Sync from upstream release-1.8 to downstream release-4.10 #326
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adding section `disruptionManagement` which was removed unintentionally in PR 8381. Signed-off-by: subhamkrai <srai@redhat.com> (cherry picked from commit 0b0c8da)
docs: add section for `disruptionManagement` (backport #9522)
The latest lib-bucket-provisioner has a corner case fix for a bucket with `generateName` equal to exactly 27 chars, which will result in an ObjectBucket with 64 chars. 63 chars is the max allowed by Kubernetes. See: kube-object-storage/lib-bucket-provisioner#220 Signed-off-by: Blaine Gardner <blaine.gardner@redhat.com> (cherry picked from commit ae306e4)
object: update to latest lib-bucket-provisioner (backport #9529)
rgw: fix startup probe (backport #9533)
With the patch release the examples and docs are updated to v1.8.2 Signed-off-by: Travis Nielsen <tnielsen@redhat.com>
build: Update release version to v1.8.2
The local build tag replacement in the CI should work the same whether in master or release branches, so we use a regex to match any rook/ceph tag to be renamed to the local-build tag. Signed-off-by: Travis Nielsen <tnielsen@redhat.com> (cherry picked from commit 7167de0)
Rook needs to be able to watch all `ceph.rook.io` resources to reconcile them; however, it does not need blanket verb privileges. Reduce the privileges as much as possible. Ideally, Rook would only have update permissions to status and finalizers of resources; however, finalizers are not a full-fledged subresource at this time, and "update" permissions must be maintained for `ceph.rook.io` resources. Signed-off-by: Blaine Gardner <blaine.gardner@redhat.com> (cherry picked from commit 684fe30)
core: limit use of wildcards in cluster-scoped rbac (backport #9485)
build: Replace local build tag with regex (backport #9539)
Added a clusterName, poolName , filesystemName, radosNamespace as a suffix on ceph auth principals for external cluster so every csi authentication would be unique if restricted_auth_permission flag is specified. Closes: #9192 Signed-off-by: parth-gr <paarora@redhat.com> (cherry picked from commit 6ed7423)
cephfs_filesystem_name flag isn't mandatory if restricted_auth_permission is on. Signed-off-by: parth-gr <paarora@redhat.com> (cherry picked from commit 4a3088c)
security: update auth permissions for external cluster (backport #9411)
Previously we were using the namespace, it's a mistake, even though most clusters use the same name as the namespace. Let's be precise and use the cluster name when looking for it. Signed-off-by: Sébastien Han <seb@redhat.com> (cherry picked from commit 0a54db9)
right now the RoleBinding for monitoring is created with the cluster namespace as the subject this causes the operator to loop on reconcile due to it not having permissions to create monitors in the other cluster moving the subject to the operator namespace fixes this Signed-off-by: Henry Zhang <me@henry.dev> (cherry picked from commit 3d89834)
osd: use cluster name when fetching the cephcluster (backport #9560)
helm: use operatorNamespace if exists for monitoring RBAC (backport #9554)
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: leseb The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sync from upstream release-1.8 to downstream release-4.10