Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforce host networking for Ceph CSI controller plugin pods #157

Open
rohan47 opened this issue Oct 15, 2024 · 7 comments
Open

Enforce host networking for Ceph CSI controller plugin pods #157

rohan47 opened this issue Oct 15, 2024 · 7 comments
Assignees

Comments

@rohan47
Copy link

rohan47 commented Oct 15, 2024

In provider mode with dedicated storage network, Where CSI is running on a client cluster both Ceph and Ceph CSI pods must run on the host network.
The Ceph CSI controller plugin pods must also run on the host network, as the dedicated network is not accessible from the pod network. Currently, the controller plugin operates on the pod network.

@obnoxxx
Copy link
Collaborator

obnoxxx commented Oct 15, 2024

similar feature for rook: rook/rook#14585

@obnoxxx
Copy link
Collaborator

obnoxxx commented Oct 15, 2024

@rohan47 , @nb-ohad , @Madhu-1 , @leelavg, Let's discuss how this should be implemented. In rook, the use of host network can now be enforced by a newly introduced boolean operator setting called ROOK_ENFORCE_HOST_NETWORK which can be set in the operator's configmap or as an environment variable. Is something similar appropriate for ceph-csi-operator?

@leelavg
Copy link
Contributor

leelavg commented Oct 15, 2024

Is something similar appropriate for ceph-csi-operator

  • yes, a general flow is, CSI config is surfaced by the operator based on CRDs, more info is at design link and wherever appropriate we can introduce it and have backing controller reconcile it

@rohan47
Copy link
Author

rohan47 commented Oct 17, 2024

As per the design doc, currently the network is configured via annotations but I don't see any configuration for HostNetwork @leelavg

nodePlugin:
      priorityClassName: system-node-critical
      updateStrategy:
        type: RollingUpdate
        rollingUpdate:
          maxUnavailable: 1
      labels:
        app: csi
      annotations:
        k8s.v1.cni.cncf.io/networks: macvlan-conf-1
      affinity:```

@leelavg
Copy link
Contributor

leelavg commented Oct 17, 2024

This can be brought up in the meeting and propose change.

@obnoxxx
Copy link
Collaborator

obnoxxx commented Oct 17, 2024

/assign

Copy link

Thanks for taking this issue! Let us know if you have any questions!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants