chore: Bump github.com/rook/rook from 1.11.9 to 1.17.2

[dependabot]

Bumps github.com/rook/rook from 1.11.9 to 1.17.2.

Release notes

Sourced from github.com/rook/rook's releases.

v1.17.1

Improvements

Rook v1.17.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

• cluster: Specify sensitive ceph config in the CephCluster CR via secrets (#15696, @​patrostkowski)
• object: Lower retry log verbosity in notification OBC controller (#15764, @​BlaineEXE)
• object: Log all reconcile errors during object store creation (#15747, @​travisn)
• docs: Update Prometheus Operator to v0.82.0 (#15750, @​OdedViner)
• build: Set correct helm version tag for the release (#15748, @​travisn)
• build: Stop publishing release artifacts for non-released builds (#15742, @​travisn)

v1.17.0

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes

• Kubernetes v1.28 is now the minimum version supported by Rook through the soon-to-be K8s release v1.33.
• Several ObjectBucketClaim options were added previously in Rook v1.16 that allowed more control over buckets. These controls allow users to self-serve their own S3 policies. Administrators may consider this flexibility a risk, depending on their environment. Rook now disables these options by default to ensure the safest off-the-shelf configurations. To enable the full range of OBC configurations, the new setting ROOK_OBC_ALLOW_ADDITIONAL_CONFIG_FIELDS must be set to enable users to set all of these options. For more details, see the OBC additionalConfig documentation.
• First-class credential management added to CephObjectStoreUser resources, allowing multiple credentials and declarative credential rotation. For more details, see Managing User S3 Credentials. As a result, existing S3 users provisioned via CephObjectStoreUser resources no longer allow multiple credentials to exist on underlying S3 users, unless explicitly managed by Rook. Rook will purge all but one of the undeclared credentials. This could be a user observable regression for administrators who manually edited/rotated S3 user credentials for CephObjectStoreUsers, and affected users can make use of the new credential management feature as an alternative.
• Kafka notifications configured via CephBucketTopic resources will now default to setting the Kafka authentication mechanism to PLAIN. Previously, no auth mechanism was specified by default. It was possible to set the auth mechanism via CephBucketTopic.spec.endpoint.kafka.opaqueData. However, setting &mechanism=<auth type> via opaqueData is no longer possible. If any auth mechanism other than PLAIN is in use, modification to CephBucketTopic resources is required.

Features

• The name of a pre-existing Ceph RGW user account can be set as the bucket owner on an ObjectBucketClaim (OBC), rather than a unique RGW user being created for every bucket. A CephObjectStoreUser resource may be used to create the Ceph RGW user account which will be specified on the OBC. If the bucket owner is set on a bucket that already exists and is owned by a different user, the bucket will be re-linked to the specified user.
• The Ceph CSI 3.14 release has a number of features and improvements for RBD and CephFS volumes, volume snapshots, and many more areas. See the Ceph CSI 3.14 release notes for more details.
• External mons: In some two-datacenter clusters, there is no option to start an arbiter mon in an independent K8s node to configure a proper stretch cluster. The external mons now allow a mon to be configured outside the Kubernetes cluster, while Rook manages everything else inside the cluster. For more details, see the External Mon documentation. This feature is in currently in experimental mode.
• DNS resolution for mons: Allows clients outside the K8s cluster to resolve mon endpoints via DNS without requiring manual updates to the list of mon endpoints. This helps in scenarios such as virtual machine live migration. The Ceph client can connect to rook-ceph-active-mons..svc.cluster.local to dynamically resolve mon endpoints and receive automatic updates when mon IPs change. To configure this DNS resolution, see Tracking Mon Endpoints.
• Node-specific ceph.conf overrides: The ceph.conf overrides can now be customized per-node. This may be helpful for some ceph.conf settings that need to be unique per node depending on the hardware. This can be configured by creating a node-specific configmap that will be loaded for all OSDs and OSD prepare jobs on that node, instead of the default settings that are loaded from the rook-config-override configmap.

v1.16.7

Improvements

Rook v1.16.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

• core: Set default Ceph version to v19.2.2 (#15704, @​travisn)
• mon: Ensure mon canary pods are cleaned up for multicluster service (#15718, @​sp98)
• core: Print correct OSD ID in key rotation logs (#15727, @​sp98)
• helm: Add labels to ingress resource (#15719, @​chkpwd)
• core: Update cephstatus fsmap gid type to uint64 (#15690, @​BlaineEXE)
• pool: Retry status update on fail (#15593, @​prazumovsky)
• helm: Allow specifying an ingress object store port to override default (#15669, @​travisn)
• rbdmirror: Fix the rados namespace health checkup (#15677, @​parth-gr)
• osd: Stabilize oscillating maxUnavailable in pdbs in case of node drain (#15634, @​sp98)
• ci: Update x/net version to fix snyk report (#15659, @​subhamkrai)
• nfs: Set allow_set_io_flusher_fail=true in config (#15652, @​BlaineEXE)

v1.16.6

Improvements

Rook v1.16.6 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

... (truncated)

Commits

• f626677 Merge pull request #15836 from rook/mergify/bp/release-1.17/pr-15835
• 59f715c Revert "ci: only publish docs in master and tagged releases"
• c96b801 Merge pull request #15833 from obnoxxx/prep-v1.17.2
• 704cd66 Merge pull request #15834 from rook/mergify/bp/release-1.17/pr-15829
• 00503b8 object: change CephObjectStore "foo" found log level to debug
• 755ed40 build: update release version to v1.17.2
• ea8c53e Merge pull request #15832 from rook/mergify/bp/release-1.17/pr-15817
• 44994bb namespace: add conditions blocking deletion for rados namespace
• f749590 block: add condition for deletion blocked with images
• dafa50c Merge pull request #15831 from rook/mergify/bp/release-1.17/pr-15830
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)