Skip to content

feat(helm): update rook-ceph group ( v1.14.5 → v1.20.1 )#387

Open
parsec-renovate[bot] wants to merge 1 commit into
mainfrom
renovate/rook-ceph
Open

feat(helm): update rook-ceph group ( v1.14.5 → v1.20.1 )#387
parsec-renovate[bot] wants to merge 1 commit into
mainfrom
renovate/rook-ceph

Conversation

@parsec-renovate

@parsec-renovate parsec-renovate Bot commented Feb 26, 2025

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Update Change
rook-ceph minor v1.14.5v1.20.1
rook-ceph-cluster minor v1.14.5v1.20.1

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

rook/rook (rook-ceph)

v1.20.1

Compare Source

Improvements

Rook v1.20.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

helm: Add rook compatible ceph csi driver values (#​17665, @​subhamkrai)
osd: Ensure require-osd-release set after a major Ceph upgrade (#​17546, @​Sunnatillo)
build: bump golang.org/x/crypto to v0.52.0 (#​17718, @​subhamkrai)
nvmeof: Use Ceph default gateway image when not specified in the nvmeof CR (#​17701, @​OdedViner)
core: Delete stale MDS and RGW pdbs (#​17700, @​sp98)
osd: Support using node labels for OSD device class assignment (#​17649, @​yuxiang-he)
csi: Disable csi-addons by default (#​17664, @​subhamkrai)
object: Clobber bucket policy on modify instead of merging (#​17643, @​archy-rock3t-cloud)
docs: Add an install guide for Two-Node Fenced clusters (#​17628, @​parth-gr)
docs: Add prerequisite to run udev (#​17760, @​sp98)
docs: External cluster documentation updated for the CSI operator (#​17690, @​parth-gr)
docs: Update csi-driver value.yaml reference link (#​17674, @​subhamkrai)

v1.20.0

Compare Source

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes
  • The Ceph CSI operator is required for managing CSI driver settings.
    • Upgrades will continue working with the existing settings that had been applied by Rook previously. Further updates to CSI settings will need to be updated by the Rook admin. Clusters with default CSI settings do not require customizations.
    • CSI settings are removed from the Rook operator configmap rook-ceph-operator-config and the rook-ceph Helm chart.
    • New installs must configure the CSI settings with the Ceph-CSI OperatorConfig and Driver CRs. Default settings are included in operator.yaml. For custom CSI settings, see the CSI Configuration for more details and examples.
    • For helm users, the Ceph CSI operator settings are configured by the ceph-csi-drivers chart. Custom CSI images remain configured by the rook-ceph chart values.
Features
  • Supported Kubernetes versions are v1.31 through v1.36.
  • SSE-S3 with Vault Agent: Added support for server-side encryption with SSE-S3 using HashiCorp Vault Agent authentication. See the CephObjectStore Security Settings for more details.
  • Unused CRUSH rule cleanup: Rook now deletes unused CRUSH rules by default after the Ceph mgr starts. If unused CRUSH rules should not be deleted, set ROOK_DELETE_UNUSED_CRUSH_RULES to false in the operator config.
  • Concurrently reconciling multiple Ceph Clusters with the setting ROOK_RECONCILE_CONCURRENT_CLUSTERS is declared stable.
  • Containers within a pod are now consistently reconciled by name instead of relying on the order in which they are declared. This is a defensive measure against the declaration order changing due to manipulation by a mutating webhook.
  • OSD resize with encrypted host-based OSDs: For encrypted OSDs (with encryptedDevice: true) with host-based (non-PVC) clusters, resizing the underlying disk now automatically expands encrypted OSDs.
  • RGW Accounts (Experimental): The CephObjectStoreAccount CRD manages RGW accounts. The accountReffield is added inCephObjectStoreUser to associate users with accounts. This feature is currently only testable with the Ceph main branch image (quay.ceph.io/ceph-ci/ceph:main`). See the Object Store Accounts documentation for more details.
  • Two-node clusters (Experimental): Rook allows a "floating" mon to migrate between the two nodes in case one node is down.

v1.19.7

Compare Source

Improvements

Rook v1.19.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.6

Compare Source

Improvements

Rook v1.19.6 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.5

Compare Source

Improvements

Rook v1.19.5 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.4

Compare Source

Improvements

Rook v1.19.4 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.3

Compare Source

Improvements

Rook v1.19.3 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.2

Compare Source

Improvements

Rook v1.19.2 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.1

Compare Source

Improvements

Rook v1.19.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

csi: Update to ceph csi operator to v0.5 (#​17029, @​subhamkrai)
security: Remove unnecessary nodes/proxy RBAC enablement (#​16979, @​ibotty)
helm: Set default ceph image pull policy (#​16954, @​travisn)
nfs: Add CephNFS.spec.server.{image,imagePullPolicy} fields (#​16982, @​jhoblitt)
osd: Assign correct osd container in case it is not index 0 (#​16969, @​kyrbrbik)
csi: Remove obsolete automated node fencing code (#​16922, @​subhamkrai)
osd: Enable proper cancellation during OSD reconcile (#​17022, @​sp98)
csi: Allow running the csi controller plugin on host network (#​16972, @​Madhu-1)
rgw: Update ca bundle mount perms to read-all (#​16968, @​BlaineEXE)
mon: Change do-not-reconcile to be more granular for individual mons (#​16939, @​travisn)
build(deps): Bump the k8s-dependencies group with 6 updates (#​16846, @​dependabot[bot])
doc: add csi-operator example in configuration doc (#​17001, @​subhamkrai)

v1.19.0

Compare Source

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes
  • The supported Kubernetes versions are v1.30 - v1.35
  • The minimum supported Ceph version is v19.2.0. Rook v1.18 clusters running Ceph v18 must upgrade
    to Ceph v19.2.0 or higher before upgrading Rook.
  • The behavior of the activeStandby property in the CephFilesystem CRD has changed. When set to false, the standby MDS daemon deployment will be scaled down and removed, rather than only disabling the standby cache while the daemon remains running.
  • Helm: The rook-ceph-cluster chart has changed where the Ceph image is defined, to allow separate settings for the repository and tag. For more details, see the Rook upgrade guide.
  • In external mode, when users provide a Ceph admin keyring to Rook, Rook will no longer create CSI Ceph clients automatically. This approach will provide more consistency to configure external mode clusters via the same external Python script.
Features
  • Experimental: NVMe over Fabrics (NVMe-oF) allows RBD volumes to be exposed and accessed via the NVMe/TCP protocol. This enables both Kubernetes pods within the cluster and external clients outside the cluster to connect to Ceph block storage using standard NVMe-oF initiators, providing high-performance block storage access over the network. See the NVMe-oF Configuration Guide to get started.
  • CephCSI v3.16 Integration:
    • NVMe-oF CSI driver for provisioning and mounting volumes over the NVMe over Fabrics protocol
    • Improved fencing for RBD and CephFS volumes during node failure
    • Block volume usage statistics
    • Configurable block encryption cipher
  • Experimental: Allow concurrent reconciles of the CephCluster CR when there multiple clusters being managed by the same Rook operator. Concurrency is enabled by increasing the operator setting ROOK_RECONCILE_CONCURRENT_CLUSTERS to a value greater than 1.
  • Improved logging with namespaced names for the controllers for more consistency in troubleshooting the rook operator log.

v1.18.11

Compare Source

Improvements

Rook v1.18.11 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.10

Compare Source

Improvements

Rook v1.18.10 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.9

Compare Source

Improvements

Rook v1.18.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.8

Compare Source

Improvements

Rook v1.18.8 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.7

Compare Source

Improvements

Rook v1.18.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.6

Compare Source

Improvements

Rook v1.18.6 is a patch release with changes only in the rook-ceph helm chart. If not affected by #​16636 in v1.18.5, no need to update to this release.

v1.18.5

Compare Source

Improvements

Rook v1.18.5 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.4

Compare Source

Improvements

Rook v1.18.4 is a patch release with changes only in the rook-ceph-cluster helm chart. If not affected by #​16567 in v1.18.3, no need to update to this release.

