alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions 2 Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
gitea-bot
2025-12-04 04:54:08 +00:00
parent dad1b4623c
commit bfe0e18539
2066 changed files with 378996 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/cl01tl/manifests/rook-ceph/CephBlockPool-ceph-blockpool.yml Normal file
View File

@@ -0,0 +1,12 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/cephblockpool.yaml
kind: CephBlockPool
apiVersion: ceph.rook.io/v1
metadata:
name: ceph-blockpool
namespace: rook-ceph # namespace:cluster
spec:
enableRBDStats: false
failureDomain: host
replicated:
size: 3

162
clusters/cl01tl/manifests/rook-ceph/CephCluster-rook-ceph.yml Normal file
View File

@@ -0,0 +1,162 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/cephcluster.yaml
apiVersion: ceph.rook.io/v1
kind: CephCluster
metadata:
name: "rook-ceph"
namespace: "rook-ceph" # namespace:cluster
spec:
monitoring:
enabled: true
cephVersion:
allowUnsupported: false
image: quay.io/ceph/ceph:v19.2.3
cleanupPolicy:
allowUninstallWithVolumes: false
confirmation: ""
sanitizeDisks:
dataSource: zero
iteration: 1
method: quick
continueUpgradeAfterChecksEvenIfNotHealthy: false
crashCollector:
disable: false
csi:
readAffinity:
enabled: true
dashboard:
enabled: true
ssl: false
dataDirHostPath: /var/lib/rook
disruptionManagement:
managePodBudgets: true
osdMaintenanceTimeout: 30
healthCheck:
daemonHealth:
mon:
disabled: false
interval: 45s
osd:
disabled: false
interval: 60s
status:
disabled: false
interval: 60s
livenessProbe:
mgr:
disabled: false
mon:
disabled: false
osd:
disabled: false
logCollector:
enabled: true
maxLogSize: 500M
periodicity: daily
mgr:
allowMultiplePerNode: false
count: 1
modules:
- enabled: true
name: pg_autoscaler
- enabled: true
name: rook
mon:
allowMultiplePerNode: false
count: 3
network:
connections:
compression:
enabled: true
encryption:
enabled: true
requireMsgr2: true
placement:
all:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/rook-osd-node
operator: Exists
mon:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/rook-mon-node
operator: Exists
- key: node-role.kubernetes.io/control-plane
operator: Exists
tolerations:
- key: node-role.kubernetes.io/rook-mon-node
operator: Exists
- key: node-role.kubernetes.io/control-plane
operator: Exists
priorityClassNames:
mgr: system-cluster-critical
mon: system-node-critical
osd: system-node-critical
removeOSDsIfOutAndSafeToRemove: false
resources:
cleanup:
limits:
memory: 1Gi
requests:
cpu: 500m
memory: 100Mi
crashcollector:
limits:
memory: 60Mi
requests:
cpu: 100m
memory: 60Mi
exporter:
limits:
memory: 128Mi
requests:
cpu: 50m
memory: 50Mi
logcollector:
limits:
memory: 1Gi
requests:
cpu: 100m
memory: 100Mi
mgr:
limits:
memory: 1Gi
requests:
cpu: 100m
memory: 512Mi
mgr-sidecar:
limits:
memory: 100Mi
requests:
cpu: 100m
memory: 40Mi
mon:
limits:
memory: 2Gi
requests:
cpu: 200m
memory: 256Mi
osd:
limits:
memory: 4Gi
requests:
cpu: 100m
memory: 2Gi
prepareosd:
requests:
cpu: 100m
memory: 128Mi
skipUpgradeChecks: false
storage:
config:
osdsPerDevice: "1"
deviceFilter: sda
useAllDevices: true
useAllNodes: true
upgradeOSDRequiresHealthyPGs: false
waitTimeoutForHealthyOSDInMinutes: 10

24
clusters/cl01tl/manifests/rook-ceph/CephFilesystem-ceph-filesystem.yml Normal file
View File

@@ -0,0 +1,24 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/cephfilesystem.yaml
kind: CephFilesystem
apiVersion: ceph.rook.io/v1
metadata:
name: ceph-filesystem
namespace: rook-ceph # namespace:cluster
spec:
dataPools:
- failureDomain: host
name: data0
replicated:
size: 3
metadataPool:
replicated:
size: 3
metadataServer:
activeCount: 1
activeStandby: true
priorityClassName: system-cluster-critical
resources:
requests:
cpu: 1000m
memory: 4Gi

20
clusters/cl01tl/manifests/rook-ceph/CephFilesystemSubVolumeGroup-ceph-filesystem-csi.yml Normal file
View File

@@ -0,0 +1,20 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/cephfilesystem.yaml
kind: CephFilesystemSubVolumeGroup
apiVersion: ceph.rook.io/v1
metadata:
name: ceph-filesystem-csi # lets keep the svg crd name same as `filesystem name + csi` for the default csi svg
namespace: rook-ceph # namespace:cluster
spec:
# The name of the subvolume group. If not set, the default is the name of the subvolumeGroup CR.
name: csi
# filesystemName is the metadata name of the CephFilesystem CR where the subvolume group will be created
filesystemName: ceph-filesystem
# reference https://docs.ceph.com/en/latest/cephfs/fs-volumes/#pinning-subvolumes-and-subvolume-groups
# only one out of (export, distributed, random) can be set at a time
# by default pinning is set with value: distributed=1
# for disabling default values set (distributed=0)
pinning:
distributed: 1 # distributed=<0, 1> (disabled=0)
# export: # export=<0-256> (disabled=-1)
# random: # random=[0.0, 1.0](disabled=0.0)

32
clusters/cl01tl/manifests/rook-ceph/CephObjectStore-ceph-objectstore.yml Normal file
View File

@@ -0,0 +1,32 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/cephobjectstore.yaml
kind: CephObjectStore
apiVersion: ceph.rook.io/v1
metadata:
name: ceph-objectstore
namespace: rook-ceph # namespace:cluster
spec:
dataPool:
erasureCoded:
codingChunks: 1
dataChunks: 2
failureDomain: host
parameters:
bulk: "true"
gateway:
instances: 1
port: 80
priorityClassName: system-cluster-critical
resources:
requests:
cpu: 1000m
memory: 1Gi
hosting:
dnsNames:
- objects.alexlebens.dev
- objects.alexlebens.net
metadataPool:
failureDomain: host
replicated:
size: 3
preservePoolsOnDelete: true

27
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-cephconnection-viewer-role.yml Normal file
View File

@@ -0,0 +1,27 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephconnection-viewer-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-cephconnection-viewer-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csi.ceph.io
resources:
- cephconnections
verbs:
- get
- list
- watch
- apiGroups:
- csi.ceph.io
resources:
- cephconnections/status
verbs:
- get

31
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-cephconnections-editor-role.yml Normal file
View File

@@ -0,0 +1,31 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephconnections-editor-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-cephconnections-editor-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csi.ceph.io
resources:
- cephconnections
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- csi.ceph.io
resources:
- cephconnections/status
verbs:
- get

204
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-cephfs-ctrlplugin-cr.yml Normal file
View File

@@ -0,0 +1,204 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-ctrlplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-cephfs-ctrlplugin-cr
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- csinodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- patch
- update
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- watch
- patch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments/status
verbs:
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims/status
verbs:
- patch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
verbs:
- get
- list
- watch
- patch
- update
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents/status
verbs:
- update
- patch
- apiGroups:
- groupsnapshot.storage.k8s.io
resources:
- volumegroupsnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- groupsnapshot.storage.k8s.io
resources:
- volumegroupsnapshotcontents
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- groupsnapshot.storage.k8s.io
resources:
- volumegroupsnapshotcontents/status
verbs:
- update
- patch
- apiGroups:
- groupsnapshot.storage.openshift.io
resources:
- volumegroupsnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- groupsnapshot.storage.openshift.io
resources:
- volumegroupsnapshotcontents
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- groupsnapshot.storage.openshift.io
resources:
- volumegroupsnapshotcontents/status
verbs:
- update
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create

60
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-cephfs-nodeplugin-cr.yml Normal file
View File

@@ -0,0 +1,60 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-nodeplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-cephfs-nodeplugin-cr
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- ""
resources:
- persistentvolumes
- persistentvolumeclaims
verbs:
- get

27
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-clientprofile-viewer-role.yml Normal file
View File

@@ -0,0 +1,27 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofile-viewer-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-clientprofile-viewer-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csi.ceph.io
resources:
- clientprofiles
verbs:
- get
- list
- watch
- apiGroups:
- csi.ceph.io
resources:
- clientprofiles/status
verbs:
- get

31
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-clientprofilemapping-editor-role.yml Normal file
View File

@@ -0,0 +1,31 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofilemapping-editor-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-clientprofilemapping-editor-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csi.ceph.io
resources:
- clientprofilemappings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- csi.ceph.io
resources:
- clientprofilemappings/status
verbs:
- get

27
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-clientprofilemapping-viewer-role.yml Normal file
View File

@@ -0,0 +1,27 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofilemapping-viewer-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-clientprofilemapping-viewer-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csi.ceph.io
resources:
- clientprofilemappings
verbs:
- get
- list
- watch
- apiGroups:
- csi.ceph.io
resources:
- clientprofilemappings/status
verbs:
- get

31
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-clientprofiles-editor-role.yml Normal file
View File

@@ -0,0 +1,31 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofiles-editor-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-clientprofiles-editor-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csi.ceph.io
resources:
- clientprofiles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- csi.ceph.io
resources:
- clientprofiles/status
verbs:
- get

31
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-driver-editor-role.yml Normal file
View File

@@ -0,0 +1,31 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/driver-editor-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-driver-editor-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csi.ceph.io
resources:
- drivers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- csi.ceph.io
resources:
- drivers/status
verbs:
- get

27
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-driver-viewer-role.yml Normal file
View File

@@ -0,0 +1,27 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/driver-viewer-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-driver-viewer-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csi.ceph.io
resources:
- drivers
verbs:
- get
- list
- watch
- apiGroups:
- csi.ceph.io
resources:
- drivers/status
verbs:
- get

109
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-manager-role.yml Normal file
View File

@@ -0,0 +1,109 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/manager-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-manager-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- configmaps
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cbt.storage.k8s.io
resources:
- snapshotmetadataservices
verbs:
- get
- list
- watch
- apiGroups:
- csi.ceph.io
resources:
- cephconnections
verbs:
- delete
- get
- list
- update
- watch
- apiGroups:
- csi.ceph.io
resources:
- clientprofilemappings
- clientprofiles
- drivers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- csi.ceph.io
resources:
- clientprofilemappings/finalizers
- clientprofiles/finalizers
- drivers/finalizers
verbs:
- update
- apiGroups:
- csi.ceph.io
resources:
- clientprofilemappings/status
- clientprofiles/status
- drivers/status
verbs:
- get
- patch
- update
- apiGroups:
- csi.ceph.io
resources:
- operatorconfigs
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- csidrivers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

25
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-metrics-auth-role.yml Normal file
View File

@@ -0,0 +1,25 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/metrics-auth-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-metrics-auth-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

17
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-metrics-reader.yml Normal file
View File

@@ -0,0 +1,17 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/metrics-reader-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-metrics-reader
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- nonResourceURLs:
- /metrics
verbs:
- get

140
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-nfs-ctrlplugin-cr.yml Normal file
View File

@@ -0,0 +1,140 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/nfs-ctrlplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-nfs-ctrlplugin-cr
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- patch
- update
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- storage.k8s.io
resources:
- csinodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents/status
verbs:
- update
- patch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- apiGroups:
- ""
resources:
- persistentvolumeclaims/status
verbs:
- patch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- watch
- patch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments/status
verbs:
- patch

19
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-nfs-nodeplugin-cr.yml Normal file
View File

@@ -0,0 +1,19 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/nfs-nodeplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-nfs-nodeplugin-cr
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get

31
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-operatorconfig-editor-role.yml Normal file
View File

@@ -0,0 +1,31 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/operatorconfig-editor-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-operatorconfig-editor-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csi.ceph.io
resources:
- operatorconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- csi.ceph.io
resources:
- operatorconfigs/status
verbs:
- get

27
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-operatorconfig-viewer-role.yml Normal file
View File

@@ -0,0 +1,27 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/operatorconfig-viewer-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-operatorconfig-viewer-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csi.ceph.io
resources:
- operatorconfigs
verbs:
- get
- list
- watch
- apiGroups:
- csi.ceph.io
resources:
- operatorconfigs/status
verbs:
- get

233
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-rbd-ctrlplugin-cr.yml Normal file
View File

@@ -0,0 +1,233 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-ctrlplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-rbd-ctrlplugin-cr
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- patch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- watch
- patch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments/status
verbs:
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- csinodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims/status
verbs:
- patch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
verbs:
- get
- list
- watch
- patch
- update
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents/status
verbs:
- update
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- groupsnapshot.storage.k8s.io
resources:
- volumegroupsnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- groupsnapshot.storage.k8s.io
resources:
- volumegroupsnapshotcontents
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- groupsnapshot.storage.k8s.io
resources:
- volumegroupsnapshotcontents/status
verbs:
- update
- patch
- apiGroups:
- groupsnapshot.storage.openshift.io
resources:
- volumegroupsnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- groupsnapshot.storage.openshift.io
resources:
- volumegroupsnapshotcontents
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- groupsnapshot.storage.openshift.io
resources:
- volumegroupsnapshotcontents/status
verbs:
- update
- patch
- apiGroups:
- replication.storage.openshift.io
resources:
- volumegroupreplicationcontents
verbs:
- get
- list
- watch
- apiGroups:
- replication.storage.openshift.io
resources:
- volumegroupreplicationclasses
verbs:
- get
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- cbt.storage.k8s.io
resources:
- snapshotmetadataservices
verbs:
- get
- list

80
clusters/cl01tl/manifests/rook-ceph/ClusterRole-ceph-csi-rbd-nodeplugin-cr.yml Normal file
View File

@@ -0,0 +1,80 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-nodeplugin-cr-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ceph-csi-rbd-nodeplugin-cr
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get

32
clusters/cl01tl/manifests/rook-ceph/ClusterRole-cephfs-csi-nodeplugin.yml Normal file
View File

@@ -0,0 +1,32 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cephfs-csi-nodeplugin
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]

80
clusters/cl01tl/manifests/rook-ceph/ClusterRole-cephfs-external-provisioner-runner.yml Normal file
View File

@@ -0,0 +1,80 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cephfs-external-provisioner-runner
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update", "patch"]
- apiGroups: ["groupsnapshot.storage.k8s.io"]
resources: ["volumegroupsnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["groupsnapshot.storage.k8s.io"]
resources: ["volumegroupsnapshotcontents"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["groupsnapshot.storage.k8s.io"]
resources: ["volumegroupsnapshotcontents/status"]
verbs: ["update", "patch"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]

20
clusters/cl01tl/manifests/rook-ceph/ClusterRole-objectstorage-provisioner-role.yml Normal file
View File

@@ -0,0 +1,20 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: objectstorage-provisioner-role
labels:
app.kubernetes.io/part-of: container-object-storage-interface
app.kubernetes.io/component: driver-ceph
app.kubernetes.io/name: cosi-driver-ceph
rules:
- apiGroups: ["objectstorage.k8s.io"]
resources: ["buckets", "bucketaccesses", "bucketclaims", "bucketaccessclasses", "buckets/status", "bucketaccesses/status", "bucketclaims/status", "bucketaccessclasses/status"]
verbs: ["get", "list", "watch", "update", "create", "delete"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: [""]
resources: ["secrets", "events"]
verbs: ["get", "delete", "update", "create"]

41
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rbd-csi-nodeplugin.yml Normal file
View File

@@ -0,0 +1,41 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-csi-nodeplugin
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]

92
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rbd-external-provisioner-runner.yml Normal file
View File

@@ -0,0 +1,92 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-external-provisioner-runner
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update", "patch"]
- apiGroups: ["groupsnapshot.storage.k8s.io"]
resources: ["volumegroupsnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["groupsnapshot.storage.k8s.io"]
resources: ["volumegroupsnapshotcontents"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["groupsnapshot.storage.k8s.io"]
resources: ["volumegroupsnapshotcontents/status"]
verbs: ["update", "patch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["gateway.networking.k8s.io"]
resources: ["referencegrants"]
verbs: ["get", "list", "watch"]
- apiGroups: ["replication.storage.openshift.io"]
resources: ["volumegroupreplicationcontents"]
verbs: ["get", "list", "watch"]
- apiGroups: ["replication.storage.openshift.io"]
resources: ["volumegroupreplicationclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]

38
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-cluster-mgmt.yml Normal file
View File

@@ -0,0 +1,38 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
# The cluster role for managing all the cluster-specific resources in a namespace
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-cluster-mgmt
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups:
- ""
- apps
- extensions
resources:
- secrets
- pods
- pods/log
- services
- configmaps
- deployments
- daemonsets
verbs:
- get
- list
- watch
- patch
- create
- update
- delete

212
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-global.yml Normal file
View File

@@ -0,0 +1,212 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
# The cluster role for managing the Rook CRDs
# Rook watches for its CRDs in all namespaces, so this should be a cluster-scoped role unless the
# operator config `ROOK_CURRENT_NAMESPACE_ONLY=true`.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-global
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups:
- ""
resources:
# Pod access is needed for fencing
- pods
# Node access is needed for determining nodes where mons should run
- nodes
- nodes/proxy
# Rook watches secrets which it uses to configure access to external resources.
# e.g., external Ceph cluster or object store
- secrets
# Rook watches for changes to the rook-operator-config configmap
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
- "discovery.k8s.io"
resources:
# Rook creates events for its custom resources
- events
# Rook creates PVs and PVCs for OSDs managed by the Rook provisioner
- persistentvolumes
- persistentvolumeclaims
# Rook creates endpoints for mgr and object store access
- endpoints
- services
- endpointslices
- endpointslices/restricted
verbs:
- get
- list
- watch
- patch
- create
- update
- delete
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- get
- list
- watch
- create
- update
- delete
- deletecollection
# The Rook operator must be able to watch all ceph.rook.io resources to reconcile them.
- apiGroups: ["ceph.rook.io"]
resources:
- cephclients
- cephclusters
- cephblockpools
- cephfilesystems
- cephnfses
- cephobjectstores
- cephobjectstoreusers
- cephobjectrealms
- cephobjectzonegroups
- cephobjectzones
- cephbuckettopics
- cephbucketnotifications
- cephrbdmirrors
- cephfilesystemmirrors
- cephfilesystemsubvolumegroups
- cephblockpoolradosnamespaces
- cephcosidrivers
verbs:
- get
- list
- watch
# Ideally the update permission is not required, but Rook needs it to add finalizers to resources.
- update
# Rook must have update access to status subresources for its custom resources.
- apiGroups: ["ceph.rook.io"]
resources:
- cephclients/status
- cephclusters/status
- cephblockpools/status
- cephfilesystems/status
- cephnfses/status
- cephobjectstores/status
- cephobjectstoreusers/status
- cephobjectrealms/status
- cephobjectzonegroups/status
- cephobjectzones/status
- cephbuckettopics/status
- cephbucketnotifications/status
- cephrbdmirrors/status
- cephfilesystemmirrors/status
- cephfilesystemsubvolumegroups/status
- cephblockpoolradosnamespaces/status
verbs: ["update"]
# The "*/finalizers" permission may need to be strictly given for K8s clusters where
# OwnerReferencesPermissionEnforcement is enabled so that Rook can set blockOwnerDeletion on
# resources owned by Rook CRs (e.g., a Secret owned by an OSD Deployment). See more:
# https://kubernetes.io/docs/reference/access-authn-authz/_print/#ownerreferencespermissionenforcement
- apiGroups: ["ceph.rook.io"]
resources:
- cephclients/finalizers
- cephclusters/finalizers
- cephblockpools/finalizers
- cephfilesystems/finalizers
- cephnfses/finalizers
- cephobjectstores/finalizers
- cephobjectstoreusers/finalizers
- cephobjectrealms/finalizers
- cephobjectzonegroups/finalizers
- cephobjectzones/finalizers
- cephbuckettopics/finalizers
- cephbucketnotifications/finalizers
- cephrbdmirrors/finalizers
- cephfilesystemmirrors/finalizers
- cephfilesystemsubvolumegroups/finalizers
- cephblockpoolradosnamespaces/finalizers
verbs: ["update"]
- apiGroups:
- policy
- apps
- extensions
resources:
# This is for the clusterdisruption controller
- poddisruptionbudgets
# This is for both clusterdisruption and nodedrain controllers
- deployments
- replicasets
verbs:
- get
- list
- watch
- create
- update
- delete
- deletecollection
- apiGroups:
- apps
resources:
# This is to add osd deployment owner ref on key rotation
# cron jobs.
- deployments/finalizers
verbs:
- update
- apiGroups:
- healthchecking.openshift.io
resources:
- machinedisruptionbudgets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- machine.openshift.io
resources:
- machines
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- storage.k8s.io
resources:
- csidrivers
verbs:
- create
- delete
- get
- update
- apiGroups:
- k8s.cni.cncf.io
resources:
- network-attachment-definitions
verbs:
- get

47
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-mgr-cluster.yml Normal file
View File

@@ -0,0 +1,47 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
# Aspects of ceph-mgr that require cluster-wide access
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-mgr-cluster
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups:
- ""
resources:
- configmaps
- nodes
- nodes/proxy
- persistentvolumes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- list
- get
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch

26
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-mgr-system.yml Normal file
View File

@@ -0,0 +1,26 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
# Aspects of ceph-mgr that require access to the system namespace
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-mgr-system
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch

70
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-object-bucket.yml Normal file
View File

@@ -0,0 +1,70 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
# Used for provisioning ObjectBuckets (OBs) in response to ObjectBucketClaims (OBCs).
# Note: Rook runs a copy of the lib-bucket-provisioner's OBC controller.
# OBCs can be created in any Kubernetes namespace, so this must be a cluster-scoped role.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-object-bucket
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups: [""]
resources: ["secrets", "configmaps"]
verbs:
# OBC controller creates secrets and configmaps containing information for users about how to
# connect to object buckets. It deletes them when an OBC is deleted.
- get
- create
- update
- delete
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs:
# OBC controller gets parameters from the OBC's storageclass
# Rook gets additional parameters from the OBC's storageclass
- get
- apiGroups: ["objectbucket.io"]
resources: ["objectbucketclaims"]
verbs:
# OBC controller needs to list/watch OBCs and get latest version of a reconciled OBC
- list
- watch
- get
# Ideally, update should not be needed, but the OBC controller updates the OBC with bucket
# information outside of the status subresource
- update
# OBC controller does not delete OBCs; users do this
- apiGroups: ["objectbucket.io"]
resources: ["objectbuckets"]
verbs:
# OBC controller needs to list/watch OBs and get latest version of a reconciled OB
- list
- watch
- get
# OBC controller creates an OB when an OBC's bucket has been provisioned by Ceph, updates them
# when an OBC is updated, and deletes them when the OBC is de-provisioned.
- create
- update
- delete
- apiGroups: ["objectbucket.io"]
resources: ["objectbucketclaims/status", "objectbuckets/status"]
verbs:
# OBC controller updates OBC and OB statuses
- update
- apiGroups: ["objectbucket.io"]
# This does not strictly allow the OBC/OB controllers to update finalizers. That is handled by
# the direct "update" permissions above. Instead, this allows Rook's controller to create
# resources which are owned by OBs/OBCs and where blockOwnerDeletion is set.
resources: ["objectbucketclaims/finalizers", "objectbuckets/finalizers"]
verbs:
- update

24
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-osd.yml Normal file
View File

@@ -0,0 +1,24 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-osd
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list

45
clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-system.yml Normal file
View File

@@ -0,0 +1,45 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-system
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
# Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
# However, some Kubernetes APIs involve a "subresource", such as the logs for a pod. [...]
# To represent this in an RBAC role, use a slash to delimit the resource and subresource.
# https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources
- apiGroups: [""]
resources: ["pods", "pods/log"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]
- apiGroups: ["csiaddons.openshift.io"]
resources: ["networkfences"]
verbs: ["create", "get", "update", "delete", "watch", "list", "deletecollection"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get"]
- apiGroups: ["csi.ceph.io"]
resources: ["cephconnections"]
verbs: ["create", "delete", "get", "list", "update", "watch"]
- apiGroups: ["csi.ceph.io"]
resources: ["clientprofiles"]
verbs: ["create", "delete", "get", "list", "update", "watch"]
- apiGroups: ["csi.ceph.io"]
resources: ["operatorconfigs"]
verbs: ["create", "delete", "get", "list", "update", "watch"]
- apiGroups: ["csi.ceph.io"]
resources: ["drivers"]
verbs: ["create", "delete", "get", "list", "update", "watch"]

20
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-cephfs-ctrlplugin-crb.yml Normal file
View File

@@ -0,0 +1,20 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-ctrlplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ceph-csi-cephfs-ctrlplugin-crb
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: 'ceph-csi-cephfs-ctrlplugin-cr'
subjects:
- kind: ServiceAccount
name: 'ceph-csi-cephfs-ctrlplugin-sa'
namespace: 'rook-ceph'

20
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-cephfs-nodeplugin-crb.yml Normal file
View File

@@ -0,0 +1,20 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-nodeplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ceph-csi-cephfs-nodeplugin-crb
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: 'ceph-csi-cephfs-nodeplugin-cr'
subjects:
- kind: ServiceAccount
name: 'ceph-csi-cephfs-nodeplugin-sa'
namespace: 'rook-ceph'

20
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-manager-rolebinding.yml Normal file
View File

@@ -0,0 +1,20 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/manager-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ceph-csi-manager-rolebinding
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: 'ceph-csi-manager-role'
subjects:
- kind: ServiceAccount
name: 'ceph-csi-controller-manager'
namespace: 'rook-ceph'

20
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-metrics-auth-rolebinding.yml Normal file
View File

