RATATOSKRATATOSK
Sign in

Releases

AI-analyzed release notes for CNCF graduated and incubating projects.

Project: RookClear ×

Rook

Storage & DataJun 16, 2026

Rook v1.20.1 is a patch release focused on Ceph operator stability: Ceph CSI driver compatibility, OSD major-version handling, and CSI-addons disabled by default to reduce unexpected behavior.

  • breakingCSI-addons disabled by default — check cluster dependencies

    CSI-addons (snapshot, clone, and expansion features) are now disabled by default in v1.20.1. If your workloads rely on these features, you must explicitly enable them in the Ceph cluster spec or your RWX volume snapshots and clones will fail. Review helm values and operator configs to enable addons before upgrade if needed.

  • enhancementUse node labels for OSD device class assignment instead of manual mapping

    Instead of hardcoding device class assignment per node, you can now use Kubernetes node labels (like `disk-type: ssd`) to automatically classify OSDs. This simplifies scaling clusters with mixed hardware. Apply node labels, then reference them in the Ceph cluster spec to avoid per-node configuration drift.

  • enhancementOSD require-osd-release is now enforced after major Ceph upgrades

    After a major Ceph version upgrade (e.g., Quincy to Reef), Rook now sets `require-osd-release` automatically to prevent old OSDs from rejoining before the cluster is ready. Before upgrade, ensure all OSDs can be updated together; if you have pinned some OSDs to an older version, they will be blocked from joining until unpinned.

Key changes (5)
  • Helm chart now includes Rook-compatible Ceph CSI driver values for easier integration
  • OSD require-osd-release is enforced after Ceph major upgrades to prevent version mismatch issues
  • CSI-addons disabled by default to prevent unintended feature activation
  • Node labels can now be used for OSD device class assignment, replacing manual configuration
  • Stale MDS and RGW pod disruption budgets are cleaned up automatically to avoid blocking cluster operations
Source

Rook

Storage & DataJun 2, 2026

Rook v1.20 hands CSI driver management to the Ceph CSI operator — a breaking change for anyone with custom CSI config — while adding encrypted OSD resize, Vault Agent SSE-S3, and stabilizing concurrent cluster reconciliation.

  • breakingMigrate CSI config to Ceph-CSI operator before customizing anything

    Existing clusters will survive the upgrade with previously applied CSI settings, but any future CSI changes must go through the Ceph-CSI OperatorConfig and Driver CRs — not the Rook configmap. Helm users need the ceph-csi-drivers chart for operator settings (custom images stay in rook-ceph chart values). Audit your current CSI customizations now and plan the migration path before upgrading. Don't wait until you need to change a CSI setting post-upgrade to figure this out.

  • enhancementAudit CRUSH rules before upgrading if you rely on custom ones

    Rook now deletes unused CRUSH rules by default on mgr startup. If your environment has CRUSH rules that appear unused but are intentionally retained for failover or manual placement, set ROOK_DELETE_UNUSED_CRUSH_RULES=false in the operator config before upgrading. Losing custom CRUSH rules silently is the kind of thing that only hurts when you need them most.

  • enhancementEnable concurrent cluster reconciliation if running multiple Ceph clusters

    ROOK_RECONCILE_CONCURRENT_CLUSTERS is now marked stable after testing in prior releases. If you manage multiple CephCluster objects in one operator, enable this setting to reduce reconciliation bottlenecks. This is especially useful in multi-tenant or multi-cluster operator deployments where one slow cluster previously blocked others.

Key changes (5)
  • Breaking: CSI settings removed from Rook operator configmap and Helm chart; new installs must use Ceph-CSI OperatorConfig and Driver CRs
  • Encrypted host-based OSDs now auto-expand when the underlying disk is resized (encryptedDevice: true, non-PVC clusters)
  • SSE-S3 server-side encryption now supports HashiCorp Vault Agent authentication for CephObjectStore
  • Concurrent cluster reconciliation (ROOK_RECONCILE_CONCURRENT_CLUSTERS) is now stable
  • Unused CRUSH rules deleted by default after mgr starts; set ROOK_DELETE_UNUSED_CRUSH_RULES=false to opt out
Source

Rook

Storage & DataMay 27, 2026

Rook v1.18.11 patches liveness probe stability, OSD disk handling, and CSI priority class assignment. No major breaking changes, but one CSI component fix may shift pod scheduling.

  • breakingCSI priority class name correction

    CSI provisioner and plugin priority class names were swapped in earlier v1.18.x releases (PR #17361). If you've set custom CSI priority classes, check your PVCs and plugin pods after upgrade — the correct priority class will now apply to the right component, potentially changing scheduling behavior for storage workloads.

  • enhancementFix liveness probe script formatting

    Rook v1.18.11 removes newlines from liveness probe scripts (PR #17420). If your Ceph cluster's liveness probes are flaky or generating spurious restarts, upgrade immediately — the whitespace issue could be interfering with probe output parsing. No breaking changes, but the fix eliminates a source of operational noise.

  • enhancementDisk zapping for forced OSD installation

    The disk zapping feature for forced OSD installation (PR #17533) gives you explicit control over device reuse. If you're adding storage to existing nodes or recovering failed OSD slots, update to v1.18.11 and review your OSD discovery workflow — you can now force installation on previously used disks without manual intervention.

Key changes (5)
  • Disk zapping for forced OSD installation simplifies storage recovery
  • Liveness probe script newline fix reduces false pod restarts
  • CSI provisioner and plugin priority class names corrected
  • Go-jose library updated from 4.1.3 to 4.1.4
  • Out-of-date PgHealthyRegex documentation references fixed
Source

Rook

Storage & DataApr 28, 2026

Rook v1.19.5 patches several operator bugs including a CSI priority class swap, OSD CRUSH device class fix, and more reliable mon drain behavior.

  • breakingAudit CSI priority classes after upgrade — they were swapped

    The provisioner and plugin priority class names were assigned to the wrong CSI components. If you set custom values for these fields, verify that your workloads are getting the priority you intended post-upgrade. Clusters running latency-sensitive storage I/O with tiered priority classes are most at risk. Check the assigned priority classes on CSI pods after the upgrade and adjust your Helm values if needed.

  • enhancementUpgrade if you've hit silent CRUSH device class failures on OSD re-discovery

    When OSDs were re-discovered (e.g., after node replacement or OSD recreation), the CRUSH device class wasn't being reapplied. This caused OSDs to land in the wrong CRUSH bucket, potentially breaking data placement rules. If you use device classes (hdd/ssd/nvme) for pool or rule targeting, verify your OSD tree after upgrading to confirm correct class assignments.

  • enhancementSet ROOK_UNREACHABLE_NODE_TOLERATION_SECONDS via Helm now

    Previously this required patching the operator deployment directly. With this release it's a first-class Helm value. If you've been working around this with post-install patches or custom operator manifests, clean those up and move the setting into your values file to avoid drift.

Key changes (5)
  • CSI: provisionerPriorityClassName and pluginPriorityClassName were swapped — clusters with custom priority classes have been running with incorrect assignments until now
  • OSD: CRUSH device class no longer silently ignored during OSD re-discovery, fixing placement policy enforcement
  • MON: drain prevention logic improved when monitors are already down, reducing split-brain risk during maintenance
  • Helm: ROOK_UNREACHABLE_NODE_TOLERATION_SECONDS is now configurable via chart values instead of requiring manual operator env overrides
  • Security: rook-ceph-nvmeof service account granted proper SCC permissions; CSI resources now carry Helm ownership annotations
Source

Rook

Storage & DataApr 14, 2026

Rook v1.19.4 is a focused patch release fixing CephObjectStoreUser capabilities, adding multi-cluster RBAC fixes, and improving OSD disk handling with forceful zap support.

  • breakingMulti-cluster deployments: apply the RBAC fix immediately

    The missing ceph-mgr RBAC role in secondary clusters could cause silent permission failures that are hard to diagnose. If you're running Rook in a multi-cluster setup, upgrade to v1.19.4 and verify ceph-mgr is operating correctly post-upgrade. Don't wait on this one.

  • enhancementForceful OSD replacement is now cleaner with disk zap

    The new disk zap behavior during forceful OSD installation removes the manual cleanup step that previously caused headaches when replacing failed OSDs. If you've been scripting around this limitation, review your runbooks — the operator now handles it directly.

  • enhancementAdd labels to RGW services for better traffic routing

    CephObjectStore RGW services now accept custom labels, which opens up more precise service mesh, load balancer, and network policy targeting. Worth adopting if you're running multiple object stores or need finer-grained traffic control.

Key changes (5)
  • CephObjectStoreUser capabilities setting now works correctly after a bug fix
  • Missing RBAC role for ceph-mgr in secondary clusters has been patched — multi-cluster deployments were silently broken
  • OSD disk zap on forceful installation added, enabling cleaner OSD replacement workflows
  • CephObjectStore RGW service now supports custom labels for better service targeting
  • CSI operator bumped to v0.6.0 and COSI sidecar image updated to latest default
Source

Rook

Storage & DataMar 24, 2026

Rook v1.19.3 delivers targeted fixes and additions across CSI, pool management, OSD operations, and RGW — with a notable shift to ceph-csi-operator for CSI deployments.

  • breakingCSI now deploys via ceph-csi-operator — verify your deployment model

    The shift to ceph-csi-operator for deploying Ceph-CSI/NVMe-oF changes how CSI components are managed. If you have customized CSI sidecar configurations or rely on specific deployment behavior, audit your setup before upgrading. The ceph-csi-operator introduces its own CRDs and reconciliation loop, so any direct overrides you've applied to CSI DaemonSets or Deployments may be overwritten or ignored post-upgrade.

  • enhancementEncrypted OSD users: apply the lockbox key rotation fix now

    The lockbox key rotation bug for encrypted OSDs could leave your cluster in an inconsistent encryption state over time. If you're running encrypted OSDs, upgrade to v1.19.3 and verify key rotation is functioning correctly afterward. This is especially relevant if you've observed any anomalies during OSD replacement or key rotation workflows.

  • enhancementRGW on IPv6? The secret formatting fix is a must

    The incorrect IPv6 formatting in object store user secrets would cause connection failures in IPv6-only or dual-stack environments. If your RGW deployment uses IPv6 addressing, this fix directly unblocks proper user secret generation. After upgrading, recreate or reconcile affected object store users to pick up correctly formatted secrets.

Key changes (5)
  • CSI deployments now go through ceph-csi-operator instead of direct management; ceph-csi image updated to v3.16.2
  • Erasure-coded pool handling improved: cleanup on deletion, correct ready status after reconcile, and mirroring skipped for EC data pools
  • Ceph-exporter gains configurable port support and orphaned deployment cleanup on reconcile
  • OSD disk cleaning now checks devlinks, and lockbox key rotation for encrypted OSDs is fixed
  • RGW fixes: correct IPv6 secret formatting for object store users, shared pools zone JSON support, and zone/sharedPools reconcile ordering
Source

Rook

Storage & DataMar 24, 2026

Rook v1.18.10 patches several OSD reliability issues, tightens RBAC permissions, and adds minor operational improvements to the Ceph exporter and NFS server.

  • securityAudit your Rook RBAC after upgrading — nodes/proxy grant is gone

    The operator's nodes/proxy RBAC permission has been removed. If any custom tooling or monitoring in your environment relied on Rook's ServiceAccount having that grant, it will break silently after upgrade. Review any pipelines or dashboards that use the Rook operator ServiceAccount before rolling this out to production.

  • breakingEncrypted OSD users should test key rotation after upgrading

    The lockbox key rotation logic for encrypted OSDs was updated. Encrypted OSD clusters should run a non-production upgrade first and explicitly verify key rotation still works end-to-end. The CephX key init fix (no overwrite on failure) also changes behavior during error recovery — test any failure/retry scenarios you have documented.

  • enhancementUse the new CephNFS image fields to pin or customize NFS server images

    The new spec.server.image and spec.server.imagePullPolicy fields let you specify a custom NFS Ganesha image per CephNFS resource. This is useful if you need to pin a specific version for compliance or test a patched image without waiting for a Rook release. Update your CephNFS manifests if you currently work around this with other hacks.

Key changes (5)
  • Orphaned ceph-exporter deployments are now cleaned up automatically during reconcile
  • RBAC: nodes/proxy grants removed from the operator — reduces cluster-wide privilege footprint
  • Encrypted OSD lockbox key rotation logic updated — important for clusters using OSD encryption
  • CephX key init no longer overwrites an existing key on failure — prevents accidental key loss
  • CephNFS gains spec.server.image and spec.server.imagePullPolicy fields for custom NFS images
Source