v1.18.3

Compare Source

Improvements

Rook v1.18.3 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.2

Compare Source

Improvements

Rook v1.18.2 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.1

Compare Source

Improvements

Rook v1.18.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.0

Compare Source

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes
  • Kubernetes v1.29 is now the minimum version supported by Rook through the soon-to-be K8s release v1.34.
  • Helm versions 3.13 and newer are supported. Previously, only the latest version of helm was tested and the docs stated only version 3.x of helm as a prerequisite. Now rook supports the six most recent minor versions of helm along with their their patch updates.
  • Rook now validates node topology during CephCluster creation to prevent misconfigured CRUSH hierarchies for OSDs. If child labels like topology.rook.io/rack are duplicated across zones, cluster creation will fail. The check applies only to new clusters without OSDs. Clusters with existing OSDs will only log a warning and continue. If the checks are invalid in your topology, they can be suppressed by setting ROOK_SKIP_OSD_TOPOLOGY_CHECK=true in the rook-ceph-operator-config configmap.
Features
  • The Ceph CSI operator is now the default and recommended component for configuring CSI drivers for RBD, CephFS, and NFS volumes. The CSI operator has been factored out of Rook to run independently to manage the Ceph-CSI driver. 
    • During the upgrade and throughout the v1.18.x releases, Rook will automatically convert any Rook CSI settings to the new CSI operator CRs. This transition is expected to be completely transparent. In the future v1.19 release, Rook will relinquish direct control of these settings so advanced users can have more flexibility when configuring the CSI drivers. At that time, we will have a guide on configuring these new Ceph CSI operator CRs directly.
    • During install, as mentioned in the Quickstart Guide, there is a new manifest to be created: csi-operator.yaml
    • If installing with the helm chart, the Ceph CSI operator will automatically be installed by default with the new helm setting csi.rookUseCsiOperator in the rook-ceph chart.
    • If a blocking issue is found, the previous CSI driver can be re-enabled by setting ROOK_USE_CSI_OPERATOR: false in operator.yaml or by applying the helm setting csi.rookUseCsiOperator: false.
  • Ceph CSI v3.15 has a range of features and improvements for the RBD, CephFS, and NFS drivers. This release is supported both by the Ceph CSI operator and Rook's direct mode of configuration. Starting in the next release (at the end of the year), the Ceph CSI operator will be required to configure the CSI driver.
  • CephX key rotation is now available as an experimental feature for the CephX authentication keys used by Ceph daemons and clients. Users will begin to see new cephx status items on some Rook resources in newly-deployed Rook clusters. Users can also find spec.security.cephx settings that allow initiating CephX key rotation for various Ceph components. Full documentation for key rotation can be found here.
    • Ceph version v19.2.3+ is required for key rotation.
    • The Ceph admin and mon keys cannot yet be rotated. Implementation is still in progress while in experimental mode.
  • Add support for specifying the clusterID in the CephBlockPoolRadosNamespace and the CephFilesystemSubVolumeGroup CR.
  • When a mon is being failed over, if the assigned node no longer exists, the mon is failed over immediately instead of waiting for a
    20 minute timeout.
  • Support for Ceph Tentacle v20 will be available as soon as it is released.

v1.17.9

Compare Source

Improvements

Rook v1.17.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.17.8

Compare Source

Improvements

Rook v1.17.8 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.17.7

Compare Source

Improvements

Rook v1.17.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

Important: There is a known issue in Ceph v19.2.3 where object store bucket lifecycle deletion does not take effect. See #​16188 for more details.

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@github-actions

Copy link
Copy Markdown
--- kubernetes/apps/rook-ceph/rook-ceph/app Kustomization: flux-system/rook-ceph HelmRelease: rook-ceph/rook-ceph-operator

+++ kubernetes/apps/rook-ceph/rook-ceph/app Kustomization: flux-system/rook-ceph HelmRelease: rook-ceph/rook-ceph-operator

@@ -13,13 +13,13 @@

     spec:
       chart: rook-ceph
       sourceRef:
         kind: HelmRepository
         name: rook-ceph
         namespace: flux-system
-      version: v1.14.5
+      version: v1.16.4
   dependsOn:
   - name: snapshot-controller
     namespace: storage
   install:
     remediation:
       retries: 3
--- kubernetes/apps/rook-ceph/rook-ceph/cluster Kustomization: flux-system/rook-ceph-cluster HelmRelease: rook-ceph/rook-ceph-cluster

