @@ require ( ) require ( + emperror.dev/errors v0.8.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect - github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cenkalti/backoff/v4 v4.3.0 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.4 // indirect - github.com/golang-jwt/jwt/v5 v5.2.1 // indirect - github.com/klauspost/compress v1.17.11 // indirect - github.com/kylelemons/godebug v1.1.0 // indirect - github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect - github.com/portworx/sched-ops v1.20.4-rc1 // indirect - github.com/x448/float16 v0.8.4 // indirect - gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect -) - -require ( - emperror.dev/errors v0.8.1 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect github.com/ansel1/merry v1.8.0 // indirect github.com/ansel1/merry/v2 v2.2.1 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/ceph/ceph-csi/api v0.0.0-20241216133622-88b7e0d6684f + github.com/blang/semver/v4 v4.0.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/containernetworking/cni v1.2.3 // indirect github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect @@ -92,14 +78,18 @@ require ( github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/gemalto/flume v0.13.1 // indirect github.com/go-errors/errors v1.5.1 // indirect + github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.3 // indirect github.com/google/gnostic-models v0.6.9 // indirect @@ -122,6 +112,8 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/compress v1.17.11 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect @@ -138,7 +130,9 @@ require ( github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/openshift/api v0.0.0-20241216151652-de9de05a8e43 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect + github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/portworx/sched-ops v1.20.4-rc1 // indirect github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.61.0 // indirect @@ -146,9 +140,11 @@ require ( github.com/ryanuber/go-glob v1.0.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/stretchr/objx v0.5.2 // indirect + github.com/x448/float16 v0.8.4 // indirect github.com/xlab/treeprint v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.31.0 // indirect + golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sys v0.28.0 // indirect @@ -157,6 +153,7 @@ require ( golang.org/x/time v0.8.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.36.0 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/pkg/apis/go.mod b/pkg/apis/go.mod index 441e7ac84d20..b32edc122f25 100644 --- a/pkg/apis/go.mod +++ b/pkg/apis/go.mod @@ -19,6 +19,7 @@ require ( github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.7.5 github.com/kube-object-storage/lib-bucket-provisioner v0.0.0-20221122204822-d1a8c34382f1 github.com/libopenstorage/secrets v0.0.0-20240416031220-a17cf7f72c6c + github.com/openshift/api v0.0.0-20241216151652-de9de05a8e43 github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.10.0 k8s.io/api v0.32.0 @@ -27,23 +28,12 @@ require ( require ( github.com/cenkalti/backoff/v4 v4.3.0 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.4 // indirect - github.com/google/go-cmp v0.6.0 // indirect - github.com/google/uuid v1.6.0 // indirect - github.com/x448/float16 v0.8.4 // indirect - golang.org/x/tools v0.28.0 // indirect - gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect - k8s.io/client-go v0.32.0 // indirect - k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect - sigs.k8s.io/yaml v1.4.0 // indirect -) - -require ( github.com/containernetworking/cni v1.2.3 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect @@ -51,7 +41,9 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.9 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect @@ -71,10 +63,10 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/openshift/api v0.0.0-20241216151652-de9de05a8e43 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect + github.com/x448/float16 v0.8.4 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect @@ -82,13 +74,18 @@ require ( golang.org/x/term v0.27.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.8.0 // indirect + golang.org/x/tools v0.28.0 // indirect google.golang.org/protobuf v1.36.0 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/client-go v0.32.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect + k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect ) exclude ( diff --git a/pkg/daemon/ceph/client/pool_test.go b/pkg/daemon/ceph/client/pool_test.go index a6afc46911f1..2cbdd24497bd 100644 --- a/pkg/daemon/ceph/client/pool_test.go +++ b/pkg/daemon/ceph/client/pool_test.go @@ -19,11 +19,10 @@ import ( "fmt" "os/exec" "reflect" + "slices" "strconv" "testing" - "golang.org/x/exp/slices" - "github.com/pkg/errors" cephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1" "github.com/rook/rook/pkg/clusterd" diff --git a/pkg/operator/ceph/config/monstore.go b/pkg/operator/ceph/config/monstore.go index 5ca698298fd5..ce8772027026 100644 --- a/pkg/operator/ceph/config/monstore.go +++ b/pkg/operator/ceph/config/monstore.go @@ -19,6 +19,7 @@ package config import ( "encoding/json" "os" + "slices" "strings" "github.com/pkg/errors" @@ -26,7 +27,6 @@ import ( "github.com/rook/rook/pkg/clusterd" "github.com/rook/rook/pkg/daemon/ceph/client" "github.com/rook/rook/pkg/util/exec" - "golang.org/x/exp/slices" "gopkg.in/ini.v1" ) From e1ce1e44168478219e6135971d68498d84cb9393 Mon Sep 17 00:00:00 2001 From: subhamkrai Date: Tue, 21 Jan 2025 12:26:18 +0530 Subject: [PATCH 25/49] build: update k8s and cntrl runtime pkg this commits updates the k8s pkg to v0.32.1 and controller runtime to v0.20.0 Signed-off-by: subhamkrai --- go.mod | 15 +++++++-------- go.sum | 34 ++++++++++++++++------------------ pkg/apis/go.mod | 7 +++---- pkg/apis/go.sum | 16 ++++++++-------- 4 files changed, 34 insertions(+), 38 deletions(-) diff --git a/go.mod b/go.mod index 34535a4313d8..70e67794ce91 100644 --- a/go.mod +++ b/go.mod @@ -45,14 +45,14 @@ require ( golang.org/x/sync v0.10.0 gopkg.in/ini.v1 v1.67.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.32.0 - k8s.io/apiextensions-apiserver v0.32.0 - k8s.io/apimachinery v0.32.0 - k8s.io/cli-runtime v0.32.0 - k8s.io/client-go v0.32.0 - k8s.io/cloud-provider v0.32.0 + k8s.io/api v0.32.1 + k8s.io/apiextensions-apiserver v0.32.1 + k8s.io/apimachinery v0.32.1 + k8s.io/cli-runtime v0.32.1 + k8s.io/client-go v0.32.1 + k8s.io/cloud-provider v0.32.1 k8s.io/utils v0.0.0-20241210054802-24370beab758 - sigs.k8s.io/controller-runtime v0.19.4 + sigs.k8s.io/controller-runtime v0.20.0 sigs.k8s.io/mcs-api v0.1.0 sigs.k8s.io/yaml v1.4.0 ) @@ -144,7 +144,6 @@ require ( github.com/xlab/treeprint v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sys v0.28.0 // indirect diff --git a/go.sum b/go.sum index c7c56eb20148..ff73d3e122ac 100644 --- a/go.sum +++ b/go.sum @@ -996,8 +996,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4= -golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1361,8 +1359,8 @@ golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= -golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1610,15 +1608,15 @@ k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= -k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= -k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= +k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= +k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= k8s.io/apiextensions-apiserver v0.0.0-20190409022649-727a075fdec8/go.mod h1:IxkesAMoaCRoLrPJdZNZUQp9NfZnzqaVzLhb2VEQzXE= k8s.io/apiextensions-apiserver v0.18.2/go.mod h1:q3faSnRGmYimiocj6cHQ1I3WpLqmDgJFlKL37fC4ZvY= k8s.io/apiextensions-apiserver v0.18.3/go.mod h1:TMsNGs7DYpMXd+8MOCX8KzPOCx8fnZMoIGB24m03+JE= k8s.io/apiextensions-apiserver v0.18.4/go.mod h1:NYeyeYq4SIpFlPxSAB6jHPIdvu3hL0pc36wuRChybio= k8s.io/apiextensions-apiserver v0.20.1/go.mod h1:ntnrZV+6a3dB504qwC5PN/Yg9PBiDNt1EVqbW2kORVk= -k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= -k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= +k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw= +k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto= k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0= k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= @@ -1630,14 +1628,14 @@ k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRp k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= -k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= +k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= k8s.io/apiserver v0.18.2/go.mod h1:Xbh066NqrZO8cbsoenCwyDJ1OSi8Ag8I2lezeHxzwzw= k8s.io/apiserver v0.18.3/go.mod h1:tHQRmthRPLUtwqsOnJJMoI8SW3lnoReZeE861lH8vUw= k8s.io/apiserver v0.18.4/go.mod h1:q+zoFct5ABNnYkGIaGQ3bcbUNdmPyOCoEBcg51LChY8= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= -k8s.io/cli-runtime v0.32.0 h1:dP+OZqs7zHPpGQMCGAhectbHU2SNCuZtIimRKTv2T1c= -k8s.io/cli-runtime v0.32.0/go.mod h1:Mai8ht2+esoDRK5hr861KRy6z0zHsSTYttNVJXgP3YQ= +k8s.io/cli-runtime v0.32.1 h1:19nwZPlYGJPUDbhAxDIS2/oydCikvKMHsxroKNGA2mM= +k8s.io/cli-runtime v0.32.1/go.mod h1:NJPbeadVFnV2E7B7vF+FvU09mpwYlZCu8PqjzfuOnkY= k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU= k8s.io/client-go v0.18.3/go.mod h1:4a/dpQEvzAhT1BbuWW09qvIaGw6Gbu1gZYiQZIi1DMw= k8s.io/client-go v0.18.4/go.mod h1:f5sXwL4yAZRkAtzOxRWUhA/N8XzGCb+nPZI8PfobZ9g= @@ -1646,10 +1644,10 @@ k8s.io/client-go v0.19.2/go.mod h1:S5wPhCqyDNAlzM9CnEdgTGV4OqhsW3jGO1UM1epwfJA= k8s.io/client-go v0.20.0/go.mod h1:4KWh/g+Ocd8KkCwKF8vUNnmqgv+EVnQDK4MBF4oB5tY= k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= -k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= -k8s.io/cloud-provider v0.32.0 h1:QXYJGmwME2q2rprymbmw2GroMChQYc/MWN6l/I4Kgp8= -k8s.io/cloud-provider v0.32.0/go.mod h1:cz3gVodkhgwi2ugj/JUPglIruLSdDaThxawuDyCHfr8= +k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= +k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= +k8s.io/cloud-provider v0.32.1 h1:74rRhnfca3o4CsjjnIp/C3ARVuSmyNsxgWPtH0yc9Z0= +k8s.io/cloud-provider v0.32.1/go.mod h1:GECSanFT+EeZ/ToX3xlasjETzMUI+VFu92zHUDUsGHw= k8s.io/code-generator v0.18.2/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= k8s.io/code-generator v0.18.3/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= k8s.io/code-generator v0.18.4/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= @@ -1704,8 +1702,8 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/controller-runtime v0.2.2/go.mod h1:9dyohw3ZtoXQuV1e766PHUn+cmrRCIcBh6XIMFNMZ+I= sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gEORz0efEja7A= -sigs.k8s.io/controller-runtime v0.19.4 h1:SUmheabttt0nx8uJtoII4oIP27BVVvAKFvdvGFwV/Qo= -sigs.k8s.io/controller-runtime v0.19.4/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.20.0 h1:jjkMo29xEXH+02Md9qaVXfEIaMESSpy3TBWPrsfQkQs= +sigs.k8s.io/controller-runtime v0.20.0/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU= sigs.k8s.io/controller-tools v0.3.0/go.mod h1:enhtKGfxZD1GFEoMgP8Fdbu+uKQ/cq1/WGJhdVChfvI= sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= diff --git a/pkg/apis/go.mod b/pkg/apis/go.mod index b32edc122f25..da5a8b1e2672 100644 --- a/pkg/apis/go.mod +++ b/pkg/apis/go.mod @@ -22,8 +22,8 @@ require ( github.com/openshift/api v0.0.0-20241216151652-de9de05a8e43 github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.10.0 - k8s.io/api v0.32.0 - k8s.io/apimachinery v0.32.0 + k8s.io/api v0.32.1 + k8s.io/apimachinery v0.32.1 ) require ( @@ -74,12 +74,11 @@ require ( golang.org/x/term v0.27.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.8.0 // indirect - golang.org/x/tools v0.28.0 // indirect google.golang.org/protobuf v1.36.0 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/client-go v0.32.0 // indirect + k8s.io/client-go v0.32.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect diff --git a/pkg/apis/go.sum b/pkg/apis/go.sum index bbe037517dea..110d1d650433 100644 --- a/pkg/apis/go.sum +++ b/pkg/apis/go.sum @@ -1169,8 +1169,8 @@ golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= -golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1404,8 +1404,8 @@ k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= -k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= -k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= +k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= +k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= k8s.io/apiextensions-apiserver v0.0.0-20190409022649-727a075fdec8/go.mod h1:IxkesAMoaCRoLrPJdZNZUQp9NfZnzqaVzLhb2VEQzXE= k8s.io/apiextensions-apiserver v0.18.3/go.mod h1:TMsNGs7DYpMXd+8MOCX8KzPOCx8fnZMoIGB24m03+JE= k8s.io/apiextensions-apiserver v0.20.1/go.mod h1:ntnrZV+6a3dB504qwC5PN/Yg9PBiDNt1EVqbW2kORVk= @@ -1418,8 +1418,8 @@ k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRp k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= -k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= +k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= k8s.io/apiserver v0.18.3/go.mod h1:tHQRmthRPLUtwqsOnJJMoI8SW3lnoReZeE861lH8vUw= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/client-go v0.18.3/go.mod h1:4a/dpQEvzAhT1BbuWW09qvIaGw6Gbu1gZYiQZIi1DMw= @@ -1428,8 +1428,8 @@ k8s.io/client-go v0.19.2/go.mod h1:S5wPhCqyDNAlzM9CnEdgTGV4OqhsW3jGO1UM1epwfJA= k8s.io/client-go v0.20.0/go.mod h1:4KWh/g+Ocd8KkCwKF8vUNnmqgv+EVnQDK4MBF4oB5tY= k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= -k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= +k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= +k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= k8s.io/code-generator v0.18.3/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= k8s.io/code-generator v0.20.0/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg= From 6935dfdc47b02e0057139ab188d07c363db4a05f Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 20 Jan 2025 11:00:22 -0500 Subject: [PATCH 26/49] rgw: fix error handling for secret lookup Get will return a non-nil pointer even in the error case. Signed-off-by: Steven Fackler --- pkg/operator/ceph/object/spec.go | 6 +++--- pkg/operator/ceph/object/spec_test.go | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pkg/operator/ceph/object/spec.go b/pkg/operator/ceph/object/spec.go index 371d8ef10eb4..32fc57eb3981 100644 --- a/pkg/operator/ceph/object/spec.go +++ b/pkg/operator/ceph/object/spec.go @@ -872,10 +872,10 @@ func (c *clusterConfig) generateVolumeSourceWithCaBundleSecret() (*v1.SecretVolu func (c *clusterConfig) rgwTLSSecretType(secretName string) (v1.SecretType, error) { rgwTlsSecret, err := c.context.Clientset.CoreV1().Secrets(c.clusterInfo.Namespace).Get(c.clusterInfo.Context, secretName, metav1.GetOptions{}) - if rgwTlsSecret != nil { - return rgwTlsSecret.Type, nil + if err != nil { + return "", errors.Wrapf(err, "failed to get Kubernetes secrets referring the TLS certificates") } - return "", errors.Wrapf(err, "no Kubernetes secrets referring TLS certificates found") + return rgwTlsSecret.Type, nil } func getDaemonName(rgwConfig *rgwConfig) string { diff --git a/pkg/operator/ceph/object/spec_test.go b/pkg/operator/ceph/object/spec_test.go index b7892cd4b9a0..d9be467c65d8 100644 --- a/pkg/operator/ceph/object/spec_test.go +++ b/pkg/operator/ceph/object/spec_test.go @@ -182,6 +182,12 @@ func TestSSLPodSpec(t *testing.T) { assert.Error(t, err) // Using SSLCertificateRef + + c.store.Spec.Gateway.SSLCertificateRef = "bogusCert" + // Secret missing, will return error + _, err = c.makeRGWPodSpec(rgwConfig) + assert.Error(t, err) + // Opaque Secret c.store.Spec.Gateway.SSLCertificateRef = "mycert" rgwtlssecret := &v1.Secret{ From f52f48c4774d9e912df5dd99caae1d50a9702635 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Tue, 21 Jan 2025 15:06:31 -0700 Subject: [PATCH 27/49] ci: codespell: s/re-using/reusing/ Signed-off-by: Joshua Hoblitt --- pkg/operator/ceph/object/objectstore.go | 2 +- tests/scripts/multus/host-cfg-ds.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/operator/ceph/object/objectstore.go b/pkg/operator/ceph/object/objectstore.go index 054b7b9ec100..080367731118 100644 --- a/pkg/operator/ceph/object/objectstore.go +++ b/pkg/operator/ceph/object/objectstore.go @@ -1089,7 +1089,7 @@ func createSimilarPools(ctx *Context, pools []string, cluster *cephv1.ClusterSpe if configurePoolsConcurrently() { waitGroup, _ := errgroup.WithContext(ctx.clusterInfo.Context) for _, pool := range pools { - // Avoid the loop re-using the same value with a closure + // Avoid the loop reusing the same value with a closure pool := pool waitGroup.Go(func() error { return createRGWPool(ctx, cluster, poolSpec, pgCount, pool) }) diff --git a/tests/scripts/multus/host-cfg-ds.yaml b/tests/scripts/multus/host-cfg-ds.yaml index 9fbedcfa381b..e3e868617d7f 100644 --- a/tests/scripts/multus/host-cfg-ds.yaml +++ b/tests/scripts/multus/host-cfg-ds.yaml @@ -51,7 +51,7 @@ spec: last="${ip##*.}" # e.g., 3 # add a shim to connect IFACE to the macvlan public network, with a static IP - # avoid IP conflicts by re-using the last part of the existing IFACE IP + # avoid IP conflicts by reusing the last part of the existing IFACE IP ip link add public-shim link ${IFACE} type macvlan mode bridge ip addr add ${NODE_PUBLIC_NET_IP_FIRST3}.${last}/24 dev public-shim ip link set public-shim up From a55fdb3fbeabe0155272ea048fc19d1b4c6e9209 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Fri, 13 Dec 2024 16:00:18 -0700 Subject: [PATCH 28/49] object: add obc bucketLifecycle Signed-off-by: Joshua Hoblitt --- .../ceph-object-bucket-claim.md | 22 ++++++ .../ceph/object/bucket/provisioner.go | 78 +++++++++++++++++++ .../ceph/object/bucket/provisioner_test.go | 12 +++ pkg/operator/ceph/object/bucket/util.go | 5 ++ 4 files changed, 117 insertions(+) diff --git a/Documentation/Storage-Configuration/Object-Storage-RGW/ceph-object-bucket-claim.md b/Documentation/Storage-Configuration/Object-Storage-RGW/ceph-object-bucket-claim.md index 1e3df9890085..66de3d99ae93 100644 --- a/Documentation/Storage-Configuration/Object-Storage-RGW/ceph-object-bucket-claim.md +++ b/Documentation/Storage-Configuration/Object-Storage-RGW/ceph-object-bucket-claim.md @@ -54,6 +54,27 @@ spec: } ] } + bucketLifecycle: | + { + "Rules": [ + { + "ID": "AbortIncompleteMultipartUploads", + "Status": "Enabled", + "Prefix": "", + "AbortIncompleteMultipartUpload": { + "DaysAfterInitiation": 1 + } + }, + { + "ID": "ExpireAfter30Days", + "Status": "Enabled", + "Prefix": "", + "Expiration": { + "Days": 30 + } + } + ] + } ``` 1. `name` of the `ObjectBucketClaim`. This name becomes the name of the Secret and ConfigMap. @@ -72,6 +93,7 @@ If both `bucketName` and `generateBucketName` are blank or omitted then the stor * `bucketMaxObjects`: The maximum number of objects in the bucket as an individual bucket quota. This is useful when the bucket is shared among multiple users. * `bucketMaxSize`: The maximum size of the bucket as an individual bucket quota. * `bucketPolicy`: A raw JSON format string that defines an AWS S3 format the bucket policy. If set, the policy string will override any existing policy set on the bucket and any default bucket policy that the bucket provisioner potentially would have automatically generated. + * `bucketLifecycle`: A raw JSON format string that defines an AWS S3 format bucket lifecycle configuration. Note that the rules must be sorted by `ID` in order to be idempotent. ### OBC Custom Resource after Bucket Provisioning diff --git a/pkg/operator/ceph/object/bucket/provisioner.go b/pkg/operator/ceph/object/bucket/provisioner.go index d2d7cb9cc627..9bd271b17a54 100644 --- a/pkg/operator/ceph/object/bucket/provisioner.go +++ b/pkg/operator/ceph/object/bucket/provisioner.go @@ -17,6 +17,7 @@ limitations under the License. package bucket import ( + "encoding/json" "fmt" "net/http" "strings" @@ -64,6 +65,7 @@ type additionalConfigSpec struct { bucketMaxObjects *int64 bucketMaxSize *int64 bucketPolicy *string + bucketLifecycle *string } var _ apibkt.Provisioner = &Provisioner{} @@ -587,6 +589,11 @@ func (p *Provisioner) setAdditionalSettings(additionalConfig *additionalConfigSp return errors.Wrap(err, "failed to set bucket policy") } + err = p.setBucketLifecycle(additionalConfig) + if err != nil { + return errors.Wrap(err, "failed to set bucket lifecycle") + } + return nil } @@ -741,6 +748,77 @@ func (p *Provisioner) setBucketPolicy(additionalConfig *additionalConfigSpec) er return nil } +func (p *Provisioner) setBucketLifecycle(additionalConfig *additionalConfigSpec) error { + svc := p.s3Agent.Client + var liveLc *s3.GetBucketLifecycleConfigurationOutput + + liveLc, err := svc.GetBucketLifecycleConfiguration(&s3.GetBucketLifecycleConfigurationInput{ + Bucket: &p.bucketName, + }) + if err != nil { + // when no lifecycle configuration is set, an err with a "code" of + // NoSuchLifecycleConfiguration is returned + if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "NoSuchLifecycleConfiguration" { + logger.Debugf("no lifecycle configuration set for bucket %q", p.bucketName) + } else { + return errors.Wrapf(err, "failed to fetch lifecycle configuration for bucket %q", p.bucketName) + } + } + + // parse the conf supplied lifecycle configuration json as aws-sdk-go will not operate on a + // json string + confLc := &s3.BucketLifecycleConfiguration{} + // don't try to parse the conf json if it is nil + if additionalConfig.bucketLifecycle != nil { + err = json.Unmarshal([]byte(*additionalConfig.bucketLifecycle), confLc) + if err != nil { + return errors.Wrapf(err, "failed to unmarshal lifecycle configuration for bucket %q", p.bucketName) + } + } + + // Comparing the conf json with a json serialization of the live rules is + // unreliable as aws-sdk-go does not tag fields with "ommitempty". The + // GetBucketLifecycleConfigurationOutput type has a String() method that + // returns a json like format which isn't valid json. The options are to + // write a custom json unmarshaler or compare go structs directly. + + // convert the api returned GetBucketLifecycleConfigurationOutput to a + // BucketLifecycleConfiguration for apples to apples comparison to determine + // sync state + diffLiveLc := &s3.BucketLifecycleConfiguration{Rules: liveLc.Rules} + + // note that the xml serialization of the rules returned by rgw sorts the + // rules by "ID". The rule ordering from the + // PutBucketLifecycleConfiguration() call is not preserved. + diff := cmp.Diff(diffLiveLc, confLc) + if diff == "" { + // policy is in sync + return nil + } + + logger.Debugf("Lifecycle configuration for bucket %q has changed. diff:%s", p.bucketName, diff) + if additionalConfig.bucketLifecycle == nil { + // if policy is out of sync and the new policy is nil, delete the live policy + _, err = svc.DeleteBucketLifecycle(&s3.DeleteBucketLifecycleInput{ + Bucket: &p.bucketName, + }) + if err != nil { + return errors.Wrapf(err, "failed to delete lifecycle configuration for bucket %q", p.bucketName) + } + } else { + // set the new policy + _, err = svc.PutBucketLifecycleConfiguration(&s3.PutBucketLifecycleConfigurationInput{ + Bucket: &p.bucketName, + LifecycleConfiguration: confLc, + }) + if err != nil { + return errors.Wrapf(err, "failed to set lifecycle configuration for bucket %q", p.bucketName) + } + } + + return nil +} + func (p *Provisioner) setTlsCaCert() error { objStore, err := p.getObjectStore() if err != nil { diff --git a/pkg/operator/ceph/object/bucket/provisioner_test.go b/pkg/operator/ceph/object/bucket/provisioner_test.go index e5a6ea478eb3..23812f1ab653 100644 --- a/pkg/operator/ceph/object/bucket/provisioner_test.go +++ b/pkg/operator/ceph/object/bucket/provisioner_test.go @@ -524,6 +524,18 @@ func TestProvisioner_additionalConfigSpecFromMap(t *testing.T) { assert.NoError(t, err) assert.Equal(t, additionalConfigSpec{bucketMaxSize: &(&struct{ i int64 }{5}).i}, *spec) }) + + t.Run("bucketPolicy field should be set", func(t *testing.T) { + spec, err := additionalConfigSpecFromMap(map[string]string{"bucketPolicy": "foo"}) + assert.NoError(t, err) + assert.Equal(t, additionalConfigSpec{bucketPolicy: &(&struct{ s string }{"foo"}).s}, *spec) + }) + + t.Run("bucketLifecycle field should be set", func(t *testing.T) { + spec, err := additionalConfigSpecFromMap(map[string]string{"bucketLifecycle": "foo"}) + assert.NoError(t, err) + assert.Equal(t, additionalConfigSpec{bucketLifecycle: &(&struct{ s string }{"foo"}).s}, *spec) + }) } func numberOfCallsWithValue(substr string, strs []string) int { diff --git a/pkg/operator/ceph/object/bucket/util.go b/pkg/operator/ceph/object/bucket/util.go index 22a0e04db14a..28a268e02871 100644 --- a/pkg/operator/ceph/object/bucket/util.go +++ b/pkg/operator/ceph/object/bucket/util.go @@ -125,6 +125,11 @@ func additionalConfigSpecFromMap(config map[string]string) (*additionalConfigSpe spec.bucketPolicy = &policy } + if _, ok := config["bucketLifecycle"]; ok { + lifecycle := config["bucketLifecycle"] + spec.bucketLifecycle = &lifecycle + } + return &spec, nil } From b689038ffc73902473c21f5ca25a22610e763ca3 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Fri, 13 Dec 2024 16:24:57 -0700 Subject: [PATCH 29/49] test: add obc bucketLifecycle integration test Signed-off-by: Joshua Hoblitt --- tests/integration/ceph_object_test.go | 248 ++++++++++++++++++++++++++ 1 file changed, 248 insertions(+) diff --git a/tests/integration/ceph_object_test.go b/tests/integration/ceph_object_test.go index d3faf041274c..39b40e2b3cd6 100644 --- a/tests/integration/ceph_object_test.go +++ b/tests/integration/ceph_object_test.go @@ -25,6 +25,7 @@ import ( "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/s3" + "github.com/google/go-cmp/cmp" "github.com/kube-object-storage/lib-bucket-provisioner/pkg/apis/objectbucket.io/v1alpha1" cephv1 "github.com/rook/rook/pkg/apis/ceph.rook.io/v1" "github.com/rook/rook/pkg/daemon/ceph/client" @@ -665,6 +666,253 @@ func testObjectStoreOperations(s *suite.Suite, helper *clients.TestClient, k8sh }) }) + t.Run("OBC bucket lifecycle management", func(t *testing.T) { + bucketName := "bucket-lifecycle-test" + var obName string + var s3client *rgw.S3Agent + bucketLifecycle1 := ` +{ + "Rules":[ + { + "ID": "AbortIncompleteMultipartUploads", + "Status": "Enabled", + "Prefix": "", + "AbortIncompleteMultipartUpload": { + "DaysAfterInitiation": 1 + } + } + ] +} + ` + + // rules must be sorted by ID to be idempotent + bucketLifecycle2 := ` +{ + "Rules": [ + { + "ID": "AbortIncompleteMultipartUploads", + "Status": "Enabled", + "Prefix": "", + "AbortIncompleteMultipartUpload": { + "DaysAfterInitiation": 1 + } + }, + { + "ID": "ExpireAfter30Days", + "Status": "Enabled", + "Prefix": "", + "Expiration": { + "Days": 30 + } + } + ] +} + ` + + t.Run("create obc with bucketLifecycle", func(t *testing.T) { + newObc := v1alpha1.ObjectBucketClaim{ + ObjectMeta: metav1.ObjectMeta{ + Name: bucketName, + Namespace: namespace, + }, + Spec: v1alpha1.ObjectBucketClaimSpec{ + BucketName: bucketName, + StorageClassName: bucketStorageClassName, + AdditionalConfig: map[string]string{ + "bucketLifecycle": bucketLifecycle1, + }, + }, + } + _, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Create(ctx, &newObc, metav1.CreateOptions{}) + assert.Nil(t, err) + obcBound := utils.Retry(20, 2*time.Second, "OBC is Bound", func() bool { + liveObc, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Get(ctx, bucketName, metav1.GetOptions{}) + if err != nil { + return false + } + + return liveObc.Status.Phase == v1alpha1.ObjectBucketClaimStatusPhaseBound + }) + assert.True(t, obcBound) + + // wait until obc is Bound to lookup the ob name + obc, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Get(ctx, bucketName, metav1.GetOptions{}) + assert.Nil(t, err) + obName = obc.Spec.ObjectBucketName + + obBound := utils.Retry(20, 2*time.Second, "OB is Bound", func() bool { + liveOb, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBuckets().Get(ctx, obName, metav1.GetOptions{}) + if err != nil { + return false + } + + return liveOb.Status.Phase == v1alpha1.ObjectBucketStatusPhaseBound + }) + assert.True(t, obBound) + + // verify that bucketLifecycle is set + assert.Equal(t, bucketLifecycle1, obc.Spec.AdditionalConfig["bucketLifecycle"]) + + // as the tests are running external to k8s, the internal svc can't be used + labelSelector := "rgw=" + storeName + services, err := k8sh.Clientset.CoreV1().Services(namespace).List(ctx, metav1.ListOptions{LabelSelector: labelSelector}) + assert.Nil(t, err) + assert.Equal(t, 1, len(services.Items)) + s3endpoint := services.Items[0].Spec.ClusterIP + ":80" + + secret, err := k8sh.Clientset.CoreV1().Secrets(namespace).Get(ctx, bucketName, metav1.GetOptions{}) + assert.Nil(t, err) + s3AccessKey := string(secret.Data["AWS_ACCESS_KEY_ID"]) + s3SecretKey := string(secret.Data["AWS_SECRET_ACCESS_KEY"]) + + insecure := objectStore.Spec.IsTLSEnabled() + s3client, err = rgw.NewS3Agent(s3AccessKey, s3SecretKey, s3endpoint, true, nil, insecure, nil) + assert.Nil(t, err) + logger.Infof("endpoint (%s) Accesskey (%s) secret (%s)", s3endpoint, s3AccessKey, s3SecretKey) + }) + + t.Run("lifecycle was applied verbatim to bucket", func(t *testing.T) { + liveLc, err := s3client.Client.GetBucketLifecycleConfiguration(&s3.GetBucketLifecycleConfigurationInput{ + Bucket: &bucketName, + }) + require.NoError(t, err) + + confLc := &s3.GetBucketLifecycleConfigurationOutput{} + err = json.Unmarshal([]byte(bucketLifecycle1), confLc) + require.NoError(t, err) + + assert.Equal(t, confLc, liveLc) + }) + + t.Run("update obc bucketLifecycle", func(t *testing.T) { + obc, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Get(ctx, bucketName, metav1.GetOptions{}) + assert.Nil(t, err) + + obc.Spec.AdditionalConfig["bucketLifecycle"] = bucketLifecycle2 + + _, err = k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Update(ctx, obc, metav1.UpdateOptions{}) + assert.Nil(t, err) + obcBound := utils.Retry(20, time.Second, "OBC is Bound", func() bool { + liveObc, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Get(ctx, bucketName, metav1.GetOptions{}) + if err != nil { + return false + } + + return liveObc.Status.Phase == v1alpha1.ObjectBucketClaimStatusPhaseBound + }) + assert.True(t, obcBound) + + // wait until obc is Bound to lookup the ob name + obc, err = k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Get(ctx, bucketName, metav1.GetOptions{}) + assert.Nil(t, err) + obName = obc.Spec.ObjectBucketName + + obBound := utils.Retry(20, time.Second, "OB is Bound", func() bool { + liveOb, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBuckets().Get(ctx, obName, metav1.GetOptions{}) + if err != nil { + return false + } + + return liveOb.Status.Phase == v1alpha1.ObjectBucketStatusPhaseBound + }) + assert.True(t, obBound) + + // verify that updated bucketLifecycle is set + assert.Equal(t, bucketLifecycle2, obc.Spec.AdditionalConfig["bucketLifecycle"]) + }) + + t.Run("lifecycle update applied verbatim to bucket", func(t *testing.T) { + var liveLc *s3.GetBucketLifecycleConfigurationOutput + + confLc := &s3.GetBucketLifecycleConfigurationOutput{} + err = json.Unmarshal([]byte(bucketLifecycle2), confLc) + require.NoError(t, err) + + utils.Retry(20, time.Second, "lifecycle changed", func() bool { + liveLc, err = s3client.Client.GetBucketLifecycleConfiguration(&s3.GetBucketLifecycleConfigurationInput{ + Bucket: &bucketName, + }) + if err != nil { + return false + } + + return cmp.Equal(confLc, liveLc) + }) + assert.Equal(t, confLc, liveLc) + }) + + t.Run("remove obc bucketLifecycle", func(t *testing.T) { + obc, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Get(ctx, bucketName, metav1.GetOptions{}) + assert.Nil(t, err) + + obc.Spec.AdditionalConfig = map[string]string{} + + _, err = k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Update(ctx, obc, metav1.UpdateOptions{}) + assert.Nil(t, err) + obcBound := utils.Retry(20, time.Second, "OBC is Bound", func() bool { + liveObc, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Get(ctx, bucketName, metav1.GetOptions{}) + if err != nil { + return false + } + + return liveObc.Status.Phase == v1alpha1.ObjectBucketClaimStatusPhaseBound + }) + assert.True(t, obcBound) + + // wait until obc is Bound to lookup the ob name + obc, err = k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Get(ctx, bucketName, metav1.GetOptions{}) + assert.Nil(t, err) + obName = obc.Spec.ObjectBucketName + + obBound := utils.Retry(20, time.Second, "OB is Bound", func() bool { + liveOb, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBuckets().Get(ctx, obName, metav1.GetOptions{}) + if err != nil { + return false + } + + return liveOb.Status.Phase == v1alpha1.ObjectBucketStatusPhaseBound + }) + assert.True(t, obBound) + + // verify that bucketLifecycle is unset + assert.NotContains(t, obc.Spec.AdditionalConfig, "bucketLifecycle") + }) + + t.Run("lifecycle was removed from bucket", func(t *testing.T) { + var err error + utils.Retry(20, time.Second, "lifecycle is gone", func() bool { + _, err = s3client.Client.GetBucketLifecycleConfiguration(&s3.GetBucketLifecycleConfigurationInput{ + Bucket: &bucketName, + }) + if aerr, ok := err.(awserr.Error); ok { + return aerr.Code() == "NoSuchLifecycleConfiguration" + } + return false + }) + require.Error(t, err) + require.Implements(t, (*awserr.Error)(nil), err) + aerr, _ := err.(awserr.Error) + assert.Equal(t, aerr.Code(), "NoSuchLifecycleConfiguration") + }) + + t.Run("delete bucket", func(t *testing.T) { + err = k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Delete(ctx, bucketName, metav1.DeleteOptions{}) + assert.Nil(t, err) + + absent := utils.Retry(20, time.Second, "OBC is absent", func() bool { + _, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBucketClaims(namespace).Get(ctx, bucketName, metav1.GetOptions{}) + return err != nil + }) + assert.True(t, absent) + + absent = utils.Retry(20, time.Second, "OB is absent", func() bool { + _, err := k8sh.BucketClientset.ObjectbucketV1alpha1().ObjectBuckets().Get(ctx, obName, metav1.GetOptions{}) + return err != nil + }) + assert.True(t, absent) + }) + }) + t.Run("Regression check: OBC does not revert to Pending phase", func(t *testing.T) { // A bug exists in older versions of lib-bucket-provisioner that will revert a bucket and claim // back to "Pending" phase after being created and initially "Bound" by looping infinitely in From 8addaff3305748b5648a8dfdc0b7f33e906edafe Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 10 Jan 2025 20:38:53 +0100 Subject: [PATCH 30/49] ci: extract make targets from linters workflow This extracts two functionalities from the linters ci workflow into make targets for convenient local execution: yamllint and pylint Signed-off-by: Michael Adam --- .github/workflows/linters.yaml | 4 ++-- .github/workflows/.yamllint => .yamllint | 0 Makefile | 8 ++++++++ 3 files changed, 10 insertions(+), 2 deletions(-) rename .github/workflows/.yamllint => .yamllint (100%) diff --git a/.github/workflows/linters.yaml b/.github/workflows/linters.yaml index 59d8dba4e100..c4a741384bd0 100644 --- a/.github/workflows/linters.yaml +++ b/.github/workflows/linters.yaml @@ -36,7 +36,7 @@ jobs: run: pip install yamllint - name: Lint YAML files - run: yamllint -c .github/workflows/.yamllint deploy/examples/ --no-warnings + run: make yamllint pylint: runs-on: ubuntu-latest @@ -58,7 +58,7 @@ jobs: pip install pygit2 - name: Lint Python files - run: pylint $(git ls-files '*.py') -E + run: make pylint - name: Setup black for py uses: psf/black@1b2427a2b785cc4aac97c19bb4b9a0de063f9547 # stable diff --git a/.github/workflows/.yamllint b/.yamllint similarity index 100% rename from .github/workflows/.yamllint rename to .yamllint diff --git a/Makefile b/Makefile index 7d2b5e65b350..309cfe58c282 100644 --- a/Makefile +++ b/Makefile @@ -161,6 +161,14 @@ fmt: ## Check formatting of go sources. @$(MAKE) go.init @$(MAKE) go.fmt +.PHONY: yamllint +yamllint: + yamllint -c .yamllint deploy/examples/ --no-warnings + +.PHONY: pylint +pylint: + pylint $(shell find $(ROOT_DIR) -name '*.py') -E + gen.codegen: codegen codegen: ${CODE_GENERATOR} ## Run code generators. @build/codegen/codegen.sh From 58febcbeabeadb2a334ce7eef6e33ad335f6ce06 Mon Sep 17 00:00:00 2001 From: Artem Torubarov Date: Tue, 21 Jan 2025 17:27:36 +0100 Subject: [PATCH 31/49] operator: log mon db config values with trace lvl log applied mon store config values with trace lvl for debug purpose Signed-off-by: Artem Torubarov --- pkg/operator/ceph/config/monstore.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/operator/ceph/config/monstore.go b/pkg/operator/ceph/config/monstore.go index ce8772027026..26ff00f5a0d0 100644 --- a/pkg/operator/ceph/config/monstore.go +++ b/pkg/operator/ceph/config/monstore.go @@ -94,6 +94,8 @@ func (m *MonStore) SetIfChanged(who, option, value string) (bool, error) { // https://docs.ceph.com/docs/master/rados/configuration/ceph-conf/#monitor-configuration-database func (m *MonStore) Set(who, option, value string) error { logger.Infof("setting option %q (user %q) to the mon configuration database", option, who) + logger.Tracef("setting option %q = %q (user %q) to the mon configuration database", option, value, who) + args := []string{"config", "set", who, normalizeKey(option), value} cephCmd := client.NewCephCommand(m.context, m.clusterInfo, args) out, err := cephCmd.RunWithTimeout(exec.CephCommandsTimeout) @@ -102,6 +104,7 @@ func (m *MonStore) Set(who, option, value string) error { "you may need to use the rook-config-override ConfigMap. output: %s", string(out)) } + logger.Tracef("successfully set option %q = %q (user %q) to the mon configuration database", option, value, who) logger.Infof("successfully set option %q (user %q) to the mon configuration database", option, who) return nil } @@ -200,6 +203,7 @@ func (m *MonStore) DeleteAll(options ...Option) error { // See: https://docs.ceph.com/en/latest/man/8/ceph/#config-key func (m *MonStore) SetKeyValue(key, value string) error { logger.Debugf("setting %q option in the mon config-key store", key) + logger.Tracef("setting %q=%q option in the mon config-key store", key, value) args := []string{"config-key", "set", key, value} cephCmd := client.NewCephCommand(m.context, m.clusterInfo, args) out, err := cephCmd.RunWithTimeout(exec.CephCommandsTimeout) From 25ee6b4f59558f63e6ab05e53b2b45c81fa88285 Mon Sep 17 00:00:00 2001 From: Artem Torubarov Date: Wed, 15 Jan 2025 15:59:30 +0100 Subject: [PATCH 32/49] operator: custom hostname topology label Signed-off-by: Artem Torubarov --- Documentation/Helm-Charts/operator-chart.md | 1 + .../rook-ceph/templates/deployment.yaml | 4 +++ deploy/charts/rook-ceph/values.yaml | 3 +++ deploy/examples/operator.yaml | 4 +++ pkg/operator/ceph/cluster/cleanup.go | 2 +- pkg/operator/ceph/cluster/mgr/spec.go | 2 +- pkg/operator/ceph/cluster/mon/mon.go | 17 +++++++----- pkg/operator/ceph/cluster/mon/node.go | 3 ++- pkg/operator/ceph/cluster/nodedaemon/crash.go | 18 ++++++------- .../ceph/cluster/nodedaemon/exporter.go | 18 ++++++------- pkg/operator/ceph/cluster/osd/key_rotation.go | 2 +- pkg/operator/ceph/cluster/osd/osd.go | 14 +++++++--- .../ceph/cluster/osd/provision_spec.go | 2 +- pkg/operator/ceph/cluster/osd/spec.go | 2 +- pkg/operator/ceph/cluster/osd/spec_test.go | 27 ++++++++++++++++--- .../ceph/cluster/osd/topology/topology.go | 11 ++++---- .../cluster/osd/topology/topology_test.go | 27 +++++++++++++++++++ pkg/operator/ceph/cluster/watcher.go | 6 ++--- pkg/operator/ceph/csi/util.go | 2 +- pkg/operator/ceph/object/spec.go | 2 +- pkg/operator/k8sutil/labels.go | 10 +++++++ pkg/operator/k8sutil/node.go | 11 ++++---- pkg/operator/k8sutil/node_test.go | 16 +++++++++++ 23 files changed, 151 insertions(+), 53 deletions(-) diff --git a/Documentation/Helm-Charts/operator-chart.md b/Documentation/Helm-Charts/operator-chart.md index 45f360ea1ffc..c6ae597217c4 100644 --- a/Documentation/Helm-Charts/operator-chart.md +++ b/Documentation/Helm-Charts/operator-chart.md @@ -136,6 +136,7 @@ The following table lists the configurable parameters of the rook-operator chart | `csi.topology.domainLabels` | domainLabels define which node labels to use as domains for CSI nodeplugins to advertise their domains | `nil` | | `csi.topology.enabled` | Enable topology based provisioning | `false` | | `currentNamespaceOnly` | Whether the operator should watch cluster CRD in its own namespace or not | `false` | +| `customHostnameLabel` | Custom label to identify node hostname. If not set `kubernetes.io/hostname` will be used | `nil` | | `disableDeviceHotplug` | Disable automatic orchestration when new devices are discovered. | `false` | | `discover.nodeAffinity` | The node labels for affinity of `discover-agent` [^1] | `nil` | | `discover.podLabels` | Labels to add to the discover pods | `nil` | diff --git a/deploy/charts/rook-ceph/templates/deployment.yaml b/deploy/charts/rook-ceph/templates/deployment.yaml index 3df7bf610401..beaa8ceeaf09 100644 --- a/deploy/charts/rook-ceph/templates/deployment.yaml +++ b/deploy/charts/rook-ceph/templates/deployment.yaml @@ -88,6 +88,10 @@ spec: {{- else }} - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED value: "{{ .Values.hostpathRequiresPrivileged }}" +{{- end }} +{{- if .Values.customHostnameLabel }} + - name: ROOK_CUSTOM_HOSTNAME_LABEL + value: {{ .Values.customHostnameLabel }} {{- end }} - name: ROOK_DISABLE_DEVICE_HOTPLUG value: "{{ .Values.disableDeviceHotplug }}" diff --git a/deploy/charts/rook-ceph/values.yaml b/deploy/charts/rook-ceph/values.yaml index 2151064545d8..2122ef61f6b5 100644 --- a/deploy/charts/rook-ceph/values.yaml +++ b/deploy/charts/rook-ceph/values.yaml @@ -623,6 +623,9 @@ discover: # cpu: 100m # memory: 128Mi +# -- Custom label to identify node hostname. If not set `kubernetes.io/hostname` will be used +customHostnameLabel: + # -- Runs Ceph Pods as privileged to be able to write to `hostPaths` in OpenShift with SELinux restrictions. hostpathRequiresPrivileged: false diff --git a/deploy/examples/operator.yaml b/deploy/examples/operator.yaml index d9d9bfc13f94..b15b60e18898 100644 --- a/deploy/examples/operator.yaml +++ b/deploy/examples/operator.yaml @@ -646,6 +646,10 @@ spec: - name: ROOK_UNREACHABLE_NODE_TOLERATION_SECONDS value: "5" + # Custom label to identify node hostname. If not set `kubernetes.io/hostname` will be used + - name: ROOK_CUSTOM_HOSTNAME_LABEL + value: "" + # The name of the node to pass with the downward API - name: NODE_NAME valueFrom: diff --git a/pkg/operator/ceph/cluster/cleanup.go b/pkg/operator/ceph/cluster/cleanup.go index 9f7c2e0ef833..5961451d0eb4 100644 --- a/pkg/operator/ceph/cluster/cleanup.go +++ b/pkg/operator/ceph/cluster/cleanup.go @@ -75,7 +75,7 @@ func (c *ClusterController) startCleanUpJobs(cluster *cephv1.CephCluster, cephHo logger.Infof("starting clean up job on node %q", hostName) jobName := k8sutil.TruncateNodeNameForJob("cluster-cleanup-job-%s", hostName) podSpec := c.cleanUpJobTemplateSpec(cluster, monSecret, clusterFSID) - podSpec.Spec.NodeSelector = map[string]string{v1.LabelHostname: hostName} + podSpec.Spec.NodeSelector = map[string]string{k8sutil.LabelHostname(): hostName} labels := controller.AppLabels(CleanupAppName, cluster.Namespace) labels[CleanupAppName] = "true" job := &batch.Job{ diff --git a/pkg/operator/ceph/cluster/mgr/spec.go b/pkg/operator/ceph/cluster/mgr/spec.go index 2e002733e389..e82a6f23fa4e 100644 --- a/pkg/operator/ceph/cluster/mgr/spec.go +++ b/pkg/operator/ceph/cluster/mgr/spec.go @@ -90,7 +90,7 @@ func (c *Cluster) makeDeployment(mgrConfig *mgrConfig) (*apps.Deployment, error) mon.CephSecretVolume()) // Stretch the mgrs across hosts by default, or across a bigger failure domain for when zones are required like in case of stretched cluster - topologyKey := v1.LabelHostname + topologyKey := k8sutil.LabelHostname() if c.spec.ZonesRequired() { topologyKey = mon.GetFailureDomainLabel(c.spec) } diff --git a/pkg/operator/ceph/cluster/mon/mon.go b/pkg/operator/ceph/cluster/mon/mon.go index 8375163e8d5b..b0d2d94e705c 100644 --- a/pkg/operator/ceph/cluster/mon/mon.go +++ b/pkg/operator/ceph/cluster/mon/mon.go @@ -672,7 +672,7 @@ func scheduleMonitor(c *Cluster, mon *monConfig) (*apps.Deployment, error) { // setup affinity settings for pod scheduling p := c.getMonPlacement(mon.Zone) p.ApplyToPodSpec(&d.Spec.Template.Spec) - k8sutil.SetNodeAntiAffinityForPod(&d.Spec.Template.Spec, requiredDuringScheduling(&c.spec), v1.LabelHostname, + k8sutil.SetNodeAntiAffinityForPod(&d.Spec.Template.Spec, requiredDuringScheduling(&c.spec), k8sutil.LabelHostname(), map[string]string{k8sutil.AppAttr: AppName}, nil) // setup storage on the canary since scheduling will be affected when @@ -1412,10 +1412,15 @@ func (c *Cluster) startMon(m *monConfig, schedule *controller.MonScheduleInfo) e if m.UseHostNetwork || !pvcExists { p.PodAffinity = nil p.PodAntiAffinity = nil - k8sutil.SetNodeAntiAffinityForPod(&d.Spec.Template.Spec, requiredDuringScheduling(&c.spec), v1.LabelHostname, - map[string]string{k8sutil.AppAttr: AppName}, existingDeployment.Spec.Template.Spec.NodeSelector) + nodeSelector := existingDeployment.Spec.Template.Spec.NodeSelector + if schedule != nil && schedule.Hostname != "" { + // update nodeSelector in case if ROOK_CUSTOM_HOSTNAME_LABEL was changed: + nodeSelector = map[string]string{k8sutil.LabelHostname(): schedule.Hostname} + } + k8sutil.SetNodeAntiAffinityForPod(&d.Spec.Template.Spec, requiredDuringScheduling(&c.spec), k8sutil.LabelHostname(), + map[string]string{k8sutil.AppAttr: AppName}, nodeSelector) } else { - k8sutil.SetNodeAntiAffinityForPod(&d.Spec.Template.Spec, requiredDuringScheduling(&c.spec), v1.LabelHostname, + k8sutil.SetNodeAntiAffinityForPod(&d.Spec.Template.Spec, requiredDuringScheduling(&c.spec), k8sutil.LabelHostname(), map[string]string{k8sutil.AppAttr: AppName}, nil) } return c.updateMon(m, d) @@ -1445,9 +1450,9 @@ func (c *Cluster) startMon(m *monConfig, schedule *controller.MonScheduleInfo) e // Schedule the mon on a specific host if specified, or else allow it to be portable according to the PV p.PodAffinity = nil p.PodAntiAffinity = nil - nodeSelector = map[string]string{v1.LabelHostname: schedule.Hostname} + nodeSelector = map[string]string{k8sutil.LabelHostname(): schedule.Hostname} } - k8sutil.SetNodeAntiAffinityForPod(&d.Spec.Template.Spec, requiredDuringScheduling(&c.spec), v1.LabelHostname, + k8sutil.SetNodeAntiAffinityForPod(&d.Spec.Template.Spec, requiredDuringScheduling(&c.spec), k8sutil.LabelHostname(), map[string]string{k8sutil.AppAttr: AppName}, nodeSelector) logger.Debugf("Starting mon: %+v", d.Name) diff --git a/pkg/operator/ceph/cluster/mon/node.go b/pkg/operator/ceph/cluster/mon/node.go index 09c2d9eb4013..05864b927a1f 100644 --- a/pkg/operator/ceph/cluster/mon/node.go +++ b/pkg/operator/ceph/cluster/mon/node.go @@ -19,6 +19,7 @@ package mon import ( "github.com/pkg/errors" opcontroller "github.com/rook/rook/pkg/operator/ceph/controller" + "github.com/rook/rook/pkg/operator/k8sutil" v1 "k8s.io/api/core/v1" ) @@ -29,7 +30,7 @@ const ( func getNodeInfoFromNode(n v1.Node) (*opcontroller.MonScheduleInfo, error) { nr := &opcontroller.MonScheduleInfo{ Name: n.Name, - Hostname: n.Labels[v1.LabelHostname], + Hostname: n.Labels[k8sutil.LabelHostname()], } // If the host networking is setup such that a different IP should be used diff --git a/pkg/operator/ceph/cluster/nodedaemon/crash.go b/pkg/operator/ceph/cluster/nodedaemon/crash.go index a95bc046239b..027d98d380d7 100644 --- a/pkg/operator/ceph/cluster/nodedaemon/crash.go +++ b/pkg/operator/ceph/cluster/nodedaemon/crash.go @@ -44,9 +44,9 @@ const ( // createOrUpdateCephCrash is a wrapper around controllerutil.CreateOrUpdate func (r *ReconcileNode) createOrUpdateCephCrash(node corev1.Node, tolerations []corev1.Toleration, cephCluster cephv1.CephCluster, cephVersion *cephver.CephVersion) (controllerutil.OperationResult, error) { // Create or Update the deployment default/foo - nodeHostnameLabel, ok := node.ObjectMeta.Labels[corev1.LabelHostname] + nodeHostnameLabel, ok := node.ObjectMeta.Labels[k8sutil.LabelHostname()] if !ok { - return controllerutil.OperationResultNone, errors.Errorf("label key %q does not exist on node %q", corev1.LabelHostname, node.GetName()) + return controllerutil.OperationResultNone, errors.Errorf("label key %q does not exist on node %q", k8sutil.LabelHostname(), node.GetName()) } deploy := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ @@ -66,21 +66,21 @@ func (r *ReconcileNode) createOrUpdateCephCrash(node corev1.Node, tolerations [] // labels for the pod, the deployment, and the deploymentSelector deploymentLabels := map[string]string{ - corev1.LabelHostname: nodeHostnameLabel, - k8sutil.AppAttr: CrashCollectorAppName, - NodeNameLabel: node.GetName(), + k8sutil.LabelHostname(): nodeHostnameLabel, + k8sutil.AppAttr: CrashCollectorAppName, + NodeNameLabel: node.GetName(), } deploymentLabels[config.CrashType] = "crash" deploymentLabels[controller.DaemonIDLabel] = "crash" deploymentLabels[k8sutil.ClusterAttr] = cephCluster.GetNamespace() selectorLabels := map[string]string{ - corev1.LabelHostname: nodeHostnameLabel, - k8sutil.AppAttr: CrashCollectorAppName, - NodeNameLabel: node.GetName(), + k8sutil.LabelHostname(): nodeHostnameLabel, + k8sutil.AppAttr: CrashCollectorAppName, + NodeNameLabel: node.GetName(), } - nodeSelector := map[string]string{corev1.LabelHostname: nodeHostnameLabel} + nodeSelector := map[string]string{k8sutil.LabelHostname(): nodeHostnameLabel} // Deployment selector is immutable so we set this value only if // a new object is going to be created diff --git a/pkg/operator/ceph/cluster/nodedaemon/exporter.go b/pkg/operator/ceph/cluster/nodedaemon/exporter.go index 4c30320ce385..cbd0495e50e3 100644 --- a/pkg/operator/ceph/cluster/nodedaemon/exporter.go +++ b/pkg/operator/ceph/cluster/nodedaemon/exporter.go @@ -67,9 +67,9 @@ func (r *ReconcileNode) createOrUpdateCephExporter(node corev1.Node, tolerations return controllerutil.OperationResultNone, nil } - nodeHostnameLabel, ok := node.Labels[corev1.LabelHostname] + nodeHostnameLabel, ok := node.Labels[k8sutil.LabelHostname()] if !ok { - return controllerutil.OperationResultNone, errors.Errorf("label key %q does not exist on node %q", corev1.LabelHostname, node.GetName()) + return controllerutil.OperationResultNone, errors.Errorf("label key %q does not exist on node %q", k8sutil.LabelHostname(), node.GetName()) } deploy := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ @@ -91,20 +91,20 @@ func (r *ReconcileNode) createOrUpdateCephExporter(node corev1.Node, tolerations // labels for the pod, the deployment, and the deploymentSelector deploymentLabels := map[string]string{ - corev1.LabelHostname: nodeHostnameLabel, - k8sutil.AppAttr: cephExporterAppName, - NodeNameLabel: node.GetName(), + k8sutil.LabelHostname(): nodeHostnameLabel, + k8sutil.AppAttr: cephExporterAppName, + NodeNameLabel: node.GetName(), } deploymentLabels[controller.DaemonIDLabel] = "exporter" deploymentLabels[k8sutil.ClusterAttr] = cephCluster.GetNamespace() selectorLabels := map[string]string{ - corev1.LabelHostname: nodeHostnameLabel, - k8sutil.AppAttr: cephExporterAppName, - NodeNameLabel: node.GetName(), + k8sutil.LabelHostname(): nodeHostnameLabel, + k8sutil.AppAttr: cephExporterAppName, + NodeNameLabel: node.GetName(), } - nodeSelector := map[string]string{corev1.LabelHostname: nodeHostnameLabel} + nodeSelector := map[string]string{k8sutil.LabelHostname(): nodeHostnameLabel} // Deployment selector is immutable so we set this value only if // a new object is going to be created diff --git a/pkg/operator/ceph/cluster/osd/key_rotation.go b/pkg/operator/ceph/cluster/osd/key_rotation.go index db0aca375e80..5ad7afdcb88f 100644 --- a/pkg/operator/ceph/cluster/osd/key_rotation.go +++ b/pkg/operator/ceph/cluster/osd/key_rotation.go @@ -57,7 +57,7 @@ func applyKeyRotationPlacement(spec *v1.PodSpec, labels map[string]string) { LabelSelector: &metav1.LabelSelector{ MatchLabels: labels, }, - TopologyKey: v1.LabelHostname, + TopologyKey: k8sutil.LabelHostname(), }, }, } diff --git a/pkg/operator/ceph/cluster/osd/osd.go b/pkg/operator/ceph/cluster/osd/osd.go index e1bf09cb3e9b..04d91ca8e254 100644 --- a/pkg/operator/ceph/cluster/osd/osd.go +++ b/pkg/operator/ceph/cluster/osd/osd.go @@ -583,7 +583,7 @@ func (c *Cluster) getPVCHostName(pvcName string) (string, error) { for _, d := range deployments.Items { selectors := d.Spec.Template.Spec.NodeSelector for label, value := range selectors { - if label == corev1.LabelHostname { + if label == k8sutil.LabelHostname() { return value, nil } } @@ -734,10 +734,18 @@ func getNodeOrPVCName(d *appsv1.Deployment) (string, error) { return v, nil // OSD is on PVC } for k, v := range d.Spec.Template.Spec.NodeSelector { - if k == corev1.LabelHostname { + if k == k8sutil.LabelHostname() { return v, nil } } + // try to fallback on previous hostname label + // NodeSelector always has a single entry + if len(d.Spec.Template.Spec.NodeSelector) == 1 { + for _, v := range d.Spec.Template.Spec.NodeSelector { + return v, nil + } + } + return "", errors.Errorf("failed to find node/PVC name for OSD deployment %q: %+v", d.Name, d) } @@ -858,7 +866,7 @@ func getNode(ctx context.Context, clientset kubernetes.Interface, nodeName strin // try to find by the node by matching the provided nodeName node, err = clientset.CoreV1().Nodes().Get(ctx, nodeName, metav1.GetOptions{}) if kerrors.IsNotFound(err) { - listOpts := metav1.ListOptions{LabelSelector: fmt.Sprintf("%q=%q", corev1.LabelHostname, nodeName)} + listOpts := metav1.ListOptions{LabelSelector: fmt.Sprintf("%q=%q", k8sutil.LabelHostname(), nodeName)} nodeList, err := clientset.CoreV1().Nodes().List(ctx, listOpts) if err != nil || len(nodeList.Items) < 1 { return nil, errors.Wrapf(err, "could not find node %q hostname label", nodeName) diff --git a/pkg/operator/ceph/cluster/osd/provision_spec.go b/pkg/operator/ceph/cluster/osd/provision_spec.go index 61f31664ae79..01b70b62e66f 100644 --- a/pkg/operator/ceph/cluster/osd/provision_spec.go +++ b/pkg/operator/ceph/cluster/osd/provision_spec.go @@ -52,7 +52,7 @@ func (c *Cluster) makeJob(osdProps osdProperties, provisionConfig *provisionConf podSpec.Spec.InitContainers = append(podSpec.Spec.InitContainers, c.getPVCWalInitContainer("/wal", osdProps)) } } else { - podSpec.Spec.NodeSelector = map[string]string{v1.LabelHostname: osdProps.crushHostname} + podSpec.Spec.NodeSelector = map[string]string{k8sutil.LabelHostname(): osdProps.crushHostname} } job := &batch.Job{ diff --git a/pkg/operator/ceph/cluster/osd/spec.go b/pkg/operator/ceph/cluster/osd/spec.go index 79c066bf290e..de030b98a45b 100644 --- a/pkg/operator/ceph/cluster/osd/spec.go +++ b/pkg/operator/ceph/cluster/osd/spec.go @@ -757,7 +757,7 @@ func (c *Cluster) makeDeployment(osdProps osdProperties, osd *OSDInfo, provision return nil, err } } else { - deployment.Spec.Template.Spec.NodeSelector = map[string]string{v1.LabelHostname: osdProps.crushHostname} + deployment.Spec.Template.Spec.NodeSelector = map[string]string{k8sutil.LabelHostname(): osdProps.crushHostname} } k8sutil.AddRookVersionLabelToDeployment(deployment) cephv1.GetOSDAnnotations(c.spec.Annotations).ApplyToObjectMeta(&deployment.ObjectMeta) diff --git a/pkg/operator/ceph/cluster/osd/spec_test.go b/pkg/operator/ceph/cluster/osd/spec_test.go index f04495fb46f6..ab941eb97c7f 100644 --- a/pkg/operator/ceph/cluster/osd/spec_test.go +++ b/pkg/operator/ceph/cluster/osd/spec_test.go @@ -71,10 +71,18 @@ func TestPodContainer(t *testing.T) { } func TestDaemonset(t *testing.T) { - testPodDevices(t, "", "sda", true) - testPodDevices(t, "/var/lib/mydatadir", "sdb", false) - testPodDevices(t, "", "", true) - testPodDevices(t, "", "", false) + t.Run(("device name and all devices"), func(t *testing.T) { + testPodDevices(t, "", "sda", true) + }) + t.Run(("data dir and device name"), func(t *testing.T) { + testPodDevices(t, "/var/lib/mydatadir", "sdb", false) + }) + t.Run(("all devices"), func(t *testing.T) { + testPodDevices(t, "", "", true) + }) + t.Run(("no data dir and device name"), func(t *testing.T) { + testPodDevices(t, "", "", false) + }) } func testPodDevices(t *testing.T, dataDir, deviceName string, allDevices bool) { @@ -493,6 +501,17 @@ func testPodDevices(t *testing.T, dataDir, deviceName string, allDevices bool) { assert.Equal(t, int32(900), deployment.Spec.Template.Spec.Containers[0].LivenessProbe.InitialDelaySeconds) assert.Equal(t, int32(1000), deployment.Spec.Template.Spec.Containers[0].StartupProbe.InitialDelaySeconds) }) + + // test custom topology label + t.Setenv("ROOK_CUSTOM_HOSTNAME_LABEL", "my_custom_hostname_label") + deployment, err = c.makeDeployment(osdProp, osd, dataPathMap) + assert.Nil(t, err) + assert.NotNil(t, deployment) + assert.Equal(t, "rook-ceph-osd-0", deployment.Name) + assert.Equal(t, c.clusterInfo.Namespace, deployment.Namespace) + assert.Equal(t, serviceAccountName, deployment.Spec.Template.Spec.ServiceAccountName) + assert.Equal(t, int32(1), *(deployment.Spec.Replicas)) + assert.Equal(t, "node1", deployment.Spec.Template.Spec.NodeSelector["my_custom_hostname_label"]) } func verifyEnvVar(t *testing.T, envVars []corev1.EnvVar, expectedName, expectedValue string, expectedFound bool) { diff --git a/pkg/operator/ceph/cluster/osd/topology/topology.go b/pkg/operator/ceph/cluster/osd/topology/topology.go index ce4022e167af..9126bff09dd2 100644 --- a/pkg/operator/ceph/cluster/osd/topology/topology.go +++ b/pkg/operator/ceph/cluster/osd/topology/topology.go @@ -25,6 +25,7 @@ import ( "github.com/coreos/pkg/capnslog" "github.com/rook/rook/pkg/daemon/ceph/client" + "github.com/rook/rook/pkg/operator/k8sutil" corev1 "k8s.io/api/core/v1" ) @@ -46,7 +47,6 @@ var ( const ( topologyLabelPrefix = "topology.rook.io/" - labelHostname = "kubernetes.io/hostname" ) // ExtractOSDTopologyFromLabels extracts rook topology from labels and returns a map from topology type to value @@ -74,16 +74,15 @@ func allKubernetesTopologyLabelsOrdered() []string { append([]string{corev1.LabelTopologyRegion, corev1.LabelTopologyZone}, rookTopologyLabelsOrdered()...), - labelHostname, // host is the lowest level in the crush map hierarchy + k8sutil.LabelHostname(), // host is the lowest level in the crush map hierarchy ) } func kubernetesTopologyLabelToCRUSHLabel(label string) string { - crushLabel := strings.Split(label, "/") - if crushLabel[len(crushLabel)-1] == "hostname" { - // kubernetes uses "kubernetes.io/hostname" whereas CRUSH uses "host" + if label == k8sutil.LabelHostname() { return "host" } + crushLabel := strings.Split(label, "/") return crushLabel[len(crushLabel)-1] } @@ -140,7 +139,7 @@ func formatTopologyAffinity(label, value string) string { // GetDefaultTopologyLabels returns the supported default topology labels. func GetDefaultTopologyLabels() string { - Labels := []string{corev1.LabelHostname, corev1.LabelZoneRegionStable, corev1.LabelZoneFailureDomainStable} + Labels := []string{k8sutil.LabelHostname(), corev1.LabelZoneRegionStable, corev1.LabelZoneFailureDomainStable} for _, label := range CRUSHTopologyLabels { Labels = append(Labels, topologyLabelPrefix+label) } diff --git a/pkg/operator/ceph/cluster/osd/topology/topology_test.go b/pkg/operator/ceph/cluster/osd/topology/topology_test.go index 33a5c4cdd7e0..2446dd298b9f 100644 --- a/pkg/operator/ceph/cluster/osd/topology/topology_test.go +++ b/pkg/operator/ceph/cluster/osd/topology/topology_test.go @@ -44,6 +44,7 @@ func TestCleanTopologyLabels(t *testing.T) { nodeLabels := map[string]string{ corev1.LabelZoneRegionStable: "r.region", "kubernetes.io/hostname": "host.name", + "my_custom_hostname_label": "host.custom.name", "topology.rook.io/rack": "r.rack", "topology.rook.io/row": "r.row", "topology.rook.io/datacenter": "d.datacenter", @@ -62,6 +63,18 @@ func TestCleanTopologyLabels(t *testing.T) { assert.Equal(t, "", topology["pod"]) assert.Equal(t, "", topology["room"]) + t.Setenv("ROOK_CUSTOM_HOSTNAME_LABEL", "my_custom_hostname_label") + topology, affinity = ExtractOSDTopologyFromLabels(nodeLabels) + assert.Equal(t, 6, len(topology)) + assert.Equal(t, "r-region", topology["region"]) + assert.Equal(t, "host-custom-name", topology["host"]) + assert.Equal(t, "r-rack", topology["rack"]) + assert.Equal(t, "r-row", topology["row"]) + assert.Equal(t, "d-datacenter", topology["datacenter"]) + assert.Equal(t, "topology.rook.io/chassis=test", affinity) + assert.Equal(t, "test", topology["chassis"]) + assert.Equal(t, "", topology["pod"]) + assert.Equal(t, "", topology["room"]) } func TestTopologyLabels(t *testing.T) { @@ -126,4 +139,18 @@ func TestGetDefaultTopologyLabels(t *testing.T) { "topology.rook.io/room," + "topology.rook.io/datacenter" assert.Equal(t, expectedLabels, GetDefaultTopologyLabels()) + + t.Setenv("ROOK_CUSTOM_HOSTNAME_LABEL", "my_custom_hostname_label") + expectedLabels = "my_custom_hostname_label," + + "topology.kubernetes.io/region," + + "topology.kubernetes.io/zone," + + "topology.rook.io/chassis," + + "topology.rook.io/rack," + + "topology.rook.io/row," + + "topology.rook.io/pdu," + + "topology.rook.io/pod," + + "topology.rook.io/room," + + "topology.rook.io/datacenter" + assert.Equal(t, expectedLabels, GetDefaultTopologyLabels()) + } diff --git a/pkg/operator/ceph/cluster/watcher.go b/pkg/operator/ceph/cluster/watcher.go index a99d9f545d58..57363bfa26fd 100644 --- a/pkg/operator/ceph/cluster/watcher.go +++ b/pkg/operator/ceph/cluster/watcher.go @@ -101,7 +101,7 @@ func (c *clientCluster) onK8sNode(ctx context.Context, object runtime.Object, op } if !k8sutil.GetNodeSchedulable(*node, false) { - logger.Debugf("node watcher: skipping cluster update. added node %q is unschedulable", node.Labels[corev1.LabelHostname]) + logger.Debugf("node watcher: skipping cluster update. added node %q is unschedulable", node.Labels[k8sutil.LabelHostname()]) return false } @@ -126,7 +126,7 @@ func (c *clientCluster) onK8sNode(ctx context.Context, object runtime.Object, op err := k8sutil.ValidNode(*node, cephv1.GetOSDPlacement(cluster.Spec.Placement), cluster.Spec.Storage.ScheduleAlways) if err == nil { nodeName := node.Name - hostname, ok := node.Labels[corev1.LabelHostname] + hostname, ok := node.Labels[k8sutil.LabelHostname()] if ok && hostname != "" { nodeName = hostname } @@ -148,7 +148,7 @@ func (c *clientCluster) onK8sNode(ctx context.Context, object runtime.Object, op // Reconcile if there are no OSDs in the CRUSH map and if the host does not exist in the CRUSH map. if osds == "" { - logger.Infof("node watcher: adding node %q to cluster %q", node.Labels[corev1.LabelHostname], cluster.Namespace) + logger.Infof("node watcher: adding node %q to cluster %q", node.Labels[k8sutil.LabelHostname()], cluster.Namespace) return true } diff --git a/pkg/operator/ceph/csi/util.go b/pkg/operator/ceph/csi/util.go index f2b4c379c756..4c3e70827155 100644 --- a/pkg/operator/ceph/csi/util.go +++ b/pkg/operator/ceph/csi/util.go @@ -197,7 +197,7 @@ func GetPodAntiAffinity(key, value string) corev1.PodAntiAffinity { }, }, }, - TopologyKey: corev1.LabelHostname, + TopologyKey: k8sutil.LabelHostname(), }, }, } diff --git a/pkg/operator/ceph/object/spec.go b/pkg/operator/ceph/object/spec.go index 371d8ef10eb4..731e955f9478 100644 --- a/pkg/operator/ceph/object/spec.go +++ b/pkg/operator/ceph/object/spec.go @@ -252,7 +252,7 @@ func (c *clusterConfig) makeRGWPodSpec(rgwConfig *rgwConfig) (v1.PodTemplateSpec // If host networking is not enabled, preferred pod anti-affinity is added to the rgw daemons labels := getLabels(c.store.Name, c.store.Namespace, false) - k8sutil.SetNodeAntiAffinityForPod(&podSpec, c.store.Spec.IsHostNetwork(c.clusterSpec), v1.LabelHostname, labels, nil) + k8sutil.SetNodeAntiAffinityForPod(&podSpec, c.store.Spec.IsHostNetwork(c.clusterSpec), k8sutil.LabelHostname(), labels, nil) podTemplateSpec := v1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ diff --git a/pkg/operator/k8sutil/labels.go b/pkg/operator/k8sutil/labels.go index c17c6980a6c5..b7b16e650640 100644 --- a/pkg/operator/k8sutil/labels.go +++ b/pkg/operator/k8sutil/labels.go @@ -19,6 +19,8 @@ package k8sutil import ( "os" "strings" + + corev1 "k8s.io/api/core/v1" ) // ParseStringToLabels parse a label selector string into a map[string]string @@ -58,3 +60,11 @@ func AddRecommendedLabels(labels map[string]string, appName, parentName, resourc labels["app.kubernetes.io/created-by"] = "rook-ceph-operator" labels["rook.io/operator-namespace"] = os.Getenv(PodNamespaceEnvVar) } + +// LabelHostname returns label name to identify k8s node hostname +func LabelHostname() string { + if label := os.Getenv("ROOK_CUSTOM_HOSTNAME_LABEL"); label != "" { + return label + } + return corev1.LabelHostname +} diff --git a/pkg/operator/k8sutil/node.go b/pkg/operator/k8sutil/node.go index 2dcce962cd90..a6e8ab1e8c18 100644 --- a/pkg/operator/k8sutil/node.go +++ b/pkg/operator/k8sutil/node.go @@ -101,7 +101,7 @@ func GetValidNodes(ctx context.Context, rookStorage cephv1.StorageScopeSpec, cli // Typically these will be the same name, but sometimes they are not such as when nodes have a longer // dns name, but the hostname is short. func GetNodeNameFromHostname(ctx context.Context, clientset kubernetes.Interface, hostName string) (string, error) { - options := metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s", v1.LabelHostname, hostName)} + options := metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s", LabelHostname(), hostName)} nodes, err := clientset.CoreV1().Nodes().List(ctx, options) if err != nil { return hostName, err @@ -123,7 +123,7 @@ func GetNodeHostName(ctx context.Context, clientset kubernetes.Interface, nodeNa } func GetNodeHostNameLabel(node *v1.Node) (string, error) { - hostname, ok := node.Labels[v1.LabelHostname] + hostname, ok := node.Labels[LabelHostname()] if !ok { return "", fmt.Errorf("hostname not found on the node") } @@ -141,7 +141,7 @@ func GetNodeHostNames(ctx context.Context, clientset kubernetes.Interface) (map[ nodeMap := map[string]string{} for _, node := range nodes.Items { - nodeMap[node.Name] = node.Labels[v1.LabelHostname] + nodeMap[node.Name] = node.Labels[LabelHostname()] } return nodeMap, nil } @@ -275,9 +275,10 @@ func rookNodeMatchesKubernetesNode(rookNode cephv1.Node, kubernetesNode v1.Node) } func normalizeHostname(kubernetesNode v1.Node) string { - hostname := kubernetesNode.Labels[v1.LabelHostname] + hostname := kubernetesNode.Labels[LabelHostname()] if len(hostname) == 0 { // fall back to the node name if the hostname label is not set + logger.Warningf("hostname label %q is missing for node %q. Fallback to node name", LabelHostname(), kubernetesNode.Name) hostname = kubernetesNode.Name } return hostname @@ -301,7 +302,7 @@ func GetKubernetesNodesMatchingRookNodes(ctx context.Context, rookNodes []cephv1 } } if !nodeFound { - logger.Warningf("failed to find matching kubernetes node for %q. Check the CephCluster's config and confirm each 'name' field in spec.storage.nodes matches their 'kubernetes.io/hostname' label", rn.Name) + logger.Warningf("failed to find matching kubernetes node for %q. Check the CephCluster's config and confirm each 'name' field in spec.storage.nodes matches their %q label", rn.Name, LabelHostname()) } } return nodes, nil diff --git a/pkg/operator/k8sutil/node_test.go b/pkg/operator/k8sutil/node_test.go index c3cff521dfb7..54dc4b5df831 100644 --- a/pkg/operator/k8sutil/node_test.go +++ b/pkg/operator/k8sutil/node_test.go @@ -336,6 +336,22 @@ func TestRookNodesMatchingKubernetesNodes(t *testing.T) { // no k8s nodes specified retNodes = RookNodesMatchingKubernetesNodes(rookStorage, []v1.Node{}) assert.Len(t, retNodes, 0) + + // custom node hostname label + t.Setenv("ROOK_CUSTOM_HOSTNAME_LABEL", "my_custom_hostname_label") + n0.Labels["my_custom_hostname_label"] = "node0-custom-hostname" + k8sNodes[0] = n0 + + rookStorage.Nodes = []cephv1.Node{ + {Name: "node0"}, + {Name: "node1"}, + {Name: "node2"}} + retNodes = RookNodesMatchingKubernetesNodes(rookStorage, k8sNodes) + assert.Len(t, retNodes, 3) + // this should return nodes named by hostname if that is available + assert.Contains(t, retNodes, cephv1.Node{Name: "node0-custom-hostname"}) + assert.Contains(t, retNodes, cephv1.Node{Name: "node1"}) + assert.Contains(t, retNodes, cephv1.Node{Name: "node2"}) } func TestGenerateNodeAffinity(t *testing.T) { From 5c39ac537a4e04e9f0aa42232a2cc22ea06c5c8d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 24 Jan 2025 09:21:02 +0100 Subject: [PATCH 33/49] build: remove broken make target lint The lint make target is not used anywhere in the codebase and is particular not run in the CI. It was recently discovered that `make lint` does not even work at all. It was subsequently suggested to remove the broken and unused target altogether. This change settles that issue by removing the lint target and the preparatory golint installation target. Fixes: #15317 Signed-off-by: Michael Adam --- Makefile | 4 ---- build/makelib/golang.mk | 12 ------------ 2 files changed, 16 deletions(-) diff --git a/Makefile b/Makefile index 309cfe58c282..882df39e5458 100644 --- a/Makefile +++ b/Makefile @@ -149,10 +149,6 @@ check test: ## Runs unit tests. test-integration: ## Runs integration tests. @$(MAKE) go.test.integration -lint: ## Check syntax and styling of go sources. - @$(MAKE) go.init - @$(MAKE) go.lint - vet: ## Runs lint checks on go sources. @$(MAKE) go.init @$(MAKE) go.vet diff --git a/build/makelib/golang.mk b/build/makelib/golang.mk index ec820e1f9f0a..fdef2670c884 100644 --- a/build/makelib/golang.mk +++ b/build/makelib/golang.mk @@ -64,7 +64,6 @@ endif GOPATH := $(shell go env GOPATH) # setup tools used during the build -GOLINT := $(TOOLS_HOST_DIR)/golint GOJUNIT := $(TOOLS_DIR)/go-junit-report GO := go @@ -144,11 +143,6 @@ go.test.integration: $(GOJUNIT) CGO_ENABLED=$(CGO_ENABLED_VALUE) $(GOHOST) test -v -timeout 7200s $(GO_TEST_FLAGS) $(GO_STATIC_FLAGS) $(GO_INTEGRATION_TEST_PACKAGES) $(TEST_FILTER_PARAM) 2>&1 | tee $(GO_TEST_OUTPUT)/integration-tests.log @cat $(GO_TEST_OUTPUT)/integration-tests.log | $(GOJUNIT) -set-exit-code > $(GO_TEST_OUTPUT)/integration-tests.xml -.PHONY: go.lint -go.lint: $(GOLINT) - @echo === go lint - @$(GOLINT) -set_exit_status=true $(GO_PACKAGES) $(GO_INTEGRATION_TEST_PACKAGES) - .PHONY: go.vet go.vet: @echo === go vet @@ -185,12 +179,6 @@ go.mod.clean: @sudo rm -fr $(WORK_DIR)/cross_pkg @$(GOHOST) clean -modcache -$(GOLINT): - @echo === installing golint - @mkdir -p $(TOOLS_HOST_DIR)/tmp - @GOPATH=$(TOOLS_HOST_DIR)/tmp GOBIN=$(TOOLS_HOST_DIR) $(GOHOST) get github.com/golang/lint/golint - @rm -fr $(TOOLS_HOST_DIR)/tmp - $(GOFMT): @echo === installing gofmt$(GOFMT_VERSION) @mkdir -p $(TOOLS_HOST_DIR)/tmp From 11a15d3adfca13805758e06c617ec608f1cecd31 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 22 Jan 2025 12:24:16 +0100 Subject: [PATCH 34/49] ci: refactor a shellcheck make target out of the github ci workflow This is to allow developers to conveniently run the same check locally as run in the CI. Signed-off-by: Michael Adam --- .github/workflows/shellcheck.yaml | 17 +++++++---------- Makefile | 4 ++++ 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml index bd8d999e8880..c0ccbb329613 100644 --- a/.github/workflows/shellcheck.yaml +++ b/.github/workflows/shellcheck.yaml @@ -24,13 +24,10 @@ jobs: name: Shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Run ShellCheck - uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master - with: - severity: warning - check_together: 'yes' - disable_matcher: false - additional_files: build/reset build/sed-in-place - ignore: olm - format: gcc + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: install shellcheck + run: | + sudo apt-get update + sudo apt-get install -y shellcheck + - name: Run ShellCheck + run: make shellcheck diff --git a/Makefile b/Makefile index 882df39e5458..64ee14c20e41 100644 --- a/Makefile +++ b/Makefile @@ -165,6 +165,10 @@ yamllint: pylint: pylint $(shell find $(ROOT_DIR) -name '*.py') -E +.PHONY: shellcheck +shellcheck: + shellcheck --severity=warning --format=gcc --shell=bash $(shell find $(ROOT_DIR) -type f -name '*.sh') build/reset build/sed-in-place + gen.codegen: codegen codegen: ${CODE_GENERATOR} ## Run code generators. @build/codegen/codegen.sh From 5bb77883d077813d3937d17826ecf5ffd157705c Mon Sep 17 00:00:00 2001 From: Thomas Kooi Date: Sun, 26 Jan 2025 18:23:22 +0100 Subject: [PATCH 35/49] docs: add Thalassa Cloud to Adopters Add Thalassa Cloud to the list of adopter of Rook Ceph Signed-off-by: Thomas Kooi --- ADOPTERS.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ADOPTERS.md b/ADOPTERS.md index a7a9587dbf37..9912e349fb3b 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -68,6 +68,9 @@ If submitting a description, the addition will be at the end of first part of th in our own server rack"*. * [Alauda](https://www.alauda.io/) Our container platform product(ACP) uses Rook Ceph to provide data persistence for applications, in addition to middleware backups, virtual machine disks, and more. +* [Thalassa Cloud](https://thalassa.cloud) is a private cloud platform that brings the functionality + of public cloud services into on-premises data centers. With Rook Ceph, we provide highly reliable + and scalable storage solutions tailored for our IaaS layer. * [CyCore Systems](https://www.cycoresys.com/) * [Datacom](http://datacom.co.nz/Home.aspx) * [Turtle Network (BLACK TURTLE BVBA)](https://www.turtlenetwork.eu/#home) From e111f8716d8a20ff26e9012929c58930a5e64f45 Mon Sep 17 00:00:00 2001 From: Nikhil-Ladha Date: Mon, 27 Jan 2025 12:34:57 +0530 Subject: [PATCH 36/49] csv: add generated csv changes add generated csv, configmap changes Signed-off-by: Nikhil-Ladha --- ...al-cluster-script-config_v1_configmap.yaml | 359 +++++++++--------- ...k-ceph-operator.clusterserviceversion.yaml | 359 +++++++++--------- 2 files changed, 360 insertions(+), 358 deletions(-) diff --git a/build/csv/ceph/rook-ceph-external-cluster-script-config_v1_configmap.yaml b/build/csv/ceph/rook-ceph-external-cluster-script-config_v1_configmap.yaml index 9c92df5b05d3..e463cbd119c1 100644 --- a/build/csv/ceph/rook-ceph-external-cluster-script-config_v1_configmap.yaml +++ b/build/csv/ceph/rook-ceph-external-cluster-script-config_v1_configmap.yaml @@ -1517,186 +1517,187 @@ data: b3V0X21hcFsiUkFET1NfTkFNRVNQQUNFIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICJwb29s Ijogc2VsZi5vdXRfbWFwWyJSQkRfUE9PTF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgfSwK ICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQogICAgICAgICAgICBqc29uX291dC5hcHBl - bmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiY2VwaC1y - YmQtcmFkb3MtbmFtZXNwYWNlIiwKICAgICAgICAgICAgICAgICAgICAia2luZCI6ICJTdG9yYWdl - Q2xhc3MiLAogICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAgICAgICAg - ICAgICAicG9vbCI6IHNlbGYub3V0X21hcFsiUkJEX1BPT0xfTkFNRSJdLAogICAgICAgICAgICAg - ICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL3Byb3Zpc2lvbmVyLXNlY3JldC1uYW1lIjog - ZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRfUFJPVklTSU9ORVJfU0VDUkVUX05BTUUnXX0i - LAogICAgICAgICAgICAgICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL2NvbnRyb2xsZXIt - ZXhwYW5kLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRfUFJPVklT - SU9ORVJfU0VDUkVUX05BTUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICAiY3NpLnN0b3Jh - Z2UuazhzLmlvL25vZGUtc3RhZ2Utc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsn - Q1NJX1JCRF9OT0RFX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICB9LAogICAg - ICAgICAgICAgICAgfQogICAgICAgICAgICApCiAgICAgICAgZWxzZToKICAgICAgICAgICAgaWYg - c2VsZi5vdXRfbWFwWyJSQkRfTUVUQURBVEFfRUNfUE9PTF9OQU1FIl06CiAgICAgICAgICAgICAg - ICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAg - ICAgICAgICAibmFtZSI6ICJjZXBoLXJiZCIsCiAgICAgICAgICAgICAgICAgICAgICAgICJraW5k - IjogIlN0b3JhZ2VDbGFzcyIsCiAgICAgICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAg - ICAgICAgICAgICAgICAgICAgICAgICAgImRhdGFQb29sIjogc2VsZi5vdXRfbWFwWyJSQkRfUE9P - TF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAicG9vbCI6IHNlbGYub3V0X21h - cFsiUkJEX01FVEFEQVRBX0VDX1BPT0xfTkFNRSJdLAogICAgICAgICAgICAgICAgICAgICAgICAg - ICAgImNzaS5zdG9yYWdlLms4cy5pby9wcm92aXNpb25lci1zZWNyZXQtbmFtZSI6IGYicm9vay17 - c2VsZi5vdXRfbWFwWydDU0lfUkJEX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAgICAg - ICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vY29udHJvbGxlci1leHBh - bmQtc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsnQ1NJX1JCRF9QUk9WSVNJT05F - Ul9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiY3NpLnN0b3Jh - Z2UuazhzLmlvL25vZGUtc3RhZ2Utc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsn - Q1NJX1JCRF9OT0RFX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAgfSwK - ICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICApCiAgICAgICAgICAgIGVsc2U6 - CiAgICAgICAgICAgICAgICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICAgICAgewog - ICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJjZXBoLXJiZCIsCiAgICAgICAgICAgICAg - ICAgICAgICAgICJraW5kIjogIlN0b3JhZ2VDbGFzcyIsCiAgICAgICAgICAgICAgICAgICAgICAg - ICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInBvb2wiOiBzZWxmLm91dF9t - YXBbIlJCRF9QT09MX05BTUUiXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3Rv - cmFnZS5rOHMuaW8vcHJvdmlzaW9uZXItc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21h - cFsnQ1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAg - ICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL2NvbnRyb2xsZXItZXhwYW5kLXNlY3JldC1u - YW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRfUFJPVklTSU9ORVJfU0VDUkVUX05B - TUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9u - b2RlLXN0YWdlLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRfTk9E - RV9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAg - ICAgICAgICAgfQogICAgICAgICAgICAgICAgKQoKICAgICAgICAjIGlmICdUT1BPTE9HWV9QT09M - UycsICdUT1BPTE9HWV9GQUlMVVJFX0RPTUFJTl9MQUJFTCcsICdUT1BPTE9HWV9GQUlMVVJFX0RP - TUFJTl9WQUxVRVMnICBleGlzdHMsCiAgICAgICAgIyB0aGVuIG9ubHkgYWRkICd0b3BvbG9neScg - U3RvcmFnZUNsYXNzCiAgICAgICAgaWYgKAogICAgICAgICAgICBzZWxmLm91dF9tYXBbIlRPUE9M - T0dZX1BPT0xTIl0KICAgICAgICAgICAgYW5kIHNlbGYub3V0X21hcFsiVE9QT0xPR1lfRkFJTFVS - RV9ET01BSU5fTEFCRUwiXQogICAgICAgICAgICBhbmQgc2VsZi5vdXRfbWFwWyJUT1BPTE9HWV9G - QUlMVVJFX0RPTUFJTl9WQUxVRVMiXQogICAgICAgICk6CiAgICAgICAgICAgIGpzb25fb3V0LmFw - cGVuZCgKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJjZXBo - LXJiZC10b3BvbG9neSIsCiAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU3RvcmFnZUNsYXNz - IiwKICAgICAgICAgICAgICAgICAgICAiZGF0YSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAg - InRvcG9sb2d5RmFpbHVyZURvbWFpbkxhYmVsIjogc2VsZi5vdXRfbWFwWwogICAgICAgICAgICAg - ICAgICAgICAgICAgICAgIlRPUE9MT0dZX0ZBSUxVUkVfRE9NQUlOX0xBQkVMIgogICAgICAgICAg - ICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICAgICAgICAgICAidG9wb2xvZ3lGYWlsdXJl - RG9tYWluVmFsdWVzIjogc2VsZi5vdXRfbWFwWwogICAgICAgICAgICAgICAgICAgICAgICAgICAg - IlRPUE9MT0dZX0ZBSUxVUkVfRE9NQUlOX1ZBTFVFUyIKICAgICAgICAgICAgICAgICAgICAgICAg - XSwKICAgICAgICAgICAgICAgICAgICAgICAgInRvcG9sb2d5UG9vbHMiOiBzZWxmLm91dF9tYXBb - IlRPUE9MT0dZX1BPT0xTIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5r - OHMuaW8vcHJvdmlzaW9uZXItc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsnQ1NJ - X1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAgICAg - ICJjc2kuc3RvcmFnZS5rOHMuaW8vY29udHJvbGxlci1leHBhbmQtc2VjcmV0LW5hbWUiOiBmInJv - b2ste3NlbGYub3V0X21hcFsnQ1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAg - ICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vbm9kZS1zdGFnZS1zZWNy - ZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX05PREVfU0VDUkVUX05BTUUn - XX0iLAogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAg - ICkKCiAgICAgICAgIyBpZiAnQ0VQSEZTX0ZTX05BTUUnIGV4aXN0cywgdGhlbiBvbmx5IGFkZCAn - Y2VwaGZzJyBTdG9yYWdlQ2xhc3MKICAgICAgICBpZiBzZWxmLm91dF9tYXBbIkNFUEhGU19GU19O - QU1FIl06CiAgICAgICAgICAgIGpzb25fb3V0LmFwcGVuZCgKICAgICAgICAgICAgICAgIHsKICAg - ICAgICAgICAgICAgICAgICAibmFtZSI6ICJjZXBoZnMiLAogICAgICAgICAgICAgICAgICAgICJr - aW5kIjogIlN0b3JhZ2VDbGFzcyIsCiAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAg - ICAgICAgICAgICAgICAgICAgICJmc05hbWUiOiBzZWxmLm91dF9tYXBbIkNFUEhGU19GU19OQU1F - Il0sCiAgICAgICAgICAgICAgICAgICAgICAgICJwb29sIjogc2VsZi5vdXRfbWFwWyJDRVBIRlNf - UE9PTF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8v - cHJvdmlzaW9uZXItc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsnQ1NJX0NFUEhG - U19QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAgICAgICJj - c2kuc3RvcmFnZS5rOHMuaW8vY29udHJvbGxlci1leHBhbmQtc2VjcmV0LW5hbWUiOiBmInJvb2st - e3NlbGYub3V0X21hcFsnQ1NJX0NFUEhGU19QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAg - ICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vbm9kZS1zdGFnZS1zZWNy - ZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfQ0VQSEZTX05PREVfU0VDUkVUX05B + bmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiBmImNlcGgt + cmJkLXJhZG9zLW5hbWVzcGFjZS17c2VsZi5vdXRfbWFwWydSQURPU19OQU1FU1BBQ0UnXX0iLAog + ICAgICAgICAgICAgICAgICAgICJraW5kIjogIlN0b3JhZ2VDbGFzcyIsCiAgICAgICAgICAgICAg + ICAgICAgImRhdGEiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJwb29sIjogc2VsZi5vdXRf + bWFwWyJSQkRfUE9PTF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFn + ZS5rOHMuaW8vcHJvdmlzaW9uZXItc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsn + Q1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAg + ICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vY29udHJvbGxlci1leHBhbmQtc2VjcmV0LW5hbWUiOiBm + InJvb2ste3NlbGYub3V0X21hcFsnQ1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIs + CiAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vbm9kZS1zdGFnZS1z + ZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX05PREVfU0VDUkVUX05B TUUnXX0iLAogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICB9CiAgICAgICAg - ICAgICkKICAgICAgICAjIGlmICdSR1dfRU5EUE9JTlQnIGV4aXN0cywgdGhlbiBvbmx5IGFkZCAn - Y2VwaC1yZ3cnIFN0b3JhZ2VDbGFzcwogICAgICAgIGlmIHNlbGYub3V0X21hcFsiUkdXX0VORFBP - SU5UIl06CiAgICAgICAgICAgIGpzb25fb3V0LmFwcGVuZCgKICAgICAgICAgICAgICAgIHsKICAg - ICAgICAgICAgICAgICAgICAibmFtZSI6ICJjZXBoLXJndyIsCiAgICAgICAgICAgICAgICAgICAg - ImtpbmQiOiAiU3RvcmFnZUNsYXNzIiwKICAgICAgICAgICAgICAgICAgICAiZGF0YSI6IHsKICAg - ICAgICAgICAgICAgICAgICAgICAgImVuZHBvaW50Ijogc2VsZi5vdXRfbWFwWyJSR1dfRU5EUE9J - TlQiXSwKICAgICAgICAgICAgICAgICAgICAgICAgInBvb2xQcmVmaXgiOiBzZWxmLm91dF9tYXBb - IlJHV19QT09MX1BSRUZJWCJdLAogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAg - ICB9CiAgICAgICAgICAgICkKICAgICAgICAgICAganNvbl9vdXQuYXBwZW5kKAogICAgICAgICAg - ICAgICAgewogICAgICAgICAgICAgICAgICAgICJuYW1lIjogInJndy1hZG1pbi1vcHMtdXNlciIs - CiAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU2VjcmV0IiwKICAgICAgICAgICAgICAgICAg - ICAiZGF0YSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImFjY2Vzc0tleSI6IHNlbGYub3V0 - X21hcFsiUkdXX0FETUlOX09QU19VU0VSX0FDQ0VTU19LRVkiXSwKICAgICAgICAgICAgICAgICAg - ICAgICAgInNlY3JldEtleSI6IHNlbGYub3V0X21hcFsiUkdXX0FETUlOX09QU19VU0VSX1NFQ1JF - VF9LRVkiXSwKICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgfQogICAgICAg - ICAgICApCiAgICAgICAgIyBpZiAnUkdXX1RMU19DRVJUJyBleGlzdHMsIHRoZW4gb25seSBhZGQg - dGhlICJjZXBoLXJndy10bHMtY2VydCIgc2VjcmV0CiAgICAgICAgaWYgc2VsZi5vdXRfbWFwWyJS - R1dfVExTX0NFUlQiXToKICAgICAgICAgICAganNvbl9vdXQuYXBwZW5kKAogICAgICAgICAgICAg - ICAgewogICAgICAgICAgICAgICAgICAgICJuYW1lIjogImNlcGgtcmd3LXRscy1jZXJ0IiwKICAg - ICAgICAgICAgICAgICAgICAia2luZCI6ICJTZWNyZXQiLAogICAgICAgICAgICAgICAgICAgICJk - YXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAiY2VydCI6IHNlbGYub3V0X21hcFsiUkdX - X1RMU19DRVJUIl0sCiAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgIH0KICAg - ICAgICAgICAgKQoKICAgICAgICByZXR1cm4ganNvbi5kdW1wcyhqc29uX291dCkgKyBMSU5FU0VQ - CgogICAgZGVmIHVwZ3JhZGVfdXNlcnNfcGVybWlzc2lvbnMoc2VsZik6CiAgICAgICAgdXNlcnMg - PSBbCiAgICAgICAgICAgICJjbGllbnQuY3NpLWNlcGhmcy1ub2RlIiwKICAgICAgICAgICAgImNs - aWVudC5jc2ktY2VwaGZzLXByb3Zpc2lvbmVyIiwKICAgICAgICAgICAgImNsaWVudC5jc2ktcmJk - LW5vZGUiLAogICAgICAgICAgICAiY2xpZW50LmNzaS1yYmQtcHJvdmlzaW9uZXIiLAogICAgICAg - ICAgICAiY2xpZW50LmhlYWx0aGNoZWNrZXIiLAogICAgICAgIF0KICAgICAgICBpZiBzZWxmLnJ1 - bl9hc191c2VyICE9ICIiIGFuZCBzZWxmLnJ1bl9hc191c2VyIG5vdCBpbiB1c2VyczoKICAgICAg - ICAgICAgdXNlcnMuYXBwZW5kKHNlbGYucnVuX2FzX3VzZXIpCiAgICAgICAgZm9yIHVzZXIgaW4g - dXNlcnM6CiAgICAgICAgICAgIHNlbGYudXBncmFkZV91c2VyX3Blcm1pc3Npb25zKHVzZXIpCgog - ICAgZGVmIGdldF9yZ3dfcG9vbF9uYW1lX2R1cmluZ191cGdyYWRlKHNlbGYsIHVzZXIsIGNhcHMp - OgogICAgICAgIGlmIHVzZXIgPT0gImNsaWVudC5oZWFsdGhjaGVja2VyIjoKICAgICAgICAgICAg - IyB3aGVuIGFkbWluIGhhcyBub3QgcHJvdmlkZWQgcmd3IHBvb2wgbmFtZSBkdXJpbmcgdXBncmFk - ZSwKICAgICAgICAgICAgIyBnZXQgdGhlIHJndyBwb29sIG5hbWUgZnJvbSBjbGllbnQuaGVhbHRo - Y2hlY2tlciB1c2VyIHdoaWNoIHdhcyB1c2VkIGR1cmluZyBjb25uZWN0aW9uCiAgICAgICAgICAg - IGlmIG5vdCBzZWxmLl9hcmdfcGFyc2VyLnJnd19wb29sX3ByZWZpeDoKICAgICAgICAgICAgICAg - ICMgVG8gZ2V0IHZhbHVlICdkZWZhdWx0JyB3aGljaCBpcyByZ3cgcG9vbCBuYW1lIGZyb20gJ2Fs - bG93IHJ3eCBwb29sPWRlZmF1bHQucmd3Lm1ldGEnCiAgICAgICAgICAgICAgICBwYXR0ZXJuID0g - ciJwb29sPSguKj8pXC5yZ3dcLm1ldGEiCiAgICAgICAgICAgICAgICBtYXRjaCA9IHJlLnNlYXJj - aChwYXR0ZXJuLCBjYXBzKQogICAgICAgICAgICAgICAgaWYgbWF0Y2g6CiAgICAgICAgICAgICAg - ICAgICAgc2VsZi5fYXJnX3BhcnNlci5yZ3dfcG9vbF9wcmVmaXggPSBtYXRjaC5ncm91cCgxKQog - ICAgICAgICAgICAgICAgZWxzZToKICAgICAgICAgICAgICAgICAgICByYWlzZSBFeGVjdXRpb25G - YWlsdXJlRXhjZXB0aW9uKAogICAgICAgICAgICAgICAgICAgICAgICAiZmFpbGVkIHRvIGdldCBy - Z3cgcG9vbCBuYW1lIGZvciB1cGdyYWRlIgogICAgICAgICAgICAgICAgICAgICkKCiAgICBkZWYg - dXBncmFkZV91c2VyX3Blcm1pc3Npb25zKHNlbGYsIHVzZXIpOgogICAgICAgICMgY2hlY2sgd2hl - dGhlciB0aGUgZ2l2ZW4gdXNlciBleGlzdHMgb3Igbm90CiAgICAgICAgY21kX2pzb24gPSB7InBy - ZWZpeCI6ICJhdXRoIGdldCIsICJlbnRpdHkiOiBmInt1c2VyfSIsICJmb3JtYXQiOiAianNvbiJ9 - CiAgICAgICAgcmV0X3ZhbCwganNvbl9vdXQsIGVycl9tc2cgPSBzZWxmLl9jb21tb25fY21kX2pz - b25fZ2VuKGNtZF9qc29uKQogICAgICAgIGlmIHJldF92YWwgIT0gMCBvciBsZW4oanNvbl9vdXQp - ID09IDA6CiAgICAgICAgICAgIHByaW50KGYidXNlciB7dXNlcn0gbm90IGZvdW5kIGZvciB1cGdy - YWRpbmcuIikKICAgICAgICAgICAgcmV0dXJuCiAgICAgICAgZXhpc3RpbmdfY2FwcyA9IGpzb25f - b3V0WzBdWyJjYXBzIl0KICAgICAgICBzZWxmLmdldF9yZ3dfcG9vbF9uYW1lX2R1cmluZ191cGdy - YWRlKHVzZXIsIHN0cihleGlzdGluZ19jYXBzKSkKICAgICAgICBuZXdfY2FwLCBfID0gc2VsZi5n - ZXRfY2Fwc19hbmRfZW50aXR5KHVzZXIpCiAgICAgICAgY2FwX2tleXMgPSBbIm1vbiIsICJtZ3Ii - LCAib3NkIiwgIm1kcyJdCiAgICAgICAgY2FwcyA9IFtdCiAgICAgICAgZm9yIGVhY2hDYXAgaW4g - Y2FwX2tleXM6CiAgICAgICAgICAgIGN1cl9jYXBfdmFsdWVzID0gZXhpc3RpbmdfY2Fwcy5nZXQo - ZWFjaENhcCwgIiIpCiAgICAgICAgICAgIG5ld19jYXBfdmFsdWVzID0gbmV3X2NhcC5nZXQoZWFj - aENhcCwgIiIpCiAgICAgICAgICAgIGN1cl9jYXBfcGVybV9saXN0ID0gWwogICAgICAgICAgICAg - ICAgeC5zdHJpcCgpIGZvciB4IGluIGN1cl9jYXBfdmFsdWVzLnNwbGl0KCIsIikgaWYgeC5zdHJp - cCgpCiAgICAgICAgICAgIF0KICAgICAgICAgICAgbmV3X2NhcF9wZXJtX2xpc3QgPSBbCiAgICAg - ICAgICAgICAgICB4LnN0cmlwKCkgZm9yIHggaW4gbmV3X2NhcF92YWx1ZXMuc3BsaXQoIiwiKSBp - ZiB4LnN0cmlwKCkKICAgICAgICAgICAgXQogICAgICAgICAgICAjIGFwcGVuZCBuZXdfY2FwX2xp - c3QgdG8gY3VyX2NhcF9saXN0IHRvIG1haW50YWluIHRoZSBvcmRlciBvZiBjYXBzCiAgICAgICAg - ICAgIGN1cl9jYXBfcGVybV9saXN0LmV4dGVuZChuZXdfY2FwX3Blcm1fbGlzdCkKICAgICAgICAg - ICAgIyBlbGltaW5hdGUgZHVwbGljYXRlcyB3aXRob3V0IHVzaW5nICdzZXQnCiAgICAgICAgICAg - ICMgc2V0IHJlLW9yZGVycyBpdGVtcyBpbiB0aGUgbGlzdCBhbmQgd2UgaGF2ZSB0byBrZWVwIHRo - ZSBvcmRlcgogICAgICAgICAgICBuZXdfY2FwX2xpc3QgPSBbXQogICAgICAgICAgICBbbmV3X2Nh - cF9saXN0LmFwcGVuZCh4KSBmb3IgeCBpbiBjdXJfY2FwX3Blcm1fbGlzdCBpZiB4IG5vdCBpbiBu - ZXdfY2FwX2xpc3RdCiAgICAgICAgICAgIGV4aXN0aW5nX2NhcHNbZWFjaENhcF0gPSAiLCAiLmpv - aW4obmV3X2NhcF9saXN0KQogICAgICAgICAgICBpZiBleGlzdGluZ19jYXBzW2VhY2hDYXBdOgog - ICAgICAgICAgICAgICAgY2Fwcy5hcHBlbmQoZWFjaENhcCkKICAgICAgICAgICAgICAgIGNhcHMu - YXBwZW5kKGV4aXN0aW5nX2NhcHNbZWFjaENhcF0pCiAgICAgICAgY21kX2pzb24gPSB7CiAgICAg - ICAgICAgICJwcmVmaXgiOiAiYXV0aCBjYXBzIiwKICAgICAgICAgICAgImVudGl0eSI6IHVzZXIs - CiAgICAgICAgICAgICJjYXBzIjogY2FwcywKICAgICAgICAgICAgImZvcm1hdCI6ICJqc29uIiwK - ICAgICAgICB9CiAgICAgICAgcmV0X3ZhbCwganNvbl9vdXQsIGVycl9tc2cgPSBzZWxmLl9jb21t - b25fY21kX2pzb25fZ2VuKGNtZF9qc29uKQogICAgICAgIGlmIHJldF92YWwgIT0gMDoKICAgICAg - ICAgICAgcmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbigKICAgICAgICAgICAgICAgIGYi - J2F1dGggY2FwcyB7dXNlcn0nIGNvbW1hbmQgZmFpbGVkLlxuIEVycm9yOiB7ZXJyX21zZ30iCiAg - ICAgICAgICAgICkKICAgICAgICBwcmludChmIlVwZGF0ZWQgdXNlciB7dXNlcn0gc3VjY2Vzc2Z1 - bGx5LiIpCgogICAgZGVmIG1haW4oc2VsZik6CiAgICAgICAgZ2VuZXJhdGVkX291dHB1dCA9ICIi - CiAgICAgICAgaWYgc2VsZi5fYXJnX3BhcnNlci51cGdyYWRlOgogICAgICAgICAgICBzZWxmLnVw - Z3JhZGVfdXNlcnNfcGVybWlzc2lvbnMoKQogICAgICAgIGVsaWYgc2VsZi5fYXJnX3BhcnNlci5m - b3JtYXQgPT0gImpzb24iOgogICAgICAgICAgICBnZW5lcmF0ZWRfb3V0cHV0ID0gc2VsZi5nZW5f - anNvbl9vdXQoKQogICAgICAgIGVsaWYgc2VsZi5fYXJnX3BhcnNlci5mb3JtYXQgPT0gImJhc2gi - OgogICAgICAgICAgICBnZW5lcmF0ZWRfb3V0cHV0ID0gc2VsZi5nZW5fc2hlbGxfb3V0KCkKICAg - ICAgICBlbHNlOgogICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uKAog - ICAgICAgICAgICAgICAgZiJVbnN1cHBvcnRlZCBmb3JtYXQ6IHtzZWxmLl9hcmdfcGFyc2VyLmZv - cm1hdH0iCiAgICAgICAgICAgICkKICAgICAgICBwcmludChnZW5lcmF0ZWRfb3V0cHV0KQogICAg - ICAgIGlmIHNlbGYub3V0cHV0X2ZpbGUgYW5kIGdlbmVyYXRlZF9vdXRwdXQ6CiAgICAgICAgICAg - IGZPdXQgPSBvcGVuKHNlbGYub3V0cHV0X2ZpbGUsIG1vZGU9InciLCBlbmNvZGluZz0iVVRGLTgi - KQogICAgICAgICAgICBmT3V0LndyaXRlKGdlbmVyYXRlZF9vdXRwdXQpCiAgICAgICAgICAgIGZP - dXQuY2xvc2UoKQoKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj - IyMjIwojIyMjIyMjIyMjIyMjIyMjIyMjIyMgTUFJTiAjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyMj - IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCmlmIF9fbmFtZV9f - ID09ICJfX21haW5fXyI6CiAgICByak9iaiA9IFJhZG9zSlNPTigpCiAgICB0cnk6CiAgICAgICAg - cmpPYmoubWFpbigpCiAgICBleGNlcHQgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbiBhcyBlcnI6 - CiAgICAgICAgcHJpbnQoZiJFeGVjdXRpb24gRmFpbGVkOiB7ZXJyfSIpCiAgICAgICAgcmFpc2Ug - ZXJyCiAgICBleGNlcHQgS2V5RXJyb3IgYXMga0VycjoKICAgICAgICBwcmludChmIktleUVycm9y - OiB7a0Vycn0iKQogICAgZXhjZXB0IE9TRXJyb3IgYXMgb3NFcnI6CiAgICAgICAgcHJpbnQoZiJF - cnJvciB3aGlsZSB0cnlpbmcgdG8gb3V0cHV0IHRoZSBkYXRhOiB7b3NFcnJ9IikKICAgIGZpbmFs - bHk6CiAgICAgICAgcmpPYmouc2h1dGRvd24oKQo= + ICAgICkKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiBzZWxmLm91dF9tYXBbIlJCRF9NRVRB + REFUQV9FQ19QT09MX05BTUUiXToKICAgICAgICAgICAgICAgIGpzb25fb3V0LmFwcGVuZCgKICAg + ICAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogImNlcGgt + cmJkIiwKICAgICAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU3RvcmFnZUNsYXNzIiwKICAg + ICAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAg + ICAiZGF0YVBvb2wiOiBzZWxmLm91dF9tYXBbIlJCRF9QT09MX05BTUUiXSwKICAgICAgICAgICAg + ICAgICAgICAgICAgICAgICJwb29sIjogc2VsZi5vdXRfbWFwWyJSQkRfTUVUQURBVEFfRUNfUE9P + TF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlv + L3Byb3Zpc2lvbmVyLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRf + UFJPVklTSU9ORVJfU0VDUkVUX05BTUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAg + ImNzaS5zdG9yYWdlLms4cy5pby9jb250cm9sbGVyLWV4cGFuZC1zZWNyZXQtbmFtZSI6IGYicm9v + ay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAg + ICAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vbm9kZS1zdGFnZS1z + ZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX05PREVfU0VDUkVUX05B + TUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgIH0K + ICAgICAgICAgICAgICAgICkKICAgICAgICAgICAgZWxzZToKICAgICAgICAgICAgICAgIGpzb25f + b3V0LmFwcGVuZCgKICAgICAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgICAg + ICJuYW1lIjogImNlcGgtcmJkIiwKICAgICAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU3Rv + cmFnZUNsYXNzIiwKICAgICAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAgICAgICAg + ICAgICAgICAgICAgICAgICAicG9vbCI6IHNlbGYub3V0X21hcFsiUkJEX1BPT0xfTkFNRSJdLAog + ICAgICAgICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9wcm92aXNpb25l + ci1zZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX1BST1ZJU0lPTkVS + X1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFn + ZS5rOHMuaW8vY29udHJvbGxlci1leHBhbmQtc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0 + X21hcFsnQ1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAg + ICAgICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL25vZGUtc3RhZ2Utc2VjcmV0LW5hbWUi + OiBmInJvb2ste3NlbGYub3V0X21hcFsnQ1NJX1JCRF9OT0RFX1NFQ1JFVF9OQU1FJ119IiwKICAg + ICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAg + ICAgICApCgogICAgICAgICMgaWYgJ1RPUE9MT0dZX1BPT0xTJywgJ1RPUE9MT0dZX0ZBSUxVUkVf + RE9NQUlOX0xBQkVMJywgJ1RPUE9MT0dZX0ZBSUxVUkVfRE9NQUlOX1ZBTFVFUycgIGV4aXN0cywK + ICAgICAgICAjIHRoZW4gb25seSBhZGQgJ3RvcG9sb2d5JyBTdG9yYWdlQ2xhc3MKICAgICAgICBp + ZiAoCiAgICAgICAgICAgIHNlbGYub3V0X21hcFsiVE9QT0xPR1lfUE9PTFMiXQogICAgICAgICAg + ICBhbmQgc2VsZi5vdXRfbWFwWyJUT1BPTE9HWV9GQUlMVVJFX0RPTUFJTl9MQUJFTCJdCiAgICAg + ICAgICAgIGFuZCBzZWxmLm91dF9tYXBbIlRPUE9MT0dZX0ZBSUxVUkVfRE9NQUlOX1ZBTFVFUyJd + CiAgICAgICAgKToKICAgICAgICAgICAganNvbl9vdXQuYXBwZW5kKAogICAgICAgICAgICAgICAg + ewogICAgICAgICAgICAgICAgICAgICJuYW1lIjogImNlcGgtcmJkLXRvcG9sb2d5IiwKICAgICAg + ICAgICAgICAgICAgICAia2luZCI6ICJTdG9yYWdlQ2xhc3MiLAogICAgICAgICAgICAgICAgICAg + ICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAidG9wb2xvZ3lGYWlsdXJlRG9tYWlu + TGFiZWwiOiBzZWxmLm91dF9tYXBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiVE9QT0xP + R1lfRkFJTFVSRV9ET01BSU5fTEFCRUwiCiAgICAgICAgICAgICAgICAgICAgICAgIF0sCiAgICAg + ICAgICAgICAgICAgICAgICAgICJ0b3BvbG9neUZhaWx1cmVEb21haW5WYWx1ZXMiOiBzZWxmLm91 + dF9tYXBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiVE9QT0xPR1lfRkFJTFVSRV9ET01B + SU5fVkFMVUVTIgogICAgICAgICAgICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICAgICAg + ICAgICAidG9wb2xvZ3lQb29scyI6IHNlbGYub3V0X21hcFsiVE9QT0xPR1lfUE9PTFMiXSwKICAg + ICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9wcm92aXNpb25lci1zZWNy + ZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX1BST1ZJU0lPTkVSX1NFQ1JF + VF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9j + b250cm9sbGVyLWV4cGFuZC1zZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lf + UkJEX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAg + ImNzaS5zdG9yYWdlLms4cy5pby9ub2RlLXN0YWdlLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxm + Lm91dF9tYXBbJ0NTSV9SQkRfTk9ERV9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAg + ICAgfSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQoKICAgICAgICAjIGlmICdDRVBI + RlNfRlNfTkFNRScgZXhpc3RzLCB0aGVuIG9ubHkgYWRkICdjZXBoZnMnIFN0b3JhZ2VDbGFzcwog + ICAgICAgIGlmIHNlbGYub3V0X21hcFsiQ0VQSEZTX0ZTX05BTUUiXToKICAgICAgICAgICAganNv + bl9vdXQuYXBwZW5kKAogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJuYW1l + IjogImNlcGhmcyIsCiAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU3RvcmFnZUNsYXNzIiwK + ICAgICAgICAgICAgICAgICAgICAiZGF0YSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImZz + TmFtZSI6IHNlbGYub3V0X21hcFsiQ0VQSEZTX0ZTX05BTUUiXSwKICAgICAgICAgICAgICAgICAg + ICAgICAgInBvb2wiOiBzZWxmLm91dF9tYXBbIkNFUEhGU19QT09MX05BTUUiXSwKICAgICAgICAg + ICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9wcm92aXNpb25lci1zZWNyZXQtbmFt + ZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfQ0VQSEZTX1BST1ZJU0lPTkVSX1NFQ1JFVF9O + QU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9jb250 + cm9sbGVyLWV4cGFuZC1zZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfQ0VQ + SEZTX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAg + ImNzaS5zdG9yYWdlLms4cy5pby9ub2RlLXN0YWdlLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxm + Lm91dF9tYXBbJ0NTSV9DRVBIRlNfTk9ERV9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAg + ICAgICAgfSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQogICAgICAgICMgaWYgJ1JH + V19FTkRQT0lOVCcgZXhpc3RzLCB0aGVuIG9ubHkgYWRkICdjZXBoLXJndycgU3RvcmFnZUNsYXNz + CiAgICAgICAgaWYgc2VsZi5vdXRfbWFwWyJSR1dfRU5EUE9JTlQiXToKICAgICAgICAgICAganNv + bl9vdXQuYXBwZW5kKAogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJuYW1l + IjogImNlcGgtcmd3IiwKICAgICAgICAgICAgICAgICAgICAia2luZCI6ICJTdG9yYWdlQ2xhc3Mi + LAogICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAi + ZW5kcG9pbnQiOiBzZWxmLm91dF9tYXBbIlJHV19FTkRQT0lOVCJdLAogICAgICAgICAgICAgICAg + ICAgICAgICAicG9vbFByZWZpeCI6IHNlbGYub3V0X21hcFsiUkdXX1BPT0xfUFJFRklYIl0sCiAg + ICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQogICAg + ICAgICAgICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAg + ICAgICAgIm5hbWUiOiAicmd3LWFkbWluLW9wcy11c2VyIiwKICAgICAgICAgICAgICAgICAgICAi + a2luZCI6ICJTZWNyZXQiLAogICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAg + ICAgICAgICAgICAgICAiYWNjZXNzS2V5Ijogc2VsZi5vdXRfbWFwWyJSR1dfQURNSU5fT1BTX1VT + RVJfQUNDRVNTX0tFWSJdLAogICAgICAgICAgICAgICAgICAgICAgICAic2VjcmV0S2V5Ijogc2Vs + Zi5vdXRfbWFwWyJSR1dfQURNSU5fT1BTX1VTRVJfU0VDUkVUX0tFWSJdLAogICAgICAgICAgICAg + ICAgICAgIH0sCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICkKICAgICAgICAjIGlmICdS + R1dfVExTX0NFUlQnIGV4aXN0cywgdGhlbiBvbmx5IGFkZCB0aGUgImNlcGgtcmd3LXRscy1jZXJ0 + IiBzZWNyZXQKICAgICAgICBpZiBzZWxmLm91dF9tYXBbIlJHV19UTFNfQ0VSVCJdOgogICAgICAg + ICAgICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAg + ICAgIm5hbWUiOiAiY2VwaC1yZ3ctdGxzLWNlcnQiLAogICAgICAgICAgICAgICAgICAgICJraW5k + IjogIlNlY3JldCIsCiAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAgICAgICAgICAg + ICAgICAgICAgICJjZXJ0Ijogc2VsZi5vdXRfbWFwWyJSR1dfVExTX0NFUlQiXSwKICAgICAgICAg + ICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgfQogICAgICAgICAgICApCgogICAgICAgIHJl + dHVybiBqc29uLmR1bXBzKGpzb25fb3V0KSArIExJTkVTRVAKCiAgICBkZWYgdXBncmFkZV91c2Vy + c19wZXJtaXNzaW9ucyhzZWxmKToKICAgICAgICB1c2VycyA9IFsKICAgICAgICAgICAgImNsaWVu + dC5jc2ktY2VwaGZzLW5vZGUiLAogICAgICAgICAgICAiY2xpZW50LmNzaS1jZXBoZnMtcHJvdmlz + aW9uZXIiLAogICAgICAgICAgICAiY2xpZW50LmNzaS1yYmQtbm9kZSIsCiAgICAgICAgICAgICJj + bGllbnQuY3NpLXJiZC1wcm92aXNpb25lciIsCiAgICAgICAgICAgICJjbGllbnQuaGVhbHRoY2hl + Y2tlciIsCiAgICAgICAgXQogICAgICAgIGlmIHNlbGYucnVuX2FzX3VzZXIgIT0gIiIgYW5kIHNl + bGYucnVuX2FzX3VzZXIgbm90IGluIHVzZXJzOgogICAgICAgICAgICB1c2Vycy5hcHBlbmQoc2Vs + Zi5ydW5fYXNfdXNlcikKICAgICAgICBmb3IgdXNlciBpbiB1c2VyczoKICAgICAgICAgICAgc2Vs + Zi51cGdyYWRlX3VzZXJfcGVybWlzc2lvbnModXNlcikKCiAgICBkZWYgZ2V0X3Jnd19wb29sX25h + bWVfZHVyaW5nX3VwZ3JhZGUoc2VsZiwgdXNlciwgY2Fwcyk6CiAgICAgICAgaWYgdXNlciA9PSAi + Y2xpZW50LmhlYWx0aGNoZWNrZXIiOgogICAgICAgICAgICAjIHdoZW4gYWRtaW4gaGFzIG5vdCBw + cm92aWRlZCByZ3cgcG9vbCBuYW1lIGR1cmluZyB1cGdyYWRlLAogICAgICAgICAgICAjIGdldCB0 + aGUgcmd3IHBvb2wgbmFtZSBmcm9tIGNsaWVudC5oZWFsdGhjaGVja2VyIHVzZXIgd2hpY2ggd2Fz + IHVzZWQgZHVyaW5nIGNvbm5lY3Rpb24KICAgICAgICAgICAgaWYgbm90IHNlbGYuX2FyZ19wYXJz + ZXIucmd3X3Bvb2xfcHJlZml4OgogICAgICAgICAgICAgICAgIyBUbyBnZXQgdmFsdWUgJ2RlZmF1 + bHQnIHdoaWNoIGlzIHJndyBwb29sIG5hbWUgZnJvbSAnYWxsb3cgcnd4IHBvb2w9ZGVmYXVsdC5y + Z3cubWV0YScKICAgICAgICAgICAgICAgIHBhdHRlcm4gPSByInBvb2w9KC4qPylcLnJnd1wubWV0 + YSIKICAgICAgICAgICAgICAgIG1hdGNoID0gcmUuc2VhcmNoKHBhdHRlcm4sIGNhcHMpCiAgICAg + ICAgICAgICAgICBpZiBtYXRjaDoKICAgICAgICAgICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2Vy + LnJnd19wb29sX3ByZWZpeCA9IG1hdGNoLmdyb3VwKDEpCiAgICAgICAgICAgICAgICBlbHNlOgog + ICAgICAgICAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAg + ICAgICAgICAgICAgICAgICAgICJmYWlsZWQgdG8gZ2V0IHJndyBwb29sIG5hbWUgZm9yIHVwZ3Jh + ZGUiCiAgICAgICAgICAgICAgICAgICAgKQoKICAgIGRlZiB1cGdyYWRlX3VzZXJfcGVybWlzc2lv + bnMoc2VsZiwgdXNlcik6CiAgICAgICAgIyBjaGVjayB3aGV0aGVyIHRoZSBnaXZlbiB1c2VyIGV4 + aXN0cyBvciBub3QKICAgICAgICBjbWRfanNvbiA9IHsicHJlZml4IjogImF1dGggZ2V0IiwgImVu + dGl0eSI6IGYie3VzZXJ9IiwgImZvcm1hdCI6ICJqc29uIn0KICAgICAgICByZXRfdmFsLCBqc29u + X291dCwgZXJyX21zZyA9IHNlbGYuX2NvbW1vbl9jbWRfanNvbl9nZW4oY21kX2pzb24pCiAgICAg + ICAgaWYgcmV0X3ZhbCAhPSAwIG9yIGxlbihqc29uX291dCkgPT0gMDoKICAgICAgICAgICAgcHJp + bnQoZiJ1c2VyIHt1c2VyfSBub3QgZm91bmQgZm9yIHVwZ3JhZGluZy4iKQogICAgICAgICAgICBy + ZXR1cm4KICAgICAgICBleGlzdGluZ19jYXBzID0ganNvbl9vdXRbMF1bImNhcHMiXQogICAgICAg + IHNlbGYuZ2V0X3Jnd19wb29sX25hbWVfZHVyaW5nX3VwZ3JhZGUodXNlciwgc3RyKGV4aXN0aW5n + X2NhcHMpKQogICAgICAgIG5ld19jYXAsIF8gPSBzZWxmLmdldF9jYXBzX2FuZF9lbnRpdHkodXNl + cikKICAgICAgICBjYXBfa2V5cyA9IFsibW9uIiwgIm1nciIsICJvc2QiLCAibWRzIl0KICAgICAg + ICBjYXBzID0gW10KICAgICAgICBmb3IgZWFjaENhcCBpbiBjYXBfa2V5czoKICAgICAgICAgICAg + Y3VyX2NhcF92YWx1ZXMgPSBleGlzdGluZ19jYXBzLmdldChlYWNoQ2FwLCAiIikKICAgICAgICAg + ICAgbmV3X2NhcF92YWx1ZXMgPSBuZXdfY2FwLmdldChlYWNoQ2FwLCAiIikKICAgICAgICAgICAg + Y3VyX2NhcF9wZXJtX2xpc3QgPSBbCiAgICAgICAgICAgICAgICB4LnN0cmlwKCkgZm9yIHggaW4g + Y3VyX2NhcF92YWx1ZXMuc3BsaXQoIiwiKSBpZiB4LnN0cmlwKCkKICAgICAgICAgICAgXQogICAg + ICAgICAgICBuZXdfY2FwX3Blcm1fbGlzdCA9IFsKICAgICAgICAgICAgICAgIHguc3RyaXAoKSBm + b3IgeCBpbiBuZXdfY2FwX3ZhbHVlcy5zcGxpdCgiLCIpIGlmIHguc3RyaXAoKQogICAgICAgICAg + ICBdCiAgICAgICAgICAgICMgYXBwZW5kIG5ld19jYXBfbGlzdCB0byBjdXJfY2FwX2xpc3QgdG8g + bWFpbnRhaW4gdGhlIG9yZGVyIG9mIGNhcHMKICAgICAgICAgICAgY3VyX2NhcF9wZXJtX2xpc3Qu + ZXh0ZW5kKG5ld19jYXBfcGVybV9saXN0KQogICAgICAgICAgICAjIGVsaW1pbmF0ZSBkdXBsaWNh + dGVzIHdpdGhvdXQgdXNpbmcgJ3NldCcKICAgICAgICAgICAgIyBzZXQgcmUtb3JkZXJzIGl0ZW1z + IGluIHRoZSBsaXN0IGFuZCB3ZSBoYXZlIHRvIGtlZXAgdGhlIG9yZGVyCiAgICAgICAgICAgIG5l + d19jYXBfbGlzdCA9IFtdCiAgICAgICAgICAgIFtuZXdfY2FwX2xpc3QuYXBwZW5kKHgpIGZvciB4 + IGluIGN1cl9jYXBfcGVybV9saXN0IGlmIHggbm90IGluIG5ld19jYXBfbGlzdF0KICAgICAgICAg + ICAgZXhpc3RpbmdfY2Fwc1tlYWNoQ2FwXSA9ICIsICIuam9pbihuZXdfY2FwX2xpc3QpCiAgICAg + ICAgICAgIGlmIGV4aXN0aW5nX2NhcHNbZWFjaENhcF06CiAgICAgICAgICAgICAgICBjYXBzLmFw + cGVuZChlYWNoQ2FwKQogICAgICAgICAgICAgICAgY2Fwcy5hcHBlbmQoZXhpc3RpbmdfY2Fwc1tl + YWNoQ2FwXSkKICAgICAgICBjbWRfanNvbiA9IHsKICAgICAgICAgICAgInByZWZpeCI6ICJhdXRo + IGNhcHMiLAogICAgICAgICAgICAiZW50aXR5IjogdXNlciwKICAgICAgICAgICAgImNhcHMiOiBj + YXBzLAogICAgICAgICAgICAiZm9ybWF0IjogImpzb24iLAogICAgICAgIH0KICAgICAgICByZXRf + dmFsLCBqc29uX291dCwgZXJyX21zZyA9IHNlbGYuX2NvbW1vbl9jbWRfanNvbl9nZW4oY21kX2pz + b24pCiAgICAgICAgaWYgcmV0X3ZhbCAhPSAwOgogICAgICAgICAgICByYWlzZSBFeGVjdXRpb25G + YWlsdXJlRXhjZXB0aW9uKAogICAgICAgICAgICAgICAgZiInYXV0aCBjYXBzIHt1c2VyfScgY29t + bWFuZCBmYWlsZWQuXG4gRXJyb3I6IHtlcnJfbXNnfSIKICAgICAgICAgICAgKQogICAgICAgIHBy + aW50KGYiVXBkYXRlZCB1c2VyIHt1c2VyfSBzdWNjZXNzZnVsbHkuIikKCiAgICBkZWYgbWFpbihz + ZWxmKToKICAgICAgICBnZW5lcmF0ZWRfb3V0cHV0ID0gIiIKICAgICAgICBpZiBzZWxmLl9hcmdf + cGFyc2VyLnVwZ3JhZGU6CiAgICAgICAgICAgIHNlbGYudXBncmFkZV91c2Vyc19wZXJtaXNzaW9u + cygpCiAgICAgICAgZWxpZiBzZWxmLl9hcmdfcGFyc2VyLmZvcm1hdCA9PSAianNvbiI6CiAgICAg + ICAgICAgIGdlbmVyYXRlZF9vdXRwdXQgPSBzZWxmLmdlbl9qc29uX291dCgpCiAgICAgICAgZWxp + ZiBzZWxmLl9hcmdfcGFyc2VyLmZvcm1hdCA9PSAiYmFzaCI6CiAgICAgICAgICAgIGdlbmVyYXRl + ZF9vdXRwdXQgPSBzZWxmLmdlbl9zaGVsbF9vdXQoKQogICAgICAgIGVsc2U6CiAgICAgICAgICAg + IHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICBmIlVuc3Vw + cG9ydGVkIGZvcm1hdDoge3NlbGYuX2FyZ19wYXJzZXIuZm9ybWF0fSIKICAgICAgICAgICAgKQog + ICAgICAgIHByaW50KGdlbmVyYXRlZF9vdXRwdXQpCiAgICAgICAgaWYgc2VsZi5vdXRwdXRfZmls + ZSBhbmQgZ2VuZXJhdGVkX291dHB1dDoKICAgICAgICAgICAgZk91dCA9IG9wZW4oc2VsZi5vdXRw + dXRfZmlsZSwgbW9kZT0idyIsIGVuY29kaW5nPSJVVEYtOCIpCiAgICAgICAgICAgIGZPdXQud3Jp + dGUoZ2VuZXJhdGVkX291dHB1dCkKICAgICAgICAgICAgZk91dC5jbG9zZSgpCgoKIyMjIyMjIyMj + IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMjIyMjIyMjIyMjIyMjIyMj + IyMjIyBNQUlOICMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj + IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKaWYgX19uYW1lX18gPT0gIl9fbWFpbl9fIjoKICAgIHJq + T2JqID0gUmFkb3NKU09OKCkKICAgIHRyeToKICAgICAgICByak9iai5tYWluKCkKICAgIGV4Y2Vw + dCBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uIGFzIGVycjoKICAgICAgICBwcmludChmIkV4ZWN1 + dGlvbiBGYWlsZWQ6IHtlcnJ9IikKICAgICAgICByYWlzZSBlcnIKICAgIGV4Y2VwdCBLZXlFcnJv + ciBhcyBrRXJyOgogICAgICAgIHByaW50KGYiS2V5RXJyb3I6IHtrRXJyfSIpCiAgICBleGNlcHQg + T1NFcnJvciBhcyBvc0VycjoKICAgICAgICBwcmludChmIkVycm9yIHdoaWxlIHRyeWluZyB0byBv + dXRwdXQgdGhlIGRhdGE6IHtvc0Vycn0iKQogICAgZmluYWxseToKICAgICAgICByak9iai5zaHV0 + ZG93bigpCg== kind: ConfigMap metadata: name: rook-ceph-external-cluster-script-config diff --git a/build/csv/ceph/rook-ceph-operator.clusterserviceversion.yaml b/build/csv/ceph/rook-ceph-operator.clusterserviceversion.yaml index 435ab7a2c267..6799b97aef06 100644 --- a/build/csv/ceph/rook-ceph-operator.clusterserviceversion.yaml +++ b/build/csv/ceph/rook-ceph-operator.clusterserviceversion.yaml @@ -1720,186 +1720,187 @@ metadata: b3V0X21hcFsiUkFET1NfTkFNRVNQQUNFIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICJwb29s Ijogc2VsZi5vdXRfbWFwWyJSQkRfUE9PTF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgfSwK ICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQogICAgICAgICAgICBqc29uX291dC5hcHBl - bmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiAiY2VwaC1y - YmQtcmFkb3MtbmFtZXNwYWNlIiwKICAgICAgICAgICAgICAgICAgICAia2luZCI6ICJTdG9yYWdl - Q2xhc3MiLAogICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAgICAgICAg - ICAgICAicG9vbCI6IHNlbGYub3V0X21hcFsiUkJEX1BPT0xfTkFNRSJdLAogICAgICAgICAgICAg - ICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL3Byb3Zpc2lvbmVyLXNlY3JldC1uYW1lIjog - ZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRfUFJPVklTSU9ORVJfU0VDUkVUX05BTUUnXX0i - LAogICAgICAgICAgICAgICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL2NvbnRyb2xsZXIt - ZXhwYW5kLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRfUFJPVklT - SU9ORVJfU0VDUkVUX05BTUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICAiY3NpLnN0b3Jh - Z2UuazhzLmlvL25vZGUtc3RhZ2Utc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsn - Q1NJX1JCRF9OT0RFX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICB9LAogICAg - ICAgICAgICAgICAgfQogICAgICAgICAgICApCiAgICAgICAgZWxzZToKICAgICAgICAgICAgaWYg - c2VsZi5vdXRfbWFwWyJSQkRfTUVUQURBVEFfRUNfUE9PTF9OQU1FIl06CiAgICAgICAgICAgICAg - ICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAg - ICAgICAgICAibmFtZSI6ICJjZXBoLXJiZCIsCiAgICAgICAgICAgICAgICAgICAgICAgICJraW5k - IjogIlN0b3JhZ2VDbGFzcyIsCiAgICAgICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAg - ICAgICAgICAgICAgICAgICAgICAgICAgImRhdGFQb29sIjogc2VsZi5vdXRfbWFwWyJSQkRfUE9P - TF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAicG9vbCI6IHNlbGYub3V0X21h - cFsiUkJEX01FVEFEQVRBX0VDX1BPT0xfTkFNRSJdLAogICAgICAgICAgICAgICAgICAgICAgICAg - ICAgImNzaS5zdG9yYWdlLms4cy5pby9wcm92aXNpb25lci1zZWNyZXQtbmFtZSI6IGYicm9vay17 - c2VsZi5vdXRfbWFwWydDU0lfUkJEX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAgICAg - ICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vY29udHJvbGxlci1leHBh - bmQtc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsnQ1NJX1JCRF9QUk9WSVNJT05F - Ul9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiY3NpLnN0b3Jh - Z2UuazhzLmlvL25vZGUtc3RhZ2Utc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsn - Q1NJX1JCRF9OT0RFX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAgfSwK - ICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICApCiAgICAgICAgICAgIGVsc2U6 - CiAgICAgICAgICAgICAgICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICAgICAgewog - ICAgICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJjZXBoLXJiZCIsCiAgICAgICAgICAgICAg - ICAgICAgICAgICJraW5kIjogIlN0b3JhZ2VDbGFzcyIsCiAgICAgICAgICAgICAgICAgICAgICAg - ICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAgICAgInBvb2wiOiBzZWxmLm91dF9t - YXBbIlJCRF9QT09MX05BTUUiXSwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3Rv - cmFnZS5rOHMuaW8vcHJvdmlzaW9uZXItc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21h - cFsnQ1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAg - ICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL2NvbnRyb2xsZXItZXhwYW5kLXNlY3JldC1u - YW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRfUFJPVklTSU9ORVJfU0VDUkVUX05B - TUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9u - b2RlLXN0YWdlLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRfTk9E - RV9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAg - ICAgICAgICAgfQogICAgICAgICAgICAgICAgKQoKICAgICAgICAjIGlmICdUT1BPTE9HWV9QT09M - UycsICdUT1BPTE9HWV9GQUlMVVJFX0RPTUFJTl9MQUJFTCcsICdUT1BPTE9HWV9GQUlMVVJFX0RP - TUFJTl9WQUxVRVMnICBleGlzdHMsCiAgICAgICAgIyB0aGVuIG9ubHkgYWRkICd0b3BvbG9neScg - U3RvcmFnZUNsYXNzCiAgICAgICAgaWYgKAogICAgICAgICAgICBzZWxmLm91dF9tYXBbIlRPUE9M - T0dZX1BPT0xTIl0KICAgICAgICAgICAgYW5kIHNlbGYub3V0X21hcFsiVE9QT0xPR1lfRkFJTFVS - RV9ET01BSU5fTEFCRUwiXQogICAgICAgICAgICBhbmQgc2VsZi5vdXRfbWFwWyJUT1BPTE9HWV9G - QUlMVVJFX0RPTUFJTl9WQUxVRVMiXQogICAgICAgICk6CiAgICAgICAgICAgIGpzb25fb3V0LmFw - cGVuZCgKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAibmFtZSI6ICJjZXBo - LXJiZC10b3BvbG9neSIsCiAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU3RvcmFnZUNsYXNz - IiwKICAgICAgICAgICAgICAgICAgICAiZGF0YSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAg - InRvcG9sb2d5RmFpbHVyZURvbWFpbkxhYmVsIjogc2VsZi5vdXRfbWFwWwogICAgICAgICAgICAg - ICAgICAgICAgICAgICAgIlRPUE9MT0dZX0ZBSUxVUkVfRE9NQUlOX0xBQkVMIgogICAgICAgICAg - ICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICAgICAgICAgICAidG9wb2xvZ3lGYWlsdXJl - RG9tYWluVmFsdWVzIjogc2VsZi5vdXRfbWFwWwogICAgICAgICAgICAgICAgICAgICAgICAgICAg - IlRPUE9MT0dZX0ZBSUxVUkVfRE9NQUlOX1ZBTFVFUyIKICAgICAgICAgICAgICAgICAgICAgICAg - XSwKICAgICAgICAgICAgICAgICAgICAgICAgInRvcG9sb2d5UG9vbHMiOiBzZWxmLm91dF9tYXBb - IlRPUE9MT0dZX1BPT0xTIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5r - OHMuaW8vcHJvdmlzaW9uZXItc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsnQ1NJ - X1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAgICAg - ICJjc2kuc3RvcmFnZS5rOHMuaW8vY29udHJvbGxlci1leHBhbmQtc2VjcmV0LW5hbWUiOiBmInJv - b2ste3NlbGYub3V0X21hcFsnQ1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAg - ICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vbm9kZS1zdGFnZS1zZWNy - ZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX05PREVfU0VDUkVUX05BTUUn - XX0iLAogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAg - ICkKCiAgICAgICAgIyBpZiAnQ0VQSEZTX0ZTX05BTUUnIGV4aXN0cywgdGhlbiBvbmx5IGFkZCAn - Y2VwaGZzJyBTdG9yYWdlQ2xhc3MKICAgICAgICBpZiBzZWxmLm91dF9tYXBbIkNFUEhGU19GU19O - QU1FIl06CiAgICAgICAgICAgIGpzb25fb3V0LmFwcGVuZCgKICAgICAgICAgICAgICAgIHsKICAg - ICAgICAgICAgICAgICAgICAibmFtZSI6ICJjZXBoZnMiLAogICAgICAgICAgICAgICAgICAgICJr - aW5kIjogIlN0b3JhZ2VDbGFzcyIsCiAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAg - ICAgICAgICAgICAgICAgICAgICJmc05hbWUiOiBzZWxmLm91dF9tYXBbIkNFUEhGU19GU19OQU1F - Il0sCiAgICAgICAgICAgICAgICAgICAgICAgICJwb29sIjogc2VsZi5vdXRfbWFwWyJDRVBIRlNf - UE9PTF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8v - cHJvdmlzaW9uZXItc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsnQ1NJX0NFUEhG - U19QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAgICAgICJj - c2kuc3RvcmFnZS5rOHMuaW8vY29udHJvbGxlci1leHBhbmQtc2VjcmV0LW5hbWUiOiBmInJvb2st - e3NlbGYub3V0X21hcFsnQ1NJX0NFUEhGU19QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAg - ICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vbm9kZS1zdGFnZS1zZWNy - ZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfQ0VQSEZTX05PREVfU0VDUkVUX05B + bmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgIm5hbWUiOiBmImNlcGgt + cmJkLXJhZG9zLW5hbWVzcGFjZS17c2VsZi5vdXRfbWFwWydSQURPU19OQU1FU1BBQ0UnXX0iLAog + ICAgICAgICAgICAgICAgICAgICJraW5kIjogIlN0b3JhZ2VDbGFzcyIsCiAgICAgICAgICAgICAg + ICAgICAgImRhdGEiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJwb29sIjogc2VsZi5vdXRf + bWFwWyJSQkRfUE9PTF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFn + ZS5rOHMuaW8vcHJvdmlzaW9uZXItc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0X21hcFsn + Q1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAgICAg + ICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vY29udHJvbGxlci1leHBhbmQtc2VjcmV0LW5hbWUiOiBm + InJvb2ste3NlbGYub3V0X21hcFsnQ1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIs + CiAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vbm9kZS1zdGFnZS1z + ZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX05PREVfU0VDUkVUX05B TUUnXX0iLAogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICB9CiAgICAgICAg - ICAgICkKICAgICAgICAjIGlmICdSR1dfRU5EUE9JTlQnIGV4aXN0cywgdGhlbiBvbmx5IGFkZCAn - Y2VwaC1yZ3cnIFN0b3JhZ2VDbGFzcwogICAgICAgIGlmIHNlbGYub3V0X21hcFsiUkdXX0VORFBP - SU5UIl06CiAgICAgICAgICAgIGpzb25fb3V0LmFwcGVuZCgKICAgICAgICAgICAgICAgIHsKICAg - ICAgICAgICAgICAgICAgICAibmFtZSI6ICJjZXBoLXJndyIsCiAgICAgICAgICAgICAgICAgICAg - ImtpbmQiOiAiU3RvcmFnZUNsYXNzIiwKICAgICAgICAgICAgICAgICAgICAiZGF0YSI6IHsKICAg - ICAgICAgICAgICAgICAgICAgICAgImVuZHBvaW50Ijogc2VsZi5vdXRfbWFwWyJSR1dfRU5EUE9J - TlQiXSwKICAgICAgICAgICAgICAgICAgICAgICAgInBvb2xQcmVmaXgiOiBzZWxmLm91dF9tYXBb - IlJHV19QT09MX1BSRUZJWCJdLAogICAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAg - ICB9CiAgICAgICAgICAgICkKICAgICAgICAgICAganNvbl9vdXQuYXBwZW5kKAogICAgICAgICAg - ICAgICAgewogICAgICAgICAgICAgICAgICAgICJuYW1lIjogInJndy1hZG1pbi1vcHMtdXNlciIs - CiAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU2VjcmV0IiwKICAgICAgICAgICAgICAgICAg - ICAiZGF0YSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImFjY2Vzc0tleSI6IHNlbGYub3V0 - X21hcFsiUkdXX0FETUlOX09QU19VU0VSX0FDQ0VTU19LRVkiXSwKICAgICAgICAgICAgICAgICAg - ICAgICAgInNlY3JldEtleSI6IHNlbGYub3V0X21hcFsiUkdXX0FETUlOX09QU19VU0VSX1NFQ1JF - VF9LRVkiXSwKICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgfQogICAgICAg - ICAgICApCiAgICAgICAgIyBpZiAnUkdXX1RMU19DRVJUJyBleGlzdHMsIHRoZW4gb25seSBhZGQg - dGhlICJjZXBoLXJndy10bHMtY2VydCIgc2VjcmV0CiAgICAgICAgaWYgc2VsZi5vdXRfbWFwWyJS - R1dfVExTX0NFUlQiXToKICAgICAgICAgICAganNvbl9vdXQuYXBwZW5kKAogICAgICAgICAgICAg - ICAgewogICAgICAgICAgICAgICAgICAgICJuYW1lIjogImNlcGgtcmd3LXRscy1jZXJ0IiwKICAg - ICAgICAgICAgICAgICAgICAia2luZCI6ICJTZWNyZXQiLAogICAgICAgICAgICAgICAgICAgICJk - YXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAiY2VydCI6IHNlbGYub3V0X21hcFsiUkdX - X1RMU19DRVJUIl0sCiAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgIH0KICAg - ICAgICAgICAgKQoKICAgICAgICByZXR1cm4ganNvbi5kdW1wcyhqc29uX291dCkgKyBMSU5FU0VQ - CgogICAgZGVmIHVwZ3JhZGVfdXNlcnNfcGVybWlzc2lvbnMoc2VsZik6CiAgICAgICAgdXNlcnMg - PSBbCiAgICAgICAgICAgICJjbGllbnQuY3NpLWNlcGhmcy1ub2RlIiwKICAgICAgICAgICAgImNs - aWVudC5jc2ktY2VwaGZzLXByb3Zpc2lvbmVyIiwKICAgICAgICAgICAgImNsaWVudC5jc2ktcmJk - LW5vZGUiLAogICAgICAgICAgICAiY2xpZW50LmNzaS1yYmQtcHJvdmlzaW9uZXIiLAogICAgICAg - ICAgICAiY2xpZW50LmhlYWx0aGNoZWNrZXIiLAogICAgICAgIF0KICAgICAgICBpZiBzZWxmLnJ1 - bl9hc191c2VyICE9ICIiIGFuZCBzZWxmLnJ1bl9hc191c2VyIG5vdCBpbiB1c2VyczoKICAgICAg - ICAgICAgdXNlcnMuYXBwZW5kKHNlbGYucnVuX2FzX3VzZXIpCiAgICAgICAgZm9yIHVzZXIgaW4g - dXNlcnM6CiAgICAgICAgICAgIHNlbGYudXBncmFkZV91c2VyX3Blcm1pc3Npb25zKHVzZXIpCgog - ICAgZGVmIGdldF9yZ3dfcG9vbF9uYW1lX2R1cmluZ191cGdyYWRlKHNlbGYsIHVzZXIsIGNhcHMp - OgogICAgICAgIGlmIHVzZXIgPT0gImNsaWVudC5oZWFsdGhjaGVja2VyIjoKICAgICAgICAgICAg - IyB3aGVuIGFkbWluIGhhcyBub3QgcHJvdmlkZWQgcmd3IHBvb2wgbmFtZSBkdXJpbmcgdXBncmFk - ZSwKICAgICAgICAgICAgIyBnZXQgdGhlIHJndyBwb29sIG5hbWUgZnJvbSBjbGllbnQuaGVhbHRo - Y2hlY2tlciB1c2VyIHdoaWNoIHdhcyB1c2VkIGR1cmluZyBjb25uZWN0aW9uCiAgICAgICAgICAg - IGlmIG5vdCBzZWxmLl9hcmdfcGFyc2VyLnJnd19wb29sX3ByZWZpeDoKICAgICAgICAgICAgICAg - ICMgVG8gZ2V0IHZhbHVlICdkZWZhdWx0JyB3aGljaCBpcyByZ3cgcG9vbCBuYW1lIGZyb20gJ2Fs - bG93IHJ3eCBwb29sPWRlZmF1bHQucmd3Lm1ldGEnCiAgICAgICAgICAgICAgICBwYXR0ZXJuID0g - ciJwb29sPSguKj8pXC5yZ3dcLm1ldGEiCiAgICAgICAgICAgICAgICBtYXRjaCA9IHJlLnNlYXJj - aChwYXR0ZXJuLCBjYXBzKQogICAgICAgICAgICAgICAgaWYgbWF0Y2g6CiAgICAgICAgICAgICAg - ICAgICAgc2VsZi5fYXJnX3BhcnNlci5yZ3dfcG9vbF9wcmVmaXggPSBtYXRjaC5ncm91cCgxKQog - ICAgICAgICAgICAgICAgZWxzZToKICAgICAgICAgICAgICAgICAgICByYWlzZSBFeGVjdXRpb25G - YWlsdXJlRXhjZXB0aW9uKAogICAgICAgICAgICAgICAgICAgICAgICAiZmFpbGVkIHRvIGdldCBy - Z3cgcG9vbCBuYW1lIGZvciB1cGdyYWRlIgogICAgICAgICAgICAgICAgICAgICkKCiAgICBkZWYg - dXBncmFkZV91c2VyX3Blcm1pc3Npb25zKHNlbGYsIHVzZXIpOgogICAgICAgICMgY2hlY2sgd2hl - dGhlciB0aGUgZ2l2ZW4gdXNlciBleGlzdHMgb3Igbm90CiAgICAgICAgY21kX2pzb24gPSB7InBy - ZWZpeCI6ICJhdXRoIGdldCIsICJlbnRpdHkiOiBmInt1c2VyfSIsICJmb3JtYXQiOiAianNvbiJ9 - CiAgICAgICAgcmV0X3ZhbCwganNvbl9vdXQsIGVycl9tc2cgPSBzZWxmLl9jb21tb25fY21kX2pz - b25fZ2VuKGNtZF9qc29uKQogICAgICAgIGlmIHJldF92YWwgIT0gMCBvciBsZW4oanNvbl9vdXQp - ID09IDA6CiAgICAgICAgICAgIHByaW50KGYidXNlciB7dXNlcn0gbm90IGZvdW5kIGZvciB1cGdy - YWRpbmcuIikKICAgICAgICAgICAgcmV0dXJuCiAgICAgICAgZXhpc3RpbmdfY2FwcyA9IGpzb25f - b3V0WzBdWyJjYXBzIl0KICAgICAgICBzZWxmLmdldF9yZ3dfcG9vbF9uYW1lX2R1cmluZ191cGdy - YWRlKHVzZXIsIHN0cihleGlzdGluZ19jYXBzKSkKICAgICAgICBuZXdfY2FwLCBfID0gc2VsZi5n - ZXRfY2Fwc19hbmRfZW50aXR5KHVzZXIpCiAgICAgICAgY2FwX2tleXMgPSBbIm1vbiIsICJtZ3Ii - LCAib3NkIiwgIm1kcyJdCiAgICAgICAgY2FwcyA9IFtdCiAgICAgICAgZm9yIGVhY2hDYXAgaW4g - Y2FwX2tleXM6CiAgICAgICAgICAgIGN1cl9jYXBfdmFsdWVzID0gZXhpc3RpbmdfY2Fwcy5nZXQo - ZWFjaENhcCwgIiIpCiAgICAgICAgICAgIG5ld19jYXBfdmFsdWVzID0gbmV3X2NhcC5nZXQoZWFj - aENhcCwgIiIpCiAgICAgICAgICAgIGN1cl9jYXBfcGVybV9saXN0ID0gWwogICAgICAgICAgICAg - ICAgeC5zdHJpcCgpIGZvciB4IGluIGN1cl9jYXBfdmFsdWVzLnNwbGl0KCIsIikgaWYgeC5zdHJp - cCgpCiAgICAgICAgICAgIF0KICAgICAgICAgICAgbmV3X2NhcF9wZXJtX2xpc3QgPSBbCiAgICAg - ICAgICAgICAgICB4LnN0cmlwKCkgZm9yIHggaW4gbmV3X2NhcF92YWx1ZXMuc3BsaXQoIiwiKSBp - ZiB4LnN0cmlwKCkKICAgICAgICAgICAgXQogICAgICAgICAgICAjIGFwcGVuZCBuZXdfY2FwX2xp - c3QgdG8gY3VyX2NhcF9saXN0IHRvIG1haW50YWluIHRoZSBvcmRlciBvZiBjYXBzCiAgICAgICAg - ICAgIGN1cl9jYXBfcGVybV9saXN0LmV4dGVuZChuZXdfY2FwX3Blcm1fbGlzdCkKICAgICAgICAg - ICAgIyBlbGltaW5hdGUgZHVwbGljYXRlcyB3aXRob3V0IHVzaW5nICdzZXQnCiAgICAgICAgICAg - ICMgc2V0IHJlLW9yZGVycyBpdGVtcyBpbiB0aGUgbGlzdCBhbmQgd2UgaGF2ZSB0byBrZWVwIHRo - ZSBvcmRlcgogICAgICAgICAgICBuZXdfY2FwX2xpc3QgPSBbXQogICAgICAgICAgICBbbmV3X2Nh - cF9saXN0LmFwcGVuZCh4KSBmb3IgeCBpbiBjdXJfY2FwX3Blcm1fbGlzdCBpZiB4IG5vdCBpbiBu - ZXdfY2FwX2xpc3RdCiAgICAgICAgICAgIGV4aXN0aW5nX2NhcHNbZWFjaENhcF0gPSAiLCAiLmpv - aW4obmV3X2NhcF9saXN0KQogICAgICAgICAgICBpZiBleGlzdGluZ19jYXBzW2VhY2hDYXBdOgog - ICAgICAgICAgICAgICAgY2Fwcy5hcHBlbmQoZWFjaENhcCkKICAgICAgICAgICAgICAgIGNhcHMu - YXBwZW5kKGV4aXN0aW5nX2NhcHNbZWFjaENhcF0pCiAgICAgICAgY21kX2pzb24gPSB7CiAgICAg - ICAgICAgICJwcmVmaXgiOiAiYXV0aCBjYXBzIiwKICAgICAgICAgICAgImVudGl0eSI6IHVzZXIs - CiAgICAgICAgICAgICJjYXBzIjogY2FwcywKICAgICAgICAgICAgImZvcm1hdCI6ICJqc29uIiwK - ICAgICAgICB9CiAgICAgICAgcmV0X3ZhbCwganNvbl9vdXQsIGVycl9tc2cgPSBzZWxmLl9jb21t - b25fY21kX2pzb25fZ2VuKGNtZF9qc29uKQogICAgICAgIGlmIHJldF92YWwgIT0gMDoKICAgICAg - ICAgICAgcmFpc2UgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbigKICAgICAgICAgICAgICAgIGYi - J2F1dGggY2FwcyB7dXNlcn0nIGNvbW1hbmQgZmFpbGVkLlxuIEVycm9yOiB7ZXJyX21zZ30iCiAg - ICAgICAgICAgICkKICAgICAgICBwcmludChmIlVwZGF0ZWQgdXNlciB7dXNlcn0gc3VjY2Vzc2Z1 - bGx5LiIpCgogICAgZGVmIG1haW4oc2VsZik6CiAgICAgICAgZ2VuZXJhdGVkX291dHB1dCA9ICIi - CiAgICAgICAgaWYgc2VsZi5fYXJnX3BhcnNlci51cGdyYWRlOgogICAgICAgICAgICBzZWxmLnVw - Z3JhZGVfdXNlcnNfcGVybWlzc2lvbnMoKQogICAgICAgIGVsaWYgc2VsZi5fYXJnX3BhcnNlci5m - b3JtYXQgPT0gImpzb24iOgogICAgICAgICAgICBnZW5lcmF0ZWRfb3V0cHV0ID0gc2VsZi5nZW5f - anNvbl9vdXQoKQogICAgICAgIGVsaWYgc2VsZi5fYXJnX3BhcnNlci5mb3JtYXQgPT0gImJhc2gi - OgogICAgICAgICAgICBnZW5lcmF0ZWRfb3V0cHV0ID0gc2VsZi5nZW5fc2hlbGxfb3V0KCkKICAg - ICAgICBlbHNlOgogICAgICAgICAgICByYWlzZSBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uKAog - ICAgICAgICAgICAgICAgZiJVbnN1cHBvcnRlZCBmb3JtYXQ6IHtzZWxmLl9hcmdfcGFyc2VyLmZv - cm1hdH0iCiAgICAgICAgICAgICkKICAgICAgICBwcmludChnZW5lcmF0ZWRfb3V0cHV0KQogICAg - ICAgIGlmIHNlbGYub3V0cHV0X2ZpbGUgYW5kIGdlbmVyYXRlZF9vdXRwdXQ6CiAgICAgICAgICAg - IGZPdXQgPSBvcGVuKHNlbGYub3V0cHV0X2ZpbGUsIG1vZGU9InciLCBlbmNvZGluZz0iVVRGLTgi - KQogICAgICAgICAgICBmT3V0LndyaXRlKGdlbmVyYXRlZF9vdXRwdXQpCiAgICAgICAgICAgIGZP - dXQuY2xvc2UoKQoKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj - IyMjIwojIyMjIyMjIyMjIyMjIyMjIyMjIyMgTUFJTiAjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyMj - IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCmlmIF9fbmFtZV9f - ID09ICJfX21haW5fXyI6CiAgICByak9iaiA9IFJhZG9zSlNPTigpCiAgICB0cnk6CiAgICAgICAg - cmpPYmoubWFpbigpCiAgICBleGNlcHQgRXhlY3V0aW9uRmFpbHVyZUV4Y2VwdGlvbiBhcyBlcnI6 - CiAgICAgICAgcHJpbnQoZiJFeGVjdXRpb24gRmFpbGVkOiB7ZXJyfSIpCiAgICAgICAgcmFpc2Ug - ZXJyCiAgICBleGNlcHQgS2V5RXJyb3IgYXMga0VycjoKICAgICAgICBwcmludChmIktleUVycm9y - OiB7a0Vycn0iKQogICAgZXhjZXB0IE9TRXJyb3IgYXMgb3NFcnI6CiAgICAgICAgcHJpbnQoZiJF - cnJvciB3aGlsZSB0cnlpbmcgdG8gb3V0cHV0IHRoZSBkYXRhOiB7b3NFcnJ9IikKICAgIGZpbmFs - bHk6CiAgICAgICAgcmpPYmouc2h1dGRvd24oKQo= + ICAgICkKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiBzZWxmLm91dF9tYXBbIlJCRF9NRVRB + REFUQV9FQ19QT09MX05BTUUiXToKICAgICAgICAgICAgICAgIGpzb25fb3V0LmFwcGVuZCgKICAg + ICAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogImNlcGgt + cmJkIiwKICAgICAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU3RvcmFnZUNsYXNzIiwKICAg + ICAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICAg + ICAiZGF0YVBvb2wiOiBzZWxmLm91dF9tYXBbIlJCRF9QT09MX05BTUUiXSwKICAgICAgICAgICAg + ICAgICAgICAgICAgICAgICJwb29sIjogc2VsZi5vdXRfbWFwWyJSQkRfTUVUQURBVEFfRUNfUE9P + TF9OQU1FIl0sCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlv + L3Byb3Zpc2lvbmVyLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxmLm91dF9tYXBbJ0NTSV9SQkRf + UFJPVklTSU9ORVJfU0VDUkVUX05BTUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICAgICAg + ImNzaS5zdG9yYWdlLms4cy5pby9jb250cm9sbGVyLWV4cGFuZC1zZWNyZXQtbmFtZSI6IGYicm9v + ay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAg + ICAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFnZS5rOHMuaW8vbm9kZS1zdGFnZS1z + ZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX05PREVfU0VDUkVUX05B + TUUnXX0iLAogICAgICAgICAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgICAgIH0K + ICAgICAgICAgICAgICAgICkKICAgICAgICAgICAgZWxzZToKICAgICAgICAgICAgICAgIGpzb25f + b3V0LmFwcGVuZCgKICAgICAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgICAg + ICJuYW1lIjogImNlcGgtcmJkIiwKICAgICAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU3Rv + cmFnZUNsYXNzIiwKICAgICAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAgICAgICAg + ICAgICAgICAgICAgICAgICAicG9vbCI6IHNlbGYub3V0X21hcFsiUkJEX1BPT0xfTkFNRSJdLAog + ICAgICAgICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9wcm92aXNpb25l + ci1zZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX1BST1ZJU0lPTkVS + X1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICJjc2kuc3RvcmFn + ZS5rOHMuaW8vY29udHJvbGxlci1leHBhbmQtc2VjcmV0LW5hbWUiOiBmInJvb2ste3NlbGYub3V0 + X21hcFsnQ1NJX1JCRF9QUk9WSVNJT05FUl9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAg + ICAgICAgICAgICAgICAiY3NpLnN0b3JhZ2UuazhzLmlvL25vZGUtc3RhZ2Utc2VjcmV0LW5hbWUi + OiBmInJvb2ste3NlbGYub3V0X21hcFsnQ1NJX1JCRF9OT0RFX1NFQ1JFVF9OQU1FJ119IiwKICAg + ICAgICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAg + ICAgICApCgogICAgICAgICMgaWYgJ1RPUE9MT0dZX1BPT0xTJywgJ1RPUE9MT0dZX0ZBSUxVUkVf + RE9NQUlOX0xBQkVMJywgJ1RPUE9MT0dZX0ZBSUxVUkVfRE9NQUlOX1ZBTFVFUycgIGV4aXN0cywK + ICAgICAgICAjIHRoZW4gb25seSBhZGQgJ3RvcG9sb2d5JyBTdG9yYWdlQ2xhc3MKICAgICAgICBp + ZiAoCiAgICAgICAgICAgIHNlbGYub3V0X21hcFsiVE9QT0xPR1lfUE9PTFMiXQogICAgICAgICAg + ICBhbmQgc2VsZi5vdXRfbWFwWyJUT1BPTE9HWV9GQUlMVVJFX0RPTUFJTl9MQUJFTCJdCiAgICAg + ICAgICAgIGFuZCBzZWxmLm91dF9tYXBbIlRPUE9MT0dZX0ZBSUxVUkVfRE9NQUlOX1ZBTFVFUyJd + CiAgICAgICAgKToKICAgICAgICAgICAganNvbl9vdXQuYXBwZW5kKAogICAgICAgICAgICAgICAg + ewogICAgICAgICAgICAgICAgICAgICJuYW1lIjogImNlcGgtcmJkLXRvcG9sb2d5IiwKICAgICAg + ICAgICAgICAgICAgICAia2luZCI6ICJTdG9yYWdlQ2xhc3MiLAogICAgICAgICAgICAgICAgICAg + ICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAidG9wb2xvZ3lGYWlsdXJlRG9tYWlu + TGFiZWwiOiBzZWxmLm91dF9tYXBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiVE9QT0xP + R1lfRkFJTFVSRV9ET01BSU5fTEFCRUwiCiAgICAgICAgICAgICAgICAgICAgICAgIF0sCiAgICAg + ICAgICAgICAgICAgICAgICAgICJ0b3BvbG9neUZhaWx1cmVEb21haW5WYWx1ZXMiOiBzZWxmLm91 + dF9tYXBbCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiVE9QT0xPR1lfRkFJTFVSRV9ET01B + SU5fVkFMVUVTIgogICAgICAgICAgICAgICAgICAgICAgICBdLAogICAgICAgICAgICAgICAgICAg + ICAgICAidG9wb2xvZ3lQb29scyI6IHNlbGYub3V0X21hcFsiVE9QT0xPR1lfUE9PTFMiXSwKICAg + ICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9wcm92aXNpb25lci1zZWNy + ZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfUkJEX1BST1ZJU0lPTkVSX1NFQ1JF + VF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9j + b250cm9sbGVyLWV4cGFuZC1zZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lf + UkJEX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAg + ImNzaS5zdG9yYWdlLms4cy5pby9ub2RlLXN0YWdlLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxm + Lm91dF9tYXBbJ0NTSV9SQkRfTk9ERV9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAgICAg + ICAgfSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQoKICAgICAgICAjIGlmICdDRVBI + RlNfRlNfTkFNRScgZXhpc3RzLCB0aGVuIG9ubHkgYWRkICdjZXBoZnMnIFN0b3JhZ2VDbGFzcwog + ICAgICAgIGlmIHNlbGYub3V0X21hcFsiQ0VQSEZTX0ZTX05BTUUiXToKICAgICAgICAgICAganNv + bl9vdXQuYXBwZW5kKAogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJuYW1l + IjogImNlcGhmcyIsCiAgICAgICAgICAgICAgICAgICAgImtpbmQiOiAiU3RvcmFnZUNsYXNzIiwK + ICAgICAgICAgICAgICAgICAgICAiZGF0YSI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImZz + TmFtZSI6IHNlbGYub3V0X21hcFsiQ0VQSEZTX0ZTX05BTUUiXSwKICAgICAgICAgICAgICAgICAg + ICAgICAgInBvb2wiOiBzZWxmLm91dF9tYXBbIkNFUEhGU19QT09MX05BTUUiXSwKICAgICAgICAg + ICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9wcm92aXNpb25lci1zZWNyZXQtbmFt + ZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfQ0VQSEZTX1BST1ZJU0lPTkVSX1NFQ1JFVF9O + QU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAgImNzaS5zdG9yYWdlLms4cy5pby9jb250 + cm9sbGVyLWV4cGFuZC1zZWNyZXQtbmFtZSI6IGYicm9vay17c2VsZi5vdXRfbWFwWydDU0lfQ0VQ + SEZTX1BST1ZJU0lPTkVSX1NFQ1JFVF9OQU1FJ119IiwKICAgICAgICAgICAgICAgICAgICAgICAg + ImNzaS5zdG9yYWdlLms4cy5pby9ub2RlLXN0YWdlLXNlY3JldC1uYW1lIjogZiJyb29rLXtzZWxm + Lm91dF9tYXBbJ0NTSV9DRVBIRlNfTk9ERV9TRUNSRVRfTkFNRSddfSIsCiAgICAgICAgICAgICAg + ICAgICAgfSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQogICAgICAgICMgaWYgJ1JH + V19FTkRQT0lOVCcgZXhpc3RzLCB0aGVuIG9ubHkgYWRkICdjZXBoLXJndycgU3RvcmFnZUNsYXNz + CiAgICAgICAgaWYgc2VsZi5vdXRfbWFwWyJSR1dfRU5EUE9JTlQiXToKICAgICAgICAgICAganNv + bl9vdXQuYXBwZW5kKAogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJuYW1l + IjogImNlcGgtcmd3IiwKICAgICAgICAgICAgICAgICAgICAia2luZCI6ICJTdG9yYWdlQ2xhc3Mi + LAogICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAgICAgICAgICAgICAgICAi + ZW5kcG9pbnQiOiBzZWxmLm91dF9tYXBbIlJHV19FTkRQT0lOVCJdLAogICAgICAgICAgICAgICAg + ICAgICAgICAicG9vbFByZWZpeCI6IHNlbGYub3V0X21hcFsiUkdXX1BPT0xfUFJFRklYIl0sCiAg + ICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgKQogICAg + ICAgICAgICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAg + ICAgICAgIm5hbWUiOiAicmd3LWFkbWluLW9wcy11c2VyIiwKICAgICAgICAgICAgICAgICAgICAi + a2luZCI6ICJTZWNyZXQiLAogICAgICAgICAgICAgICAgICAgICJkYXRhIjogewogICAgICAgICAg + ICAgICAgICAgICAgICAiYWNjZXNzS2V5Ijogc2VsZi5vdXRfbWFwWyJSR1dfQURNSU5fT1BTX1VT + RVJfQUNDRVNTX0tFWSJdLAogICAgICAgICAgICAgICAgICAgICAgICAic2VjcmV0S2V5Ijogc2Vs + Zi5vdXRfbWFwWyJSR1dfQURNSU5fT1BTX1VTRVJfU0VDUkVUX0tFWSJdLAogICAgICAgICAgICAg + ICAgICAgIH0sCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICkKICAgICAgICAjIGlmICdS + R1dfVExTX0NFUlQnIGV4aXN0cywgdGhlbiBvbmx5IGFkZCB0aGUgImNlcGgtcmd3LXRscy1jZXJ0 + IiBzZWNyZXQKICAgICAgICBpZiBzZWxmLm91dF9tYXBbIlJHV19UTFNfQ0VSVCJdOgogICAgICAg + ICAgICBqc29uX291dC5hcHBlbmQoCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAg + ICAgIm5hbWUiOiAiY2VwaC1yZ3ctdGxzLWNlcnQiLAogICAgICAgICAgICAgICAgICAgICJraW5k + IjogIlNlY3JldCIsCiAgICAgICAgICAgICAgICAgICAgImRhdGEiOiB7CiAgICAgICAgICAgICAg + ICAgICAgICAgICJjZXJ0Ijogc2VsZi5vdXRfbWFwWyJSR1dfVExTX0NFUlQiXSwKICAgICAgICAg + ICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgfQogICAgICAgICAgICApCgogICAgICAgIHJl + dHVybiBqc29uLmR1bXBzKGpzb25fb3V0KSArIExJTkVTRVAKCiAgICBkZWYgdXBncmFkZV91c2Vy + c19wZXJtaXNzaW9ucyhzZWxmKToKICAgICAgICB1c2VycyA9IFsKICAgICAgICAgICAgImNsaWVu + dC5jc2ktY2VwaGZzLW5vZGUiLAogICAgICAgICAgICAiY2xpZW50LmNzaS1jZXBoZnMtcHJvdmlz + aW9uZXIiLAogICAgICAgICAgICAiY2xpZW50LmNzaS1yYmQtbm9kZSIsCiAgICAgICAgICAgICJj + bGllbnQuY3NpLXJiZC1wcm92aXNpb25lciIsCiAgICAgICAgICAgICJjbGllbnQuaGVhbHRoY2hl + Y2tlciIsCiAgICAgICAgXQogICAgICAgIGlmIHNlbGYucnVuX2FzX3VzZXIgIT0gIiIgYW5kIHNl + bGYucnVuX2FzX3VzZXIgbm90IGluIHVzZXJzOgogICAgICAgICAgICB1c2Vycy5hcHBlbmQoc2Vs + Zi5ydW5fYXNfdXNlcikKICAgICAgICBmb3IgdXNlciBpbiB1c2VyczoKICAgICAgICAgICAgc2Vs + Zi51cGdyYWRlX3VzZXJfcGVybWlzc2lvbnModXNlcikKCiAgICBkZWYgZ2V0X3Jnd19wb29sX25h + bWVfZHVyaW5nX3VwZ3JhZGUoc2VsZiwgdXNlciwgY2Fwcyk6CiAgICAgICAgaWYgdXNlciA9PSAi + Y2xpZW50LmhlYWx0aGNoZWNrZXIiOgogICAgICAgICAgICAjIHdoZW4gYWRtaW4gaGFzIG5vdCBw + cm92aWRlZCByZ3cgcG9vbCBuYW1lIGR1cmluZyB1cGdyYWRlLAogICAgICAgICAgICAjIGdldCB0 + aGUgcmd3IHBvb2wgbmFtZSBmcm9tIGNsaWVudC5oZWFsdGhjaGVja2VyIHVzZXIgd2hpY2ggd2Fz + IHVzZWQgZHVyaW5nIGNvbm5lY3Rpb24KICAgICAgICAgICAgaWYgbm90IHNlbGYuX2FyZ19wYXJz + ZXIucmd3X3Bvb2xfcHJlZml4OgogICAgICAgICAgICAgICAgIyBUbyBnZXQgdmFsdWUgJ2RlZmF1 + bHQnIHdoaWNoIGlzIHJndyBwb29sIG5hbWUgZnJvbSAnYWxsb3cgcnd4IHBvb2w9ZGVmYXVsdC5y + Z3cubWV0YScKICAgICAgICAgICAgICAgIHBhdHRlcm4gPSByInBvb2w9KC4qPylcLnJnd1wubWV0 + YSIKICAgICAgICAgICAgICAgIG1hdGNoID0gcmUuc2VhcmNoKHBhdHRlcm4sIGNhcHMpCiAgICAg + ICAgICAgICAgICBpZiBtYXRjaDoKICAgICAgICAgICAgICAgICAgICBzZWxmLl9hcmdfcGFyc2Vy + LnJnd19wb29sX3ByZWZpeCA9IG1hdGNoLmdyb3VwKDEpCiAgICAgICAgICAgICAgICBlbHNlOgog + ICAgICAgICAgICAgICAgICAgIHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAg + ICAgICAgICAgICAgICAgICAgICJmYWlsZWQgdG8gZ2V0IHJndyBwb29sIG5hbWUgZm9yIHVwZ3Jh + ZGUiCiAgICAgICAgICAgICAgICAgICAgKQoKICAgIGRlZiB1cGdyYWRlX3VzZXJfcGVybWlzc2lv + bnMoc2VsZiwgdXNlcik6CiAgICAgICAgIyBjaGVjayB3aGV0aGVyIHRoZSBnaXZlbiB1c2VyIGV4 + aXN0cyBvciBub3QKICAgICAgICBjbWRfanNvbiA9IHsicHJlZml4IjogImF1dGggZ2V0IiwgImVu + dGl0eSI6IGYie3VzZXJ9IiwgImZvcm1hdCI6ICJqc29uIn0KICAgICAgICByZXRfdmFsLCBqc29u + X291dCwgZXJyX21zZyA9IHNlbGYuX2NvbW1vbl9jbWRfanNvbl9nZW4oY21kX2pzb24pCiAgICAg + ICAgaWYgcmV0X3ZhbCAhPSAwIG9yIGxlbihqc29uX291dCkgPT0gMDoKICAgICAgICAgICAgcHJp + bnQoZiJ1c2VyIHt1c2VyfSBub3QgZm91bmQgZm9yIHVwZ3JhZGluZy4iKQogICAgICAgICAgICBy + ZXR1cm4KICAgICAgICBleGlzdGluZ19jYXBzID0ganNvbl9vdXRbMF1bImNhcHMiXQogICAgICAg + IHNlbGYuZ2V0X3Jnd19wb29sX25hbWVfZHVyaW5nX3VwZ3JhZGUodXNlciwgc3RyKGV4aXN0aW5n + X2NhcHMpKQogICAgICAgIG5ld19jYXAsIF8gPSBzZWxmLmdldF9jYXBzX2FuZF9lbnRpdHkodXNl + cikKICAgICAgICBjYXBfa2V5cyA9IFsibW9uIiwgIm1nciIsICJvc2QiLCAibWRzIl0KICAgICAg + ICBjYXBzID0gW10KICAgICAgICBmb3IgZWFjaENhcCBpbiBjYXBfa2V5czoKICAgICAgICAgICAg + Y3VyX2NhcF92YWx1ZXMgPSBleGlzdGluZ19jYXBzLmdldChlYWNoQ2FwLCAiIikKICAgICAgICAg + ICAgbmV3X2NhcF92YWx1ZXMgPSBuZXdfY2FwLmdldChlYWNoQ2FwLCAiIikKICAgICAgICAgICAg + Y3VyX2NhcF9wZXJtX2xpc3QgPSBbCiAgICAgICAgICAgICAgICB4LnN0cmlwKCkgZm9yIHggaW4g + Y3VyX2NhcF92YWx1ZXMuc3BsaXQoIiwiKSBpZiB4LnN0cmlwKCkKICAgICAgICAgICAgXQogICAg + ICAgICAgICBuZXdfY2FwX3Blcm1fbGlzdCA9IFsKICAgICAgICAgICAgICAgIHguc3RyaXAoKSBm + b3IgeCBpbiBuZXdfY2FwX3ZhbHVlcy5zcGxpdCgiLCIpIGlmIHguc3RyaXAoKQogICAgICAgICAg + ICBdCiAgICAgICAgICAgICMgYXBwZW5kIG5ld19jYXBfbGlzdCB0byBjdXJfY2FwX2xpc3QgdG8g + bWFpbnRhaW4gdGhlIG9yZGVyIG9mIGNhcHMKICAgICAgICAgICAgY3VyX2NhcF9wZXJtX2xpc3Qu + ZXh0ZW5kKG5ld19jYXBfcGVybV9saXN0KQogICAgICAgICAgICAjIGVsaW1pbmF0ZSBkdXBsaWNh + dGVzIHdpdGhvdXQgdXNpbmcgJ3NldCcKICAgICAgICAgICAgIyBzZXQgcmUtb3JkZXJzIGl0ZW1z + IGluIHRoZSBsaXN0IGFuZCB3ZSBoYXZlIHRvIGtlZXAgdGhlIG9yZGVyCiAgICAgICAgICAgIG5l + d19jYXBfbGlzdCA9IFtdCiAgICAgICAgICAgIFtuZXdfY2FwX2xpc3QuYXBwZW5kKHgpIGZvciB4 + IGluIGN1cl9jYXBfcGVybV9saXN0IGlmIHggbm90IGluIG5ld19jYXBfbGlzdF0KICAgICAgICAg + ICAgZXhpc3RpbmdfY2Fwc1tlYWNoQ2FwXSA9ICIsICIuam9pbihuZXdfY2FwX2xpc3QpCiAgICAg + ICAgICAgIGlmIGV4aXN0aW5nX2NhcHNbZWFjaENhcF06CiAgICAgICAgICAgICAgICBjYXBzLmFw + cGVuZChlYWNoQ2FwKQogICAgICAgICAgICAgICAgY2Fwcy5hcHBlbmQoZXhpc3RpbmdfY2Fwc1tl + YWNoQ2FwXSkKICAgICAgICBjbWRfanNvbiA9IHsKICAgICAgICAgICAgInByZWZpeCI6ICJhdXRo + IGNhcHMiLAogICAgICAgICAgICAiZW50aXR5IjogdXNlciwKICAgICAgICAgICAgImNhcHMiOiBj + YXBzLAogICAgICAgICAgICAiZm9ybWF0IjogImpzb24iLAogICAgICAgIH0KICAgICAgICByZXRf + dmFsLCBqc29uX291dCwgZXJyX21zZyA9IHNlbGYuX2NvbW1vbl9jbWRfanNvbl9nZW4oY21kX2pz + b24pCiAgICAgICAgaWYgcmV0X3ZhbCAhPSAwOgogICAgICAgICAgICByYWlzZSBFeGVjdXRpb25G + YWlsdXJlRXhjZXB0aW9uKAogICAgICAgICAgICAgICAgZiInYXV0aCBjYXBzIHt1c2VyfScgY29t + bWFuZCBmYWlsZWQuXG4gRXJyb3I6IHtlcnJfbXNnfSIKICAgICAgICAgICAgKQogICAgICAgIHBy + aW50KGYiVXBkYXRlZCB1c2VyIHt1c2VyfSBzdWNjZXNzZnVsbHkuIikKCiAgICBkZWYgbWFpbihz + ZWxmKToKICAgICAgICBnZW5lcmF0ZWRfb3V0cHV0ID0gIiIKICAgICAgICBpZiBzZWxmLl9hcmdf + cGFyc2VyLnVwZ3JhZGU6CiAgICAgICAgICAgIHNlbGYudXBncmFkZV91c2Vyc19wZXJtaXNzaW9u + cygpCiAgICAgICAgZWxpZiBzZWxmLl9hcmdfcGFyc2VyLmZvcm1hdCA9PSAianNvbiI6CiAgICAg + ICAgICAgIGdlbmVyYXRlZF9vdXRwdXQgPSBzZWxmLmdlbl9qc29uX291dCgpCiAgICAgICAgZWxp + ZiBzZWxmLl9hcmdfcGFyc2VyLmZvcm1hdCA9PSAiYmFzaCI6CiAgICAgICAgICAgIGdlbmVyYXRl + ZF9vdXRwdXQgPSBzZWxmLmdlbl9zaGVsbF9vdXQoKQogICAgICAgIGVsc2U6CiAgICAgICAgICAg + IHJhaXNlIEV4ZWN1dGlvbkZhaWx1cmVFeGNlcHRpb24oCiAgICAgICAgICAgICAgICBmIlVuc3Vw + cG9ydGVkIGZvcm1hdDoge3NlbGYuX2FyZ19wYXJzZXIuZm9ybWF0fSIKICAgICAgICAgICAgKQog + ICAgICAgIHByaW50KGdlbmVyYXRlZF9vdXRwdXQpCiAgICAgICAgaWYgc2VsZi5vdXRwdXRfZmls + ZSBhbmQgZ2VuZXJhdGVkX291dHB1dDoKICAgICAgICAgICAgZk91dCA9IG9wZW4oc2VsZi5vdXRw + dXRfZmlsZSwgbW9kZT0idyIsIGVuY29kaW5nPSJVVEYtOCIpCiAgICAgICAgICAgIGZPdXQud3Jp + dGUoZ2VuZXJhdGVkX291dHB1dCkKICAgICAgICAgICAgZk91dC5jbG9zZSgpCgoKIyMjIyMjIyMj + IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMjIyMjIyMjIyMjIyMjIyMj + IyMjIyBNQUlOICMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj + IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKaWYgX19uYW1lX18gPT0gIl9fbWFpbl9fIjoKICAgIHJq + T2JqID0gUmFkb3NKU09OKCkKICAgIHRyeToKICAgICAgICByak9iai5tYWluKCkKICAgIGV4Y2Vw + dCBFeGVjdXRpb25GYWlsdXJlRXhjZXB0aW9uIGFzIGVycjoKICAgICAgICBwcmludChmIkV4ZWN1 + dGlvbiBGYWlsZWQ6IHtlcnJ9IikKICAgICAgICByYWlzZSBlcnIKICAgIGV4Y2VwdCBLZXlFcnJv + ciBhcyBrRXJyOgogICAgICAgIHByaW50KGYiS2V5RXJyb3I6IHtrRXJyfSIpCiAgICBleGNlcHQg + T1NFcnJvciBhcyBvc0VycjoKICAgICAgICBwcmludChmIkVycm9yIHdoaWxlIHRyeWluZyB0byBv + dXRwdXQgdGhlIGRhdGE6IHtvc0Vycn0iKQogICAgZmluYWxseToKICAgICAgICByak9iai5zaHV0 + ZG93bigpCg== name: rook-ceph-operator.v4.18.0 namespace: placeholder spec: From 94be22798453a1cc340793c5d1f8403a798f8a54 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 12:12:26 +0000 Subject: [PATCH 37/49] build(deps): bump sigs.k8s.io/controller-runtime Bumps the k8s-dependencies group with 1 update: [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). Updates `sigs.k8s.io/controller-runtime` from 0.20.0 to 0.20.1 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.20.0...v0.20.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 70e67794ce91..082210c588d8 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( k8s.io/client-go v0.32.1 k8s.io/cloud-provider v0.32.1 k8s.io/utils v0.0.0-20241210054802-24370beab758 - sigs.k8s.io/controller-runtime v0.20.0 + sigs.k8s.io/controller-runtime v0.20.1 sigs.k8s.io/mcs-api v0.1.0 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index ff73d3e122ac..8d7f184e5f38 100644 --- a/go.sum +++ b/go.sum @@ -1702,8 +1702,8 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/controller-runtime v0.2.2/go.mod h1:9dyohw3ZtoXQuV1e766PHUn+cmrRCIcBh6XIMFNMZ+I= sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gEORz0efEja7A= -sigs.k8s.io/controller-runtime v0.20.0 h1:jjkMo29xEXH+02Md9qaVXfEIaMESSpy3TBWPrsfQkQs= -sigs.k8s.io/controller-runtime v0.20.0/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU= +sigs.k8s.io/controller-runtime v0.20.1 h1:JbGMAG/X94NeM3xvjenVUaBjy6Ui4Ogd/J5ZtjZnHaE= +sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU= sigs.k8s.io/controller-tools v0.3.0/go.mod h1:enhtKGfxZD1GFEoMgP8Fdbu+uKQ/cq1/WGJhdVChfvI= sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= From 244631ca2d771301d543fcd13656fab13f587cf5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 12:41:54 +0000 Subject: [PATCH 38/49] build(deps): bump docker/setup-qemu-action from 3.2.0 to 3.3.0 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/49b3bc8e6bdd4a60e6116a5414239cba5943d3cf...53851d14592bedcffcf25ea515637cff71ef929a) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/push-build.