alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

chore: Update manifests after automerge

Browse Source
This commit is contained in:
gitea-bot
2025-12-07 02:57:38 +00:00
parent 728f5b144f
commit 051ca9a17e
396 changed files with 97 additions and 787 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
clusters/cl01tl/manifests/rook-ceph/CephBlockPool-ceph-blockpool.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/cephblockpool.yaml
kind: CephBlockPool
apiVersion: ceph.rook.io/v1
metadata:
name: ceph-blockpool
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph
spec:
enableRBDStats: false
failureDomain: host

3
clusters/cl01tl/manifests/rook-ceph/CephCluster-rook-ceph.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/cephcluster.yaml
apiVersion: ceph.rook.io/v1
kind: CephCluster
metadata:
name: "rook-ceph"
namespace: "rook-ceph" # namespace:cluster
namespace: "rook-ceph"
spec:
monitoring:
enabled: true

3
clusters/cl01tl/manifests/rook-ceph/CephFilesystem-ceph-filesystem.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/cephfilesystem.yaml
kind: CephFilesystem
apiVersion: ceph.rook.io/v1
metadata:
name: ceph-filesystem
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph
spec:
dataPools:
- failureDomain: host

15
clusters/cl01tl/manifests/rook-ceph/CephFilesystemSubVolumeGroup-ceph-filesystem-csi.yaml
View File

@@ -1,20 +1,11 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/cephfilesystem.yaml
kind: CephFilesystemSubVolumeGroup
apiVersion: ceph.rook.io/v1
metadata:
name: ceph-filesystem-csi # lets keep the svg crd name same as `filesystem name + csi` for the default csi svg
namespace: rook-ceph # namespace:cluster
name: ceph-filesystem-csi
namespace: rook-ceph
spec:
# The name of the subvolume group. If not set, the default is the name of the subvolumeGroup CR.
name: csi
# filesystemName is the metadata name of the CephFilesystem CR where the subvolume group will be created
filesystemName: ceph-filesystem
# reference https://docs.ceph.com/en/latest/cephfs/fs-volumes/#pinning-subvolumes-and-subvolume-groups
# only one out of (export, distributed, random) can be set at a time
# by default pinning is set with value: distributed=1
# for disabling default values set (distributed=0)
pinning:
distributed: 1 # distributed=<0, 1> (disabled=0)
# export: # export=<0-256> (disabled=-1)
# random: # random=[0.0, 1.0](disabled=0.0)
distributed: 1

3
clusters/cl01tl/manifests/rook-ceph/CephObjectStore-ceph-objectstore.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/cephobjectstore.yaml
kind: CephObjectStore
apiVersion: ceph.rook.io/v1
metadata:
name: ceph-objectstore
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph
spec:
dataPool:
erasureCoded:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-cephconnection-viewer-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephconnection-viewer-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-cephconnections-editor-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephconnections-editor-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-cephfs-ctrlplugin-cr.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-ctrlplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-cephfs-nodeplugin-cr.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-nodeplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-clientprofile-viewer-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofile-viewer-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-clientprofilemapping-editor-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofilemapping-editor-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-clientprofilemapping-viewer-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofilemapping-viewer-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-clientprofiles-editor-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofiles-editor-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-driver-editor-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/driver-editor-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-driver-viewer-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/driver-viewer-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-manager-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/manager-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-metrics-auth-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/metrics-auth-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-metrics-reader.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/metrics-reader-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-nfs-ctrlplugin-cr.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/nfs-ctrlplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-nfs-nodeplugin-cr.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/nfs-nodeplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-operatorconfig-editor-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/operatorconfig-editor-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-operatorconfig-viewer-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/operatorconfig-viewer-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-rbd-ctrlplugin-cr.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-ctrlplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-rbd-nodeplugin-cr.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-nodeplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-cephfs-csi-nodeplugin.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-cephfs-external-provisioner-runner.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-objectstorage-provisioner-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rbd-csi-nodeplugin.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rbd-external-provisioner-runner.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

2
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-cluster-mgmt.yaml
View File

@@ -1,6 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
# The cluster role for managing all the cluster-specific resources in a namespace
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

