starlingx/app-rook-ceph
Code Issues Proposed changes

Disable host networking for CSI CephFS and RBD nodeplugins

Browse Source 
Changed the enableCSIHostNetwork property to false in rook-ceph
configuration to restrict direct access to the host network for CSI
drivers.

Test Plan:
  - PASS: AIO-DX/Standard [IPv4/IPv6] Check if the volume mounts
    correctly inside the pods.
  - PASS: AIO-DX/Standard [IPv4/IPv6] Check if rook-ceph pods are on the
    same network.
  - PASS: AIO-DX/Standard [IPv4/IPv6] Check all pods in the rook-ceph
    network can communicate with each other.

Closes-bug: 2087845

Signed-off-by: Ítalo Gomes Vieira <italo.gomesvieira@windriver.com>
Change-Id: Id87cd9dfc157bd1edd2e244518294314af5e62a1
This commit is contained in:
Ítalo Vieira 2024-11-08 15:28:44 -03:00
parent 3fb190bfe6
commit 146307f6cd
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
stx-rook-ceph-helm/stx-rook-ceph-helm/fluxcd-manifests/rook-ceph/rook-ceph-static-overrides.yaml
View File

@ -176,7 +176,7 @@ csi:
# -- Enable host networking for CSI CephFS and RBD nodeplugins. This may be necessary
# in some network configurations where the SDN does not provide access to an external cluster or
# there is significant drop in read/write performance
enableCSIHostNetwork: true
enableCSIHostNetwork: false
# -- Enable Ceph CSI CephFS driver
enableCephfsDriver: true
# -- Enable Snapshotter in CephFS provisioner pod