-
Notifications
You must be signed in to change notification settings - Fork 547
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nfs: add support for secTypes
parameter in StorageClass
#3434
Conversation
204b512
to
6603ef3
Compare
This pull request now has conflicts with the target branch. Could you please resolve conflicts and force push the corrected changes? 🙏 |
a8d6bbf
to
9a746d0
Compare
/test ci/centos/mini-e2e-helm/k8s-1.25 |
This pull request now has conflicts with the target branch. Could you please resolve conflicts and force push the corrected changes? 🙏 |
9a746d0
to
3f05754
Compare
3f05754
to
313e8a5
Compare
313e8a5
to
137e7a1
Compare
/test ci/centos/mini-e2e-helm/k8s-1.26 |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in two weeks if no further activity occurs. Thank you for your contributions. |
137e7a1
to
de64e99
Compare
de64e99
to
814604e
Compare
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in two weeks if no further activity occurs. Thank you for your contributions. |
814604e
to
b3e6b7e
Compare
https://lists.ceph.io/hyperkitty/list/dev@ceph.io/thread/F4BKECRD2MQ3D7DEQBLU7OPYZINDXAFG/ announces that Ceph 17.2.6 RC is available. Once the release is done, and the updated container-image is mirrored in the CI, this PR should can be rebased and tested. |
@spuiuk you are probably interested in this 😃 |
b3e6b7e
to
7343860
Compare
v17.2.6 Quincy has been released, so this can finally be tested |
/test ci/centos/mini-e2e/k8s-1.27 |
@Mergifyio rebase |
✅ Branch has been successfully rebased |
|
||
By("create a storageclass with sys,krb5i security and a PVC then bind it to an app", func() { | ||
err := createNFSStorageClass(f.ClientSet, f, false, map[string]string{ | ||
"secTypes": "sys,krb5i", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add validation to ensure the secTypes are set in the exported path?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that is difficult... Ceph Mgr generates a configuration snippet in json-like format for NFS-Ganesha, and stores it directly in some internal RADOS pool. We would need to fetch that configuration snippet and parse the NFS-Ganesha options. Possible, but difficult.
In the (hopefully) near future, we should be able to do a mount with Kerberos. Once that functionality lands, exporting with Kerberos will be automatically tested.
@@ -45,5 +45,10 @@ parameters: | |||
# If omitted, defaults to "csi-vol-". | |||
volumeNamePrefix: nfs-export- | |||
|
|||
# (optional) Security requirements for the NFS-export. Valid flavours | |||
# include: none, sys, krb5, krb5i and krb5p. The <sectype-list> is a comma | |||
# delimited string, for example "sys,krb5". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good to mention the supported ceph version for this option
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I can include that now the changes are included in Ceph.
CephNFS can enable different security flavours for exported volumes. This can be configured in the optional `secTypes` parameter in the StorageClass. Signed-off-by: Niels de Vos <ndevos@redhat.com>
6e7c3e7
to
c0bde56
Compare
@Mergifyio rebase |
✅ Nothing to do for rebase action |
/test ci/centos/k8s-e2e-external-storage/1.24 |
/test ci/centos/k8s-e2e-external-storage/1.25 |
/test ci/centos/k8s-e2e-external-storage/1.26 |
/test ci/centos/k8s-e2e-external-storage/1.27 |
/test ci/centos/mini-e2e-helm/k8s-1.24 |
/test ci/centos/mini-e2e-helm/k8s-1.25 |
/test ci/centos/mini-e2e-helm/k8s-1.26 |
/test ci/centos/mini-e2e-helm/k8s-1.27 |
/test ci/centos/mini-e2e/k8s-1.24 |
/test ci/centos/mini-e2e/k8s-1.25 |
/test ci/centos/mini-e2e/k8s-1.26 |
/test ci/centos/mini-e2e/k8s-1.27 |
/test ci/centos/upgrade-tests-cephfs |
/test ci/centos/upgrade-tests-rbd |
@Mergifyio queue |
✅ The pull request has been merged automaticallyThe pull request has been merged automatically at 8265abc |
CephNFS can enable different security flavours for exported volumes.
This can be configured in the optional
secTypes
parameter in theStorageClass.
Depends-on: ceph/ceph#48531
Related: rook/rook#11869
Closes: #3387
Show available bot commands
These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:
/retest ci/centos/<job-name>
: retest the<job-name>
after unrelatedfailure (please report the failure too!)
/retest all
: run this in case the CentOS CI failed to start/report any testprogress or results