23
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-global.yaml
View File

@@ -1,8 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
# The cluster role for managing the Rook CRDs
# Rook watches for its CRDs in all namespaces, so this should be a cluster-scoped role unless the
# operator config `ROOK_CURRENT_NAMESPACE_ONLY=true`.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -21,15 +17,10 @@ rules:
- apiGroups:
- ""
resources:
# Pod access is needed for fencing
- pods
# Node access is needed for determining nodes where mons should run
- nodes
- nodes/proxy
# Rook watches secrets which it uses to configure access to external resources.
# e.g., external Ceph cluster or object store
- secrets
# Rook watches for changes to the rook-operator-config configmap
- configmaps
verbs:
- get
@@ -39,12 +30,9 @@ rules:
- ""
- "discovery.k8s.io"
resources:
# Rook creates events for its custom resources
- events
# Rook creates PVs and PVCs for OSDs managed by the Rook provisioner
- persistentvolumes
- persistentvolumeclaims
# Rook creates endpoints for mgr and object store access
- endpoints
- services
- endpointslices
@@ -78,7 +66,6 @@ rules:
- update
- delete
- deletecollection
# The Rook operator must be able to watch all ceph.rook.io resources to reconcile them.
- apiGroups: ["ceph.rook.io"]
resources:
- cephclients
@@ -102,9 +89,7 @@ rules:
- get
- list
- watch
# Ideally the update permission is not required, but Rook needs it to add finalizers to resources.
- update
# Rook must have update access to status subresources for its custom resources.
- apiGroups: ["ceph.rook.io"]
resources:
- cephclients/status
@@ -124,10 +109,6 @@ rules:
- cephfilesystemsubvolumegroups/status
- cephblockpoolradosnamespaces/status
verbs: ["update"]
# The "*/finalizers" permission may need to be strictly given for K8s clusters where
# OwnerReferencesPermissionEnforcement is enabled so that Rook can set blockOwnerDeletion on
# resources owned by Rook CRs (e.g., a Secret owned by an OSD Deployment). See more:
# https://kubernetes.io/docs/reference/access-authn-authz/_print/#ownerreferencespermissionenforcement
- apiGroups: ["ceph.rook.io"]
resources:
- cephclients/finalizers
@@ -152,9 +133,7 @@ rules:
- apps
- extensions
resources:
# This is for the clusterdisruption controller
- poddisruptionbudgets
# This is for both clusterdisruption and nodedrain controllers
- deployments
- replicasets
verbs:
@@ -168,8 +147,6 @@ rules:
- apiGroups:
- apps
resources:
# This is to add osd deployment owner ref on key rotation
# cron jobs.
- deployments/finalizers
verbs:
- update

2
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-mgr-cluster.yaml
View File

@@ -1,6 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
# Aspects of ceph-mgr that require cluster-wide access
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

2
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-mgr-system.yaml
View File

@@ -1,6 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
# Aspects of ceph-mgr that require access to the system namespace
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

19
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-object-bucket.yaml
View File

@@ -1,8 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
# Used for provisioning ObjectBuckets (OBs) in response to ObjectBucketClaims (OBCs).
# Note: Rook runs a copy of the lib-bucket-provisioner's OBC controller.
# OBCs can be created in any Kubernetes namespace, so this must be a cluster-scoped role.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -21,8 +17,6 @@ rules:
- apiGroups: [""]
resources: ["secrets", "configmaps"]
verbs:
# OBC controller creates secrets and configmaps containing information for users about how to
# connect to object buckets. It deletes them when an OBC is deleted.
- get
- create
- update
@@ -30,41 +24,28 @@ rules:
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs:
# OBC controller gets parameters from the OBC's storageclass
# Rook gets additional parameters from the OBC's storageclass
- get
- apiGroups: ["objectbucket.io"]
resources: ["objectbucketclaims"]
verbs:
# OBC controller needs to list/watch OBCs and get latest version of a reconciled OBC
- list
- watch
- get
# Ideally, update should not be needed, but the OBC controller updates the OBC with bucket
# information outside of the status subresource
- update
# OBC controller does not delete OBCs; users do this
- apiGroups: ["objectbucket.io"]
resources: ["objectbuckets"]
verbs:
# OBC controller needs to list/watch OBs and get latest version of a reconciled OB
- list
- watch
- get
# OBC controller creates an OB when an OBC's bucket has been provisioned by Ceph, updates them
# when an OBC is updated, and deletes them when the OBC is de-provisioned.
- create
- update
- delete
- apiGroups: ["objectbucket.io"]
resources: ["objectbucketclaims/status", "objectbuckets/status"]
verbs:
# OBC controller updates OBC and OB statuses
- update
- apiGroups: ["objectbucket.io"]
# This does not strictly allow the OBC/OB controllers to update finalizers. That is handled by
# the direct "update" permissions above. Instead, this allows Rook's controller to create
# resources which are owned by OBs/OBCs and where blockOwnerDeletion is set.
resources: ["objectbucketclaims/finalizers", "objectbuckets/finalizers"]
verbs:
- update

1
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-osd.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

5
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-system.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -15,10 +14,6 @@ metadata:
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
# Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
# However, some Kubernetes APIs involve a "subresource", such as the logs for a pod. [...]
# To represent this in an RBAC role, use a slash to delimit the resource and subresource.
# https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources
- apiGroups: [""]
resources: ["pods", "pods/log"]
verbs: ["get", "list"]

1
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-cephfs-ctrlplugin-crb.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-ctrlplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-cephfs-nodeplugin-crb.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-nodeplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-manager-rolebinding.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/manager-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-metrics-auth-rolebinding.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/metrics-auth-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-nfs-ctrlplugin-crb.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/nfs-ctrlplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-nfs-nodeplugin-crb.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/nfs-nodeplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-rbd-ctrlplugin-crb.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-ctrlplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

1
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-rbd-nodeplugin-crb.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-nodeplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

5
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-cephfs-csi-nodeplugin-role.yaml
View File

@@ -1,7 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
# This is required by operator-sdk to map the cluster/clusterrolebindings with SA
# otherwise operator-sdk will create a individual file for these.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -19,7 +16,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: rook-csi-cephfs-plugin-sa
namespace: rook-ceph # namespace:operator
namespace: rook-ceph
roleRef:
kind: ClusterRole
name: cephfs-csi-nodeplugin

3
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-cephfs-csi-provisioner-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -17,7 +16,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: rook-csi-cephfs-provisioner-sa
namespace: rook-ceph # namespace:operator
namespace: rook-ceph
roleRef:
kind: ClusterRole
name: cephfs-external-provisioner-runner

4
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-objectstorage-provisioner-role-binding.yaml
View File

@@ -1,6 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
# RBAC for ceph cosi driver service account
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -12,7 +10,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: objectstorage-provisioner
namespace: rook-ceph # namespace:operator
namespace: rook-ceph
roleRef:
kind: ClusterRole
name: objectstorage-provisioner-role

3
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rbd-csi-nodeplugin.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -17,7 +16,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: rook-csi-rbd-plugin-sa
namespace: rook-ceph # namespace:operator
namespace: rook-ceph
roleRef:
kind: ClusterRole
name: rbd-csi-nodeplugin

3
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rbd-csi-provisioner-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -17,7 +16,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: rook-csi-rbd-provisioner-sa
namespace: rook-ceph # namespace:operator
namespace: rook-ceph
roleRef:
kind: ClusterRole
name: rbd-external-provisioner-runner

4
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rook-ceph-global.yaml
View File

@@ -1,6 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
# Grant the rook system daemons cluster-wide access to manage the Rook CRDs, PVCs, and storage classes
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -22,4 +20,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: rook-ceph-system
namespace: rook-ceph # namespace:operator
namespace: rook-ceph

4
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rook-ceph-mgr-cluster.yaml
View File

@@ -1,6 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
# Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -22,4 +20,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: rook-ceph-mgr
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph

4
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rook-ceph-object-bucket.yaml
View File

@@ -1,7 +1,5 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
# Give Rook-Ceph Operator permissions to provision ObjectBuckets in response to ObjectBucketClaims.
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-object-bucket
@@ -22,4 +20,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: rook-ceph-system
namespace: rook-ceph # namespace:operator
namespace: rook-ceph

4
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rook-ceph-osd.yaml
View File

@@ -1,6 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
# Allow the ceph osd to access cluster-wide resources necessary for determining their topology location
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -22,4 +20,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: rook-ceph-osd
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph

3
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rook-ceph-system.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@@ -21,4 +20,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: rook-ceph-system
namespace: rook-ceph # namespace:operator
namespace: rook-ceph

5
clusters/cl01tl/manifests/rook-ceph/ConfigMap-rook-ceph-operator-config.yaml
View File

@@ -1,12 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/configmap.yaml
# Operator settings that can be updated without an operator restart
# Operator settings that require an operator restart are found in the operator env vars
kind: ConfigMap
apiVersion: v1
metadata:
name: rook-ceph-operator-config
namespace: rook-ceph # namespace:operator
namespace: rook-ceph
labels:
operator: rook
storage-backend: ceph

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephblockpoolradosnamespaces.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephblockpools.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephbucketnotifications.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephbuckettopics.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephclients.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephclusters.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephconnections.csi.ceph.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephconnection-crd.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephcosidrivers.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephfilesystemmirrors.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephfilesystems.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephfilesystemsubvolumegroups.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephnfses.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephobjectrealms.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephobjectstores.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephobjectstoreusers.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephobjectzonegroups.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephobjectzones.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephrbdmirrors.ceph.rook.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-clientprofilemappings.csi.ceph.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofilemapping-crd.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-clientprofiles.csi.ceph.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofile-crd.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-drivers.csi.ceph.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/driver-crd.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-objectbucketclaims.objectbucket.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-objectbuckets.objectbucket.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-operatorconfigs.csi.ceph.io.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/operatorconfig-crd.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

