Skip to content

Commit 7c46e6e

Browse files
author
Rook
committed
Deployed bb4f91b53 to latest in docs/rook with MkDocs 1.6.1 and mike 2.1.3
1 parent 4dce32a commit 7c46e6e

File tree

6 files changed

+88
-88
lines changed

6 files changed

+88
-88
lines changed

docs/rook/latest/Helm-Charts/operator-chart/index.html

Lines changed: 1 addition & 1 deletion
Large diffs are not rendered by default.

docs/rook/latest/Storage-Configuration/Ceph-CSI/ceph-csi-drivers/index.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@
5252
<a id=__codelineno-4-2 name=__codelineno-4-2></a><span class=go>kubectl create -f https://github.com/csi-addons/kubernetes-csi-addons/releases/download/v0.12.0/rbac.yaml</span>
5353
<a id=__codelineno-4-3 name=__codelineno-4-3></a><span class=go>kubectl create -f https://github.com/csi-addons/kubernetes-csi-addons/releases/download/v0.12.0/setup-controller.yaml</span>
5454
</code></pre></div></td></tr></table></div> <p>This creates the required CRDs and configures permissions.</p> <h3 id=enable-the-csi-addons-sidecar>Enable the CSI-Addons Sidecar<a class=headerlink href=#enable-the-csi-addons-sidecar title="Permanent link">&para;</a></h3> <p>To use the features provided by the CSI-Addons, the <code>csi-addons</code> containers need to be deployed in the RBD provisioner and nodeplugin pods, which are not enabled by default.</p> <p>Execute the following to enable the CSI-Addons sidecars:</p> <ul> <li> <p>Update the <code>rook-ceph-operator-config</code> configmap and patch the following configuration:</p> <div class=highlight><table class=highlighttable><tr><td class=linenos><div class=linenodiv><pre><span></span><span class=normal><a href=#__codelineno-5-1>1</a></span></pre></div></td><td class=code><div><pre><span></span><code><a id=__codelineno-5-1 name=__codelineno-5-1></a><span class=go>kubectl patch cm rook-ceph-operator-config -nrook-ceph -p $&#39;data:\n &quot;CSI_ENABLE_CSIADDONS&quot;: &quot;true&quot;&#39;</span>
55-
</code></pre></div></td></tr></table></div> </li> <li> <p>After enabling <code>CSI_ENABLE_CSIADDONS</code> in the configmap, a new sidecar container named <code>csi-addons</code> will start automatically in the RBD CSI provisioner and nodeplugin pods.</p> </li> </ul> <h3 id=csi-addons-operations>CSI-Addons Operations<a class=headerlink href=#csi-addons-operations title="Permanent link">&para;</a></h3> <p>CSI-Addons supports the following operations:</p> <ul> <li>Reclaim Space<ul> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/reclaimspace.md#reclaimspacejob>Creating a ReclaimSpaceJob</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/reclaimspace.md#reclaimspacecronjob>Creating a ReclaimSpaceCronJob</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/reclaimspace.md#annotating-perstentvolumeclaims>Annotating PersistentVolumeClaims</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/reclaimspace.md#annotating-namespace>Annotating Namespace</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/reclaimspace.md#annotating-storageclass>Annotating StorageClass</a></li> </ul> </li> <li>Network Fencing<ul> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/networkfence.md>Creating a NetworkFence</a></li> </ul> </li> <li>Volume Replication<ul> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/volumereplicationclass.md>Creating VolumeReplicationClass</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/volumereplication.md>Creating VolumeReplication CR</a></li> </ul> </li> <li>Key Rotation Job for PV encryption<ul> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/encryptionkeyrotation.md#encryptionkeyrotationjob>Creating EncryptionKeyRotationJob</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/encryptionkeyrotation.md#encryptionkeyrotationcronjob>Creating EncryptionKeyRotationCronJob</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/encryptionkeyrotation.md#annotating-persistentvolumeclaims>Annotating PersistentVolumeClaims</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/encryptionkeyrotation.md#annotating-namespace>Annotating Namespace</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/encryptionkeyrotation.md#annotating-storageclass>Annotating StorageClass</a></li> </ul> </li> </ul> <h2 id=enable-rbd-and-cephfs-encryption-support>Enable RBD and CephFS Encryption Support<a class=headerlink href=#enable-rbd-and-cephfs-encryption-support title="Permanent link">&para;</a></h2> <p>Ceph-CSI supports encrypting PersistentVolumeClaims (PVCs) for both RBD and CephFS. This can be achieved using LUKS for RBD and fscrypt for CephFS. More details on encrypting RBD PVCs can be found <a href=https://github.com/ceph/ceph-csi/blob/v3.13.1/docs/deploy-rbd.md#encryption-for-rbd-volumes>here</a>, which includes a full list of supported encryption configurations. More details on encrypting CephFS PVCs can be found <a href=https://github.com/ceph/ceph-csi/blob/v3.13.1/docs/deploy-cephfs.md#cephfs-volume-encryption>here</a>. A sample KMS configmap can be found <a href=https://github.com/ceph/ceph-csi/blob/v3.13.1/examples/kms/vault/kms-config.yaml>here</a>.</p> <div class="admonition note"> <p class=admonition-title>Note</p> <p>Not all KMS are compatible with fscrypt. Generally, KMS that either store secrets to use directly (like Vault) or allow access to the plain password (like Kubernetes Secrets) are compatible.</p> </div> <div class="admonition note"> <p class=admonition-title>Note</p> <p>Rook also supports OSD-level encryption (see <code>encryptedDevice</code> option <a href=../../../CRDs/Cluster/ceph-cluster-crd/#osd-configuration-settings>here</a>).