Release 2.5.0 content (post 2.5.0-beta2) #367
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### TL;DR Removed "rdirplus" from default NFS mount options. ### What changed? Modified the `AsNfs()` function in `pkg/wekafs/mountoptions.go` to initialize the `ret` variable with only the "hard" option instead of "hard,rdirplus". ### How to test? 1. Configure Weka CSI plugin to using NFS protocol. 2. Create and publish a `snapshot-backed` PVC 3. Attach the PVC to a pod (via NFS) and ensure no `stale file handle` error occurs when accessing the volume contents from within the pod. ### Why make this change? The "rdirplus" option is an optimization that currently is not supported in conjunction with bind mount inside `.snapshots` directory
…creation (#354) ### TL;DR Enhanced NFS permission handling and version matching in the WekaFS API client. ### What changed? - Implemented a `Matches` method for `NfsPermission` to compare permissions. - Modified `FindNfsPermissionsByFilter` to use the new `Matches` method. - Updated `EnsureNfsPermission` to support both NFSv3 and NFSv4 by default. ### How to test? 1. Create NFS permission having both versions V3 and V4 set on WEKA Cluster. 2. Attempt to provision a PVC via NFS transport 3. Ensure that provisioning succeeds ### Why make this change? This change improves the flexibility and accuracy of NFS permission handling. If a permission exists that allows access via both NFSv3 and NFSv4 (and it matches by all the rest of parameters), the CSI plugin will recognize it and not try to create a duplicate permission
…handle (#356) ### TL;DR Improved error handling and logging in the NodeServer implementation. ### What changed? - Added handling for stale NFS mounts in `NodeUnpublishVolume`. ### How to test? 1. Provision a snapshot-backed PVC and attach it to node on a 2.5.0-beta version of CSI plugin. You might hit a "stale file handle" error that causes the pod to not be able to access the volume contents. In such case, deletion of the pod will fail either. 2. Upgrade the plugin to latest version 3. Unpublish the volume by terminating the pod. Ensure that the PVC is deleted ### Why make this change? These changes ensure that pods with mis-attached PVCs (on version 2.5.0-beta2, 2.5.0-beta) may be detached and pods can be terminated. Without the fix, a node reboot might be required to remove the malfunctioning pods.
### TL;DR Refactored NFS permission and client group management functions to improve error handling and configuration updates. ### What changed? - Modified `EnsureNfsPermission` to return a boolean indicating if a new permission was created. - Updated `EnsureCsiPluginNfsClientGroup` to return a boolean for new group creation. - Adjusted `EnsureNfsClientGroupRuleForIp` to return a boolean for new rule creation. - Implemented a configuration update check in `EnsureNfsPermissions` to determine if a wait period is necessary. - Added a 5-second wait after configuration changes to allow for proper application. ### How to test? 1. Test creating new NFS permissions, client groups, and rules. 2. Verify that existing configurations are not modified unnecessarily. 3. Ensure that the 5-second wait is only applied when new configurations are created. 4. Check that error handling and return values are consistent with the new function signatures. ### Why make this change? This refactoring ensures that NFS mount is not attempted right after NFS cluster reconfiguration (which is asynchronous), since otherwise it might fail. The delay is added only upon config change is inflicted, reducing unnecessary waits when configurations already exist. These changes will lead to better performance and more reliable NFS setup processes in the CSI plugin, as well as shorter provisioning time
### TL;DR Updated Go module dependencies and removed unused package. ### What changed? - Updated several Go module dependencies to their latest versions - Removed the unused `github.com/pkg/errors` package - Updated Kubernetes-related packages to version 0.31.1 - Updated OpenTelemetry packages to version 1.30.0 - Updated other dependencies like `golang.org/x/exp`, `google.golang.org/grpc`, and `google.golang.org/protobuf` ### How to test? 1. Run `go mod tidy` to ensure all dependencies are properly updated 2. Compile the project and check for any build errors 3. Run the test suite to ensure all tests pass with the updated dependencies 4. Perform a smoke test of the application's main functionality to verify no regressions ### Why make this change? Keeping dependencies up-to-date is crucial for: 1. Security: Newer versions often include security patches 2. Performance: Updated packages may contain performance improvements 3. Bug fixes: Latest versions typically include fixes for known issues 4. New features: Access to new functionality provided by updated packages 5. Compatibility: Ensuring the project works with the latest versions of its dependencies Removing unused packages helps maintain a clean and efficient codebase.
