Merge pull request #714 from red-hat-storage/sync_us--master

Syncing latest changes from upstream master for rook

Documentation/CRDs/Cluster/ceph-cluster-crd.md

@@ -559,6 +559,8 @@ You can set priority class names for Rook components for the list of key value p
 * `mon`: Set priority class names for Mons. Examples default to system-node-critical.
 * `osd`: Set priority class names for OSDs. Examples default to system-node-critical.
 * `crashcollector`: Set priority class names for crashcollectors.
+* `exporter`: Set priority class names for exporters.
+* `cleanup`: Set priority class names for cleanup Jobs.
 
 The specific component keys will act as overrides to `all`.
 

Documentation/CRDs/Object-Storage/ceph-object-store-crd.md

@@ -190,29 +190,35 @@ The gateway settings correspond to the RGW daemon settings.
     for more details. Multiple endpoints can be given, but for stability of ObjectBucketClaims, we
     highly recommend that users give only a single external RGW endpoint that is a load balancer that
     sends requests to the multiple RGWs.
+
+    Example of external rgw endpoints to connect to:
+
+    ```yaml
+    gateway:
+    port: 80
+    externalRgwEndpoints:
+      - ip: 192.168.39.182
+        # hostname: example.com
+    ```
+
 * `annotations`: Key value pair list of annotations to add.
 * `labels`: Key value pair list of labels to add.
 * `placement`: The Kubernetes placement settings to determine where the RGW pods should be started in the cluster.
 * `resources`: Set resource requests/limits for the Gateway Pod(s), see [Resource Requirements/Limits](../Cluster/ceph-cluster-crd.md#resource-requirementslimits).
 * `priorityClassName`: Set priority class name for the Gateway Pod(s)
+* `additionalVolumeMounts`: additional volumes to be mounted to the RGW pod. The root directory for
+    each additional volume mount is `/var/rgw`. Each volume mount has a `subPath` that defines the
+    subdirectory where that volumes files will be mounted. Rook supports several standard Kubernetes
+    volume types. Example: for an additional mount at subPath `ldap`, mounted from a secret that has
+    key `bindpass.secret`, the file would reside at `/var/rgw/ldap/bindpass.secret`.
 * `service`: The annotations to set on to the Kubernetes Service of RGW. The [service serving cert](https://docs.openshift.com/container-platform/4.6/security/certificates/service-serving-certificate.html) feature supported in Openshift is enabled by the following example:
 
-```yaml
-gateway:
-  service:
-    annotations:
+    ```yaml
+    gateway:
+    service:
+      annotations:
       service.beta.openshift.io/serving-cert-secret-name: <name of TLS secret for automatic generation>
-```
-
-Example of external rgw endpoints to connect to:
-
-```yaml
-gateway:
-  port: 80
-  externalRgwEndpoints:
-    - ip: 192.168.39.182
-      # hostname: example.com
-```
+    ```
 
 ## Zone Settings
 

Documentation/CRDs/specification.md

@@ -2578,6 +2578,61 @@ string
 </tr>
 </tbody>
 </table>
+<h3 id="ceph.rook.io/v1.AdditionalVolumeMount">AdditionalVolumeMount
+</h3>
+<div>
+<p>AdditionalVolumeMount represents the source from where additional files in pod containers
+should come from and what subdirectory they are made available in.</p>
+</div>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>subPath</code><br/>
+<em>
+string
+</em>
+</td>
+<td>
+<p>SubPath defines the sub-path (subdirectory) of the directory root where the volumeSource will
+be mounted. All files/keys in the volume source&rsquo;s volume will be mounted to the subdirectory.
+This is not the same as the Kubernetes <code>subPath</code> volume mount option.
+Each subPath definition must be unique and must not contain &lsquo;:&rsquo;.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>volumeSource</code><br/>
+<em>
+<a href="#ceph.rook.io/v1.ConfigFileVolumeSource">
+ConfigFileVolumeSource
+</a>
+</em>
+</td>
+<td>
+<p>VolumeSource accepts a pared down version of the standard Kubernetes VolumeSource for the
+additional file(s) like what is normally used to configure Volumes for a Pod. Fore example, a
+ConfigMap, Secret, or HostPath. Each VolumeSource adds one or more additional files to the
+container <code>&lt;directory-root&gt;/&lt;subPath&gt;</code> directory.
+Be aware that some files may need to have a specific file mode like 0600 due to application
+requirements. For example, CA or TLS certificates.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="ceph.rook.io/v1.AdditionalVolumeMounts">AdditionalVolumeMounts
+(<code>[]github.com/rook/rook/pkg/apis/ceph.rook.io/v1.AdditionalVolumeMount</code> alias)</h3>
+<p>
+(<em>Appears on:</em><a href="#ceph.rook.io/v1.GatewaySpec">GatewaySpec</a>, <a href="#ceph.rook.io/v1.SSSDSidecar">SSSDSidecar</a>)
+</p>
+<div>
+</div>
 <h3 id="ceph.rook.io/v1.AddressRangesSpec">AddressRangesSpec
 </h3>
 <p>
@@ -5089,7 +5144,7 @@ blocking deletion.</p>
 <h3 id="ceph.rook.io/v1.ConfigFileVolumeSource">ConfigFileVolumeSource
 </h3>
 <p>
-(<em>Appears on:</em><a href="#ceph.rook.io/v1.KerberosConfigFiles">KerberosConfigFiles</a>, <a href="#ceph.rook.io/v1.KerberosKeytabFile">KerberosKeytabFile</a>, <a href="#ceph.rook.io/v1.SSSDSidecarAdditionalFile">SSSDSidecarAdditionalFile</a>, <a href="#ceph.rook.io/v1.SSSDSidecarConfigFile">SSSDSidecarConfigFile</a>)
+(<em>Appears on:</em><a href="#ceph.rook.io/v1.AdditionalVolumeMount">AdditionalVolumeMount</a>, <a href="#ceph.rook.io/v1.KerberosConfigFiles">KerberosConfigFiles</a>, <a href="#ceph.rook.io/v1.KerberosKeytabFile">KerberosKeytabFile</a>, <a href="#ceph.rook.io/v1.SSSDSidecarConfigFile">SSSDSidecarConfigFile</a>)
 </p>
 <div>
 <p>Represents the source of a volume to mount.
@@ -6958,6 +7013,22 @@ bool
 <p>Whether rgw dashboard is enabled for the rgw daemon. If not set, the rgw dashboard will be enabled.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>additionalVolumeMounts</code><br/>
+<em>
+<a href="#ceph.rook.io/v1.AdditionalVolumeMounts">
+AdditionalVolumeMounts
+</a>
+</em>
+</td>
+<td>
+<p>AdditionalVolumeMounts allows additional volumes to be mounted to the RGW pod.
+The root directory for each additional volume mount is <code>/var/rgw</code>.
+Example: for an additional mount at subPath <code>ldap</code>, mounted from a secret that has key
+<code>bindpass.secret</code>, the file would reside at <code>/var/rgw/ldap/bindpass.secret</code>.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="ceph.rook.io/v1.HTTPEndpointSpec">HTTPEndpointSpec
@@ -11452,15 +11523,16 @@ securely add the file via annotations on the CephNFS spec (passed to the NFS ser
 <td>
 <code>additionalFiles</code><br/>
 <em>
-<a href="#ceph.rook.io/v1.SSSDSidecarAdditionalFile">
-[]SSSDSidecarAdditionalFile
+<a href="#ceph.rook.io/v1.AdditionalVolumeMounts">
+AdditionalVolumeMounts
 </a>
 </em>
 </td>
 <td>
 <em>(Optional)</em>
 <p>AdditionalFiles defines any number of additional files that should be mounted into the SSSD
-sidecar. These files may be referenced by the sssd.conf config file.</p>
+sidecar with a directory root of <code>/etc/sssd/rook-additional/</code>.
+These files may be referenced by the sssd.conf config file.</p>
 </td>
 </tr>
 <tr>
@@ -11493,55 +11565,6 @@ this may be a value between 1 and 10. See SSSD docs for more info:
 </tr>
 </tbody>
 </table>
-<h3 id="ceph.rook.io/v1.SSSDSidecarAdditionalFile">SSSDSidecarAdditionalFile
-</h3>
-<p>
-(<em>Appears on:</em><a href="#ceph.rook.io/v1.SSSDSidecar">SSSDSidecar</a>)
-</p>
-<div>
-<p>SSSDSidecarAdditionalFile represents the source from where additional files for the the SSSD
-configuration should come from and are made available.</p>
-</div>
-<table>
-<thead>
-<tr>
-<th>Field</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>
-<code>subPath</code><br/>
-<em>
-string
-</em>
-</td>
-<td>
-<p>SubPath defines the sub-path in <code>/etc/sssd/rook-additional/</code> where the additional file(s)
-will be placed. Each subPath definition must be unique and must not contain &lsquo;:&rsquo;.</p>
-</td>
-</tr>
-<tr>
-<td>
-<code>volumeSource</code><br/>
-<em>
-<a href="#ceph.rook.io/v1.ConfigFileVolumeSource">
-ConfigFileVolumeSource
-</a>
-</em>
-</td>
-<td>
-<p>VolumeSource accepts a pared down version of the standard Kubernetes VolumeSource for the
-additional file(s) like what is normally used to configure Volumes for a Pod. Fore example, a
-ConfigMap, Secret, or HostPath. Each VolumeSource adds one or more additional files to the
-SSSD sidecar container in the <code>/etc/sssd/rook-additional/&lt;subPath&gt;</code> directory.
-Be aware that some files may need to have a specific file mode like 0600 due to requirements
-by SSSD for some files. For example, CA or TLS certificates.</p>
-</td>
-</tr>
-</tbody>
-</table>
 <h3 id="ceph.rook.io/v1.SSSDSidecarConfigFile">SSSDSidecarConfigFile
 </h3>
 <p>

PendingReleaseNotes.md

@@ -1,28 +1,6 @@
-# v1.15 Pending Release Notes
+# v1.16 Pending Release Notes
 
 ## Breaking Changes
 
-- Rook has deprecated CSI network "holder" pods.
-    If there are pods named `csi-*plugin-holder-*` in the Rook operator namespace, see the
-    [detailed documentation](../CRDs/Cluster/network-providers.md#holder-pod-deprecation)
-    to disable them. This deprecation process is required before upgrading to the future Rook v1.16.
-- Ceph COSI driver images have been updated. This impacts existing COSI Buckets, BucketClaims, and
-    BucketAccesses. Update existing clusters following the guide
-    [here](https://github.com/rook/rook/discussions/14297).
-- During CephBlockPool updates, Rook will now return an error if an invalid device class is
-    specified. Pools with invalid device classes may start failing until the correct device class is
-    specified. For more info, see [#14057](https://github.com/rook/rook/pull/14057).
-- CephObjectStore, CephObjectStoreUser, and OBC endpoint behavior has changed when CephObjectStore
-    `spec.hosting` configurations are set. Use the new `spec.hosting.advertiseEndpoint` config to
-    define required behavior as
-    [documented](../Storage-Configuration/Object-Storage-RGW/object-storage.md#object-store-endpoint).
-- Minimum version of Kubernetes supported is increased to K8s v1.26.
 
 ## Features
-
-- Added support for Ceph Squid (v19)
-- Allow updating the device class of OSDs, if `allowDeviceClassUpdate: true` is set
-- CephObjectStore support for keystone authentication for S3 and Swift
-    (see [#9088](https://github.com/rook/rook/issues/9088)).
-- Support K8s versions v1.26 through v1.31.
-- Use fully-qualified image names (`docker.io/rook/ceph`) in operator manifests and helm charts