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3737df1b8ab5..a389dcd9741c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -84,7 +84,7 @@ jobs: go-version: ${{ matrix.go-version }} - name: set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # master + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # master with: platforms: all diff --git a/.github/workflows/push-build.yaml b/.github/workflows/push-build.yaml index 9163c524da19..00061edbf5bf 100644 --- a/.github/workflows/push-build.yaml +++ b/.github/workflows/push-build.yaml @@ -31,7 +31,7 @@ jobs: # docker/setup-qemu action installs QEMU static binaries, which are used to run builders for architectures other than the host. - name: set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # master + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # master with: platforms: all From ec78ed5885d19958e3fda896daf23d5ae30a090f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 12:41:56 +0000 Subject: [PATCH 39/49] build(deps): bump actions/stale from 9.0.0 to 9.1.0 Bumps [actions/stale](https://github.com/actions/stale) from 9.0.0 to 9.1.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/28ca1036281a5e5922ead5184a1bbf96e5fc984e...5bef64f19d7facfb25b37b414482c7164d639639) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/stale.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 8b9c884549a0..b63b0a07428c 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-22.04 if: github.repository == 'rook/rook' steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-issue-stale: 60 From 382dccce75712fe7c274dc30764efde39a05d799 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 12:42:02 +0000 Subject: [PATCH 40/49] build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/3041bf56c941b39c61721a86cd11f3bb1338122a...f111f3307d8850f501ac008e886eec1fd1932a34) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 4 ++-- .github/workflows/codegen.yml | 2 +- .github/workflows/crds-gen.yml | 2 +- .github/workflows/daily-nightly-jobs.yml | 2 +- .github/workflows/docs-check.yml | 2 +- .github/workflows/golangci-lint.yaml | 4 ++-- .github/workflows/mod-check.yml | 2 +- .github/workflows/multus.yaml | 2 +- .github/workflows/push-build.yaml | 2 +- .github/workflows/rbac-gen.yaml | 2 +- .github/workflows/unit-test.yml | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3737df1b8ab5..e5bed94630c4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,7 +25,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" @@ -79,7 +79,7 @@ jobs: fetch-depth: 0 - name: setup golang ${{ matrix.go-version }} - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ matrix.go-version }} diff --git a/.github/workflows/codegen.yml b/.github/workflows/codegen.yml index a537a815b371..5efedac88e9c 100644 --- a/.github/workflows/codegen.yml +++ b/.github/workflows/codegen.yml @@ -34,7 +34,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" diff --git a/.github/workflows/crds-gen.yml b/.github/workflows/crds-gen.yml index 07c51a34fbe3..60d6d1eba66c 100644 --- a/.github/workflows/crds-gen.yml +++ b/.github/workflows/crds-gen.yml @@ -33,7 +33,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" diff --git a/.github/workflows/daily-nightly-jobs.yml b/.github/workflows/daily-nightly-jobs.yml index 35beb92a4ecd..47ae30ebad78 100644 --- a/.github/workflows/daily-nightly-jobs.yml +++ b/.github/workflows/daily-nightly-jobs.yml @@ -29,7 +29,7 @@ jobs: use-tmate: ${{ secrets.USE_TMATE }} - name: setup golang - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" diff --git a/.github/workflows/docs-check.yml b/.github/workflows/docs-check.yml index 6261504f1c5e..c0996db05eb7 100644 --- a/.github/workflows/docs-check.yml +++ b/.github/workflows/docs-check.yml @@ -28,7 +28,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml index 37cd6b6a8b8a..ea0cf85e649e 100644 --- a/.github/workflows/golangci-lint.yaml +++ b/.github/workflows/golangci-lint.yaml @@ -27,7 +27,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" - name: golangci-lint @@ -52,7 +52,7 @@ jobs: name: govulncheck runs-on: ubuntu-latest steps: - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" check-latest: true diff --git a/.github/workflows/mod-check.yml b/.github/workflows/mod-check.yml index 0cf3442b351c..e7d9389344f0 100644 --- a/.github/workflows/mod-check.yml +++ b/.github/workflows/mod-check.yml @@ -33,7 +33,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" diff --git a/.github/workflows/multus.yaml b/.github/workflows/multus.yaml index 6b8a447bff25..928d80cdb754 100644 --- a/.github/workflows/multus.yaml +++ b/.github/workflows/multus.yaml @@ -41,7 +41,7 @@ jobs: fetch-depth: 0 - name: Set up Go version - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" diff --git a/.github/workflows/push-build.yaml b/.github/workflows/push-build.yaml index 9163c524da19..66fa12d1ec6f 100644 --- a/.github/workflows/push-build.yaml +++ b/.github/workflows/push-build.yaml @@ -25,7 +25,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" diff --git a/.github/workflows/rbac-gen.yaml b/.github/workflows/rbac-gen.yaml index b7e1d657bacb..b463f4d607b7 100644 --- a/.github/workflows/rbac-gen.yaml +++ b/.github/workflows/rbac-gen.yaml @@ -33,7 +33,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index ce521df06aa6..80d15e862764 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -41,7 +41,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" From c91f48267f894d5206c50b09570f196a5a6a8615 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 12:42:08 +0000 Subject: [PATCH 41/49] build(deps): bump github/codeql-action from 3.27.9 to 3.28.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.9 to 3.28.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/df409f7d9260372bd5f19e5b04e83cb3c43714ae...f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f1bf28cd06b1..39d40902b7f6 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -64,6 +64,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: results.sarif From 64469ed84a543664215ba0ebafb9e5435f86774a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 12:42:12 +0000 Subject: [PATCH 42/49] build(deps): bump DavidAnson/markdownlint-cli2-action Bumps [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) from 18.0.0 to 19.1.0. - [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases) - [Commits](https://github.com/davidanson/markdownlint-cli2-action/compare/eb5ca3ab411449c66620fe7f1b3c9e10547144b0...05f32210e84442804257b2a6f20b273450ec8265) --- updated-dependencies: - dependency-name: DavidAnson/markdownlint-cli2-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docs-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docs-check.yml b/.github/workflows/docs-check.yml index 6261504f1c5e..0751d91c59f9 100644 --- a/.github/workflows/docs-check.yml +++ b/.github/workflows/docs-check.yml @@ -36,7 +36,7 @@ jobs: with: python-version: 3.9 - - uses: DavidAnson/markdownlint-cli2-action@eb5ca3ab411449c66620fe7f1b3c9e10547144b0 # v18.0.0 + - uses: DavidAnson/markdownlint-cli2-action@05f32210e84442804257b2a6f20b273450ec8265 # v19.1.0 with: globs: | Documentation/**/*.md From c3ed3fc2a2ec54e489c56b5b07bcfa792956819c Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 24 Jan 2025 19:28:45 +0100 Subject: [PATCH 43/49] build: add make target lint The newly added make target 'lint' runs various linters on the code base. Signed-off-by: Michael Adam --- Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 64ee14c20e41..da2bbbd2a61f 100644 --- a/Makefile +++ b/Makefile @@ -161,9 +161,12 @@ fmt: ## Check formatting of go sources. yamllint: yamllint -c .yamllint deploy/examples/ --no-warnings +.PHONY: lint +lint: yamllint pylint shellcheck vet ## Run various linters + .PHONY: pylint pylint: - pylint $(shell find $(ROOT_DIR) -name '*.py') -E + pylint $(shell find $(ROOT_DIR) -name '*.py') -E .PHONY: shellcheck shellcheck: From 7a934393a980b8e36fab3083b51870282a18980f Mon Sep 17 00:00:00 2001 From: Praveen M Date: Mon, 27 Jan 2025 19:29:14 +0530 Subject: [PATCH 44/49] csi: update RBACs needed for csi-omap-generator sidecar ceph/ceph-csi/pull/4750 added a new controller that watches for the VolumeGroupReplicationContent CR and regenerates the OMAP data. This change needs RBACs for VolumeGroupReplicationContent and VolumeGroupReplicationClass CR. This commit updates the same for the `rbd-external-provisioner-runner` ClusterRole. Signed-off-by: Praveen M --- deploy/charts/rook-ceph/templates/clusterrole.yaml | 6 ++++++ deploy/examples/common.yaml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/deploy/charts/rook-ceph/templates/clusterrole.yaml b/deploy/charts/rook-ceph/templates/clusterrole.yaml index cc3735b7cc63..76f79d9221f9 100644 --- a/deploy/charts/rook-ceph/templates/clusterrole.yaml +++ b/deploy/charts/rook-ceph/templates/clusterrole.yaml @@ -655,6 +655,12 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] + - apiGroups: ["replication.storage.openshift.io"] + resources: ["volumegroupreplicationcontents"] + verbs: ["get", "list", "watch"] + - apiGroups: ["replication.storage.openshift.io"] + resources: ["volumegroupreplicationclasses"] + verbs: ["get", "list", "watch"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 diff --git a/deploy/examples/common.yaml b/deploy/examples/common.yaml index c5c8d502fc15..08b9de99a8fb 100644 --- a/deploy/examples/common.yaml +++ b/deploy/examples/common.yaml @@ -216,6 +216,12 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] + - apiGroups: ["replication.storage.openshift.io"] + resources: ["volumegroupreplicationcontents"] + verbs: ["get", "list", "watch"] + - apiGroups: ["replication.storage.openshift.io"] + resources: ["volumegroupreplicationclasses"] + verbs: ["get", "list", "watch"] --- # The cluster role for managing all the cluster-specific resources in a namespace apiVersion: rbac.authorization.k8s.io/v1 From 3761fda37fe5b86f0735d4d94022de3c7e408744 Mon Sep 17 00:00:00 2001 From: subhamkrai Date: Fri, 31 Jan 2025 16:26:06 +0530 Subject: [PATCH 45/49] csi: update csi-operator to v0.2.0 this commits updates the csi-operator to v0.2.0 and also brings latest yaml updates Signed-off-by: subhamkrai --- deploy/examples/csi-operator.yaml | 282 ++++++++++++++++++++++++++++-- 1 file changed, 272 insertions(+), 10 deletions(-) diff --git a/deploy/examples/csi-operator.yaml b/deploy/examples/csi-operator.yaml index 5eaaf127ccd6..737e5f34d7b2 100644 --- a/deploy/examples/csi-operator.yaml +++ b/deploy/examples/csi-operator.yaml @@ -1277,6 +1277,59 @@ spec: type: string description: Pod's annotations type: object + deploymentStrategy: + description: |- + DeploymentStrategy describes how to replace existing pods with new ones + Default value is RollingUpdate with MaxUnavailable and MaxSurege as 25% (kubernetes default) + properties: + rollingUpdate: + description: |- + Rolling update config params. Present only if DeploymentStrategyType = + RollingUpdate. + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 25%. + Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + the rolling update starts, such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that total number of pods running + at any time during the update is at most 130% of desired pods. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + that the total number of pods available at all times during the update is at + least 70% of desired pods. + x-kubernetes-int-or-string: true + type: object + type: + description: + Type of deployment. Can be "Recreate" or "RollingUpdate". + Default is RollingUpdate. + type: string + type: object imagePullPolicy: description: To indicate the image pull policy to be applied to @@ -3839,8 +3892,8 @@ spec: description: |- OMAP generator will generate the omap mapping between the PV name and the RBD image. Need to be enabled when we are using rbd mirroring feature. - By default OMAP generator sidecar is deployed with Csi controller plugin pod, to disable - it set it to false. + By default OMAP generator sidecar is not deployed with Csi controller plugin pod, to enable + it set it to true. type: boolean grpcTimeout: description: @@ -8346,6 +8399,59 @@ spec: type: string description: Pod's annotations type: object + deploymentStrategy: + description: |- + DeploymentStrategy describes how to replace existing pods with new ones + Default value is RollingUpdate with MaxUnavailable and MaxSurege as 25% (kubernetes default) + properties: + rollingUpdate: + description: |- + Rolling update config params. Present only if DeploymentStrategyType = + RollingUpdate. + --- + TODO: Update this to follow our convention for oneOf, whatever we decide it + to be. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to 25%. + Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + the rolling update starts, such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, + new ReplicaSet can be scaled up further, ensuring that total number of pods running + at any time during the update is at most 130% of desired pods. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to 25%. + Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + that the total number of pods available at all times during the update is at + least 70% of desired pods. + x-kubernetes-int-or-string: true + type: object + type: + description: + Type of deployment. Can be "Recreate" or + "RollingUpdate". Default is RollingUpdate. + type: string + type: object imagePullPolicy: description: To indicate the image pull policy to be applied @@ -10955,8 +11061,8 @@ spec: description: |- OMAP generator will generate the omap mapping between the PV name and the RBD image. Need to be enabled when we are using rbd mirroring feature. - By default OMAP generator sidecar is deployed with Csi controller plugin pod, to disable - it set it to false. + By default OMAP generator sidecar is not deployed with Csi controller plugin pod, to enable + it set it to true. type: boolean grpcTimeout: description: @@ -14538,6 +14644,34 @@ rules: - csiaddons.openshift.io resources: - csiaddonsnodes + verbs: + - get + - create + - update + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews verbs: - create --- @@ -14603,6 +14737,34 @@ rules: - csiaddons.openshift.io resources: - csiaddonsnodes + verbs: + - get + - create + - update + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews verbs: - create --- @@ -14616,6 +14778,34 @@ rules: - csiaddons.openshift.io resources: - csiaddonsnodes + verbs: + - get + - create + - update + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews verbs: - create --- @@ -14681,6 +14871,28 @@ rules: verbs: - get - list + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -14692,6 +14904,7 @@ rules: - create - delete - patch + - update - apiGroups: - "" resources: @@ -14773,6 +14986,43 @@ rules: verbs: - update - patch + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents/status + verbs: + - update + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -15375,6 +15625,7 @@ rules: - create - delete - patch + - update - apiGroups: - "" resources: @@ -15491,21 +15742,30 @@ rules: verbs: - create - apiGroups: - - "" + - groupsnapshot.storage.k8s.io resources: - - nodes + - volumegroupsnapshotclasses verbs: - get - list - - watch" + - watch - apiGroups: - - storage.k8s.io + - groupsnapshot.storage.k8s.io resources: - - csinodes + - volumegroupsnapshotcontents verbs: - get - list - watch + - update + - patch + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents/status + verbs: + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -15802,7 +16062,9 @@ spec: fieldPath: metadata.namespace - name: CSI_SERVICE_ACCOUNT_PREFIX value: ceph-csi- - image: quay.io/cephcsi/ceph-csi-operator:v0.1.0 + - name: WATCH_NAMESPACE + value: "" + image: quay.io/cephcsi/ceph-csi-operator:v0.2.0 livenessProbe: httpGet: path: /healthz From 98e188aa9bf4d9c1c27c2eee1d1c1095f1b09b11 Mon Sep 17 00:00:00 2001 From: DF Build Team Date: Mon, 3 Feb 2025 03:06:58 -0500 Subject: [PATCH 46/49] csv: add additional csv changes that other commits bring add generated csv changes Signed-off-by: DF Build Team --- ...rook-ceph-operator.clusterserviceversion.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/build/csv/ceph/rook-ceph-operator.clusterserviceversion.yaml b/build/csv/ceph/rook-ceph-operator.clusterserviceversion.yaml index 6799b97aef06..c915c10ff570 100644 --- a/build/csv/ceph/rook-ceph-operator.clusterserviceversion.yaml +++ b/build/csv/ceph/rook-ceph-operator.clusterserviceversion.yaml @@ -3003,6 +3003,22 @@ spec: - get - list - watch + - apiGroups: + - replication.storage.openshift.io + resources: + - volumegroupreplicationcontents + verbs: + - get + - list + - watch + - apiGroups: + - replication.storage.openshift.io + resources: + - volumegroupreplicationclasses + verbs: + - get + - list + - watch serviceAccountName: rook-csi-rbd-provisioner-sa - rules: - verbs: From 12b19a425425257f5bdb5d628130b40ec498e2ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Feb 2025 12:39:05 +0000 Subject: [PATCH 47/49] build(deps): bump aws-actions/configure-aws-credentials Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/e3dd6a429d7300a6a4c196c26e071d42e0343502...4fc4975a852c8cd99761e2de1f4ba73402e44dd9) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/push-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-build.yaml b/.github/workflows/push-build.yaml index dda5ee5ca489..75c7266a56cd 100644 --- a/.github/workflows/push-build.yaml +++ b/.github/workflows/push-build.yaml @@ -42,7 +42,7 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3 with: aws-access-key-id: ${{ secrets.AWS_USR }} aws-secret-access-key: ${{ secrets.AWS_PSW }} From 076bc400ac632082c60499b1bc4bf70725d991c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Feb 2025 12:39:15 +0000 Subject: [PATCH 48/49] build(deps): bump actions/setup-python from 5.3.0 to 5.4.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.3.0 to 5.4.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/0b93645e9fea7318ecaed2b359559ac225c90a2b...42375524e23c412d93fb67b49958b491fce71c38) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docs-check.yml | 2 +- .github/workflows/helm-lint.yaml | 2 +- .github/workflows/linters.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docs-check.yml b/.github/workflows/docs-check.yml index d278aad74549..81701a916ed8 100644 --- a/.github/workflows/docs-check.yml +++ b/.github/workflows/docs-check.yml @@ -32,7 +32,7 @@ jobs: with: go-version: "1.23" - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: 3.9 diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml index 40d6e36e0c7f..7283819fb9c5 100644 --- a/.github/workflows/helm-lint.yaml +++ b/.github/workflows/helm-lint.yaml @@ -35,7 +35,7 @@ jobs: with: version: v3.6.2 - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: 3.9 diff --git a/.github/workflows/linters.yaml b/.github/workflows/linters.yaml index c4a741384bd0..db72d3c18224 100644 --- a/.github/workflows/linters.yaml +++ b/.github/workflows/linters.yaml @@ -28,7 +28,7 @@ jobs: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: 3.9 @@ -46,7 +46,7 @@ jobs: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: 3.9 From 401d8f7d1d0a3ca6df288151b20e9faaf930e70d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Feb 2025 12:39:19 +0000 Subject: [PATCH 49/49] build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.5 to 3.28.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4...dd746615b3b9d728a6a37ca2045b68ca76d4841a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 39d40902b7f6..5a9800d1444f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -64,6 +64,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: sarif_file: results.sarif