api: add Secret field in ClientProfile RBD & CephFs Spec

Ceph-CSI has added support for Controller(Un)PublishVolume()
RPCs, which depend on a controller-publish-secret for Ceph
cluster authentication. Older PVs may not have this secret.

To ensure backward compatibility, Ceph-CSI now supports a
fallback mechanism through the ceph-csi-config ConfigMap.
When the controllerPublishSecretRef field is missing from
existing PVs, Ceph-CSI will use the default secret name and
namespace specified in ConfigMap to maintain functionality
with older volumes.

This commit adds support for the ControllerPublishSecret
field within the ClientProfile.Spec.(RBD|CephFs).CephCsiSecrets.

Signed-off-by: Praveen M <m.praveen@ibm.com>

Author: iPraveenParihar

api/v1/clientprofile_types.go

@@ -21,6 +21,14 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// CephCsiSecretsSpec defines the secrets used by the client profile
+// to access the Ceph cluster and perform operations
+// on volumes.
+type CephCsiSecretsSpec struct {
+	//+kubebuilder:validation:Optional
+	ControllerPublishSecret corev1.SecretReference `json:"controllerPublishSecret,omitempty"`
+}
+
 // CephFsConfigSpec defines the desired CephFs configuration
 type CephFsConfigSpec struct {
 	//+kubebuilder:validation:Optional
@@ -35,13 +43,19 @@ type CephFsConfigSpec struct {
 	//+kubebuilder:validation:XValidation:rule="self == oldSelf",message="field is immutable"
 	//+kubebuilder:validation:Optional
 	RadosNamespace *string `json:"radosNamespace,omitempty"`
+
+	//+kubebuilder:validation:Optional
+	CephCsiSecrets *CephCsiSecretsSpec `json:"cephCsiSecrets,omitempty"`
 }
 
 // RbdConfigSpec defines the desired RBD configuration
 type RbdConfigSpec struct {
 	//+kubebuilder:validation:XValidation:rule="self == oldSelf",message="field is immutable"
 	//+kubebuilder:validation:Optional
 	RadosNamespace string `json:"radosNamespace,omitempty"`
+
+	//+kubebuilder:validation:Optional
+	CephCsiSecrets *CephCsiSecretsSpec `json:"cephCsiSecrets,omitempty"`
 }
 
 // NfsConfigSpec cdefines the desired NFS configuration

api/v1/zz_generated.deepcopy.go

@@ -64,6 +64,28 @@ spec:
               cephFs:
                 description: CephFsConfigSpec defines the desired CephFs configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   fuseMountOptions:
                     additionalProperties:
                       type: string
@@ -86,6 +108,28 @@ spec:
               rbd:
                 description: RbdConfigSpec defines the desired RBD configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   radosNamespace:
                     type: string
                     x-kubernetes-validations:

config/crd/bases/csi.ceph.io_clientprofiles.yaml

@@ -338,6 +338,28 @@ spec:
               cephFs:
                 description: CephFsConfigSpec defines the desired CephFs configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   fuseMountOptions:
                     additionalProperties:
                       type: string
@@ -360,6 +382,28 @@ spec:
               rbd:
                 description: RbdConfigSpec defines the desired RBD configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   radosNamespace:
                     type: string
                     x-kubernetes-validations:

deploy/all-in-one/install.yaml

@@ -65,6 +65,28 @@ spec:
               cephFs:
                 description: CephFsConfigSpec defines the desired CephFs configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which the
+                              secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   fuseMountOptions:
                     additionalProperties:
                       type: string
@@ -87,6 +109,28 @@ spec:
               rbd:
                 description: RbdConfigSpec defines the desired RBD configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which the
+                              secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   radosNamespace:
                     type: string
                     x-kubernetes-validations:

deploy/charts/ceph-csi-operator/templates/clientprofile-crd.yaml

@@ -329,6 +329,28 @@ spec:
               cephFs:
                 description: CephFsConfigSpec defines the desired CephFs configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   fuseMountOptions:
                     additionalProperties:
                       type: string
@@ -351,6 +373,28 @@ spec:
               rbd:
                 description: RbdConfigSpec defines the desired RBD configuration
                 properties:
+                  cephCsiSecrets:
+                    description: |-
+                      CephCsiSecretsSpec defines the secrets used by the client profile
+                      to access the Ceph cluster and perform operations
+                      on volumes.
+                    properties:
+                      controllerPublishSecret:
+                        description: |-
+                          SecretReference represents a Secret Reference. It has enough information to retrieve secret
+                          in any namespace
+                        properties:
+                          name:
+                            description: name is unique within a namespace to reference
+                              a secret resource.
+                            type: string
+                          namespace:
+                            description: namespace defines the space within which
+                              the secret name must be unique.
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                    type: object
                   radosNamespace:
                     type: string
                     x-kubernetes-validations: