Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make seLinuxMount optional in CSIDriver for compatibility #4437

Closed
Sebastian-RG opened this issue Feb 14, 2024 · 3 comments · Fixed by #4475
Closed

Make seLinuxMount optional in CSIDriver for compatibility #4437

Sebastian-RG opened this issue Feb 14, 2024 · 3 comments · Fixed by #4475
Labels
dependency/k8s depends on Kubernetes features

Comments

@Sebastian-RG
Copy link

Describe the bug

According to https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/ the seLinuxMount field in the CSIDriver object is introduced as alpha in K8S 1.25, made beta in 1.27 and only starting from 1.28 defaults to true.
If this feature gate is not enabled, ceph-csi-rbd and ceph-csi-fs fail when installing.
I would like for seLinuxMount to be optional but true by default, to have better compatibility

This was enabled on tag 3.10.2. Previous tags did not have this issue. See PR #4346

Environment details

  • Image/version of Ceph CSI driver :
  • Helm chart version : v3.10.2
  • Kernel version :
  • Mounter used for mounting PVC (for cephFS its fuse or kernel. for rbd its
    krbd or rbd-nbd) : krbd
  • Kubernetes cluster version : v1.25.6
  • Ceph cluster version :

Steps to reproduce

Steps to reproduce the behavior:

  1. Deploy ceph-csi-rbd on a cluster without the feature flag SELinuxMountReadWriteOncePod enabled
  2. Chart will fail while deploying due to an error: unknown field "seLinuxMount" in io.k8s.api.storage.v1.CSIDriverSpec

Actual results

Chart failed to install

Expected behavior

Chart installs correctly or shows a descriptive error about the feature flag

@nixpanic nixpanic added the dependency/k8s depends on Kubernetes features label Feb 14, 2024
@nixpanic
Copy link
Member

Helm chart version : v3.10.2
Kubernetes cluster version : v1.25.6

Note that Ceph-CSI 3.10.x is not tested with Kubernetes 1.25.x. Ceph-CSI 3.10.x expects Kubernetes 1.26 or newer.

The Ceph-CSI CI runs tests on Kubernetes 1.26, so I wonder why there were no issues with deploying there. Maybe @Rakshith-R has an idea?

@Rakshith-R
Copy link
Contributor

Helm chart version : v3.10.2
Kubernetes cluster version : v1.25.6

Note that Ceph-CSI 3.10.x is not tested with Kubernetes 1.25.x. Ceph-CSI 3.10.x expects Kubernetes 1.26 or newer.

The Ceph-CSI CI runs tests on Kubernetes 1.26, so I wonder why there were no issues with deploying there. Maybe @Rakshith-R has an idea?

In k8s 1.26, it seems k8s accepts that option but it doesn't show up if the feature flag is not enabled.

As Niels already mentioned 3.10.x expects k8s 1.26+ .
Please use 3.9.x or upgrade k8s version.
https://github.com/ceph/ceph-csi?tab=readme-ov-file#known-to-work-co-platforms

@dragoangel
Copy link
Contributor

dragoangel commented Mar 5, 2024

Helm chart version : v3.10.2
Kubernetes cluster version : v1.25.6

Note that Ceph-CSI 3.10.x is not tested with Kubernetes 1.25.x. Ceph-CSI 3.10.x expects Kubernetes 1.26 or newer.
The Ceph-CSI CI runs tests on Kubernetes 1.26, so I wonder why there were no issues with deploying there. Maybe @Rakshith-R has an idea?

In k8s 1.26, it seems k8s accepts that option but it doesn't show up if the feature flag is not enabled.

As Niels already mentioned 3.10.x expects k8s 1.26+ . Please use 3.9.x or upgrade k8s version. https://github.com/ceph/ceph-csi?tab=readme-ov-file#known-to-work-co-platforms

Hi @Rakshith-R I can't agree, as helm allows easily develop backward compatible charts and except this issue there actually no issues in running ceph-csi 3.10.x on K8s 1.24.x for example. The fact that soft was or not was tested doesn't mean we should accept breaking changes for non-tested versions just in helm when helm can be easily backward compatible.

Same approach can be found in many other public helm charts like prometheus, thanos, etc...
They say: we tested version X,Y,Z of our software (it's usually about CDR controllers) over version X of kube, but this doesn't mean that we can't setup version X of software on older version of kube, and their helm charts properly exclude unsupported stuff or properly set correct versions of api's for resources as different versions of Kubernetes has different APIs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependency/k8s depends on Kubernetes features
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants