Rook v1.12 Storage Enhancements

Published in

Rook Blog

4 min readJul 18, 2023

The Rook v1.12 release is out! v1.12 is another feature-filled release to improve storage for Kubernetes. Thanks again to the community for all the great support in this journey to deploy storage in production.

The statistics continue to show Rook community growth since the v1.11 release in February:

10.8K to 11.1K Github stars
278M to 288M Container downloads
5.8K to 6.1K Slack members
7.0K to 7.1K Twitter followers

We have a lot of new features for the Ceph storage provider that we hope you’ll be excited about with the v1.12 release!

Ceph Reef Support

Ceph Reef (v18) is the next major version of Ceph that is set to be released any day now. Keeping up with the latest updates to the data plane is critical to Rook so you can always deploy the version of the data plane that you desire. To learn more about all the new features in the Reef release, see the pending release notes.

In addition to Reef, Rook v1.12 continues to support Pacific (v16) and Quincy (v17). In Rook v1.13 we anticipate removing support for Pacific to correspond with its end-of-life from the Ceph team. If you are still running Pacific, we encourage you to update to the latest version of Quincy in the near future.

COSI

Kubernetes 1.25 included the alpha release for the Container Object Storage Interface (COSI), allowing applications to provision buckets to PUT and GET objects with an S3 endpoint. To provision a bucket with Ceph RGW, the Ceph COSI driver is now available and integrated with Rook. The status of the Ceph COSI driver is experimental.

The COSI driver effectively supersedes bucket provisioning with Object Bucket Claims (OBCs) that Rook has provided. In a future release after COSI is declared stable, a path to convert from OBCs will be provided when OBCs will be deprecated.

Ceph-CSI v3.9

The v3.9 release of the Ceph-CSI driver is now the version deployed by default with Rook. The driver has a number of important updates to add more storage features available to clients.

Support added for more efficient selinux relabeling for RBD, CephFS, and NFS drivers
mkfs options can be set in the storage class
NFS storage class supports secTypes parameters

Node loss

If a node goes down where a pod is running with an RWO volume mounted, the volume cannot automatically be mounted on another node. The node must be guaranteed to be offline before the volume can be mounted on another node. Kubernetes 1.26 released an approach to help automate the ability to safely allow these volumes to be mounted on another node.

A node that is offline must be tainted by the K8s admin after they have verified that the node is indeed unreachable. After the node is tainted, Rook will automatically fence the node, allowing the volume to be mounted on another node. See the Rook documentation on handling node loss to enable this new behavior.

Minimal Pod privileges

While Rook will always require admin privileges to setup the Ceph storage, we strive to use minimal privileges at runtime. In the interest of reducing privileges, we dropped “All” privileges from the operator, CSI driver, and Ceph containers where possible.

Krew Plugin

The Rook Krew plugin is a tool we created last year to help troubleshoot and maintain your clusters. The latest addition to the Krew plugin with the v0.5 release was a rewrite to use Golang. This will enable more reliable development and testing of features in the future. We hope you are finding this tool useful and look forward to your feedback for what commands will be most helpful to develop!

Kubernetes v1.22+

Kubernetes v1.22 is now the minimum version supported by Rook, which means we run CI tests against v1.22 and newer. If you still require running an older K8s version we haven’t done anything to prevent running Rook, we simply just do not have any test validation on older versions.

Updated Go Dependencies

Multiple updates were made to pull in the latest Go dependencies. These are internal updates that aren’t manifest directly in any Rook features, but are important to maintain code hygiene with the latest dependencies.

Updated to the latest controller runtime APIs with v0.15
Removed test dependencies on hashicorp vault server packages, which significantly reduced indirect go dependencies. Vault features used by Rook were not affected.

What’s Next?

As we continue the journey to develop reliable storage operators for Kubernetes, we look forward to your ongoing feedback. Only with the community is it possible to continue this fantastic momentum.

There are many different ways to get involved in the Rook project, whether as a user or developer. Please join us in helping the project continue to grow on its way beyond the v1.12 milestone!