+++ kubernetes/apps/rook-ceph/rook-ceph/cluster Kustomization: flux-system/rook-ceph-cluster HelmRelease: rook-ceph/rook-ceph-cluster

@@ -13,13 +13,13 @@

     spec:
       chart: rook-ceph-cluster
       sourceRef:
         kind: HelmRepository
         name: rook-ceph
         namespace: flux-system
-      version: v1.14.5
+      version: v1.16.4
   dependsOn:
   - name: rook-ceph-operator
     namespace: rook-ceph
   - name: snapshot-controller
     namespace: storage
   install:

@github-actions

Copy link
Copy Markdown
--- HelmRelease: rook-ceph/rook-ceph-cluster Deployment: rook-ceph/rook-ceph-tools

+++ HelmRelease: rook-ceph/rook-ceph-cluster Deployment: rook-ceph/rook-ceph-tools

@@ -112,12 +112,13 @@

         - mountPath: /etc/ceph
           name: ceph-config
         - name: mon-endpoint-volume
           mountPath: /etc/rook
         - name: ceph-admin-secret
           mountPath: /var/lib/rook-ceph-mon
+      serviceAccountName: rook-ceph-default
       volumes:
       - name: ceph-admin-secret
         secret:
           secretName: rook-ceph-mon
           optional: false
           items:
--- HelmRelease: rook-ceph/rook-ceph-cluster PrometheusRule: rook-ceph/prometheus-ceph-rules

+++ HelmRelease: rook-ceph/rook-ceph-cluster PrometheusRule: rook-ceph/prometheus-ceph-rules

@@ -261,13 +261,13 @@

         severity: warning
         type: ceph_default
     - alert: CephDeviceFailurePredictionTooHigh
       annotations:
         description: The device health module has determined that devices predicted
           to fail can not be remediated automatically, since too many OSDs would be
-          removed from the cluster to ensure performance and availabililty. Prevent
+          removed from the cluster to ensure performance and availability. Prevent
           data integrity issues by adding new OSDs so that data may be relocated.
         documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#device-health-toomany
         summary: Too many devices are predicted to fail, unable to resolve
       expr: ceph_health_detail{name="DEVICE_HEALTH_TOOMANY"} == 1
       for: 1m
       labels:
@@ -504,13 +504,13 @@

       expr: ceph_health_detail{name="PG_RECOVERY_FULL"} == 1
       for: 1m
       labels:
         oid: 1.3.6.1.4.1.50495.1.2.1.7.5
         severity: critical
         type: ceph_default
-    - alert: CephPGUnavilableBlockingIO
+    - alert: CephPGUnavailableBlockingIO
       annotations:
         description: Data availability is reduced, impacting the cluster's ability
           to service I/O. One or more placement groups (PGs) are in a state that blocks
           I/O.
         documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-availability
         summary: PG is unavailable, blocking I/O
@@ -626,15 +626,15 @@

       labels:
         oid: 1.3.6.1.4.1.50495.1.2.1.8.3
         severity: warning
         type: ceph_default
     - alert: CephNodeNetworkBondDegraded
       annotations:
-        summary: Degraded Bond on Node {{ $labels.instance }}
         description: Bond {{ $labels.master }} is degraded on Node {{ $labels.instance
           }}.
+        summary: Degraded Bond on Node {{ $labels.instance }}
       expr: |
         node_bonding_slaves - node_bonding_active != 0
       labels:
         severity: warning
         type: ceph_default
     - alert: CephNodeDiskspaceWarning
@@ -662,12 +662,23 @@

