diff --git a/.github/workflows/chart-lint-test.yml b/.github/workflows/chart-lint-test.yml index 40f5d59f..648e4327 100644 --- a/.github/workflows/chart-lint-test.yml +++ b/.github/workflows/chart-lint-test.yml @@ -20,21 +20,21 @@ jobs: timeout-minutes: 10 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@v4 with: version: v3.4.0 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v5 with: - python-version: 3.7 + python-version: 3.13.1 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.0.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed @@ -48,7 +48,7 @@ jobs: run: ct lint --config ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.0.0 + uses: helm/kind-action@v1.10.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) diff --git a/.github/workflows/docker-build-test.yml b/.github/workflows/docker-build-test.yml index 57f31ec8..3c74dd24 100644 --- a/.github/workflows/docker-build-test.yml +++ b/.github/workflows/docker-build-test.yml @@ -21,19 +21,19 @@ jobs: fail-fast: false steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 # Action reference: https://github.com/docker/setup-qemu-action - name: Set up QEMU (for docker buildx) - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 # Action reference: https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 # Action reference: https://github.com/docker/build-push-action - name: Build container - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: ./deploy/base platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 42397856..07248cdb 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -21,30 +21,37 @@ jobs: packages: write steps: - name: Checkout sources - uses: actions/checkout@v2 + uses: actions/checkout@v4 # Action reference: https://github.com/docker/setup-qemu-action - name: Set up QEMU (for docker buildx) - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v3 # Action reference: https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 # Action reference: https://github.com/docker/login-action - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - + + - name: Lower case owner + id: owner + run: | + OWNER="${{ github.repository_owner }}" + echo "repo-owner=${OWNER@L}" >> $GITHUB_OUTPUT + # Action reference: https://github.com/docker/build-push-action - name: Build container - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v6 with: context: ./deploy/base platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x push: true # keep tag in sync with deploy/base/Dockerfile:GANESHA_VERSION - tags: ghcr.io/${{ github.repository_owner }}/nfs-ganesha:V4.0.8 + tags: ghcr.io/${{ steps.owner.outputs.repo-owner }}/nfs-ganesha:V6.5 + diff --git a/.github/workflows/helm-chart-release.yml b/.github/workflows/helm-chart-release.yml index f4c5b543..d95d1f19 100644 --- a/.github/workflows/helm-chart-release.yml +++ b/.github/workflows/helm-chart-release.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -20,6 +20,6 @@ jobs: git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.1.0 + uses: helm/chart-releaser-action@v1.6.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/charts/nfs-server-provisioner/Chart.yaml b/charts/nfs-server-provisioner/Chart.yaml index e6c6d596..d6c77a24 100644 --- a/charts/nfs-server-provisioner/Chart.yaml +++ b/charts/nfs-server-provisioner/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 4.0.8 +appVersion: 6.5 description: nfs-server-provisioner is an out-of-tree dynamic provisioner for Kubernetes. You can use it to quickly & easily deploy shared storage that works almost anywhere. name: nfs-server-provisioner version: 1.8.0 diff --git a/charts/nfs-server-provisioner/README.md b/charts/nfs-server-provisioner/README.md index 48d0d0ff..6be41265 100644 --- a/charts/nfs-server-provisioner/README.md +++ b/charts/nfs-server-provisioner/README.md @@ -57,8 +57,8 @@ their default values. |:-------------------------------|:----------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------| | `extraArgs` | [Additional command line arguments](https://github.com/kubernetes-incubator/external-storage/blob/HEAD/nfs/docs/deployment.md#arguments) | `{}` | `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.repository` | The image repository to pull from | `registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8` | -| `image.tag` | The image tag to pull | `v4.0.8` | +| `image.repository` | The image repository to pull from | `registry.k8s.io/sig-storage/nfs-provisioner:v6.5` | +| `image.tag` | The image tag to pull | `v6.5` | | `image.digest` | The image digest to pull, this option has precedence over `image.tag` | `nil` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `service.type` | service type | `ClusterIP` | @@ -79,7 +79,7 @@ their default values. | `storageClass.name` | The name to assign the created StorageClass | `nfs` | | `storageClass.allowVolumeExpansion` | Allow base storage PCV to be dynamically resizeable (set to null to disable ) | `true | | `storageClass.parameters` | Parameters for StorageClass | `{}` | -| `storageClass.mountOptions` | Mount options for StorageClass | `[ "vers=3" ]` | +| `storageClass.mountOptions` | Mount options for StorageClass | `[ "vers=4.1" ]` | | `storageClass.reclaimPolicy` | ReclaimPolicy field of the class, which can be either Delete or Retain | `Delete` | | `resources` | Resource limits for nfs-server-provisioner pod | `{}` | | `nodeSelector` | Map of node labels for pod assignment | `{}` | diff --git a/charts/nfs-server-provisioner/values.yaml b/charts/nfs-server-provisioner/values.yaml index 85cb9759..2f1bdddf 100644 --- a/charts/nfs-server-provisioner/values.yaml +++ b/charts/nfs-server-provisioner/values.yaml @@ -8,7 +8,7 @@ replicaCount: 1 image: repository: registry.k8s.io/sig-storage/nfs-provisioner - tag: v4.0.8 + tag: v6.5 # digest: pullPolicy: IfNotPresent @@ -81,7 +81,7 @@ storageClass: parameters: {} mountOptions: - - vers=3 + - vers=4.1 - retrans=2 - timeo=30 diff --git a/deploy/base/Dockerfile b/deploy/base/Dockerfile index 6cbba3ea..3fe96dda 100644 --- a/deploy/base/Dockerfile +++ b/deploy/base/Dockerfile @@ -18,9 +18,7 @@ # arm64 architectures. # # List of Fedora versions: https://en.wikipedia.org/wiki/Fedora_version_history#Version_history -ARG FEDORA_VERSION=36 - - +ARG FEDORA_VERSION=41 FROM registry.fedoraproject.org/fedora:${FEDORA_VERSION} AS build @@ -42,22 +40,23 @@ RUN dnf install -y \ libblkid-devel \ libnfsidmap-devel \ libnsl2-devel \ - libntirpc-devel \ libuuid-devel \ ninja-build \ patch \ userspace-rcu-devel \ - xfsprogs-devel + xfsprogs-devel \ + libacl-devel # Clone specific version of ganesha # Keep version in sync with .github/workflows/docker-build.yml -ARG GANESHA_VERSION=V4.0.8 +ARG GANESHA_VERSION=V6.5 RUN git clone --branch ${GANESHA_VERSION} --recurse-submodules https://github.com/nfs-ganesha/nfs-ganesha WORKDIR /nfs-ganesha + RUN mkdir -p /usr/local \ && cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local \ -DBUILD_CONFIG=vfs_only -DUSE_FSAL_GLUSTER=OFF -DUSE_FSAL_RGW=OFF \ - -DUSE_RADOS_RECOV=OFF -DRADOS_URLS=OFF -DUSE_SYSTEM_NTIRPC=ON \ + -DUSE_RADOS_RECOV=OFF -DRADOS_URLS=OFF -DUSE_SYSTEM_NTIRPC=OFF \ -G Ninja src/ \ && sed -i 's|@SYSSTATEDIR@/lib/nfs/ganesha|/export|' src/include/config-h.in.cmake \ && ninja \ @@ -77,12 +76,12 @@ RUN microdnf install -y \ jemalloc \ libblkid \ libnfsidmap \ - libntirpc \ libuuid \ nfs-utils \ rpcbind \ userspace-rcu \ xfsprogs \ + libacl \ && microdnf clean all RUN mkdir -p /var/run/dbus \ diff --git a/deploy/docker/Dockerfile b/deploy/docker/Dockerfile index 318d87a6..1567c34a 100644 --- a/deploy/docker/Dockerfile +++ b/deploy/docker/Dockerfile @@ -13,10 +13,10 @@ # limitations under the License. # Update only after new version of deploy/base/Dockerfile change has built -ARG GANESHA_VERSION=V4.0.8 +ARG GANESHA_VERSION=V6.5 +ARG GH_ORGANIZATION=kubernetes-sigs - -FROM ghcr.io/kubernetes-sigs/nfs-ganesha:${GANESHA_VERSION} +FROM ghcr.io/${GH_ORGANIZATION}/nfs-ganesha:${GANESHA_VERSION} ARG binary=nfs-provisioner COPY ${binary} /nfs-provisioner diff --git a/deploy/kubernetes/deployment.yaml b/deploy/kubernetes/deployment.yaml index df64118c..10cff67c 100644 --- a/deploy/kubernetes/deployment.yaml +++ b/deploy/kubernetes/deployment.yaml @@ -63,7 +63,7 @@ spec: serviceAccount: nfs-provisioner containers: - name: nfs-provisioner - image: registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 + image: registry.k8s.io/sig-storage/nfs-provisioner:v6.5 ports: - name: nfs containerPort: 2049 diff --git a/deploy/kubernetes/pod.yaml b/deploy/kubernetes/pod.yaml index 7ca29646..db497029 100644 --- a/deploy/kubernetes/pod.yaml +++ b/deploy/kubernetes/pod.yaml @@ -11,7 +11,7 @@ spec: serviceAccount: nfs-provisioner containers: - name: nfs-provisioner - image: registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 + image: registry.k8s.io/sig-storage/nfs-provisioner:v6.5 ports: - name: nfs containerPort: 2049 diff --git a/deploy/kubernetes/statefulset.yaml b/deploy/kubernetes/statefulset.yaml index 01dcb26d..2ce83d06 100644 --- a/deploy/kubernetes/statefulset.yaml +++ b/deploy/kubernetes/statefulset.yaml @@ -63,7 +63,7 @@ spec: terminationGracePeriodSeconds: 10 containers: - name: nfs-provisioner - image: registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 + image: registry.k8s.io/sig-storage/nfs-provisioner:v6.5 ports: - name: nfs containerPort: 2049 diff --git a/docs/deployment.md b/docs/deployment.md index 16564014..c2190a53 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -29,7 +29,7 @@ $ make container If you are running in Kubernetes, it will pull the image from GCR for you. Or you can do it yourself. ``` -$ docker pull registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 +$ docker pull registry.k8s.io/sig-storage/nfs-provisioner:v6.5 ``` ## Deploying the provisioner @@ -87,7 +87,7 @@ You may want to specify the hostname the NFS server exports from, i.e. the serve $ docker run --cap-add DAC_READ_SEARCH --cap-add SYS_RESOURCE \ --security-opt seccomp:deploy/docker/nfs-provisioner-seccomp.json \ -v $HOME/.kube:/.kube:Z \ -registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 \ +registry.k8s.io/sig-storage/nfs-provisioner:v6.5 \ -provisioner=example.com/nfs \ -kubeconfig=/.kube/config ``` @@ -95,7 +95,7 @@ or ``` $ docker run --cap-add DAC_READ_SEARCH --cap-add SYS_RESOURCE \ --security-opt seccomp:deploy/docker/nfs-provisioner-seccomp.json \ -registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 \ +registry.k8s.io/sig-storage/nfs-provisioner:v6.5 \ -provisioner=example.com/nfs \ -master=http://172.17.0.1:8080 ``` @@ -110,7 +110,7 @@ With the two above options, the run command will look something like this. $ docker run --privileged \ -v $HOME/.kube:/.kube:Z \ -v /xfs:/export:Z \ -registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 \ +registry.k8s.io/sig-storage/nfs-provisioner:v6.5 \ -provisioner=example.com/nfs \ -kubeconfig=/.kube/config \ -enable-xfs-quota=true diff --git a/pkg/server/server.go b/pkg/server/server.go index ace77f95..b73f3ec1 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -63,6 +63,7 @@ NFS_Core_Param MNT_Port = 20048; NLM_Port = 32803; fsid_device = true; + allow_set_io_flusher_fail = true; } NFSV4