</p> </div> <p>Using both RBD PVC encryption and OSD encryption at the same time will lead to double encryption and may reduce read/write performance.</p> <p>Existing Ceph clusters can also enable Ceph-CSI PVC encryption support and multiple kinds of encryption KMS can be used on the same Ceph cluster using different storageclasses.</p> <p>The following steps demonstrate the common process for enabling encryption support for both RBD and CephFS:</p> <ul> <li>Create the <code>rook-ceph-csi-kms-config</code> configmap with required encryption configuration in the same namespace where the Rook operator is deployed. An example is shown below:</li> </ul> <div class=highlight><table class=highlighttable><tr><td class=linenos><div class=linenodiv><pre><span></span><span class=normal><a href=#__codelineno-6-1> 1</a></span>
55+
</code></pre></div></td></tr></table></div> </li> <li> <p>After enabling <code>CSI_ENABLE_CSIADDONS</code> in the configmap, a new sidecar container named <code>csi-addons</code> will start automatically in the RBD CSI provisioner and nodeplugin pods.</p> </li> </ul> <h3 id=csi-addons-operations>CSI-Addons Operations<a class=headerlink href=#csi-addons-operations title="Permanent link">&para;</a></h3> <p>CSI-Addons supports the following operations:</p> <ul> <li>Reclaim Space<ul> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/reclaimspace.md#reclaimspacejob>Creating a ReclaimSpaceJob</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/reclaimspace.md#reclaimspacecronjob>Creating a ReclaimSpaceCronJob</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/reclaimspace.md#annotating-perstentvolumeclaims>Annotating PersistentVolumeClaims</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/reclaimspace.md#annotating-namespace>Annotating Namespace</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/reclaimspace.md#annotating-storageclass>Annotating StorageClass</a></li> </ul> </li> <li>Network Fencing<ul> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/networkfence.md>Creating a NetworkFence</a></li> </ul> </li> <li>Volume Replication<ul> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/volumereplicationclass.md>Creating VolumeReplicationClass</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/volumereplication.md>Creating VolumeReplication CR</a></li> </ul> </li> <li>Key Rotation Job for PV encryption<ul> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/encryptionkeyrotation.md#encryptionkeyrotationjob>Creating EncryptionKeyRotationJob</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/encryptionkeyrotation.md#encryptionkeyrotationcronjob>Creating EncryptionKeyRotationCronJob</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/encryptionkeyrotation.md#annotating-persistentvolumeclaims>Annotating PersistentVolumeClaims</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/encryptionkeyrotation.md#annotating-namespace>Annotating Namespace</a></li> <li><a href=https://github.com/csi-addons/kubernetes-csi-addons/blob/v0.12.0/docs/encryptionkeyrotation.md#annotating-storageclass>Annotating StorageClass</a></li> </ul> </li> </ul> <h2 id=enable-rbd-and-cephfs-encryption-support>Enable RBD and CephFS Encryption Support<a class=headerlink href=#enable-rbd-and-cephfs-encryption-support title="Permanent link">&para;</a></h2> <p>Ceph-CSI supports encrypting PersistentVolumeClaims (PVCs) for both RBD and CephFS. This can be achieved using LUKS for RBD and fscrypt for CephFS. More details on encrypting RBD PVCs can be found <a href=https://github.com/ceph/ceph-csi/blob/v3.14.0/docs/deploy-rbd.md#encryption-for-rbd-volumes>here</a>, which includes a full list of supported encryption configurations. More details on encrypting CephFS PVCs can be found <a href=https://github.com/ceph/ceph-csi/blob/v3.14.0/docs/deploy-cephfs.md#cephfs-volume-encryption>here</a>. A sample KMS configmap can be found <a href=https://github.com/ceph/ceph-csi/blob/v3.14.0/examples/kms/vault/kms-config.yaml>here</a>.</p> <div class="admonition note"> <p class=admonition-title>Note</p> <p>Not all KMS are compatible with fscrypt. Generally, KMS that either store secrets to use directly (like Vault) or allow access to the plain password (like Kubernetes Secrets) are compatible.</p> </div> <div class="admonition note"> <p class=admonition-title>Note</p> <p>Rook also supports OSD-level encryption (see <code>encryptedDevice</code> option <a href=../../../CRDs/Cluster/ceph-cluster-crd/#osd-configuration-settings>here</a>).</p> </div> <p>Using both RBD PVC encryption and OSD encryption at the same time will lead to double encryption and may reduce read/write performance.</p> <p>Existing Ceph clusters can also enable Ceph-CSI PVC encryption support and multiple kinds of encryption KMS can be used on the same Ceph cluster using different storageclasses.</p> <p>The following steps demonstrate the common process for enabling encryption support for both RBD and CephFS:</p> <ul> <li>Create the <code>rook-ceph-csi-kms-config</code> configmap with required encryption configuration in the same namespace where the Rook operator is deployed. An example is shown below:</li> </ul> <div class=highlight><table class=highlighttable><tr><td class=linenos><div class=linenodiv><pre><span></span><span class=normal><a href=#__codelineno-6-1> 1</a></span>
5656
<span class=normal><a href=#__codelineno-6-2> 2</a></span>
5757
<span class=normal><a href=#__codelineno-6-3> 3</a></span>
5858
<span class=normal><a href=#__codelineno-6-4> 4</a></span>