         > 0))  )
       labels:
         severity: warning
         type: ceph_default
   - name: pools
     rules:
+    - alert: CephPoolGrowthWarning
+      annotations:
+        description: Pool '{{ $labels.name }}' will be full in less than 5 days assuming
+          the average fill-up rate of the past 48 hours.
+        summary: Pool growth rate may soon exceed capacity
+      expr: (predict_linear(ceph_pool_percent_used[2d], 3600 * 24 * 5) * on(pool_id,
+        instance, pod) group_right() ceph_pool_metadata) >= 95
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.9.2
+        severity: warning
+        type: ceph_default
     - alert: CephPoolBackfillFull
       annotations:
         description: A pool is approaching the near full threshold, which will prevent
           recovery/backfill operations from completing. Consider adding more capacity.
         summary: Free space in a pool is too low for recovery/backfill
       expr: ceph_health_detail{name="POOL_BACKFILLFULL"} > 0
@@ -718,22 +729,113 @@

       expr: ceph_healthcheck_slow_ops > 0
       for: 30s
       labels:
         severity: warning
         type: ceph_default
     - alert: CephDaemonSlowOps
-      for: 30s
-      expr: ceph_daemon_health_metrics{type="SLOW_OPS"} > 0
-      labels:
-        severity: warning
-        type: ceph_default
-      annotations:
-        summary: '{{ $labels.ceph_daemon }} operations are slow to complete'
+      annotations:
         description: '{{ $labels.ceph_daemon }} operations are taking too long to
           process (complaint time exceeded)'
         documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#slow-ops
+        summary: '{{ $labels.ceph_daemon }} operations are slow to complete'
+      expr: ceph_daemon_health_metrics{type="SLOW_OPS"} > 0
+      for: 30s
+      labels:
+        severity: warning
+        type: ceph_default
+  - name: hardware
+    rules:
+    - alert: HardwareStorageError
+      annotations:
+        description: Some storage devices are in error. Check `ceph health detail`.
+        summary: Storage devices error(s) detected
+      expr: ceph_health_detail{name="HARDWARE_STORAGE"} > 0
+      for: 30s
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.13.1
+        severity: critical
+        type: ceph_default
+    - alert: HardwareMemoryError
+      annotations:
+        description: DIMM error(s) detected. Check `ceph health detail`.
+        summary: DIMM error(s) detected
+      expr: ceph_health_detail{name="HARDWARE_MEMORY"} > 0
+      for: 30s
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.13.2
+        severity: critical
+        type: ceph_default
+    - alert: HardwareProcessorError
+      annotations:
+        description: Processor error(s) detected. Check `ceph health detail`.
+        summary: Processor error(s) detected
+      expr: ceph_health_detail{name="HARDWARE_PROCESSOR"} > 0
+      for: 30s
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.13.3
+        severity: critical
+        type: ceph_default
+    - alert: HardwareNetworkError
+      annotations:
+        description: Network error(s) detected. Check `ceph health detail`.
+        summary: Network error(s) detected
+      expr: ceph_health_detail{name="HARDWARE_NETWORK"} > 0
+      for: 30s
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.13.4
+        severity: critical
+        type: ceph_default
+    - alert: HardwarePowerError
+      annotations:
+        description: Power supply error(s) detected. Check `ceph health detail`.
+        summary: Power supply error(s) detected
+      expr: ceph_health_detail{name="HARDWARE_POWER"} > 0
+      for: 30s
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.13.5
+        severity: critical
+        type: ceph_default
+    - alert: HardwareFanError
+      annotations:
+        description: Fan error(s) detected. Check `ceph health detail`.
+        summary: Fan error(s) detected
+      expr: ceph_health_detail{name="HARDWARE_FANS"} > 0
+      for: 30s
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.13.6
+        severity: critical
+        type: ceph_default
+  - name: PrometheusServer
+    rules:
+    - alert: PrometheusJobMissing
+      annotations:
+        description: The prometheus job that scrapes from Ceph MGR is no longer defined,
+          this will effectively mean you'll have no metrics or alerts for the cluster.  Please
+          review the job definitions in the prometheus.yml file of the prometheus
+          instance.
+        summary: The scrape job for Ceph MGR is missing from Prometheus
+      expr: absent(up{job="rook-ceph-mgr"})
+      for: 30s
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.12.1
+        severity: critical
+        type: ceph_default
+    - alert: PrometheusJobExporterMissing
+      annotations:
+        description: The prometheus job that scrapes from Ceph Exporter is no longer
+          defined, this will effectively mean you'll have no metrics or alerts for
+          the cluster.  Please review the job definitions in the prometheus.yml file
+          of the prometheus instance.
+        summary: The scrape job for Ceph Exporter is missing from Prometheus
+      expr: sum(absent(up{job="rook-ceph-exporter"})) and sum(ceph_osd_metadata{ceph_version=~"^ceph
+        version (1[89]|[2-9][0-9]).*"}) > 0
+      for: 30s
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.12.1
+        severity: critical
+        type: ceph_default
   - name: rados
     rules:
     - alert: CephObjectMissing
       annotations:
         description: The latest version of a RADOS object can not be found, even though
           all OSDs are up. I/O requests for this object from clients will block (hang).
@@ -760,7 +862,218 @@

       expr: ceph_health_detail{name="RECENT_CRASH"} == 1
       for: 1m
       labels:
         oid: 1.3.6.1.4.1.50495.1.2.1.1.2
         severity: critical
         type: ceph_default
+  - name: rbdmirror
+    rules:
+    - alert: CephRBDMirrorImagesPerDaemonHigh
+      annotations:
+        description: Number of image replications per daemon is not supposed to go
+          beyond threshold 100
+        summary: Number of image replications are now above 100
+      expr: sum by (ceph_daemon, namespace) (ceph_rbd_mirror_snapshot_image_snapshots)
+        > 100
+      for: 1m
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.10.2
+        severity: critical
+        type: ceph_default
+    - alert: CephRBDMirrorImagesNotInSync
+      annotations:
+        description: Both local and remote RBD mirror images should be in sync.
+        summary: Some of the RBD mirror images are not in sync with the remote counter
+          parts.
+      expr: sum by (ceph_daemon, image, namespace, pool) (topk by (ceph_daemon, image,
+        namespace, pool) (1, ceph_rbd_mirror_snapshot_image_local_timestamp) - topk
+        by (ceph_daemon, image, namespace, pool) (1, ceph_rbd_mirror_snapshot_image_remote_timestamp))
+        != 0
+      for: 1m
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.10.3
+        severity: critical
+        type: ceph_default
+    - alert: CephRBDMirrorImagesNotInSyncVeryHigh
+      annotations:
+        description: More than 10% of the images have synchronization problems
+        summary: Number of unsynchronized images are very high.
+      expr: count by (ceph_daemon) ((topk by (ceph_daemon, image, namespace, pool)
+        (1, ceph_rbd_mirror_snapshot_image_local_timestamp) - topk by (ceph_daemon,
+        image, namespace, pool) (1, ceph_rbd_mirror_snapshot_image_remote_timestamp))
+        != 0) > (sum by (ceph_daemon) (ceph_rbd_mirror_snapshot_snapshots)*.1)
+      for: 1m
+      labels:
+        oid: 1.3.6.1.4.1.50495.1.2.1.10.4
+        severity: critical
+        type: ceph_default
+    - alert: CephRBDMirrorImageTransferBandwidthHigh
+      annotations:
[Diff truncated by flux-local]
--- HelmRelease: rook-ceph/rook-ceph-operator ConfigMap: rook-ceph/rook-ceph-operator-config

+++ HelmRelease: rook-ceph/rook-ceph-operator ConfigMap: rook-ceph/rook-ceph-operator-config