1
clusters/cl01tl/manifests/rook-ceph/Deployment-ceph-csi-controller-manager.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:

5
clusters/cl01tl/manifests/rook-ceph/Deployment-rook-ceph-cloudflared-rgw.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/cloudflared-rgw/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -9,8 +8,8 @@ metadata:
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cloudflared-rgw
app.kubernetes.io/version: 2025.10.0
helm.sh/chart: cloudflared-rgw-1.23.1
app.kubernetes.io/version: 2025.11.1
helm.sh/chart: cloudflared-rgw-1.23.2
namespace: rook-ceph
spec:
revisionHistoryLimit: 3

3
clusters/cl01tl/manifests/rook-ceph/Deployment-rook-ceph-operator.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: rook-ceph-operator
namespace: rook-ceph # namespace:operator
namespace: rook-ceph
labels:
operator: rook
storage-backend: ceph

3
clusters/cl01tl/manifests/rook-ceph/Deployment-rook-ceph-tools.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: rook-ceph-tools
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph
labels:
app: rook-ceph-tools
spec:

1
clusters/cl01tl/manifests/rook-ceph/ExternalSecret-ceph-rgw-cloudflared-secret.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/templates/external-secret.yaml
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:

1
clusters/cl01tl/manifests/rook-ceph/HTTPRoute-http-route-rook-ceph-rgw.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:

1
clusters/cl01tl/manifests/rook-ceph/HTTPRoute-http-route-rook-ceph.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:

2
clusters/cl01tl/manifests/rook-ceph/Namespace-rook-ceph.yaml
View File

@@ -1,5 +1,3 @@
---
# Source: rook-ceph/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:

1
clusters/cl01tl/manifests/rook-ceph/PrometheusRule-prometheus-ceph-rules.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/prometheusrules.yaml
kind: PrometheusRule
apiVersion: monitoring.coreos.com/v1
metadata:

1
clusters/cl01tl/manifests/rook-ceph/Role-ceph-csi-cephfs-ctrlplugin-r.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-ctrlplugin-r-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:

1
clusters/cl01tl/manifests/rook-ceph/Role-ceph-csi-cephfs-nodeplugin-r.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-nodeplugin-r-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:

1
clusters/cl01tl/manifests/rook-ceph/Role-ceph-csi-leader-election-role.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/leader-election-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:

1
clusters/cl01tl/manifests/rook-ceph/Role-ceph-csi-rbd-ctrlplugin-r.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-ctrlplugin-r-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:

1
clusters/cl01tl/manifests/rook-ceph/Role-ceph-csi-rbd-nodeplugin-r.yaml
View File

@@ -1,5 +1,4 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-nodeplugin-r-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:

3
clusters/cl01tl/manifests/rook-ceph/Role-cephfs-external-provisioner-cfg.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cephfs-external-provisioner-cfg
namespace: rook-ceph # namespace:operator
namespace: rook-ceph
labels:
operator: rook
storage-backend: ceph

3
clusters/cl01tl/manifests/rook-ceph/Role-rbd-external-provisioner-cfg.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-external-provisioner-cfg
namespace: rook-ceph # namespace:operator
namespace: rook-ceph
labels:
operator: rook
storage-backend: ceph

3
clusters/cl01tl/manifests/rook-ceph/Role-rook-ceph-cmd-reporter.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-cmd-reporter
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph
labels:
operator: rook
storage-backend: ceph

4
clusters/cl01tl/manifests/rook-ceph/Role-rook-ceph-mgr.yaml
View File

@@ -1,11 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
# Aspects of ceph-mgr that operate within the cluster's namespace
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-mgr
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph
labels:
operator: rook
storage-backend: ceph

4
clusters/cl01tl/manifests/rook-ceph/Role-rook-ceph-monitoring-mgr.yaml
View File

@@ -1,11 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
# Allow management of monitoring resources in the mgr
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-monitoring-mgr
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph
labels:
operator: rook
storage-backend: ceph

3
clusters/cl01tl/manifests/rook-ceph/Role-rook-ceph-monitoring.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-monitoring
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph
labels:
operator: rook
storage-backend: ceph

5
clusters/cl01tl/manifests/rook-ceph/Role-rook-ceph-osd.yaml
View File

@@ -1,10 +1,9 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-osd
namespace: rook-ceph # namespace:cluster
namespace: rook-ceph
labels:
operator: rook
storage-backend: ceph
@@ -16,8 +15,6 @@ metadata:
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
# this is needed for rook's "key-management" CLI to fetch the vault token from the secret when
# validating the connection details and for key rotation operations.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "update"]

Some files were not shown because too many files have changed in this diff Show More