docs/rook/latest/Storage-Configuration/Ceph-CSI/custom-images/index.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
<span class=normal><a href=#__codelineno-1-4>4</a></span>
66
<span class=normal><a href=#__codelineno-1-5>5</a></span>
77
<span class=normal><a href=#__codelineno-1-6>6</a></span>
8-
<span class=normal><a href=#__codelineno-1-7>7</a></span></pre></div></td><td class=code><div><pre><span></span><code><a id=__codelineno-1-1 name=__codelineno-1-1></a><span class=nt>ROOK_CSI_CEPH_IMAGE</span><span class=p>:</span><span class=w> </span><span class=s>&quot;quay.io/cephcsi/cephcsi:v3.13.1&quot;</span>
8+
<span class=normal><a href=#__codelineno-1-7>7</a></span></pre></div></td><td class=code><div><pre><span></span><code><a id=__codelineno-1-1 name=__codelineno-1-1></a><span class=nt>ROOK_CSI_CEPH_IMAGE</span><span class=p>:</span><span class=w> </span><span class=s>&quot;quay.io/cephcsi/cephcsi:v3.14.0&quot;</span>
99
<a id=__codelineno-1-2 name=__codelineno-1-2></a><span class=nt>ROOK_CSI_REGISTRAR_IMAGE</span><span class=p>:</span><span class=w> </span><span class=s>&quot;registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0&quot;</span>
1010
<a id=__codelineno-1-3 name=__codelineno-1-3></a><span class=nt>ROOK_CSI_PROVISIONER_IMAGE</span><span class=p>:</span><span class=w> </span><span class=s>&quot;registry.k8s.io/sig-storage/csi-provisioner:v5.1.0&quot;</span>
1111
<a id=__codelineno-1-4 name=__codelineno-1-4></a><span class=nt>ROOK_CSI_ATTACHER_IMAGE</span><span class=p>:</span><span class=w> </span><span class=s>&quot;registry.k8s.io/sig-storage/csi-attacher:v4.8.0&quot;</span>

docs/rook/latest/search/search_index.json

Lines changed: 1 addition & 1 deletion
Large diffs are not rendered by default.

0 commit comments

Comments
 (0)