@@ -17,30 +17,29 @@

   CSI_ENABLE_NFS_SNAPSHOTTER: 'true'
   CSI_ENABLE_RBD_SNAPSHOTTER: 'true'
   CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: 'false'
   CSI_ENABLE_ENCRYPTION: 'false'
   CSI_ENABLE_OMAP_GENERATOR: 'false'
   CSI_ENABLE_HOST_NETWORK: 'true'
-  CSI_DISABLE_HOLDER_PODS: 'true'
   CSI_ENABLE_METADATA: 'false'
   CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: 'true'
   CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical
   CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical
   CSI_RBD_FSGROUPPOLICY: File
   CSI_CEPHFS_FSGROUPPOLICY: File
   CSI_NFS_FSGROUPPOLICY: File
   CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: ms_mode=prefer-crc
-  ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.11.0
-  ROOK_CSI_REGISTRAR_IMAGE: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1
-  ROOK_CSI_PROVISIONER_IMAGE: registry.k8s.io/sig-storage/csi-provisioner:v4.0.1
-  ROOK_CSI_SNAPSHOTTER_IMAGE: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.2
-  ROOK_CSI_ATTACHER_IMAGE: registry.k8s.io/sig-storage/csi-attacher:v4.5.1
-  ROOK_CSI_RESIZER_IMAGE: registry.k8s.io/sig-storage/csi-resizer:v1.10.1
+  ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.13.0
+  ROOK_CSI_REGISTRAR_IMAGE: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0
+  ROOK_CSI_PROVISIONER_IMAGE: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0
+  ROOK_CSI_SNAPSHOTTER_IMAGE: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0
+  ROOK_CSI_ATTACHER_IMAGE: registry.k8s.io/sig-storage/csi-attacher:v4.8.0
+  ROOK_CSI_RESIZER_IMAGE: registry.k8s.io/sig-storage/csi-resizer:v1.13.1
   ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent
   CSI_ENABLE_CSIADDONS: 'false'
-  ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.8.0
+  ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.11.0
   CSI_ENABLE_TOPOLOGY: 'false'
   ROOK_CSI_ENABLE_NFS: 'false'
   CSI_ENABLE_LIVENESS: 'true'
   CSI_FORCE_CEPHFS_KERNEL_CLIENT: 'true'
   CSI_GRPC_TIMEOUT_SECONDS: '150'
   CSI_PROVISIONER_REPLICAS: '2'
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-system

@@ -39,7 +39,51 @@

 - apiGroups:
   - apiextensions.k8s.io
   resources:
   - customresourcedefinitions
   verbs:
   - get
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofiles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - drivers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
 
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/cephfs-csi-nodeplugin

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/cephfs-csi-nodeplugin

@@ -7,7 +7,31 @@

 - apiGroups:
   - ''
   resources:
   - nodes
   verbs:
   - get
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
 
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/cephfs-external-provisioner-runner

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/cephfs-external-provisioner-runner

@@ -11,13 +11,27 @@

   verbs:
   - get
   - list
 - apiGroups:
   - ''
   resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
   - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csinodes
   verbs:
   - get
   - list
   - watch
 - apiGroups:
   - ''
@@ -85,15 +99,12 @@

   resources:
   - volumesnapshots
   verbs:
   - get
   - list
   - watch
-  - update
-  - patch
-  - create
 - apiGroups:
   - snapshot.storage.k8s.io
   resources:
   - volumesnapshotclasses
   verbs:
   - get
@@ -106,13 +117,12 @@

   verbs:
   - get
   - list
   - watch
   - patch
   - update
-  - create
 - apiGroups:
   - snapshot.storage.k8s.io
   resources:
   - volumesnapshotcontents/status
   verbs:
   - update
@@ -139,7 +149,19 @@

   - groupsnapshot.storage.k8s.io
   resources:
   - volumegroupsnapshotcontents/status
   verbs:
   - update
   - patch
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
 
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rbd-external-provisioner-runner

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rbd-external-provisioner-runner

@@ -93,15 +93,12 @@

   resources:
   - volumesnapshots
   verbs:
   - get
   - list
   - watch
-  - update
-  - patch
-  - create
 - apiGroups:
   - snapshot.storage.k8s.io
   resources:
   - volumesnapshotclasses
   verbs:
   - get
@@ -114,13 +111,12 @@

   verbs:
   - get
   - list
   - watch
   - patch
   - update
-  - create
 - apiGroups:
   - snapshot.storage.k8s.io
   resources:
   - volumesnapshotcontents/status
   verbs:
   - update
@@ -173,15 +169,7 @@

   resources:
   - nodes
   verbs:
   - get
   - list
   - watch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - csinodes
-  verbs:
-  - get
-  - list
-  - watch
 
--- HelmRelease: rook-ceph/rook-ceph-operator Deployment: rook-ceph/rook-ceph-operator