…csi-wekafs-api-secret.yaml
…csi-wekafs-api-secret.yaml (#358) ### TL;DR Updated comments and reordered fields in the csi-wekafs-api-secret.yaml file. ### What changed? - Modified the comment for the 'scheme' field to be more concise. - Updated the comment for 'nfsTargetIps' to clarify that NFS connection redirects (referrals) are not supported. - Reordered the 'caCertificate' field and its associated comments to appear at the end of the file. ### How to test? 1. Review the updated csi-wekafs-api-secret.yaml file. 2. Ensure that the changes do not affect the functionality of the secret. 3. Verify that the comments are clear and provide accurate information. ### Why make this change? These changes improve the readability and clarity of the configuration file.
### TL;DR Removed `trace.WithNewRoot()` from OpenTelemetry span creation and added tracing to GRPC requests. ### What changed? - Removed `trace.WithNewRoot()` parameter from all `otel.Tracer(TracerName).Start()` calls across multiple files. - Added OpenTelemetry tracing to GRPC requests in the `logGRPC` function. - Updated the context in `logGRPC` to include trace and span IDs. ### How to test? 1. Run the CSI driver with OpenTelemetry tracing enabled. 2. Perform various CSI operations (e.g., CreateVolume, DeleteVolume, NodePublishVolume). 3. Verify that the traces are correctly propagated and that GRPC requests are now included in the trace. 4. Ensure that removing `trace.WithNewRoot()` doesn't negatively impact the existing tracing functionality. ### Why make this change? This change improves the tracing capabilities of the CSI driver: 1. Removing `trace.WithNewRoot()` allows for better trace continuity across operations, potentially providing more context in distributed tracing scenarios. 2. Adding tracing to GRPC requests provides more granular insights into the communication between components, helping with debugging and performance analysis. These improvements will enhance observability and make it easier to diagnose issues in production environments.
- Add tests for mountoptions - add GetOptionValue(optstr) for MountOptions - Add rw,ro as mutually exclusive - Remove automatic sync mapping for sync_on_close
- Add tests for mountoptions - add GetOptionValue(optstr) for MountOptions - Add rw,ro as mutually exclusive - Remove automatic sync mapping for sync_on_close
feat(CSI-288): validate API user role prior to performing ops - Implement user role and organization ID validation for API client - Add checks for sufficient CSI permissions - Prevent NFS mounts for non-Root organizations docs(CSI-288): add limitation for NFS on Root organization only - Update NFS documentation to clarify that NFS transport is only available for filesystems in the Root organization
…ecret (#364) ### TL;DR Improved handling of `localContainerName` in the `fromSecrets` function. ### What changed? - Modified the `fromSecrets` function in `pkg/wekafs/wekafs.go`. - Added trimming of whitespace and newline characters from `localContainerName`. - Restructured the conditional logic for handling the presence of `localContainerName` in secrets. ### How to test? 1. Provide secrets with `localContainerName` containing leading/trailing whitespace or newline characters, e.g. when the string is encoded into Base64 together with a trailing newline 2. Call the `fromSecrets` function with these secrets. 3. Verify that the resulting `localContainerName` is properly trimmed. 4. Test with and without `localContainerName` in the secrets to ensure correct behavior in both cases. ### Why make this change? This change improves the robustness of the `fromSecrets` function by ensuring that `localContainerName` is properly sanitized. It prevents potential issues caused by unintended whitespace or newline characters, which could lead to unexpected behavior in downstream operations that rely on this value.
Graphite Automations"Request reviewers once CI passes" took an action on this PR • (10/13/24)1 reviewer was added to this PR based on Sergey Berezansky's automation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.