| # Default values for rook-ceph-operator |
| # This is a YAML-formatted file. |
| # Declare variables to be passed into your templates. |
| |
| image: |
| # -- Image |
| repository: rook/ceph |
| # -- Image tag |
| # @default -- `v1.14.5` |
| tag: v1.14.5 |
| # -- Image pull policy |
| pullPolicy: IfNotPresent |
| |
| crds: |
| # -- Whether the helm chart should create and update the CRDs. If false, the CRDs must be |
| # managed independently with deploy/examples/crds.yaml. |
| # **WARNING** Only set during first deployment. If later disabled the cluster may be DESTROYED. |
| # If the CRDs are deleted in this case, see |
| # [the disaster recovery guide](https://rook.io/docs/rook/latest/Troubleshooting/disaster-recovery/#restoring-crds-after-deletion) |
| # to restore them. |
| enabled: true |
| |
| # -- Pod resource requests & limits |
| resources: |
| limits: |
| memory: 512Mi |
| requests: |
| cpu: 200m |
| memory: 128Mi |
| |
| # -- Kubernetes [`nodeSelector`](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) to add to the Deployment. |
| nodeSelector: {} |
| # Constraint rook-ceph-operator Deployment to nodes with label `disktype: ssd`. |
| # For more info, see https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
| # disktype: ssd |
| |
| # -- List of Kubernetes [`tolerations`](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to add to the Deployment. |
| tolerations: [] |
| |
| # -- Delay to use for the `node.kubernetes.io/unreachable` pod failure toleration to override |
| # the Kubernetes default of 5 minutes |
| unreachableNodeTolerationSeconds: 5 |
| |
| # -- Whether the operator should watch cluster CRD in its own namespace or not |
| currentNamespaceOnly: false |
| |
| # -- Pod annotations |
| annotations: {} |
| |
| # -- Global log level for the operator. |
| # Options: `ERROR`, `WARNING`, `INFO`, `DEBUG` |
| logLevel: INFO |
| |
| # -- If true, create & use RBAC resources |
| rbacEnable: true |
| |
| rbacAggregate: |
| # -- If true, create a ClusterRole aggregated to [user facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) for objectbucketclaims |
| enableOBCs: false |
| |
| # -- If true, create & use PSP resources |
| pspEnable: false |
| |
| # -- Set the priority class for the rook operator deployment if desired |
| priorityClassName: |
| |
| # -- Set the container security context for the operator |
| containerSecurityContext: |
| runAsNonRoot: true |
| runAsUser: 2016 |
| runAsGroup: 2016 |
| capabilities: |
| drop: ["ALL"] |
| # -- If true, loop devices are allowed to be used for osds in test clusters |
| allowLoopDevices: false |
| |
| # Settings for whether to disable the drivers or other daemons if they are not |
| # needed |
| csi: |
| # -- Enable Ceph CSI RBD driver |
| enableRbdDriver: true |
| # -- Enable Ceph CSI CephFS driver |
| enableCephfsDriver: true |
| # -- Disable the CSI driver. |
| disableCsiDriver: "false" |
| |
| # -- Enable host networking for CSI CephFS and RBD nodeplugins. This may be necessary |
| # in some network configurations where the SDN does not provide access to an external cluster or |
| # there is significant drop in read/write performance |
| enableCSIHostNetwork: true |
| # -- Deprecation note: Rook uses "holder" pods to allow CSI to connect to the multus public network |
| # without needing hosts to the network. Holder pods are being removed. See issue for details: |
| # https://github.com/rook/rook/issues/13055. New Rook deployments should set this to "true". |
| disableHolderPods: true |
| # -- Enable Snapshotter in CephFS provisioner pod |
| enableCephfsSnapshotter: true |
| # -- Enable Snapshotter in NFS provisioner pod |
| enableNFSSnapshotter: true |
| # -- Enable Snapshotter in RBD provisioner pod |
| enableRBDSnapshotter: true |
| # -- Enable Host mount for `/etc/selinux` directory for Ceph CSI nodeplugins |
| enablePluginSelinuxHostMount: false |
| # -- Enable Ceph CSI PVC encryption support |
| enableCSIEncryption: false |
| |
| # -- Enable volume group snapshot feature. This feature is |
| # enabled by default as long as the necessary CRDs are available in the cluster. |
| enableVolumeGroupSnapshot: true |
| # -- PriorityClassName to be set on csi driver plugin pods |
| pluginPriorityClassName: system-node-critical |
| |
| # -- PriorityClassName to be set on csi driver provisioner pods |
| provisionerPriorityClassName: system-cluster-critical |
| |
| # -- Policy for modifying a volume's ownership or permissions when the RBD PVC is being mounted. |
| # supported values are documented at https://kubernetes-csi.github.io/docs/support-fsgroup.html |
| rbdFSGroupPolicy: "File" |
| |
| # -- Policy for modifying a volume's ownership or permissions when the CephFS PVC is being mounted. |
| # supported values are documented at https://kubernetes-csi.github.io/docs/support-fsgroup.html |
| cephFSFSGroupPolicy: "File" |
| |
| # -- Policy for modifying a volume's ownership or permissions when the NFS PVC is being mounted. |
| # supported values are documented at https://kubernetes-csi.github.io/docs/support-fsgroup.html |
| nfsFSGroupPolicy: "File" |
| |
| # -- OMAP generator generates the omap mapping between the PV name and the RBD image |
| # which helps CSI to identify the rbd images for CSI operations. |
| # `CSI_ENABLE_OMAP_GENERATOR` needs to be enabled when we are using rbd mirroring feature. |
| # By default OMAP generator is disabled and when enabled, it will be deployed as a |
| # sidecar with CSI provisioner pod, to enable set it to true. |
| enableOMAPGenerator: false |
| |
| # -- Set CephFS Kernel mount options to use https://docs.ceph.com/en/latest/man/8/mount.ceph/#options. |
| # Set to "ms_mode=secure" when connections.encrypted is enabled in CephCluster CR |
| cephFSKernelMountOptions: |
| |
| # -- Enable adding volume metadata on the CephFS subvolumes and RBD images. |
| # Not all users might be interested in getting volume/snapshot details as metadata on CephFS subvolume and RBD images. |
| # Hence enable metadata is false by default |
| enableMetadata: false |
| |
| # -- Set replicas for csi provisioner deployment |
| provisionerReplicas: 2 |
| |
| # -- Cluster name identifier to set as metadata on the CephFS subvolume and RBD images. This will be useful |
| # in cases like for example, when two container orchestrator clusters (Kubernetes/OCP) are using a single ceph cluster |
| clusterName: |
| |
| # -- Set logging level for cephCSI containers maintained by the cephCSI. |
| # Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity. |
| logLevel: 0 |
| |
| # -- Set logging level for Kubernetes-csi sidecar containers. |
| # Supported values from 0 to 5. 0 for general useful logs (the default), 5 for trace level verbosity. |
| # @default -- `0` |
| sidecarLogLevel: |
| |
| # -- CSI driver name prefix for cephfs, rbd and nfs. |
| # @default -- `namespace name where rook-ceph operator is deployed` |
| csiDriverNamePrefix: |
| |
| # -- CSI RBD plugin daemonset update strategy, supported values are OnDelete and RollingUpdate |
| # @default -- `RollingUpdate` |
| rbdPluginUpdateStrategy: |
| |
| # -- A maxUnavailable parameter of CSI RBD plugin daemonset update strategy. |
| # @default -- `1` |
| rbdPluginUpdateStrategyMaxUnavailable: |
| |
| # -- CSI CephFS plugin daemonset update strategy, supported values are OnDelete and RollingUpdate |
| # @default -- `RollingUpdate` |
| cephFSPluginUpdateStrategy: |
| |
| # -- A maxUnavailable parameter of CSI cephFS plugin daemonset update strategy. |
| # @default -- `1` |
| cephFSPluginUpdateStrategyMaxUnavailable: |
| |
| # -- CSI NFS plugin daemonset update strategy, supported values are OnDelete and RollingUpdate |
| # @default -- `RollingUpdate` |
| nfsPluginUpdateStrategy: |
| |
| # -- Set GRPC timeout for csi containers (in seconds). It should be >= 120. If this value is not set or is invalid, it defaults to 150 |
| grpcTimeoutInSeconds: 150 |
| |
| # -- Allow starting an unsupported ceph-csi image |
| allowUnsupportedVersion: false |
| |
| # -- The volume of the CephCSI RBD plugin DaemonSet |
| csiRBDPluginVolume: |
| # - name: lib-modules |
| # hostPath: |
| # path: /run/booted-system/kernel-modules/lib/modules/ |
| # - name: host-nix |
| # hostPath: |
| # path: /nix |
| |
| # -- The volume mounts of the CephCSI RBD plugin DaemonSet |
| csiRBDPluginVolumeMount: |
| # - name: host-nix |
| # mountPath: /nix |
| # readOnly: true |
| |
| # -- The volume of the CephCSI CephFS plugin DaemonSet |
| csiCephFSPluginVolume: |
| # - name: lib-modules |
| # hostPath: |
| # path: /run/booted-system/kernel-modules/lib/modules/ |
| # - name: host-nix |
| # hostPath: |
| # path: /nix |
| |
| # -- The volume mounts of the CephCSI CephFS plugin DaemonSet |
| csiCephFSPluginVolumeMount: |
| # - name: host-nix |
| # mountPath: /nix |
| # readOnly: true |
| |
| # -- CEPH CSI RBD provisioner resource requirement list |
| # csi-omap-generator resources will be applied only if `enableOMAPGenerator` is set to `true` |
| # @default -- see values.yaml |
| csiRBDProvisionerResource: | |
| - name : csi-provisioner |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 100m |
| limits: |
| memory: 256Mi |
| - name : csi-resizer |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 100m |
| limits: |
| memory: 256Mi |
| - name : csi-attacher |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 100m |
| limits: |
| memory: 256Mi |
| - name : csi-snapshotter |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 100m |
| limits: |
| memory: 256Mi |
| - name : csi-rbdplugin |
| resource: |
| requests: |
| memory: 512Mi |
| limits: |
| memory: 1Gi |
| - name : csi-omap-generator |
| resource: |
| requests: |
| memory: 512Mi |
| cpu: 250m |
| limits: |
| memory: 1Gi |
| - name : liveness-prometheus |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 50m |
| limits: |
| memory: 256Mi |
| |
| # -- CEPH CSI RBD plugin resource requirement list |
| # @default -- see values.yaml |
| csiRBDPluginResource: | |
| - name : driver-registrar |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 50m |
| limits: |
| memory: 256Mi |
| - name : csi-rbdplugin |
| resource: |
| requests: |
| memory: 512Mi |
| cpu: 250m |
| limits: |
| memory: 1Gi |
| - name : liveness-prometheus |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 50m |
| limits: |
| memory: 256Mi |
| |
| # -- CEPH CSI CephFS provisioner resource requirement list |
| # @default -- see values.yaml |
| csiCephFSProvisionerResource: | |
| - name : csi-provisioner |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 100m |
| limits: |
| memory: 256Mi |
| - name : csi-resizer |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 100m |
| limits: |
| memory: 256Mi |
| - name : csi-attacher |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 100m |
| limits: |
| memory: 256Mi |
| - name : csi-snapshotter |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 100m |
| limits: |
| memory: 256Mi |
| - name : csi-cephfsplugin |
| resource: |
| requests: |
| memory: 512Mi |
| cpu: 250m |
| limits: |
| memory: 1Gi |
| - name : liveness-prometheus |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 50m |
| limits: |
| memory: 256Mi |
| |
| # -- CEPH CSI CephFS plugin resource requirement list |
| # @default -- see values.yaml |
| csiCephFSPluginResource: | |
| - name : driver-registrar |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 50m |
| limits: |
| memory: 256Mi |
| - name : csi-cephfsplugin |
| resource: |
| requests: |
| memory: 512Mi |
| cpu: 250m |
| limits: |
| memory: 1Gi |
| - name : liveness-prometheus |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 50m |
| limits: |
| memory: 256Mi |
| |
| # -- CEPH CSI NFS provisioner resource requirement list |
| # @default -- see values.yaml |
| csiNFSProvisionerResource: | |
| - name : csi-provisioner |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 100m |
| limits: |
| memory: 256Mi |
| - name : csi-nfsplugin |
| resource: |
| requests: |
| memory: 512Mi |
| cpu: 250m |
| limits: |
| memory: 1Gi |
| - name : csi-attacher |
| resource: |
| requests: |
| memory: 512Mi |
| cpu: 250m |
| limits: |
| memory: 1Gi |
| |
| # -- CEPH CSI NFS plugin resource requirement list |
| # @default -- see values.yaml |
| csiNFSPluginResource: | |
| - name : driver-registrar |
| resource: |
| requests: |
| memory: 128Mi |
| cpu: 50m |
| limits: |
| memory: 256Mi |
| - name : csi-nfsplugin |
| resource: |
| requests: |
| memory: 512Mi |
| cpu: 250m |
| limits: |
| memory: 1Gi |
| |
| # Set provisionerTolerations and provisionerNodeAffinity for provisioner pod. |
| # The CSI provisioner would be best to start on the same nodes as other ceph daemons. |
| |
| # -- Array of tolerations in YAML format which will be added to CSI provisioner deployment |
| provisionerTolerations: |
| # - key: key |
| # operator: Exists |
| # effect: NoSchedule |
| |
| # -- The node labels for affinity of the CSI provisioner deployment [^1] |
| provisionerNodeAffinity: #key1=value1,value2; key2=value3 |
| # Set pluginTolerations and pluginNodeAffinity for plugin daemonset pods. |
| # The CSI plugins need to be started on all the nodes where the clients need to mount the storage. |
| |
| # -- Array of tolerations in YAML format which will be added to CephCSI plugin DaemonSet |
| pluginTolerations: |
| # - key: key |
| # operator: Exists |
| # effect: NoSchedule |
| |
| # -- The node labels for affinity of the CephCSI RBD plugin DaemonSet [^1] |
| pluginNodeAffinity: # key1=value1,value2; key2=value3 |
| |
| # -- Enable Ceph CSI Liveness sidecar deployment |
| enableLiveness: false |
| |
| # -- CSI CephFS driver metrics port |
| # @default -- `9081` |
| cephfsLivenessMetricsPort: |
| |
| # -- CSI Addons server port |
| # @default -- `9070` |
| csiAddonsPort: |
| |
| # -- Enable Ceph Kernel clients on kernel < 4.17. If your kernel does not support quotas for CephFS |
| # you may want to disable this setting. However, this will cause an issue during upgrades |
| # with the FUSE client. See the [upgrade guide](https://rook.io/docs/rook/v1.2/ceph-upgrade.html) |
| forceCephFSKernelClient: true |
| |
| # -- Ceph CSI RBD driver metrics port |
| # @default -- `8080` |
| rbdLivenessMetricsPort: |
| |
| serviceMonitor: |
| # -- Enable ServiceMonitor for Ceph CSI drivers |
| enabled: false |
| # -- Service monitor scrape interval |
| interval: 10s |
| # -- ServiceMonitor additional labels |
| labels: {} |
| # -- Use a different namespace for the ServiceMonitor |
| namespace: |
| |
| # -- Kubelet root directory path (if the Kubelet uses a different path for the `--root-dir` flag) |
| # @default -- `/var/lib/kubelet` |
| kubeletDirPath: |
| |
| # -- Duration in seconds that non-leader candidates will wait to force acquire leadership. |
| # @default -- `137s` |
| csiLeaderElectionLeaseDuration: |
| |
| # -- Deadline in seconds that the acting leader will retry refreshing leadership before giving up. |
| # @default -- `107s` |
| csiLeaderElectionRenewDeadline: |
| |
| # -- Retry period in seconds the LeaderElector clients should wait between tries of actions. |
| # @default -- `26s` |
| csiLeaderElectionRetryPeriod: |
| |
| cephcsi: |
| # -- Ceph CSI image repository |
| repository: quay.io/cephcsi/cephcsi |
| # -- Ceph CSI image tag |
| tag: v3.11.0 |
| |
| registrar: |
| # -- Kubernetes CSI registrar image repository |
| repository: registry.k8s.io/sig-storage/csi-node-driver-registrar |
| # -- Registrar image tag |
| tag: v2.10.1 |
| |
| provisioner: |
| # -- Kubernetes CSI provisioner image repository |
| repository: registry.k8s.io/sig-storage/csi-provisioner |
| # -- Provisioner image tag |
| tag: v4.0.1 |
| |
| snapshotter: |
| # -- Kubernetes CSI snapshotter image repository |
| repository: registry.k8s.io/sig-storage/csi-snapshotter |
| # -- Snapshotter image tag |
| tag: v7.0.2 |
| |
| attacher: |
| # -- Kubernetes CSI Attacher image repository |
| repository: registry.k8s.io/sig-storage/csi-attacher |
| # -- Attacher image tag |
| tag: v4.5.1 |
| |
| resizer: |
| # -- Kubernetes CSI resizer image repository |
| repository: registry.k8s.io/sig-storage/csi-resizer |
| # -- Resizer image tag |
| tag: v1.10.1 |
| |
| # -- Image pull policy |
| imagePullPolicy: IfNotPresent |
| |
| # -- Labels to add to the CSI CephFS Deployments and DaemonSets Pods |
| cephfsPodLabels: #"key1=value1,key2=value2" |
| |
| # -- Labels to add to the CSI NFS Deployments and DaemonSets Pods |
| nfsPodLabels: #"key1=value1,key2=value2" |
| |
| # -- Labels to add to the CSI RBD Deployments and DaemonSets Pods |
| rbdPodLabels: #"key1=value1,key2=value2" |
| |
| csiAddons: |
| # -- Enable CSIAddons |
| enabled: false |
| # -- CSIAddons sidecar image repository |
| repository: quay.io/csiaddons/k8s-sidecar |
| # -- CSIAddons sidecar image tag |
| tag: v0.8.0 |
| |
| nfs: |
| # -- Enable the nfs csi driver |
| enabled: false |
| |
| topology: |
| # -- Enable topology based provisioning |
| enabled: false |
| # NOTE: the value here serves as an example and needs to be |
| # updated with node labels that define domains of interest |
| # -- domainLabels define which node labels to use as domains |
| # for CSI nodeplugins to advertise their domains |
| domainLabels: |
| # - kubernetes.io/hostname |
| # - topology.kubernetes.io/zone |
| # - topology.rook.io/rack |
| |
| # -- Whether to skip any attach operation altogether for CephFS PVCs. See more details |
| # [here](https://kubernetes-csi.github.io/docs/skip-attach.html#skip-attach-with-csi-driver-object). |
| # If cephFSAttachRequired is set to false it skips the volume attachments and makes the creation |
| # of pods using the CephFS PVC fast. **WARNING** It's highly discouraged to use this for |
| # CephFS RWO volumes. Refer to this [issue](https://github.com/kubernetes/kubernetes/issues/103305) for more details. |
| cephFSAttachRequired: true |
| # -- Whether to skip any attach operation altogether for RBD PVCs. See more details |
| # [here](https://kubernetes-csi.github.io/docs/skip-attach.html#skip-attach-with-csi-driver-object). |
| # If set to false it skips the volume attachments and makes the creation of pods using the RBD PVC fast. |
| # **WARNING** It's highly discouraged to use this for RWO volumes as it can cause data corruption. |
| # csi-addons operations like Reclaimspace and PVC Keyrotation will also not be supported if set |
| # to false since we'll have no VolumeAttachments to determine which node the PVC is mounted on. |
| # Refer to this [issue](https://github.com/kubernetes/kubernetes/issues/103305) for more details. |
| rbdAttachRequired: true |
| # -- Whether to skip any attach operation altogether for NFS PVCs. See more details |
| # [here](https://kubernetes-csi.github.io/docs/skip-attach.html#skip-attach-with-csi-driver-object). |
| # If cephFSAttachRequired is set to false it skips the volume attachments and makes the creation |
| # of pods using the NFS PVC fast. **WARNING** It's highly discouraged to use this for |
| # NFS RWO volumes. Refer to this [issue](https://github.com/kubernetes/kubernetes/issues/103305) for more details. |
| nfsAttachRequired: true |
| |
| # -- Enable discovery daemon |
| enableDiscoveryDaemon: false |
| # -- Set the discovery daemon device discovery interval (default to 60m) |
| discoveryDaemonInterval: 60m |
| |
| # -- The timeout for ceph commands in seconds |
| cephCommandsTimeoutSeconds: "15" |
| |
| # -- If true, run rook operator on the host network |
| useOperatorHostNetwork: |
| |
| # -- If true, scale down the rook operator. |
| # This is useful for administrative actions where the rook operator must be scaled down, while using gitops style tooling |
| # to deploy your helm charts. |
| scaleDownOperator: false |
| |
| ## Rook Discover configuration |
| ## toleration: NoSchedule, PreferNoSchedule or NoExecute |
| ## tolerationKey: Set this to the specific key of the taint to tolerate |
| ## tolerations: Array of tolerations in YAML format which will be added to agent deployment |
| ## nodeAffinity: Set to labels of the node to match |
| |
| discover: |
| # -- Toleration for the discover pods. |
| # Options: `NoSchedule`, `PreferNoSchedule` or `NoExecute` |
| toleration: |
| # -- The specific key of the taint to tolerate |
| tolerationKey: |
| # -- Array of tolerations in YAML format which will be added to discover deployment |
| tolerations: |
| # - key: key |
| # operator: Exists |
| # effect: NoSchedule |
| # -- The node labels for affinity of `discover-agent` [^1] |
| nodeAffinity: |
| # key1=value1,value2; key2=value3 |
| # |
| # or |
| # |
| # requiredDuringSchedulingIgnoredDuringExecution: |
| # nodeSelectorTerms: |
| # - matchExpressions: |
| # - key: storage-node |
| # operator: Exists |
| # -- Labels to add to the discover pods |
| podLabels: # "key1=value1,key2=value2" |
| # -- Add resources to discover daemon pods |
| resources: |
| # - limits: |
| # memory: 512Mi |
| # - requests: |
| # cpu: 100m |
| # memory: 128Mi |
| |
| # -- Runs Ceph Pods as privileged to be able to write to `hostPaths` in OpenShift with SELinux restrictions. |
| hostpathRequiresPrivileged: false |
| |
| # -- Disable automatic orchestration when new devices are discovered. |
| disableDeviceHotplug: false |
| |
| # -- Blacklist certain disks according to the regex provided. |
| discoverDaemonUdev: |
| |
| # -- imagePullSecrets option allow to pull docker images from private docker registry. Option will be passed to all service accounts. |
| imagePullSecrets: |
| # - name: my-registry-secret |
| |
| # -- Whether the OBC provisioner should watch on the operator namespace or not, if not the namespace of the cluster will be used |
| enableOBCWatchOperatorNamespace: true |
| |
| # -- Specify the prefix for the OBC provisioner in place of the cluster namespace |
| # @default -- `ceph cluster namespace` |
| obcProvisionerNamePrefix: |
| |
| monitoring: |
| # -- Enable monitoring. Requires Prometheus to be pre-installed. |
| # Enabling will also create RBAC rules to allow Operator to create ServiceMonitors |
| enabled: false |