+++ HelmRelease: rook-ceph/rook-ceph-operator Deployment: rook-ceph/rook-ceph-operator

@@ -26,13 +26,13 @@

       - effect: NoExecute
         key: node.kubernetes.io/unreachable
         operator: Exists
         tolerationSeconds: 5
       containers:
       - name: rook-ceph-operator
-        image: rook/ceph:v1.14.5
+        image: docker.io/rook/ceph:v1.16.4
         imagePullPolicy: IfNotPresent
         args:
         - ceph
         - operator
         securityContext:
           capabilities:

@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from 2d89cd6 to 8c54284 Compare March 7, 2025 17:07
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.16.4 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.16.5 ) (minor) Mar 7, 2025
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from 8c54284 to cdaa9f2 Compare March 27, 2025 20:09
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.16.5 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.16.6 ) (minor) Mar 27, 2025
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from cdaa9f2 to 2eddf6b Compare April 16, 2025 19:09
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.16.6 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.16.7 ) (minor) Apr 16, 2025
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from 2eddf6b to e2f6a55 Compare April 16, 2025 20:09
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.16.7 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.17.0 ) (minor) Apr 16, 2025
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from e2f6a55 to d380275 Compare April 23, 2025 20:09
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.17.0 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.17.1 ) (minor) Apr 23, 2025
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from d380275 to d714a74 Compare May 9, 2025 16:09
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.17.1 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.17.2 ) (minor) May 9, 2025
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from d714a74 to 82d2479 Compare May 30, 2025 20:11
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.17.2 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.17.3 ) (minor) May 30, 2025
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from 82d2479 to 597b4c3 Compare June 5, 2025 21:06
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.17.3 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.17.4 ) (minor) Jun 5, 2025
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from 597b4c3 to 2c80bdd Compare June 19, 2025 22:09
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.17.4 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.17.5 ) (minor) Jun 19, 2025
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from 2c80bdd to 1a0fad9 Compare July 10, 2025 21:10
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.17.5 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.17.6 ) (minor) Jul 10, 2025
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from 1a0fad9 to a3a5c10 Compare July 31, 2025 19:12
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.17.6 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.17.7 ) (minor) Jul 31, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.17.7 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.17.8 ) (minor) Aug 20, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.18.4 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.18.5 ) (minor) Oct 23, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.18.5 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.18.6 ) (minor) Oct 28, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.18.6 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.18.7 ) (minor) Nov 13, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.18.7 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.18.8 ) (minor) Dec 2, 2025
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.18.8 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.18.9 ) (minor) Jan 13, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.18.9 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.19.0 ) (minor) Jan 20, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.19.0 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.19.1 ) (minor) Feb 5, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.19.1 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.19.2 ) (minor) Feb 24, 2026
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from bd472c5 to 752c4cc Compare March 24, 2026 22:17
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.19.2 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.19.3 ) (minor) Mar 24, 2026
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from 752c4cc to 8cbf98b Compare April 14, 2026 22:24
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.19.3 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.19.4 ) (minor) Apr 14, 2026
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from 8cbf98b to 4a9493e Compare April 28, 2026 20:39
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.19.4 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.19.5 ) (minor) Apr 28, 2026
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.19.5 ) (minor) feat(helm): update rook-ceph group ( v1.14.5 → v1.19.5 ) May 6, 2026
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from 4a9493e to e0a6bd0 Compare May 27, 2026 18:58
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.19.5 ) feat(helm): update rook-ceph group ( v1.14.5 → v1.19.6 ) May 27, 2026
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from e0a6bd0 to afe71d3 Compare June 2, 2026 19:25
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.19.6 ) feat(helm): update rook-ceph group ( v1.14.5 → v1.20.0 ) Jun 2, 2026
@parsec-renovate parsec-renovate Bot force-pushed the renovate/rook-ceph branch from afe71d3 to 3557965 Compare June 16, 2026 21:14
@parsec-renovate parsec-renovate Bot changed the title feat(helm): update rook-ceph group ( v1.14.5 → v1.20.0 ) feat(helm): update rook-ceph group ( v1.14.5 → v1.20.1 ) Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants