blob: 0d0f77dd868425620a85e497573438ca6c97488b [file] [log] [blame]
Mohammed Naser9ad0d462023-01-15 20:36:37 -05001---
2rbac:
3 # Specifies whether RBAC resources should be created
4 create: true
5
6serviceAccounts:
7 nodeplugin:
8 # Specifies whether a ServiceAccount should be created
9 create: true
10 # The name of the ServiceAccount to use.
11 # If not set and create is true, a name is generated using the fullname
12 name:
13 provisioner:
14 # Specifies whether a ServiceAccount should be created
15 create: true
16 # The name of the ServiceAccount to use.
17 # If not set and create is true, a name is generated using the fullname
18 name:
19
20# Configuration for the CSI to connect to the cluster
21# Ref: https://github.com/ceph/ceph-csi/blob/devel/examples/README.md
22# Example:
23# csiConfig:
24# - clusterID: "<cluster-id>"
25# monitors:
26# - "<MONValue1>"
27# - "<MONValue2>"
Mohammed Naser65cda132024-05-02 14:34:08 -040028# rbd:
29# netNamespaceFilePath: "{{ .kubeletDir }}/plugins/{{ .driverName }}/net"
30# readAffinity:
31# enabled: true
32# crushLocationLabels:
33# - topology.kubernetes.io/region
34# - topology.kubernetes.io/zone
Mohammed Naser9ad0d462023-01-15 20:36:37 -050035csiConfig: []
36
37# Configuration details of clusterID,PoolID and FscID mapping
38# csiMapping:
39# - clusterIDMapping:
40# clusterID on site1: clusterID on site2
41# RBDPoolIDMapping:
42# - poolID on site1: poolID on site2
43# CephFSFscIDMapping:
44# - CephFS FscID on site1: CephFS FscID on site2
45csiMapping: []
46
47# Configuration for the encryption KMS
48# Ref: https://github.com/ceph/ceph-csi/blob/devel/docs/deploy-rbd.md
49# Example:
50# encryptionKMSConfig:
51# vault-unique-id-1:
52# encryptionKMSType: vault
53# vaultAddress: https://vault.example.com
54# vaultAuthPath: /v1/auth/kubernetes/login
55# vaultRole: csi-kubernetes
56# vaultPassphraseRoot: /v1/secret
57# vaultPassphrasePath: ceph-csi/
58# vaultCAVerify: "false"
59encryptionKMSConfig: {}
60
Mohammed Naser65cda132024-05-02 14:34:08 -040061# Labels to apply to all resources
62commonLabels: {}
63
Mohammed Naser9ad0d462023-01-15 20:36:37 -050064# Set logging level for csi containers.
65# Supported values from 0 to 5. 0 for general useful logs,
66# 5 for trace level verbosity.
Mohammed Naser65cda132024-05-02 14:34:08 -040067# logLevel is the variable for CSI driver containers's log level
Mohammed Naser9ad0d462023-01-15 20:36:37 -050068logLevel: 5
Mohammed Naser65cda132024-05-02 14:34:08 -040069# sidecarLogLevel is the variable for Kubernetes sidecar container's log level
70sidecarLogLevel: 1
71
72# Set fsGroupPolicy for CSI Driver object spec
73# https://kubernetes-csi.github.io/docs/support-fsgroup.html
74# The following modes are supported:
75# - None: Indicates that volumes will be mounted with no modifications, as the
76# CSI volume driver does not support these operations.
77# - File: Indicates that the CSI volume driver supports volume ownership and
78# permission change via fsGroup, and Kubernetes may use fsGroup to change
79# permissions and ownership of the volume to match user requested fsGroup in
80# the pod's SecurityPolicy regardless of fstype or access mode.
81# - ReadWriteOnceWithFSType: Indicates that volumes will be examined to
82# determine if volume ownership and permissions should be modified to match
83# the pod's security policy.
84# Changes will only occur if the fsType is defined and the persistent volume's
85# accessModes contains ReadWriteOnce.
86CSIDriver:
87 fsGroupPolicy: "File"
88 seLinuxMount: true
Mohammed Naser9ad0d462023-01-15 20:36:37 -050089
90nodeplugin:
91 name: nodeplugin
92 # set user created priorityclassName for csi plugin pods. default is
93 # system-node-critical which is high priority
94 priorityClassName: system-node-critical
95 # if you are using rbd-nbd client set this value to OnDelete
96 updateStrategy: RollingUpdate
97
98 httpMetrics:
99 # Metrics only available for cephcsi/cephcsi => 1.2.0
100 # Specifies whether http metrics should be exposed
101 enabled: true
102 # The port of the container to expose the metrics
103 containerPort: 8080
104
105 service:
106 # Specifies whether a service should be created for the metrics
107 enabled: true
108 # The port to use for the service
109 servicePort: 8080
110 type: ClusterIP
111
112 # Annotations for the service
113 # Example:
114 # annotations:
115 # prometheus.io/scrape: "true"
116 # prometheus.io/port: "8080"
117 annotations: {}
118
119 clusterIP: ""
120
121 ## List of IP addresses at which the stats-exporter service is available
122 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
123 ##
124 externalIPs: []
125
126 loadBalancerIP: ""
127 loadBalancerSourceRanges: []
128
Mohammed Naser65cda132024-05-02 14:34:08 -0400129 ## Reference to one or more secrets to be used when pulling images
130 ##
131 imagePullSecrets: []
132 # - name: "image-pull-secret"
133
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500134 profiling:
135 # enable profiling to check for memory leaks
136 enabled: false
137
138 registrar:
139 image:
Mohammed Naser65cda132024-05-02 14:34:08 -0400140 repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
141 tag: v2.10.0
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500142 pullPolicy: IfNotPresent
143 resources: {}
144
145 plugin:
146 image:
147 repository: quay.io/cephcsi/cephcsi
Mohammed Naser65cda132024-05-02 14:34:08 -0400148 tag: v3.11.0
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500149 pullPolicy: IfNotPresent
150 resources: {}
151
152 nodeSelector: {}
153
154 tolerations: []
155
156 affinity: {}
157
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500158provisioner:
159 name: provisioner
160 replicaCount: 3
161 strategy:
162 # RollingUpdate strategy replaces old pods with new ones gradually,
163 # without incurring downtime.
164 type: RollingUpdate
165 rollingUpdate:
166 # maxUnavailable is the maximum number of pods that can be
167 # unavailable during the update process.
168 maxUnavailable: 50%
169 # if fstype is not specified in storageclass, ext4 is default
170 defaultFSType: ext4
171 # deployController to enable or disable the deployment of controller which
172 # generates the OMAP data if its not Present.
173 deployController: true
174 # Timeout for waiting for creation or deletion of a volume
175 timeout: 60s
Mohammed Naser65cda132024-05-02 14:34:08 -0400176 # cluster name to set on the RBD image
177 # clustername: "k8s-cluster-1"
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500178 # Hard limit for maximum number of nested volume clones that are taken before
179 # a flatten occurs
180 hardMaxCloneDepth: 8
181 # Soft limit for maximum number of nested volume clones that are taken before
182 # a flatten occurs
183 softMaxCloneDepth: 4
184 # Maximum number of snapshots allowed on rbd image without flattening
185 maxSnapshotsOnImage: 450
186 # Minimum number of snapshots allowed on rbd image to trigger flattening
187 minSnapshotsOnImage: 250
188 # skip image flattening if kernel support mapping of rbd images
189 # which has the deep-flatten feature
190 # skipForceFlatten: false
191
192 # set user created priorityclassName for csi provisioner pods. default is
193 # system-cluster-critical which is less priority than system-node-critical
194 priorityClassName: system-cluster-critical
195
Mohammed Naser65cda132024-05-02 14:34:08 -0400196 # enable hostnetwork for provisioner pod. default is false
197 # useful for deployments where the podNetwork has no access to ceph
198 enableHostNetwork: false
199
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500200 httpMetrics:
201 # Metrics only available for cephcsi/cephcsi => 1.2.0
202 # Specifies whether http metrics should be exposed
203 enabled: true
204 # The port of the container to expose the metrics
205 containerPort: 8080
206
207 service:
208 # Specifies whether a service should be created for the metrics
209 enabled: true
210 # The port to use for the service
211 servicePort: 8080
212 type: ClusterIP
213
214 # Annotations for the service
215 # Example:
216 # annotations:
217 # prometheus.io/scrape: "true"
218 # prometheus.io/port: "8080"
219 annotations: {}
220
221 clusterIP: ""
222
223 ## List of IP addresses at which the stats-exporter service is available
224 ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
225 ##
226 externalIPs: []
227
228 loadBalancerIP: ""
229 loadBalancerSourceRanges: []
230
Mohammed Naser65cda132024-05-02 14:34:08 -0400231 ## Reference to one or more secrets to be used when pulling images
232 ##
233 imagePullSecrets: []
234 # - name: "image-pull-secret"
235
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500236 profiling:
237 # enable profiling to check for memory leaks
238 enabled: false
239
240 provisioner:
241 image:
Mohammed Naser65cda132024-05-02 14:34:08 -0400242 repository: registry.k8s.io/sig-storage/csi-provisioner
243 tag: v4.0.0
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500244 pullPolicy: IfNotPresent
245 resources: {}
Mohammed Naser65cda132024-05-02 14:34:08 -0400246 ## For further options, check
247 ## https://github.com/kubernetes-csi/external-provisioner#command-line-options
248 extraArgs: []
249
250 # set metadata on volume
251 setmetadata: true
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500252
253 attacher:
254 name: attacher
255 enabled: true
256 image:
Mohammed Naser65cda132024-05-02 14:34:08 -0400257 repository: registry.k8s.io/sig-storage/csi-attacher
258 tag: v4.5.0
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500259 pullPolicy: IfNotPresent
260 resources: {}
Mohammed Naser65cda132024-05-02 14:34:08 -0400261 ## For further options, check
262 ## https://github.com/kubernetes-csi/external-attacher#command-line-options
263 extraArgs: []
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500264
265 resizer:
266 name: resizer
267 enabled: true
268 image:
Mohammed Naser65cda132024-05-02 14:34:08 -0400269 repository: registry.k8s.io/sig-storage/csi-resizer
270 tag: v1.10.0
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500271 pullPolicy: IfNotPresent
272 resources: {}
Mohammed Naser65cda132024-05-02 14:34:08 -0400273 ## For further options, check
274 ## https://github.com/kubernetes-csi/external-resizer#recommended-optional-arguments
275 extraArgs: []
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500276
277 snapshotter:
278 image:
Mohammed Naser65cda132024-05-02 14:34:08 -0400279 repository: registry.k8s.io/sig-storage/csi-snapshotter
280 tag: v7.0.0
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500281 pullPolicy: IfNotPresent
282 resources: {}
Mohammed Naser65cda132024-05-02 14:34:08 -0400283 ## For further options, check
284 ## https://github.com/kubernetes-csi/external-snapshotter#csi-external-snapshotter-sidecar-command-line-options
285 extraArgs: []
286
287 args:
288 # enableVolumeGroupSnapshots enables support for volume group snapshots
289 enableVolumeGroupSnapshots: false
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500290
291 nodeSelector: {}
292
293 tolerations: []
294
295 affinity: {}
296
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500297topology:
298 # Specifies whether topology based provisioning support should
299 # be exposed by CSI
300 enabled: false
301 # domainLabels define which node labels to use as domains
302 # for CSI nodeplugins to advertise their domains
303 # NOTE: the value here serves as an example and needs to be
304 # updated with node labels that define domains of interest
305 domainLabels:
306 - failure-domain/region
307 - failure-domain/zone
308
Mohammed Naser65cda132024-05-02 14:34:08 -0400309# readAffinity:
310# Enable read affinity for RBD volumes. Recommended to
311# set to true if running kernel 5.8 or newer.
312# enabled: false
313# Define which node labels to use as CRUSH location.
314# This should correspond to the values set in the CRUSH map.
315# NOTE: the value here serves as an example
316# crushLocationLabels:
317# - topology.kubernetes.io/region
318# - topology.kubernetes.io/zone
319
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500320storageClass:
321 # Specifies whether the storageclass should be created
322 create: false
323 name: csi-rbd-sc
324
325 # Annotations for the storage class
326 # Example:
327 # annotations:
328 # storageclass.kubernetes.io/is-default-class: "true"
329 annotations: {}
330
331 # (required) String representing a Ceph cluster to provision storage from.
332 # Should be unique across all Ceph clusters in use for provisioning,
333 # cannot be greater than 36 bytes in length, and should remain immutable for
334 # the lifetime of the StorageClass in use.
335 clusterID: <cluster-ID>
336
337 # (optional) If you want to use erasure coded pool with RBD, you need to
338 # create two pools. one erasure coded and one replicated.
339 # You need to specify the replicated pool here in the `pool` parameter, it is
340 # used for the metadata of the images.
341 # The erasure coded pool must be set as the `dataPool` parameter below.
342 # dataPool: <ec-data-pool>
343 dataPool: ""
344
345 # (required) Ceph pool into which the RBD image shall be created
Mohammed Naser65cda132024-05-02 14:34:08 -0400346 # (optional) if topologyConstrainedPools is provided
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500347 # eg: pool: replicapool
348 pool: replicapool
349
Mohammed Naser65cda132024-05-02 14:34:08 -0400350 # (optional) RBD image features, CSI creates image with image-format 2 CSI
351 # RBD currently supports `layering`, `journaling`, `exclusive-lock`,
352 # `object-map`, `fast-diff`, `deep-flatten` features.
353 # Refer https://docs.ceph.com/en/latest/rbd/rbd-config-ref/#image-features
354 # for image feature dependencies.
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500355 # imageFeatures: layering,journaling,exclusive-lock,object-map,fast-diff
356 imageFeatures: "layering"
357
358 # (optional) Specifies whether to try other mounters in case if the current
359 # mounter fails to mount the rbd image for any reason. True means fallback
360 # to next mounter, default is set to false.
361 # Note: tryOtherMounters is currently useful to fallback from krbd to rbd-nbd
362 # in case if any of the specified imageFeatures is not supported by krbd
363 # driver on node scheduled for application pod launch, but in the future this
364 # should work with any mounter type.
365 # tryOtherMounters: false
366
Mohammed Naser65cda132024-05-02 14:34:08 -0400367 # (optional) Options to pass to the `mkfs` command while creating the
368 # filesystem on the RBD device. Check the man-page for the `mkfs` command
369 # for the filesystem for more details. When `mkfsOptions` is set here, the
370 # defaults will not be used, consider including them in this parameter.
371 #
372 # The default options depend on the csi.storage.k8s.io/fstype setting:
373 # - ext4: "-m0 -Enodiscard,lazy_itable_init=1,lazy_journal_init=1"
374 # - xfs: "-K"
375 #
376 # mkfsOptions: "-m0 -Ediscard -i1024"
377
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500378 # (optional) uncomment the following to use rbd-nbd as mounter
379 # on supported nodes
380 # mounter: rbd-nbd
381 mounter: ""
382
383 # (optional) ceph client log location, eg: rbd-nbd
384 # By default host-path /var/log/ceph of node is bind-mounted into
385 # csi-rbdplugin pod at /var/log/ceph mount path. This is to configure
386 # target bindmount path used inside container for ceph clients logging.
387 # See docs/rbd-nbd.md for available configuration options.
388 # cephLogDir: /var/log/ceph
389 cephLogDir: ""
390
391 # (optional) ceph client log strategy
392 # By default, log file belonging to a particular volume will be deleted
393 # on unmap, but you can choose to just compress instead of deleting it
394 # or even preserve the log file in text format as it is.
395 # Available options `remove` or `compress` or `preserve`
396 # cephLogStrategy: remove
397 cephLogStrategy: ""
398
399 # (optional) Prefix to use for naming RBD images.
400 # If omitted, defaults to "csi-vol-".
401 # volumeNamePrefix: "foo-bar-"
402 volumeNamePrefix: ""
403
404 # (optional) Instruct the plugin it has to encrypt the volume
405 # By default it is disabled. Valid values are "true" or "false".
406 # A string is expected here, i.e. "true", not true.
407 # encrypted: "true"
408 encrypted: ""
409
410 # (optional) Use external key management system for encryption passphrases by
411 # specifying a unique ID matching KMS ConfigMap. The ID is only used for
412 # correlation to configmap entry.
413 encryptionKMSID: ""
414
415 # Add topology constrained pools configuration, if topology based pools
416 # are setup, and topology constrained provisioning is required.
417 # For further information read TODO<doc>
418 # topologyConstrainedPools: |
419 # [{"poolName":"pool0",
420 # "dataPool":"ec-pool0" # optional, erasure-coded pool for data
421 # "domainSegments":[
422 # {"domainLabel":"region","value":"east"},
423 # {"domainLabel":"zone","value":"zone1"}]},
424 # {"poolName":"pool1",
425 # "dataPool":"ec-pool1" # optional, erasure-coded pool for data
426 # "domainSegments":[
427 # {"domainLabel":"region","value":"east"},
428 # {"domainLabel":"zone","value":"zone2"}]},
429 # {"poolName":"pool2",
430 # "dataPool":"ec-pool2" # optional, erasure-coded pool for data
431 # "domainSegments":[
432 # {"domainLabel":"region","value":"west"},
433 # {"domainLabel":"zone","value":"zone1"}]}
434 # ]
435 topologyConstrainedPools: []
436
437 # (optional) mapOptions is a comma-separated list of map options.
438 # For krbd options refer
439 # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
440 # For nbd options refer
441 # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
442 # Format:
443 # mapOptions: "<mounter>:op1,op2;<mounter>:op1,op2"
444 # An empty mounter field is treated as krbd type for compatibility.
445 # eg:
446 # mapOptions: "krbd:lock_on_read,queue_depth=1024;nbd:try-netlink"
447 mapOptions: ""
448
449 # (optional) unmapOptions is a comma-separated list of unmap options.
450 # For krbd options refer
451 # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
452 # For nbd options refer
453 # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
454 # Format:
455 # unmapOptions: "<mounter>:op1,op2;<mounter>:op1,op2"
456 # An empty mounter field is treated as krbd type for compatibility.
457 # eg:
458 # unmapOptions: "krbd:force;nbd:force"
459 unmapOptions: ""
460
Mohammed Naser65cda132024-05-02 14:34:08 -0400461 # (optional) stripe unit in bytes
462 # If set, stripeCount must also be specified
463 # For defaults, refer to
464 # https://docs.ceph.com/en/latest/man/8/rbd/#striping
465 stripeUnit: ""
466
467 # (optional) number of objects to stripe over before looping
468 # If set, stripeUnit must also be specified
469 # For defaults, refer to
470 # https://docs.ceph.com/en/latest/man/8/rbd/#striping
471 stripeCount: ""
472
473 # (optional) object size in bytes
474 # If set, must be a power of 2
475 objectSize: ""
476
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500477 # The secrets have to contain Ceph credentials with required access
478 # to the 'pool'.
479 provisionerSecret: csi-rbd-secret
480 # If Namespaces are left empty, the secrets are assumed to be in the
481 # Release namespace.
482 provisionerSecretNamespace: ""
483 controllerExpandSecret: csi-rbd-secret
484 controllerExpandSecretNamespace: ""
485 nodeStageSecret: csi-rbd-secret
486 nodeStageSecretNamespace: ""
487 # Specify the filesystem type of the volume. If not specified,
488 # csi-provisioner will set default as `ext4`.
489 fstype: ext4
490 reclaimPolicy: Delete
491 allowVolumeExpansion: true
492 mountOptions: []
493 # Mount Options
494 # Example:
495 # mountOptions:
496 # - discard
497
Mohammed Naser65cda132024-05-02 14:34:08 -0400498# Mount the host /etc/selinux inside pods to support
499# selinux-enabled filesystems
500selinuxMount: true
501
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500502secret:
503 # Specifies whether the secret should be created
504 create: false
505 name: csi-rbd-secret
Mohammed Naser65cda132024-05-02 14:34:08 -0400506 annotations: {}
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500507 # Key values correspond to a user name and its key, as defined in the
508 # ceph cluster. User ID should have required access to the 'pool'
509 # specified in the storage class
510 userID: <plaintext ID>
511 userKey: <Ceph auth key corresponding to userID above>
512 # Encryption passphrase
513 encryptionPassphrase: test_passphrase
514
515# This is a sample configmap that helps define a Ceph configuration as required
516# by the CSI plugins.
517# Sample ceph.conf available at
518# https://github.com/ceph/ceph/blob/master/src/sample.ceph.conf Detailed
519# documentation is available at
520# https://docs.ceph.com/en/latest/rados/configuration/ceph-conf/
521cephconf: |
522 [global]
523 auth_cluster_required = cephx
524 auth_service_required = cephx
525 auth_client_required = cephx
526
Mohammed Naser65cda132024-05-02 14:34:08 -0400527# Array of extra objects to deploy with the release
528extraDeploy: []
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500529
530#########################################################
531# Variables for 'internal' use please use with caution! #
532#########################################################
533
534# The filename of the provisioner socket
535provisionerSocketFile: csi-provisioner.sock
536# The filename of the plugin socket
537pluginSocketFile: csi.sock
538# kubelet working directory,can be set using `--root-dir` when starting kubelet.
539kubeletDir: /var/lib/kubelet
540# Host path location for ceph client processes logging, ex: rbd-nbd
541cephLogDirHostPath: /var/log/ceph
542# Name of the csi-driver
543driverName: rbd.csi.ceph.com
544# Name of the configmap used for state
545configMapName: ceph-csi-config
546# Key to use in the Configmap if not config.json
547# configMapKey:
548# Use an externally provided configmap
549externallyManagedConfigmap: false
Mohammed Naser65cda132024-05-02 14:34:08 -0400550# Name of the configmap used for ceph.conf
551cephConfConfigMapName: ceph-config
Mohammed Naser9ad0d462023-01-15 20:36:37 -0500552# Name of the configmap used for encryption kms configuration
553kmsConfigMapName: ceph-csi-encryption-kms-config