Implement EncryptionKeyRotation spec

[black-dragon74]

This patch implements the EncryptionKeyRotation spec for ceph-csi

[nixpanic]

Just added a few small comments. Also try to create unit-tests for the helper functions you introduce.

[black-dragon74]

Note: The CI failures are expected until: csi-addons/spec#65 is merged.

[black-dragon74]

I’ll take care of the failures since the linked PR is merged :)

[mergify]

This pull request now has conflicts with the target branch. Could you please resolve conflicts and force push the corrected changes? 🙏

[iPraveenParihar]

@black-dragon74, please follow these conventions for the commit messages.

[black-dragon74]

@black-dragon74, please follow these conventions for the commit messages.

Thanks Praveen. I'll be squashing all the commits into one before merging.

[Rakshith-R]

• Add shared volumelocks with nodeserver and acquire it before proceeding with rotation ?
• Block rotation for RWX volumes ?
• Add testing tool at csi addons and paste manual testing logs or add e2e here to test the procedure.

[black-dragon74]

• Add shared volumelocks with nodeserver and acquire it before proceeding with rotation ?

We are sending the request to only one node. Is volume lock required in this case?

• Block rotation for RWX volumes ?

Totally missed it, will do :)

• Add testing tool at csi addons and paste manual testing logs or add e2e here to test the procedure.

WIP

[Rakshith-R]

• Add shared volumelocks with nodeserver and acquire it before proceeding with rotation ?

We are sending the request to only one node. Is volume lock required in this case?

To prevent nodeunstage when rotating keys.

• Block rotation for RWX volumes ?

Totally missed it, will do :)

• Add testing tool at csi addons and paste manual testing logs or add e2e here to test the procedure.

WIP

[mergify]

This pull request now has conflicts with the target branch. Could you please resolve conflicts and force push the corrected changes? 🙏

[nixpanic]

How does this relate to #4655 ?

[black-dragon74]

How does this relate to #4655 ?

The linked PR is documentation for this PR.

[Madhu-1]

nits

[nixpanic]

This can be queued for merging once #4655 is merged:

1. use @mergifyio rebase to rebase the PR on latest devel branch
2. wait until the Mergify bot has rebased the PR
3. use @mergifyio queue to trigger CI jobs and get it merged

[nixpanic]

@Mergifyio rebase

[mergify]

rebase

✅ Branch has been successfully rebased

[nixpanic]

@Mergifyio queue

[mergify]

queue

🛑 The pull request has been removed from the queue default

The queue conditions cannot be satisfied due to failing checks.

You can take a look at Queue: Embarked in merge queue check runs for more details.

In case of a failure due to a flaky test, you should first retrigger the CI.
Then, re-embark the pull request into the merge queue by posting the comment
@mergifyio refresh on the pull request.

[ceph-csi-bot]

/test ci/centos/upgrade-tests-cephfs

[ceph-csi-bot]

/test ci/centos/upgrade-tests-rbd

[ceph-csi-bot]

/test ci/centos/k8s-e2e-external-storage/1.28

[ceph-csi-bot]

/test ci/centos/mini-e2e-helm/k8s-1.28

[ceph-csi-bot]

/test ci/centos/k8s-e2e-external-storage/1.27

[ceph-csi-bot]

/test ci/centos/mini-e2e/k8s-1.28

[ceph-csi-bot]

/test ci/centos/mini-e2e-helm/k8s-1.27

[ceph-csi-bot]

/test ci/centos/mini-e2e/k8s-1.27

[ceph-csi-bot]

/test ci/centos/k8s-e2e-external-storage/1.30

[ceph-csi-bot]

/test ci/centos/k8s-e2e-external-storage/1.29

[ceph-csi-bot]

/test ci/centos/mini-e2e-helm/k8s-1.30

[ceph-csi-bot]

/test ci/centos/mini-e2e/k8s-1.30

[ceph-csi-bot]

/test ci/centos/mini-e2e-helm/k8s-1.29

[ceph-csi-bot]

/test ci/centos/mini-e2e/k8s-1.29

[black-dragon74]

/test ci/centos/mini-e2e-helm/k8s-1.30