@@ -0,0 +1,20 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/metrics-auth-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ceph-csi-metrics-auth-rolebinding
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: 'ceph-csi-metrics-auth-role'
subjects:
- kind: ServiceAccount
name: 'ceph-csi-controller-manager'
namespace: 'rook-ceph'

20
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-nfs-ctrlplugin-crb.yml Normal file
View File

@@ -0,0 +1,20 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/nfs-ctrlplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ceph-csi-nfs-ctrlplugin-crb
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: 'ceph-csi-nfs-ctrlplugin-cr'
subjects:
- kind: ServiceAccount
name: 'ceph-csi-nfs-ctrlplugin-sa'
namespace: 'rook-ceph'

20
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-nfs-nodeplugin-crb.yml Normal file
View File

@@ -0,0 +1,20 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/nfs-nodeplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ceph-csi-nfs-nodeplugin-crb
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: 'ceph-csi-nfs-nodeplugin-cr'
subjects:
- kind: ServiceAccount
name: 'ceph-csi-nfs-nodeplugin-sa'
namespace: 'rook-ceph'

20
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-rbd-ctrlplugin-crb.yml Normal file
View File

@@ -0,0 +1,20 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-ctrlplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ceph-csi-rbd-ctrlplugin-crb
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: 'ceph-csi-rbd-ctrlplugin-cr'
subjects:
- kind: ServiceAccount
name: 'ceph-csi-rbd-ctrlplugin-sa'
namespace: 'rook-ceph'

20
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-ceph-csi-rbd-nodeplugin-crb.yml Normal file
View File

@@ -0,0 +1,20 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-nodeplugin-crb-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ceph-csi-rbd-nodeplugin-crb
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: 'ceph-csi-rbd-nodeplugin-cr'
subjects:
- kind: ServiceAccount
name: 'ceph-csi-rbd-nodeplugin-sa'
namespace: 'rook-ceph'

26
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-cephfs-csi-nodeplugin-role.yml Normal file
View File

@@ -0,0 +1,26 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
# This is required by operator-sdk to map the cluster/clusterrolebindings with SA
# otherwise operator-sdk will create a individual file for these.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cephfs-csi-nodeplugin-role
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
subjects:
- kind: ServiceAccount
name: rook-csi-cephfs-plugin-sa
namespace: rook-ceph # namespace:operator
roleRef:
kind: ClusterRole
name: cephfs-csi-nodeplugin
apiGroup: rbac.authorization.k8s.io

24
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-cephfs-csi-provisioner-role.yml Normal file
View File

@@ -0,0 +1,24 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cephfs-csi-provisioner-role
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
subjects:
- kind: ServiceAccount
name: rook-csi-cephfs-provisioner-sa
namespace: rook-ceph # namespace:operator
roleRef:
kind: ClusterRole
name: cephfs-external-provisioner-runner
apiGroup: rbac.authorization.k8s.io

19
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-objectstorage-provisioner-role-binding.yml Normal file
View File

@@ -0,0 +1,19 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
# RBAC for ceph cosi driver service account
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: objectstorage-provisioner-role-binding
labels:
app.kubernetes.io/part-of: container-object-storage-interface
app.kubernetes.io/component: driver-ceph
app.kubernetes.io/name: cosi-driver-ceph
subjects:
- kind: ServiceAccount
name: objectstorage-provisioner
namespace: rook-ceph # namespace:operator
roleRef:
kind: ClusterRole
name: objectstorage-provisioner-role
apiGroup: rbac.authorization.k8s.io

24
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rbd-csi-nodeplugin.yml Normal file
View File

@@ -0,0 +1,24 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-csi-nodeplugin
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
subjects:
- kind: ServiceAccount
name: rook-csi-rbd-plugin-sa
namespace: rook-ceph # namespace:operator
roleRef:
kind: ClusterRole
name: rbd-csi-nodeplugin
apiGroup: rbac.authorization.k8s.io

24
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rbd-csi-provisioner-role.yml Normal file
View File

@@ -0,0 +1,24 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-csi-provisioner-role
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
subjects:
- kind: ServiceAccount
name: rook-csi-rbd-provisioner-sa
namespace: rook-ceph # namespace:operator
roleRef:
kind: ClusterRole
name: rbd-external-provisioner-runner
apiGroup: rbac.authorization.k8s.io

25
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rook-ceph-global.yml Normal file
View File

@@ -0,0 +1,25 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
# Grant the rook system daemons cluster-wide access to manage the Rook CRDs, PVCs, and storage classes
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-global
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rook-ceph-global
subjects:
- kind: ServiceAccount
name: rook-ceph-system
namespace: rook-ceph # namespace:operator

25
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rook-ceph-mgr-cluster.yml Normal file
View File

@@ -0,0 +1,25 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
# Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-mgr-cluster
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rook-ceph-mgr-cluster
subjects:
- kind: ServiceAccount
name: rook-ceph-mgr
namespace: rook-ceph # namespace:cluster

25
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rook-ceph-object-bucket.yml Normal file
View File

@@ -0,0 +1,25 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
# Give Rook-Ceph Operator permissions to provision ObjectBuckets in response to ObjectBucketClaims.
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-object-bucket
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rook-ceph-object-bucket
subjects:
- kind: ServiceAccount
name: rook-ceph-system
namespace: rook-ceph # namespace:operator

25
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rook-ceph-osd.yml Normal file
View File

@@ -0,0 +1,25 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
# Allow the ceph osd to access cluster-wide resources necessary for determining their topology location
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-osd
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rook-ceph-osd
subjects:
- kind: ServiceAccount
name: rook-ceph-osd
namespace: rook-ceph # namespace:cluster

24
clusters/cl01tl/manifests/rook-ceph/ClusterRoleBinding-rook-ceph-system.yml Normal file
View File

@@ -0,0 +1,24 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-system
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rook-ceph-system
subjects:
- kind: ServiceAccount
name: rook-ceph-system
namespace: rook-ceph # namespace:operator

69
clusters/cl01tl/manifests/rook-ceph/ConfigMap-rook-ceph-operator-config.yml Normal file
View File

@@ -0,0 +1,69 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/configmap.yaml
# Operator settings that can be updated without an operator restart
# Operator settings that require an operator restart are found in the operator env vars
kind: ConfigMap
apiVersion: v1
metadata:
name: rook-ceph-operator-config
namespace: rook-ceph # namespace:operator
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
data:
ROOK_LOG_LEVEL: "INFO"
ROOK_CEPH_COMMANDS_TIMEOUT_SECONDS: "15"
ROOK_OBC_WATCH_OPERATOR_NAMESPACE: "true"
ROOK_OBC_ALLOW_ADDITIONAL_CONFIG_FIELDS: "maxObjects,maxSize"
ROOK_CEPH_ALLOW_LOOP_DEVICES: "false"
ROOK_ENABLE_DISCOVERY_DAEMON: "true"
ROOK_USE_CSI_OPERATOR: "true"
ROOK_CSI_ENABLE_RBD: "true"
ROOK_CSI_ENABLE_CEPHFS: "true"
ROOK_CSI_DISABLE_DRIVER: "false"
CSI_ENABLE_CEPHFS_SNAPSHOTTER: "true"
CSI_ENABLE_NFS_SNAPSHOTTER: "true"
CSI_ENABLE_RBD_SNAPSHOTTER: "true"
CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: "false"
CSI_ENABLE_ENCRYPTION: "false"
CSI_ENABLE_OMAP_GENERATOR: "false"
CSI_ENABLE_HOST_NETWORK: "true"
CSI_ENABLE_METADATA: "true"
CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: "true"
CSI_PLUGIN_PRIORITY_CLASSNAME: "system-node-critical"
CSI_PROVISIONER_PRIORITY_CLASSNAME: "system-cluster-critical"
CSI_RBD_FSGROUPPOLICY: "File"
CSI_CEPHFS_FSGROUPPOLICY: "File"
CSI_NFS_FSGROUPPOLICY: "File"
CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: "ms_mode=secure"
ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.15.0"
ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0"
ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v5.2.0"
ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.1"
ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.8.1"
ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v1.13.2"
ROOK_CSI_IMAGE_PULL_POLICY: "IfNotPresent"
CSI_ENABLE_CSIADDONS: "false"
ROOK_CSIADDONS_IMAGE: "quay.io/csiaddons/k8s-sidecar:v0.13.0"
CSI_ENABLE_CROSS_NAMESPACE_VOLUME_DATA_SOURCE: "false"
CSI_ENABLE_TOPOLOGY: "false"
ROOK_CSI_ENABLE_NFS: "false"
CSI_FORCE_CEPHFS_KERNEL_CLIENT: "true"
CSI_GRPC_TIMEOUT_SECONDS: "150"
CSI_PROVISIONER_REPLICAS: "3"
CSI_RBD_PROVISIONER_RESOURCE: "- name : csi-provisioner\n resource:\n requests:\n memory: 128Mi\n cpu: 100m\n limits:\n memory: 256Mi\n- name : csi-resizer\n resource:\n requests:\n memory: 128Mi\n cpu: 100m\n limits:\n memory: 256Mi\n- name : csi-attacher\n resource:\n requests:\n memory: 128Mi\n cpu: 100m\n limits:\n memory: 256Mi\n- name : csi-snapshotter\n resource:\n requests:\n memory: 128Mi\n cpu: 100m\n limits:\n memory: 256Mi\n- name : csi-rbdplugin\n resource:\n requests:\n memory: 512Mi\n limits:\n memory: 1Gi\n- name : csi-omap-generator\n resource:\n requests:\n memory: 512Mi\n cpu: 250m\n limits:\n memory: 1Gi\n- name : liveness-prometheus\n resource:\n requests:\n memory: 128Mi\n cpu: 50m\n limits:\n memory: 256Mi\n"
CSI_RBD_PLUGIN_RESOURCE: "- name : driver-registrar\n resource:\n requests:\n memory: 128Mi\n cpu: 50m\n limits:\n memory: 256Mi\n- name : csi-rbdplugin\n resource:\n requests:\n memory: 512Mi\n cpu: 250m\n limits:\n memory: 1Gi\n- name : liveness-prometheus\n resource:\n requests:\n memory: 128Mi\n cpu: 50m\n limits:\n memory: 256Mi\n"
CSI_CEPHFS_PROVISIONER_RESOURCE: "- name : csi-provisioner\n resource:\n requests:\n memory: 128Mi\n cpu: 100m\n limits:\n memory: 256Mi\n- name : csi-resizer\n resource:\n requests:\n memory: 128Mi\n cpu: 100m\n limits:\n memory: 256Mi\n- name : csi-attacher\n resource:\n requests:\n memory: 128Mi\n cpu: 100m\n limits:\n memory: 256Mi\n- name : csi-snapshotter\n resource:\n requests:\n memory: 128Mi\n cpu: 100m\n limits:\n memory: 256Mi\n- name : csi-cephfsplugin\n resource:\n requests:\n memory: 512Mi\n cpu: 250m\n limits:\n memory: 1Gi\n- name : liveness-prometheus\n resource:\n requests:\n memory: 128Mi\n cpu: 50m\n limits:\n memory: 256Mi\n"
CSI_CEPHFS_PLUGIN_RESOURCE: "- name : driver-registrar\n resource:\n requests:\n memory: 128Mi\n cpu: 50m\n limits:\n memory: 256Mi\n- name : csi-cephfsplugin\n resource:\n requests:\n memory: 512Mi\n cpu: 250m\n limits:\n memory: 1Gi\n- name : liveness-prometheus\n resource:\n requests:\n memory: 128Mi\n cpu: 50m\n limits:\n memory: 256Mi\n"
CSI_NFS_PROVISIONER_RESOURCE: "- name : csi-provisioner\n resource:\n requests:\n memory: 128Mi\n cpu: 100m\n limits:\n memory: 256Mi\n- name : csi-nfsplugin\n resource:\n requests:\n memory: 512Mi\n cpu: 250m\n limits:\n memory: 1Gi\n- name : csi-attacher\n resource:\n requests:\n memory: 512Mi\n cpu: 250m\n limits:\n memory: 1Gi\n"
CSI_NFS_PLUGIN_RESOURCE: "- name : driver-registrar\n resource:\n requests:\n memory: 128Mi\n cpu: 50m\n limits:\n memory: 256Mi\n- name : csi-nfsplugin\n resource:\n requests:\n memory: 512Mi\n cpu: 250m\n limits:\n memory: 1Gi\n"
CSI_CEPHFS_ATTACH_REQUIRED: "true"
CSI_RBD_ATTACH_REQUIRED: "true"
CSI_NFS_ATTACH_REQUIRED: "true"

350
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephblockpoolradosnamespaces.ceph.rook.io Normal file
View File

@@ -0,0 +1,350 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephblockpoolradosnamespaces.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephBlockPoolRadosNamespace
listKind: CephBlockPoolRadosNamespaceList
plural: cephblockpoolradosnamespaces
shortNames:
- cephbprns
- cephrns
singular: cephblockpoolradosnamespace
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- description: Name of the Ceph BlockPool
jsonPath: .spec.blockPoolName
name: BlockPool
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephBlockPoolRadosNamespace represents a Ceph BlockPool Rados Namespace
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec represents the specification of a Ceph BlockPool Rados Namespace
properties:
blockPoolName:
description: |-
BlockPoolName is the name of Ceph BlockPool. Typically it's the name of
the CephBlockPool CR.
type: string
x-kubernetes-validations:
- message: blockPoolName is immutable
rule: self == oldSelf
clusterID:
description: |-
ClusterID to be used for this RadosNamespace in the CSI configuration.
It must be unique among all Ceph clusters managed by Rook.
If not specified, the clusterID will be generated and can be found in the CR status.
maxLength: 36
minLength: 1
pattern: ^[a-zA-Z0-9_-]+$
type: string
x-kubernetes-validations:
- message: ClusterID is immutable
rule: self == oldSelf
mirroring:
description: Mirroring configuration of CephBlockPoolRadosNamespace
properties:
mode:
description: Mode is the mirroring mode; either pool or image.
enum:
- ""
- pool
- image
type: string
remoteNamespace:
description: RemoteNamespace is the name of the CephBlockPoolRadosNamespace on the secondary cluster CephBlockPool
type: string
snapshotSchedules:
description: SnapshotSchedules is the scheduling of snapshot for mirrored images
items:
description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool
properties:
interval:
description: Interval represent the periodicity of the snapshot.
type: string
path:
description: Path is the path to snapshot, only valid for CephFS
type: string
startTime:
description: StartTime indicates when to start the snapshot
type: string
type: object
type: array
required:
- mode
type: object
name:
description: The name of the CephBlockPoolRadosNamespaceSpec namespace. If not set, the default is the name of the CR.
type: string
x-kubernetes-validations:
- message: name is immutable
rule: self == oldSelf
required:
- blockPoolName
type: object
status:
description: Status represents the status of a CephBlockPool Rados Namespace
properties:
conditions:
items:
description: Condition represents a status condition on any Rook-Ceph Custom Resource.
properties:
lastHeartbeatTime:
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
description: ConditionReason is a reason for a condition
type: string
status:
type: string
type:
description: ConditionType represent a resource's status
type: string
type: object
type: array
info:
additionalProperties:
type: string
nullable: true
type: object
mirroringInfo:
description: MirroringInfoSpec is the status of the pool/radosnamespace mirroring
properties:
details:
type: string
lastChanged:
type: string
lastChecked:
type: string
mode:
description: Mode is the mirroring mode
type: string
peers:
description: Peers are the list of peer sites connected to that cluster
items:
description: PeersSpec contains peer details
properties:
client_name:
description: ClientName is the CephX user used to connect to the peer
type: string
direction:
description: Direction is the peer mirroring direction
type: string
mirror_uuid:
description: MirrorUUID is the mirror UUID
type: string
site_name:
description: SiteName is the current site name
type: string
uuid:
description: UUID is the peer UUID
type: string
type: object
type: array
site_name:
description: SiteName is the current site name
type: string
type: object
mirroringStatus:
description: MirroringStatusSpec is the status of the pool/radosNamespace mirroring
properties:
details:
description: Details contains potential status errors
type: string
lastChanged:
description: LastChanged is the last time time the status last changed
type: string
lastChecked:
description: LastChecked is the last time time the status was checked
type: string
summary:
description: Summary is the mirroring status summary
properties:
daemon_health:
description: DaemonHealth is the health of the mirroring daemon
type: string
group_health:
description: GroupHealth is the health of the mirrored image group
nullable: true
type: string
group_states:
description: GroupStates is the various state for all mirrored image groups
nullable: true
properties:
error:
description: Error is when the mirroring state is errored
type: integer
replaying:
description: Replaying is when the replay of the mirroring journal is on-going
type: integer
starting_replay:
description: StartingReplay is when the replay of the mirroring journal starts
type: integer
stopped:
description: Stopped is when the mirroring state is stopped
type: integer
stopping_replay:
description: StopReplaying is when the replay of the mirroring journal stops
type: integer
syncing:
description: Syncing is when the image is syncing
type: integer
unknown:
description: Unknown is when the mirroring state is unknown
type: integer
type: object
health:
description: Health is the mirroring health
type: string
image_health:
description: ImageHealth is the health of the mirrored image
type: string
image_states:
description: ImageStates is the various state for all mirrored images
nullable: true
properties:
error:
description: Error is when the mirroring state is errored
type: integer
replaying:
description: Replaying is when the replay of the mirroring journal is on-going
type: integer
starting_replay:
description: StartingReplay is when the replay of the mirroring journal starts
type: integer
stopped:
description: Stopped is when the mirroring state is stopped
type: integer
stopping_replay:
description: StopReplaying is when the replay of the mirroring journal stops
type: integer
syncing:
description: Syncing is when the image is syncing
type: integer
unknown:
description: Unknown is when the mirroring state is unknown
type: integer
type: object
states:
description: States is the various state for all mirrored images
nullable: true
properties:
error:
description: Error is when the mirroring state is errored
type: integer
replaying:
description: Replaying is when the replay of the mirroring journal is on-going
type: integer
starting_replay:
description: StartingReplay is when the replay of the mirroring journal starts
type: integer
stopped:
description: Stopped is when the mirroring state is stopped
type: integer
stopping_replay:
description: StopReplaying is when the replay of the mirroring journal stops
type: integer
syncing:
description: Syncing is when the image is syncing
type: integer
unknown:
description: Unknown is when the mirroring state is unknown
type: integer
type: object
type: object
type: object
phase:
description: ConditionType represent a resource's status
type: string
snapshotScheduleStatus:
description: SnapshotScheduleStatusSpec is the status of the snapshot schedule
properties:
details:
description: Details contains potential status errors
type: string
lastChanged:
description: LastChanged is the last time time the status last changed
type: string
lastChecked:
description: LastChecked is the last time time the status was checked
type: string
snapshotSchedules:
description: SnapshotSchedules is the list of snapshots scheduled
items:
description: SnapshotSchedulesSpec is the list of snapshot scheduled for images in a pool
properties:
image:
description: Image is the mirrored image
type: string
items:
description: Items is the list schedules times for a given snapshot
items:
description: SnapshotSchedule is a schedule
properties:
interval:
description: Interval is the interval in which snapshots will be taken
type: string
start_time:
description: StartTime is the snapshot starting time
type: string
type: object
type: array
namespace:
description: Namespace is the RADOS namespace the image is part of
type: string
pool:
description: Pool is the pool name
type: string
type: object
nullable: true
type: array
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

531
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephblockpools.ceph.rook.io Normal file
View File

@@ -0,0 +1,531 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephblockpools.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephBlockPool
listKind: CephBlockPoolList
plural: cephblockpools
shortNames:
- cephbp
singular: cephblockpool
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .status.info.type
name: Type
type: string
- jsonPath: .status.info.failureDomain
name: FailureDomain
type: string
- jsonPath: .spec.replicated.size
name: Replication
priority: 1
type: integer
- jsonPath: .spec.erasureCoded.codingChunks
name: EC-CodingChunks
priority: 1
type: integer
- jsonPath: .spec.erasureCoded.dataChunks
name: EC-DataChunks
priority: 1
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephBlockPool represents a Ceph Storage Pool
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
NamedBlockPoolSpec allows a block pool to be created with a non-default name.
This is more specific than the NamedPoolSpec so we get schema validation on the
allowed pool names that can be specified.
properties:
application:
description: The application name to set on the pool. Only expected to be set for rgw pools.
type: string
compressionMode:
description: |-
DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force"
The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)
Do NOT set a default value for kubebuilder as this will override the Parameters
enum:
- none
- passive
- aggressive
- force
- ""
nullable: true
type: string
crushRoot:
description: The root of the crush hierarchy utilized by the pool
nullable: true
type: string
deviceClass:
description: The device class the OSD should set to for use in the pool
nullable: true
type: string
enableCrushUpdates:
description: Allow rook operator to change the pool CRUSH tunables once the pool is created
nullable: true
type: boolean
enableRBDStats:
description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool
type: boolean
erasureCoded:
description: The erasure code settings
properties:
algorithm:
description: |-
The algorithm for erasure coding.
If absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.
enum:
- isa
- jerasure
type: string
codingChunks:
description: |-
Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).
This is the number of OSDs that can be lost simultaneously before data cannot be recovered.
minimum: 0
type: integer
dataChunks:
description: |-
Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).
The number of chunks required to recover an object when any single OSD is lost is the same
as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.
minimum: 0
type: integer
required:
- codingChunks
- dataChunks
type: object
failureDomain:
description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map'
type: string
mirroring:
description: The mirroring settings
properties:
enabled:
description: Enabled whether this pool is mirrored or not
type: boolean
mode:
description: 'Mode is the mirroring mode: pool, image or init-only.'
enum:
- pool
- image
- init-only
type: string
peers:
description: Peers represents the peers spec
nullable: true
properties:
secretNames:
description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers
items:
type: string
type: array
type: object
snapshotSchedules:
description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools
items:
description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool
properties:
interval:
description: Interval represent the periodicity of the snapshot.
type: string
path:
description: Path is the path to snapshot, only valid for CephFS
type: string
startTime:
description: StartTime indicates when to start the snapshot
type: string
type: object
type: array
type: object
name:
description: The desired name of the pool if different from the CephBlockPool CR name.
enum:
- .rgw.root
- .nfs
- .mgr
type: string
parameters:
additionalProperties:
type: string
description: Parameters is a list of properties to enable on a given pool
nullable: true
type: object
x-kubernetes-preserve-unknown-fields: true
quotas:
description: The quota settings
nullable: true
properties:
maxBytes:
description: |-
MaxBytes represents the quota in bytes
Deprecated in favor of MaxSize
format: int64
type: integer
maxObjects:
description: MaxObjects represents the quota in objects
format: int64
type: integer
maxSize:
description: MaxSize represents the quota in bytes as a string
pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$
type: string
type: object
replicated:
description: The replication settings
properties:
hybridStorage:
description: HybridStorage represents hybrid storage tier settings
nullable: true
properties:
primaryDeviceClass:
description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD
minLength: 1
type: string
secondaryDeviceClass:
description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs
minLength: 1
type: string
required:
- primaryDeviceClass
- secondaryDeviceClass
type: object
replicasPerFailureDomain:
description: ReplicasPerFailureDomain the number of replica in the specified failure domain
minimum: 1
type: integer
requireSafeReplicaSize:
description: RequireSafeReplicaSize if false allows you to set replica 1
type: boolean
size:
description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)
minimum: 0
type: integer
subFailureDomain:
description: SubFailureDomain the name of the sub-failure domain
type: string
targetSizeRatio:
description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity
minimum: 0
type: number
required:
- size
type: object
statusCheck:
description: The mirroring statusCheck
properties:
mirror:
description: HealthCheckSpec represents the health check of an object store bucket
nullable: true
properties:
disabled:
type: boolean
interval:
description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds
type: string
timeout:
type: string
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
status:
description: CephBlockPoolStatus represents the mirroring status of Ceph Storage Pool
properties:
cephx:
description: PeerTokenCephxStatus represents the cephx key rotation status for peer tokens
properties:
peerToken:
description: PeerToken shows the rotation status of the peer token associated with the `rbd-mirror-peer` user.
properties:
keyCephVersion:
description: |-
KeyCephVersion reports the Ceph version that created the current generation's keys. This is
same string format as reported by `CephCluster.status.version.version` to allow them to be
compared. E.g., `20.2.0-0`.
For all newly-created resources, this field set to the version of Ceph that created the key.
The special value "Uninitialized" indicates that keys are being created for the first time.
An empty string indicates that the version is unknown, as expected in brownfield deployments.
type: string
keyGeneration:
description: |-
KeyGeneration represents the CephX key generation for the last successful reconcile.
For all newly-created resources, this field is set to `1`.
When keys are rotated due to any rotation policy, the generation is incremented or updated to
the configured policy generation.
Generation `0` indicates that keys existed prior to the implementation of key tracking.
format: int32
type: integer
type: object
type: object
conditions:
items:
description: Condition represents a status condition on any Rook-Ceph Custom Resource.
properties:
lastHeartbeatTime:
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
description: ConditionReason is a reason for a condition
type: string
status:
type: string
type:
description: ConditionType represent a resource's status
type: string
type: object
type: array
info:
additionalProperties:
type: string
nullable: true
type: object
mirroringInfo:
description: MirroringInfoSpec is the status of the pool/radosnamespace mirroring
properties:
details:
type: string
lastChanged:
type: string
lastChecked:
type: string
mode:
description: Mode is the mirroring mode
type: string
peers:
description: Peers are the list of peer sites connected to that cluster
items:
description: PeersSpec contains peer details
properties:
client_name:
description: ClientName is the CephX user used to connect to the peer
type: string
direction:
description: Direction is the peer mirroring direction
type: string
mirror_uuid:
description: MirrorUUID is the mirror UUID
type: string
site_name:
description: SiteName is the current site name
type: string
uuid:
description: UUID is the peer UUID
type: string
type: object
type: array
site_name:
description: SiteName is the current site name
type: string
type: object
mirroringStatus:
description: MirroringStatusSpec is the status of the pool/radosNamespace mirroring
properties:
details:
description: Details contains potential status errors
type: string
lastChanged:
description: LastChanged is the last time time the status last changed
type: string
lastChecked:
description: LastChecked is the last time time the status was checked
type: string
summary:
description: Summary is the mirroring status summary
properties:
daemon_health:
description: DaemonHealth is the health of the mirroring daemon
type: string
group_health:
description: GroupHealth is the health of the mirrored image group
nullable: true
type: string
group_states:
description: GroupStates is the various state for all mirrored image groups
nullable: true
properties:
error:
description: Error is when the mirroring state is errored
type: integer
replaying:
description: Replaying is when the replay of the mirroring journal is on-going
type: integer
starting_replay:
description: StartingReplay is when the replay of the mirroring journal starts
type: integer
stopped:
description: Stopped is when the mirroring state is stopped
type: integer
stopping_replay:
description: StopReplaying is when the replay of the mirroring journal stops
type: integer
syncing:
description: Syncing is when the image is syncing
type: integer
unknown:
description: Unknown is when the mirroring state is unknown
type: integer
type: object
health:
description: Health is the mirroring health
type: string
image_health:
description: ImageHealth is the health of the mirrored image
type: string
image_states:
description: ImageStates is the various state for all mirrored images
nullable: true
properties:
error:
description: Error is when the mirroring state is errored
type: integer
replaying:
description: Replaying is when the replay of the mirroring journal is on-going
type: integer
starting_replay:
description: StartingReplay is when the replay of the mirroring journal starts
type: integer
stopped:
description: Stopped is when the mirroring state is stopped
type: integer
stopping_replay:
description: StopReplaying is when the replay of the mirroring journal stops
type: integer
syncing:
description: Syncing is when the image is syncing
type: integer
unknown:
description: Unknown is when the mirroring state is unknown
type: integer
type: object
states:
description: States is the various state for all mirrored images
nullable: true
properties:
error:
description: Error is when the mirroring state is errored
type: integer
replaying:
description: Replaying is when the replay of the mirroring journal is on-going
type: integer
starting_replay:
description: StartingReplay is when the replay of the mirroring journal starts
type: integer
stopped:
description: Stopped is when the mirroring state is stopped
type: integer
stopping_replay:
description: StopReplaying is when the replay of the mirroring journal stops
type: integer
syncing:
description: Syncing is when the image is syncing
type: integer
unknown:
description: Unknown is when the mirroring state is unknown
type: integer
type: object
type: object
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
description: ConditionType represent a resource's status
type: string
poolID:
description: optional
type: integer
snapshotScheduleStatus:
description: SnapshotScheduleStatusSpec is the status of the snapshot schedule
properties:
details:
description: Details contains potential status errors
type: string
lastChanged:
description: LastChanged is the last time time the status last changed
type: string
lastChecked:
description: LastChecked is the last time time the status was checked
type: string
snapshotSchedules:
description: SnapshotSchedules is the list of snapshots scheduled
items:
description: SnapshotSchedulesSpec is the list of snapshot scheduled for images in a pool
properties:
image:
description: Image is the mirrored image
type: string
items:
description: Items is the list schedules times for a given snapshot
items:
description: SnapshotSchedule is a schedule
properties:
interval:
description: Interval is the interval in which snapshots will be taken
type: string
start_time:
description: StartTime is the snapshot starting time
type: string
type: object
type: array
namespace:
description: Namespace is the RADOS namespace the image is part of
type: string
pool:
description: Pool is the pool name
type: string
type: object
nullable: true
type: array
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

173
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephbucketnotifications.ceph.rook.io Normal file
View File

@@ -0,0 +1,173 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephbucketnotifications.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephBucketNotification
listKind: CephBucketNotificationList
plural: cephbucketnotifications
shortNames:
- cephbn
singular: cephbucketnotification
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephBucketNotification represents a Bucket Notifications
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: BucketNotificationSpec represent the spec of a Bucket Notification
properties:
events:
description: List of events that should trigger the notification
items:
description: BucketNotificationSpec represent the event type of the bucket notification
enum:
- s3:ObjectCreated:*
- s3:ObjectCreated:Put
- s3:ObjectCreated:Post
- s3:ObjectCreated:Copy
- s3:ObjectCreated:CompleteMultipartUpload
- s3:ObjectRemoved:*
- s3:ObjectRemoved:Delete
- s3:ObjectRemoved:DeleteMarkerCreated
type: string
type: array
filter:
description: Spec of notification filter
properties:
keyFilters:
description: Filters based on the object's key
items:
description: NotificationKeyFilterRule represent a single key rule in the Notification Filter spec
properties:
name:
description: Name of the filter - prefix/suffix/regex
enum:
- prefix
- suffix
- regex
type: string
value:
description: Value to filter on
type: string
required:
- name
- value
type: object
type: array
metadataFilters:
description: Filters based on the object's metadata
items:
description: NotificationFilterRule represent a single rule in the Notification Filter spec
properties:
name:
description: Name of the metadata or tag
minLength: 1
type: string
value:
description: Value to filter on
type: string
required:
- name
- value
type: object
type: array
tagFilters:
description: Filters based on the object's tags
items:
description: NotificationFilterRule represent a single rule in the Notification Filter spec
properties:
name:
description: Name of the metadata or tag
minLength: 1
type: string
value:
description: Value to filter on
type: string
required:
- name
- value
type: object
type: array
type: object
topic:
description: The name of the topic associated with this notification
minLength: 1
type: string
required:
- topic
type: object
status:
description: Status represents the status of an object
properties:
conditions:
items:
description: Condition represents a status condition on any Rook-Ceph Custom Resource.
properties:
lastHeartbeatTime:
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
description: ConditionReason is a reason for a condition
type: string
status:
type: string
type:
description: ConditionType represent a resource's status
type: string
type: object
type: array
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

237
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephbuckettopics.ceph.rook.io Normal file
View File

@@ -0,0 +1,237 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephbuckettopics.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephBucketTopic
listKind: CephBucketTopicList
plural: cephbuckettopics
shortNames:
- cephbt
singular: cephbuckettopic
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephBucketTopic represents a Ceph Object Topic for Bucket Notifications
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: BucketTopicSpec represent the spec of a Bucket Topic
properties:
endpoint:
description: Contains the endpoint spec of the topic
properties:
amqp:
description: Spec of AMQP endpoint
properties:
ackLevel:
default: broker
description: The ack level required for this topic (none/broker/routeable)
enum:
- none
- broker
- routeable
type: string
disableVerifySSL:
description: Indicate whether the server certificate is validated by the client or not
type: boolean
exchange:
description: Name of the exchange that is used to route messages based on topics
minLength: 1
type: string
uri:
description: The URI of the AMQP endpoint to push notification to
minLength: 1
type: string
required:
- exchange
- uri
type: object
http:
description: Spec of HTTP endpoint
properties:
disableVerifySSL:
description: Indicate whether the server certificate is validated by the client or not
type: boolean
sendCloudEvents:
description: 'Send the notifications with the CloudEvents header: https://github.com/cloudevents/spec/blob/main/cloudevents/adapters/aws-s3.md'
type: boolean
uri:
description: The URI of the HTTP endpoint to push notification to
minLength: 1
type: string
required:
- uri
type: object
kafka:
description: Spec of Kafka endpoint
properties:
ackLevel:
default: broker
description: The ack level required for this topic (none/broker)
enum:
- none
- broker
type: string
disableVerifySSL:
description: Indicate whether the server certificate is validated by the client or not
type: boolean
mechanism:
default: PLAIN
description: The authentication mechanism for this topic (PLAIN/SCRAM-SHA-512/SCRAM-SHA-256/GSSAPI/OAUTHBEARER)
enum:
- PLAIN
- SCRAM-SHA-512
- SCRAM-SHA-256
- GSSAPI
- OAUTHBEARER
type: string
passwordSecretRef:
description: The kafka password to use for authentication
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
uri:
description: The URI of the Kafka endpoint to push notification to
minLength: 1
type: string
useSSL:
description: Indicate whether to use SSL when communicating with the broker
type: boolean
userSecretRef:
description: The kafka user name to use for authentication
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
required:
- uri
type: object
type: object
objectStoreName:
description: The name of the object store on which to define the topic
minLength: 1
type: string
objectStoreNamespace:
description: The namespace of the object store on which to define the topic
minLength: 1
type: string
opaqueData:
description: Data which is sent in each event
type: string
persistent:
description: Indication whether notifications to this endpoint are persistent or not
type: boolean
required:
- endpoint
- objectStoreName
- objectStoreNamespace
type: object
status:
description: BucketTopicStatus represents the Status of a CephBucketTopic
properties:
ARN:
description: The ARN of the topic generated by the RGW
nullable: true
type: string
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
type: string
secrets:
items:
properties:
name:
description: name is unique within a namespace to reference a secret resource.
type: string
namespace:
description: namespace defines the space within which the secret name must be unique.
type: string
resourceVersion:
type: string
uid:
description: |-
UID is a type that holds unique ID values, including UUIDs. Because we
don't ONLY use UUIDs, this is an alias to string. Being a type captures
intent and helps make sure that UIDs and names do not get conflated.
type: string
type: object
x-kubernetes-map-type: atomic
type: array
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

153
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephclients.ceph.rook.io Normal file
View File

@@ -0,0 +1,153 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephclients.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephClient
listKind: CephClientList
plural: cephclients
shortNames:
- cephcl
singular: cephclient
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephClient represents a Ceph Client
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec represents the specification of a Ceph Client
properties:
caps:
additionalProperties:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
name:
type: string
removeSecret:
description: |-
RemoveSecret indicates whether the current secret for this ceph client should be removed or not.
If true, the K8s secret will be deleted, but the cephx keyring will remain until the CR is deleted.
type: boolean
secretName:
description: |-
SecretName is the name of the secret created for this ceph client.
If not specified, the default name is "rook-ceph-client-" as a prefix to the CR name.
type: string
x-kubernetes-validations:
- message: SecretName is immutable and cannot be changed
rule: self == oldSelf
security:
description: Security represents security settings
properties:
cephx:
description: 'CephX configures CephX key settings. More: https://docs.ceph.com/en/latest/dev/cephx/'
properties:
keyGeneration:
description: |-
KeyGeneration specifies the desired CephX key generation. This is used when KeyRotationPolicy
is KeyGeneration and ignored for other policies. If this is set to greater than the current
key generation, relevant keys will be rotated, and the generation value will be updated to
this new value (generation values are not necessarily incremental, though that is the
intended use case). If this is set to less than or equal to the current key generation, keys
are not rotated.
format: int32
maximum: 4294967295
minimum: 0
type: integer
x-kubernetes-validations:
- message: keyGeneration cannot be decreased
rule: self >= oldSelf
keyRotationPolicy:
description: |-
KeyRotationPolicy controls if and when CephX keys are rotated after initial creation.
One of Disabled, or KeyGeneration. Default Disabled.
enum:
- ""
- Disabled
- KeyGeneration
type: string
type: object
type: object
required:
- caps
type: object
status:
description: Status represents the status of a Ceph Client
properties:
cephx:
properties:
keyCephVersion:
description: |-
KeyCephVersion reports the Ceph version that created the current generation's keys. This is
same string format as reported by `CephCluster.status.version.version` to allow them to be
compared. E.g., `20.2.0-0`.
For all newly-created resources, this field set to the version of Ceph that created the key.
The special value "Uninitialized" indicates that keys are being created for the first time.
An empty string indicates that the version is unknown, as expected in brownfield deployments.
type: string
keyGeneration:
description: |-
KeyGeneration represents the CephX key generation for the last successful reconcile.
For all newly-created resources, this field is set to `1`.
When keys are rotated due to any rotation policy, the generation is incremented or updated to
the configured policy generation.
Generation `0` indicates that keys existed prior to the implementation of key tracking.
format: int32
type: integer
type: object
info:
additionalProperties:
type: string
nullable: true
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
description: ConditionType represent a resource's status
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

4834
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephclusters.ceph.rook.io Normal file
View File

File diff suppressed because it is too large Load Diff

141
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephconnections.csi.ceph.io Normal file
View File

@@ -0,0 +1,141 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephconnection-crd.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: cephconnections.csi.ceph.io
annotations:
controller-gen.kubebuilder.io/version: v0.17.2
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
spec:
group: csi.ceph.io
names:
kind: CephConnection
listKind: CephConnectionList
plural: cephconnections
singular: cephconnection
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: CephConnection is the Schema for the cephconnections API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: CephConnectionSpec defines the desired state of CephConnection
properties:
monitors:
items:
type: string
minItems: 1
type: array
rbdMirrorDaemonCount:
minimum: 1
type: integer
readAffinity:
description: ReadAffinitySpec capture Ceph CSI read affinity settings
properties:
crushLocationLabels:
items:
type: string
minItems: 1
type: array
required:
- crushLocationLabels
type: object
required:
- monitors
type: object
status:
description: CephConnectionStatus defines the observed state of CephConnection
type: object
type: object
served: true
storage: true
subresources:
status: {}
- deprecated: true
deprecationWarning: v1alpha1 is deprecated, please use v1
name: v1alpha1
schema:
openAPIV3Schema:
description: CephConnection is the Schema for the cephconnections API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: CephConnectionSpec defines the desired state of CephConnection
properties:
monitors:
items:
type: string
minItems: 1
type: array
rbdMirrorDaemonCount:
minimum: 1
type: integer
readAffinity:
description: ReadAffinitySpec capture Ceph CSI read affinity settings
properties:
crushLocationLabels:
items:
type: string
minItems: 1
type: array
required:
- crushLocationLabels
type: object
required:
- monitors
type: object
status:
description: CephConnectionStatus defines the observed state of CephConnection
type: object
type: object
served: true
storage: false
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

633
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephcosidrivers.ceph.rook.io Normal file
View File

@@ -0,0 +1,633 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephcosidrivers.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephCOSIDriver
listKind: CephCOSIDriverList
plural: cephcosidrivers
shortNames:
- cephcosi
singular: cephcosidriver
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: CephCOSIDriver represents the CRD for the Ceph COSI Driver Deployment
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec represents the specification of a Ceph COSI Driver
properties:
deploymentStrategy:
description: DeploymentStrategy is the strategy to use to deploy the COSI driver.
enum:
- Never
- Auto
- Always
type: string
image:
description: Image is the container image to run the Ceph COSI driver
type: string
objectProvisionerImage:
description: ObjectProvisionerImage is the container image to run the COSI driver sidecar
type: string
placement:
properties:
nodeAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
preference:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
weight:
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
properties:
nodeSelectorTerms:
items:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
type: array
x-kubernetes-list-type: atomic
required:
- nodeSelectorTerms
type: object
x-kubernetes-map-type: atomic
type: object
podAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
x-kubernetes-list-type: atomic
type: object
podAntiAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
x-kubernetes-list-type: atomic
type: object
tolerations:
items:
properties:
effect:
type: string
key:
type: string
operator:
type: string
tolerationSeconds:
format: int64
type: integer
value:
type: string
type: object
type: array
topologySpreadConstraints:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
format: int32
type: integer
minDomains:
format: int32
type: integer
nodeAffinityPolicy:
type: string
nodeTaintsPolicy:
type: string
topologyKey:
type: string
whenUnsatisfiable:
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
type: object
resources:
description: Resources is the resource requirements for the COSI driver
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
request:
description: |-
Request is the name chosen for a request in the referenced claim.
If empty, everything from the claim is made available, otherwise
only the result of this request.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true

703
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephfilesystemmirrors.ceph.rook.io Normal file
View File

@@ -0,0 +1,703 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephfilesystemmirrors.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephFilesystemMirror
listKind: CephFilesystemMirrorList
plural: cephfilesystemmirrors
shortNames:
- cephfsm
singular: cephfilesystemmirror
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephFilesystemMirror is the Ceph Filesystem Mirror object definition
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: FilesystemMirroringSpec is the filesystem mirroring specification
properties:
annotations:
additionalProperties:
type: string
description: The annotations-related configuration to add/set on each Pod related object.
nullable: true
type: object
labels:
additionalProperties:
type: string
description: The labels-related configuration to add/set on each Pod related object.
nullable: true
type: object
placement:
nullable: true
properties:
nodeAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
preference:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
weight:
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
properties:
nodeSelectorTerms:
items:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
type: array
x-kubernetes-list-type: atomic
required:
- nodeSelectorTerms
type: object
x-kubernetes-map-type: atomic
type: object
podAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
x-kubernetes-list-type: atomic
type: object
podAntiAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
x-kubernetes-list-type: atomic
type: object
tolerations:
items:
properties:
effect:
type: string
key:
type: string
operator:
type: string
tolerationSeconds:
format: int64
type: integer
value:
type: string
type: object
type: array
topologySpreadConstraints:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
format: int32
type: integer
minDomains:
format: int32
type: integer
nodeAffinityPolicy:
type: string
nodeTaintsPolicy:
type: string
topologyKey:
type: string
whenUnsatisfiable:
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
type: object
priorityClassName:
description: PriorityClassName sets priority class on the cephfs-mirror pods
type: string
resources:
description: The resource requirements for the cephfs-mirror pods
nullable: true
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
request:
description: |-
Request is the name chosen for a request in the referenced claim.
If empty, everything from the claim is made available, otherwise
only the result of this request.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
type: object
status:
description: FileMirrorStatus represents the status of the FileSystem mirror resource
properties:
cephx:
properties:
daemon:
description: Daemon shows the CephX key status for local Ceph daemons associated with this resources.
properties:
keyCephVersion:
description: |-
KeyCephVersion reports the Ceph version that created the current generation's keys. This is
same string format as reported by `CephCluster.status.version.version` to allow them to be
compared. E.g., `20.2.0-0`.
For all newly-created resources, this field set to the version of Ceph that created the key.
The special value "Uninitialized" indicates that keys are being created for the first time.
An empty string indicates that the version is unknown, as expected in brownfield deployments.
type: string
keyGeneration:
description: |-
KeyGeneration represents the CephX key generation for the last successful reconcile.
For all newly-created resources, this field is set to `1`.
When keys are rotated due to any rotation policy, the generation is incremented or updated to
the configured policy generation.
Generation `0` indicates that keys existed prior to the implementation of key tracking.
format: int32
type: integer
type: object
type: object
conditions:
items:
description: Condition represents a status condition on any Rook-Ceph Custom Resource.
properties:
lastHeartbeatTime:
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
description: ConditionReason is a reason for a condition
type: string
status:
type: string
type:
description: ConditionType represent a resource's status
type: string
type: object
type: array
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
type: string
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

1646
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephfilesystems.ceph.rook.io Normal file
View File

File diff suppressed because it is too large Load Diff

155
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephfilesystemsubvolumegroups.ceph.rook.io Normal file
View File

@@ -0,0 +1,155 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephfilesystemsubvolumegroups.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephFilesystemSubVolumeGroup
listKind: CephFilesystemSubVolumeGroupList
plural: cephfilesystemsubvolumegroups
shortNames:
- cephfssvg
- cephsvg
singular: cephfilesystemsubvolumegroup
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- description: Name of the CephFileSystem
jsonPath: .spec.filesystemName
name: Filesystem
type: string
- jsonPath: .spec.quota
name: Quota
type: string
- jsonPath: .status.info.pinning
name: Pinning
priority: 1
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephFilesystemSubVolumeGroup represents a Ceph Filesystem SubVolumeGroup
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec represents the specification of a Ceph Filesystem SubVolumeGroup
properties:
clusterID:
description: |-
ClusterID to be used for this subvolume group in the CSI configuration.
It must be unique among all Ceph clusters managed by Rook.
If not specified, the clusterID will be generated and can be found in the CR status.
maxLength: 36
minLength: 1
pattern: ^[a-zA-Z0-9_-]+$
type: string
x-kubernetes-validations:
- message: ClusterID is immutable
rule: self == oldSelf
dataPoolName:
description: The data pool name for the Ceph Filesystem subvolume group layout, if the default CephFS pool is not desired.
type: string
filesystemName:
description: |-
FilesystemName is the name of Ceph Filesystem SubVolumeGroup volume name. Typically it's the name of
the CephFilesystem CR. If not coming from the CephFilesystem CR, it can be retrieved from the
list of Ceph Filesystem volumes with `ceph fs volume ls`. To learn more about Ceph Filesystem
abstractions see https://docs.ceph.com/en/latest/cephfs/fs-volumes/#fs-volumes-and-subvolumes
type: string
x-kubernetes-validations:
- message: filesystemName is immutable
rule: self == oldSelf
name:
description: The name of the subvolume group. If not set, the default is the name of the subvolumeGroup CR.
type: string
x-kubernetes-validations:
- message: name is immutable
rule: self == oldSelf
pinning:
description: |-
Pinning configuration of CephFilesystemSubVolumeGroup,
reference https://docs.ceph.com/en/latest/cephfs/fs-volumes/#pinning-subvolumes-and-subvolume-groups
only one out of (export, distributed, random) can be set at a time
properties:
distributed:
maximum: 1
minimum: 0
nullable: true
type: integer
export:
maximum: 256
minimum: -1
nullable: true
type: integer
random:
maximum: 1
minimum: 0
nullable: true
type: number
type: object
x-kubernetes-validations:
- message: only one pinning type should be set
rule: (has(self.export) && !has(self.distributed) && !has(self.random)) || (!has(self.export) && has(self.distributed) && !has(self.random)) || (!has(self.export) && !has(self.distributed) && has(self.random)) || (!has(self.export) && !has(self.distributed) && !has(self.random))
quota:
anyOf:
- type: integer
- type: string
description: Quota size of the Ceph Filesystem subvolume group.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
required:
- filesystemName
type: object
status:
description: Status represents the status of a CephFilesystem SubvolumeGroup
properties:
info:
additionalProperties:
type: string
nullable: true
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
description: ConditionType represent a resource's status
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

2016
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephnfses.ceph.rook.io Normal file
View File

File diff suppressed because it is too large Load Diff

104
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephobjectrealms.ceph.rook.io Normal file
View File

@@ -0,0 +1,104 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephobjectrealms.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephObjectRealm
listKind: CephObjectRealmList
plural: cephobjectrealms
shortNames:
- cephor
singular: cephobjectrealm
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephObjectRealm represents a Ceph Object Store Gateway Realm
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ObjectRealmSpec represent the spec of an ObjectRealm
nullable: true
properties:
defaultRealm:
description: Set this realm as the default in Ceph. Only one realm should be default.
type: boolean
pull:
description: PullSpec represents the pulling specification of a Ceph Object Storage Gateway Realm
properties:
endpoint:
pattern: ^https*://
type: string
type: object
type: object
status:
description: Status represents the status of an object
properties:
conditions:
items:
description: Condition represents a status condition on any Rook-Ceph Custom Resource.
properties:
lastHeartbeatTime:
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
description: ConditionReason is a reason for a condition
type: string
status:
type: string
type:
description: ConditionType represent a resource's status
type: string
type: object
type: array
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
type: object
served: true
storage: true
subresources:
status: {}

2202
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephobjectstores.ceph.rook.io Normal file
View File

File diff suppressed because it is too large Load Diff

321
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephobjectstoreusers.ceph.rook.io Normal file
View File

@@ -0,0 +1,321 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephobjectstoreusers.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephObjectStoreUser
listKind: CephObjectStoreUserList
plural: cephobjectstoreusers
shortNames:
- rcou
- objectuser
- cephosu
singular: cephobjectstoreuser
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephObjectStoreUser represents a Ceph Object Store Gateway User
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ObjectStoreUserSpec represent the spec of an Objectstoreuser
properties:
capabilities:
description: Additional admin-level capabilities for the Ceph object store user
nullable: true
properties:
amz-cache:
description: Add capabilities for user to send request to RGW Cache API header. Documented in https://docs.ceph.com/en/latest/radosgw/rgw-cache/#cache-api
enum:
- '*'
- read
- write
- read, write
type: string
bilog:
description: Add capabilities for user to change bucket index logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
bucket:
description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
buckets:
description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
datalog:
description: Add capabilities for user to change data logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
info:
description: Admin capabilities to read/write information about the user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
mdlog:
description: Add capabilities for user to change metadata logging. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
metadata:
description: Admin capabilities to read/write Ceph object store metadata. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
oidc-provider:
description: Add capabilities for user to change oidc provider. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
ratelimit:
description: Add capabilities for user to set rate limiter for user and bucket. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
roles:
description: Admin capabilities to read/write roles for user. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
usage:
description: Admin capabilities to read/write Ceph object store usage. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
user:
description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
user-policy:
description: Add capabilities for user to change user policies. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
users:
description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
zone:
description: Admin capabilities to read/write Ceph object store zones. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities
enum:
- '*'
- read
- write
- read, write
type: string
type: object
clusterNamespace:
description: The namespace where the parent CephCluster and CephObjectStore are found
type: string
displayName:
description: The display name for the ceph user.
type: string
keys:
description: |-
Allows specifying credentials for the user. If not provided, the operator
will generate them.
items:
description: |-
ObjectUserKey defines a set of rgw user access credentials to be retrieved
from secret resources.
properties:
accessKeyRef:
description: Secret key selector for the access_key (commonly referred to as AWS_ACCESS_KEY_ID).
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Secret key selector for the secret_key (commonly referred to as AWS_SECRET_ACCESS_KEY).
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
type: array
quotas:
description: ObjectUserQuotaSpec can be used to set quotas for the object store user to limit their usage. See the [Ceph docs](https://docs.ceph.com/en/latest/radosgw/admin/?#quota-management) for more
nullable: true
properties:
maxBuckets:
description: Maximum bucket limit for the ceph user
nullable: true
type: integer
maxObjects:
description: Maximum number of objects across all the user's buckets
format: int64
nullable: true
type: integer
maxSize:
anyOf:
- type: integer
- type: string
description: |-
Maximum size limit of all objects across all the user's buckets
See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity for more info.
nullable: true
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
store:
description: The store the user will be created in
type: string
type: object
status:
description: ObjectStoreUserStatus represents the status Ceph Object Store Gateway User
properties:
info:
additionalProperties:
type: string
nullable: true
type: object
keys:
items:
properties:
name:
description: name is unique within a namespace to reference a secret resource.
type: string
namespace:
description: namespace defines the space within which the secret name must be unique.
type: string
resourceVersion:
type: string
uid:
description: |-
UID is a type that holds unique ID values, including UUIDs. Because we
don't ONLY use UUIDs, this is an alias to string. Being a type captures
intent and helps make sure that UIDs and names do not get conflated.
type: string
type: object
x-kubernetes-map-type: atomic
nullable: true
type: array
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

99
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephobjectzonegroups.ceph.rook.io Normal file
View File

@@ -0,0 +1,99 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephobjectzonegroups.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephObjectZoneGroup
listKind: CephObjectZoneGroupList
plural: cephobjectzonegroups
shortNames:
- cephozg
singular: cephobjectzonegroup
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephObjectZoneGroup represents a Ceph Object Store Gateway Zone Group
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ObjectZoneGroupSpec represent the spec of an ObjectZoneGroup
properties:
realm:
description: The name of the realm the zone group is a member of.
type: string
required:
- realm
type: object
status:
description: Status represents the status of an object
properties:
conditions:
items:
description: Condition represents a status condition on any Rook-Ceph Custom Resource.
properties:
lastHeartbeatTime:
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
description: ConditionReason is a reason for a condition
type: string
status:
type: string
type:
description: ConditionType represent a resource's status
type: string
type: object
type: array
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

587
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephobjectzones.ceph.rook.io Normal file
View File

@@ -0,0 +1,587 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephobjectzones.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephObjectZone
listKind: CephObjectZoneList
plural: cephobjectzones
shortNames:
- cephoz
singular: cephobjectzone
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephObjectZone represents a Ceph Object Store Gateway Zone
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ObjectZoneSpec represent the spec of an ObjectZone
properties:
customEndpoints:
description: |-
If this zone cannot be accessed from other peer Ceph clusters via the ClusterIP Service
endpoint created by Rook, you must set this to the externally reachable endpoint(s). You may
include the port in the definition. For example: "https://my-object-store.my-domain.net:443".
In many cases, you should set this to the endpoint of the ingress resource that makes the
CephObjectStore associated with this CephObjectStoreZone reachable to peer clusters.
The list can have one or more endpoints pointing to different RGW servers in the zone.
If a CephObjectStore endpoint is omitted from this list, that object store's gateways will
not receive multisite replication data
(see CephObjectStore.spec.gateway.disableMultisiteSyncTraffic).
items:
type: string
nullable: true
type: array
dataPool:
description: The data pool settings
nullable: true
properties:
application:
description: The application name to set on the pool. Only expected to be set for rgw pools.
type: string
compressionMode:
description: |-
DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force"
The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)
Do NOT set a default value for kubebuilder as this will override the Parameters
enum:
- none
- passive
- aggressive
- force
- ""
nullable: true
type: string
crushRoot:
description: The root of the crush hierarchy utilized by the pool
nullable: true
type: string
deviceClass:
description: The device class the OSD should set to for use in the pool
nullable: true
type: string
enableCrushUpdates:
description: Allow rook operator to change the pool CRUSH tunables once the pool is created
nullable: true
type: boolean
enableRBDStats:
description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool
type: boolean
erasureCoded:
description: The erasure code settings
properties:
algorithm:
description: |-
The algorithm for erasure coding.
If absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.
enum:
- isa
- jerasure
type: string
codingChunks:
description: |-
Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).
This is the number of OSDs that can be lost simultaneously before data cannot be recovered.
minimum: 0
type: integer
dataChunks:
description: |-
Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).
The number of chunks required to recover an object when any single OSD is lost is the same
as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.
minimum: 0
type: integer
required:
- codingChunks
- dataChunks
type: object
failureDomain:
description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map'
type: string
mirroring:
description: The mirroring settings
properties:
enabled:
description: Enabled whether this pool is mirrored or not
type: boolean
mode:
description: 'Mode is the mirroring mode: pool, image or init-only.'
enum:
- pool
- image
- init-only
type: string
peers:
description: Peers represents the peers spec
nullable: true
properties:
secretNames:
description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers
items:
type: string
type: array
type: object
snapshotSchedules:
description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools
items:
description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool
properties:
interval:
description: Interval represent the periodicity of the snapshot.
type: string
path:
description: Path is the path to snapshot, only valid for CephFS
type: string
startTime:
description: StartTime indicates when to start the snapshot
type: string
type: object
type: array
type: object
parameters:
additionalProperties:
type: string
description: Parameters is a list of properties to enable on a given pool
nullable: true
type: object
x-kubernetes-preserve-unknown-fields: true
quotas:
description: The quota settings
nullable: true
properties:
maxBytes:
description: |-
MaxBytes represents the quota in bytes
Deprecated in favor of MaxSize
format: int64
type: integer
maxObjects:
description: MaxObjects represents the quota in objects
format: int64
type: integer
maxSize:
description: MaxSize represents the quota in bytes as a string
pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$
type: string
type: object
replicated:
description: The replication settings
properties:
hybridStorage:
description: HybridStorage represents hybrid storage tier settings
nullable: true
properties:
primaryDeviceClass:
description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD
minLength: 1
type: string
secondaryDeviceClass:
description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs
minLength: 1
type: string
required:
- primaryDeviceClass
- secondaryDeviceClass
type: object
replicasPerFailureDomain:
description: ReplicasPerFailureDomain the number of replica in the specified failure domain
minimum: 1
type: integer
requireSafeReplicaSize:
description: RequireSafeReplicaSize if false allows you to set replica 1
type: boolean
size:
description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)
minimum: 0
type: integer
subFailureDomain:
description: SubFailureDomain the name of the sub-failure domain
type: string
targetSizeRatio:
description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity
minimum: 0
type: number
required:
- size
type: object
statusCheck:
description: The mirroring statusCheck
properties:
mirror:
description: HealthCheckSpec represents the health check of an object store bucket
nullable: true
properties:
disabled:
type: boolean
interval:
description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds
type: string
timeout:
type: string
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
metadataPool:
description: The metadata pool settings
nullable: true
properties:
application:
description: The application name to set on the pool. Only expected to be set for rgw pools.
type: string
compressionMode:
description: |-
DEPRECATED: use Parameters instead, e.g., Parameters["compression_mode"] = "force"
The inline compression mode in Bluestore OSD to set to (options are: none, passive, aggressive, force)
Do NOT set a default value for kubebuilder as this will override the Parameters
enum:
- none
- passive
- aggressive
- force
- ""
nullable: true
type: string
crushRoot:
description: The root of the crush hierarchy utilized by the pool
nullable: true
type: string
deviceClass:
description: The device class the OSD should set to for use in the pool
nullable: true
type: string
enableCrushUpdates:
description: Allow rook operator to change the pool CRUSH tunables once the pool is created
nullable: true
type: boolean
enableRBDStats:
description: EnableRBDStats is used to enable gathering of statistics for all RBD images in the pool
type: boolean
erasureCoded:
description: The erasure code settings
properties:
algorithm:
description: |-
The algorithm for erasure coding.
If absent, defaults to the plugin specified in osd_pool_default_erasure_code_profile.
enum:
- isa
- jerasure
type: string
codingChunks:
description: |-
Number of coding chunks per object in an erasure coded storage pool (required for erasure-coded pool type).
This is the number of OSDs that can be lost simultaneously before data cannot be recovered.
minimum: 0
type: integer
dataChunks:
description: |-
Number of data chunks per object in an erasure coded storage pool (required for erasure-coded pool type).
The number of chunks required to recover an object when any single OSD is lost is the same
as dataChunks so be aware that the larger the number of data chunks, the higher the cost of recovery.
minimum: 0
type: integer
required:
- codingChunks
- dataChunks
type: object
failureDomain:
description: 'The failure domain: osd/host/(region or zone if available) - technically also any type in the crush map'
type: string
mirroring:
description: The mirroring settings
properties:
enabled:
description: Enabled whether this pool is mirrored or not
type: boolean
mode:
description: 'Mode is the mirroring mode: pool, image or init-only.'
enum:
- pool
- image
- init-only
type: string
peers:
description: Peers represents the peers spec
nullable: true
properties:
secretNames:
description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers
items:
type: string
type: array
type: object
snapshotSchedules:
description: SnapshotSchedules is the scheduling of snapshot for mirrored images/pools
items:
description: SnapshotScheduleSpec represents the snapshot scheduling settings of a mirrored pool
properties:
interval:
description: Interval represent the periodicity of the snapshot.
type: string
path:
description: Path is the path to snapshot, only valid for CephFS
type: string
startTime:
description: StartTime indicates when to start the snapshot
type: string
type: object
type: array
type: object
parameters:
additionalProperties:
type: string
description: Parameters is a list of properties to enable on a given pool
nullable: true
type: object
x-kubernetes-preserve-unknown-fields: true
quotas:
description: The quota settings
nullable: true
properties:
maxBytes:
description: |-
MaxBytes represents the quota in bytes
Deprecated in favor of MaxSize
format: int64
type: integer
maxObjects:
description: MaxObjects represents the quota in objects
format: int64
type: integer
maxSize:
description: MaxSize represents the quota in bytes as a string
pattern: ^[0-9]+[\.]?[0-9]*([KMGTPE]i|[kMGTPE])?$
type: string
type: object
replicated:
description: The replication settings
properties:
hybridStorage:
description: HybridStorage represents hybrid storage tier settings
nullable: true
properties:
primaryDeviceClass:
description: PrimaryDeviceClass represents high performance tier (for example SSD or NVME) for Primary OSD
minLength: 1
type: string
secondaryDeviceClass:
description: SecondaryDeviceClass represents low performance tier (for example HDDs) for remaining OSDs
minLength: 1
type: string
required:
- primaryDeviceClass
- secondaryDeviceClass
type: object
replicasPerFailureDomain:
description: ReplicasPerFailureDomain the number of replica in the specified failure domain
minimum: 1
type: integer
requireSafeReplicaSize:
description: RequireSafeReplicaSize if false allows you to set replica 1
type: boolean
size:
description: Size - Number of copies per object in a replicated storage pool, including the object itself (required for replicated pool type)
minimum: 0
type: integer
subFailureDomain:
description: SubFailureDomain the name of the sub-failure domain
type: string
targetSizeRatio:
description: TargetSizeRatio gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity
minimum: 0
type: number
required:
- size
type: object
statusCheck:
description: The mirroring statusCheck
properties:
mirror:
description: HealthCheckSpec represents the health check of an object store bucket
nullable: true
properties:
disabled:
type: boolean
interval:
description: Interval is the internal in second or minute for the health check to run like 60s for 60 seconds
type: string
timeout:
type: string
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
preservePoolsOnDelete:
default: true
description: Preserve pools on object zone deletion
type: boolean
sharedPools:
description: The pool information when configuring RADOS namespaces in existing pools.
nullable: true
properties:
dataPoolName:
description: The data pool used for creating RADOS namespaces in the object store
type: string
x-kubernetes-validations:
- message: object store shared data pool is immutable
rule: self == oldSelf
metadataPoolName:
description: The metadata pool used for creating RADOS namespaces in the object store
type: string
x-kubernetes-validations:
- message: object store shared metadata pool is immutable
rule: self == oldSelf
poolPlacements:
description: |-
PoolPlacements control which Pools are associated with a particular RGW bucket.
Once PoolPlacements are defined, RGW client will be able to associate pool
with ObjectStore bucket by providing "<LocationConstraint>" during s3 bucket creation
or "X-Storage-Policy" header during swift container creation.
See: https://docs.ceph.com/en/latest/radosgw/placement/#placement-targets
PoolPlacement with name: "default" will be used as a default pool if no option
is provided during bucket creation.
If default placement is not provided, spec.sharedPools.dataPoolName and spec.sharedPools.MetadataPoolName will be used as default pools.
If spec.sharedPools are also empty, then RGW pools (spec.dataPool and spec.metadataPool) will be used as defaults.
items:
properties:
dataNonECPoolName:
description: |-
The data pool used to store ObjectStore data that cannot use erasure coding (ex: multi-part uploads).
If dataPoolName is not erasure coded, then there is no need for dataNonECPoolName.
type: string
dataPoolName:
description: The data pool used to store ObjectStore objects data.
minLength: 1
type: string
default:
description: |-
Sets given placement as default. Only one placement in the list can be marked as default.
Default is false.
type: boolean
metadataPoolName:
description: The metadata pool used to store ObjectStore bucket index.
minLength: 1
type: string
name:
description: Pool placement name. Name can be arbitrary. Placement with name "default" will be used as default.
minLength: 1
pattern: ^[a-zA-Z0-9._/-]+$
type: string
storageClasses:
description: |-
StorageClasses can be selected by user to override dataPoolName during object creation.
Each placement has default STANDARD StorageClass pointing to dataPoolName.
This list allows defining additional StorageClasses on top of default STANDARD storage class.
items:
properties:
dataPoolName:
description: DataPoolName is the data pool used to store ObjectStore objects data.
minLength: 1
type: string
name:
description: |-
Name is the StorageClass name. Ceph allows arbitrary name for StorageClasses,
however most clients/libs insist on AWS names so it is recommended to use
one of the valid x-amz-storage-class values for better compatibility:
REDUCED_REDUNDANCY | STANDARD_IA | ONEZONE_IA | INTELLIGENT_TIERING | GLACIER | DEEP_ARCHIVE | OUTPOSTS | GLACIER_IR | SNOW | EXPRESS_ONEZONE
See AWS docs: https://aws.amazon.com/de/s3/storage-classes/
minLength: 1
pattern: ^[a-zA-Z0-9._/-]+$
type: string
required:
- dataPoolName
- name
type: object
type: array
required:
- dataPoolName
- metadataPoolName
- name
type: object
type: array
preserveRadosNamespaceDataOnDelete:
description: Whether the RADOS namespaces should be preserved on deletion of the object store
type: boolean
type: object
zoneGroup:
description: The name of the zone group the zone is a member of.
type: string
required:
- zoneGroup
type: object
status:
description: Status represents the status of an object
properties:
conditions:
items:
description: Condition represents a status condition on any Rook-Ceph Custom Resource.
properties:
lastHeartbeatTime:
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
description: ConditionReason is a reason for a condition
type: string
status:
type: string
type:
description: ConditionType represent a resource's status
type: string
type: object
type: array
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

724
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-cephrbdmirrors.ceph.rook.io Normal file
View File

@@ -0,0 +1,724 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.19.0
helm.sh/resource-policy: keep
name: cephrbdmirrors.ceph.rook.io
spec:
group: ceph.rook.io
names:
kind: CephRBDMirror
listKind: CephRBDMirrorList
plural: cephrbdmirrors
shortNames:
- cephrbdm
singular: cephrbdmirror
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.phase
name: Phase
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: CephRBDMirror represents a Ceph RBD Mirror
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RBDMirroringSpec represents the specification of an RBD mirror daemon
properties:
annotations:
additionalProperties:
type: string
description: The annotations-related configuration to add/set on each Pod related object.
nullable: true
type: object
x-kubernetes-preserve-unknown-fields: true
count:
description: Count represents the number of rbd mirror instance to run
minimum: 1
type: integer
labels:
additionalProperties:
type: string
description: The labels-related configuration to add/set on each Pod related object.
nullable: true
type: object
x-kubernetes-preserve-unknown-fields: true
peers:
description: Peers represents the peers spec
nullable: true
properties:
secretNames:
description: SecretNames represents the Kubernetes Secret names to add rbd-mirror or cephfs-mirror peers
items:
type: string
type: array
type: object
placement:
nullable: true
properties:
nodeAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
preference:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
weight:
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
properties:
nodeSelectorTerms:
items:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchFields:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
type: object
x-kubernetes-map-type: atomic
type: array
x-kubernetes-list-type: atomic
required:
- nodeSelectorTerms
type: object
x-kubernetes-map-type: atomic
type: object
podAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
x-kubernetes-list-type: atomic
type: object
podAntiAffinity:
properties:
preferredDuringSchedulingIgnoredDuringExecution:
items:
properties:
podAffinityTerm:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
weight:
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
x-kubernetes-list-type: atomic
requiredDuringSchedulingIgnoredDuringExecution:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
mismatchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
namespaces:
items:
type: string
type: array
x-kubernetes-list-type: atomic
topologyKey:
type: string
required:
- topologyKey
type: object
type: array
x-kubernetes-list-type: atomic
type: object
tolerations:
items:
properties:
effect:
type: string
key:
type: string
operator:
type: string
tolerationSeconds:
format: int64
type: integer
value:
type: string
type: object
type: array
topologySpreadConstraints:
items:
properties:
labelSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
type: string
values:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
format: int32
type: integer
minDomains:
format: int32
type: integer
nodeAffinityPolicy:
type: string
nodeTaintsPolicy:
type: string
topologyKey:
type: string
whenUnsatisfiable:
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
type: object
x-kubernetes-preserve-unknown-fields: true
priorityClassName:
description: PriorityClassName sets priority class on the rbd mirror pods
type: string
resources:
description: The resource requirements for the rbd mirror pods
nullable: true
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
request:
description: |-
Request is the name chosen for a request in the referenced claim.
If empty, everything from the claim is made available, otherwise
only the result of this request.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- count
type: object
status:
description: RBDMirrorStatus represents the status of the RBD mirror resource
properties:
cephx:
properties:
daemon:
description: Daemon shows the CephX key status for local Ceph daemons associated with this resources.
properties:
keyCephVersion:
description: |-
KeyCephVersion reports the Ceph version that created the current generation's keys. This is
same string format as reported by `CephCluster.status.version.version` to allow them to be
compared. E.g., `20.2.0-0`.
For all newly-created resources, this field set to the version of Ceph that created the key.
The special value "Uninitialized" indicates that keys are being created for the first time.
An empty string indicates that the version is unknown, as expected in brownfield deployments.
type: string
keyGeneration:
description: |-
KeyGeneration represents the CephX key generation for the last successful reconcile.
For all newly-created resources, this field is set to `1`.
When keys are rotated due to any rotation policy, the generation is incremented or updated to
the configured policy generation.
Generation `0` indicates that keys existed prior to the implementation of key tracking.
format: int32
type: integer
type: object
type: object
conditions:
items:
description: Condition represents a status condition on any Rook-Ceph Custom Resource.
properties:
lastHeartbeatTime:
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
description: ConditionReason is a reason for a condition
type: string
status:
type: string
type:
description: ConditionType represent a resource's status
type: string
type: object
type: array
observedGeneration:
description: ObservedGeneration is the latest generation observed by the controller.
format: int64
type: integer
phase:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}

145
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-clientprofilemappings.csi.ceph.io Normal file
View File

@@ -0,0 +1,145 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofilemapping-crd.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clientprofilemappings.csi.ceph.io
annotations:
controller-gen.kubebuilder.io/version: v0.17.2
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
spec:
group: csi.ceph.io
names:
kind: ClientProfileMapping
listKind: ClientProfileMappingList
plural: clientprofilemappings
singular: clientprofilemapping
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: ClientProfileMapping is the Schema for the clientprofilemappings API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClientProfileMappingSpec defines the desired state of ClientProfileMapping
properties:
mappings:
items:
description: MappingsSpec define a mapping between a local and remote profiles
properties:
blockPoolIdMapping:
items:
items:
type: string
maxItems: 2
minItems: 2
type: array
type: array
localClientProfile:
type: string
remoteClientProfile:
type: string
required:
- localClientProfile
- remoteClientProfile
type: object
type: array
required:
- mappings
type: object
status:
description: ClientProfileMappingStatus defines the observed state of ClientProfileMapping
type: object
type: object
served: true
storage: true
subresources:
status: {}
- deprecated: true
deprecationWarning: v1alpha1 is deprecated, please use v1
name: v1alpha1
schema:
openAPIV3Schema:
description: ClientProfileMapping is the Schema for the clientprofilemappings API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClientProfileMappingSpec defines the desired state of ClientProfileMapping
properties:
mappings:
items:
description: MappingsSpec define a mapping between a local and remote profiles
properties:
blockPoolIdMapping:
items:
items:
type: string
maxItems: 2
minItems: 2
type: array
type: array
localClientProfile:
type: string
remoteClientProfile:
type: string
required:
- localClientProfile
- remoteClientProfile
type: object
type: array
required:
- mappings
type: object
status:
description: ClientProfileMappingStatus defines the observed state of ClientProfileMapping
type: object
type: object
served: true
storage: false
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

255
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-clientprofiles.csi.ceph.io Normal file
View File

@@ -0,0 +1,255 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/clientprofile-crd.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clientprofiles.csi.ceph.io
annotations:
controller-gen.kubebuilder.io/version: v0.17.2
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
spec:
group: csi.ceph.io
names:
kind: ClientProfile
listKind: ClientProfileList
plural: clientprofiles
singular: clientprofile
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: ClientProfile is the Schema for the clientprofiles API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
ClientProfileSpec defines the desired state of Ceph CSI
configuration for volumes and snapshots configured to use
this profile
properties:
cephConnectionRef:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: '''.name'' cannot be empty'
rule: self.name != ""
cephFs:
description: CephFsConfigSpec defines the desired CephFs configuration
properties:
cephCsiSecrets:
description: |-
CephCsiSecretsSpec defines the secrets used by the client profile
to access the Ceph cluster and perform operations
on volumes.
properties:
controllerPublishSecret:
description: |-
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
properties:
name:
description: name is unique within a namespace to reference a secret resource.
type: string
namespace:
description: namespace defines the space within which the secret name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
type: object
fuseMountOptions:
additionalProperties:
type: string
type: object
kernelMountOptions:
additionalProperties:
type: string
type: object
radosNamespace:
type: string
x-kubernetes-validations:
- message: field is immutable
rule: self == oldSelf
subVolumeGroup:
type: string
type: object
nfs:
description: NfsConfigSpec cdefines the desired NFS configuration
type: object
rbd:
description: RbdConfigSpec defines the desired RBD configuration
properties:
cephCsiSecrets:
description: |-
CephCsiSecretsSpec defines the secrets used by the client profile
to access the Ceph cluster and perform operations
on volumes.
properties:
controllerPublishSecret:
description: |-
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
properties:
name:
description: name is unique within a namespace to reference a secret resource.
type: string
namespace:
description: namespace defines the space within which the secret name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
type: object
radosNamespace:
type: string
x-kubernetes-validations:
- message: field is immutable
rule: self == oldSelf
type: object
required:
- cephConnectionRef
type: object
status:
description: |-
ClientProfileStatus defines the observed state of Ceph CSI
configuration for volumes and snapshots configured to use
this profile
type: object
type: object
served: true
storage: true
subresources:
status: {}
- deprecated: true
deprecationWarning: v1alpha1 is deprecated, please use v1
name: v1alpha1
schema:
openAPIV3Schema:
description: ClientProfile is the Schema for the clientprofiles API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
ClientProfileSpec defines the desired state of Ceph CSI
configuration for volumes and snapshots configured to use
this profile
properties:
cephConnectionRef:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
type: object
x-kubernetes-map-type: atomic
x-kubernetes-validations:
- message: '''.name'' cannot be empty'
rule: self.name != ""
cephFs:
description: CephFsConfigSpec defines the desired CephFs configuration
properties:
fuseMountOptions:
additionalProperties:
type: string
type: object
kernelMountOptions:
additionalProperties:
type: string
type: object
radosNamespace:
type: string
x-kubernetes-validations:
- message: field is immutable
rule: self == oldSelf
subVolumeGroup:
type: string
type: object
nfs:
description: NfsConfigSpec cdefines the desired NFS configuration
type: object
rbd:
description: RbdConfigSpec defines the desired RBD configuration
properties:
radosNamespace:
type: string
x-kubernetes-validations:
- message: field is immutable
rule: self == oldSelf
type: object
required:
- cephConnectionRef
type: object
status:
description: |-
ClientProfileStatus defines the observed state of Ceph CSI
configuration for volumes and snapshots configured to use
this profile
type: object
type: object
served: true
storage: false
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

13624
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-drivers.csi.ceph.io Normal file
View File

File diff suppressed because it is too large Load Diff

47
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-objectbucketclaims.objectbucket.io Normal file
View File

@@ -0,0 +1,47 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: objectbucketclaims.objectbucket.io
annotations:
helm.sh/resource-policy: keep
spec:
group: objectbucket.io
names:
kind: ObjectBucketClaim
listKind: ObjectBucketClaimList
plural: objectbucketclaims
singular: objectbucketclaim
shortNames:
- obc
- obcs
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
storageClassName:
type: string
bucketName:
type: string
generateBucketName:
type: string
additionalConfig:
type: object
nullable: true
x-kubernetes-preserve-unknown-fields: true
objectBucketName:
type: string
status:
type: object
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}

72
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-objectbuckets.objectbucket.io Normal file
View File

@@ -0,0 +1,72 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/resources.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: objectbuckets.objectbucket.io
annotations:
helm.sh/resource-policy: keep
spec:
group: objectbucket.io
names:
kind: ObjectBucket
listKind: ObjectBucketList
plural: objectbuckets
singular: objectbucket
shortNames:
- ob
- obs
scope: Cluster
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
storageClassName:
type: string
endpoint:
type: object
nullable: true
properties:
bucketHost:
type: string
bucketPort:
type: integer
format: int32
bucketName:
type: string
region:
type: string
subRegion:
type: string
additionalConfig:
type: object
nullable: true
x-kubernetes-preserve-unknown-fields: true
authentication:
type: object
nullable: true
items:
type: object
x-kubernetes-preserve-unknown-fields: true
additionalState:
type: object
nullable: true
x-kubernetes-preserve-unknown-fields: true
reclaimPolicy:
type: string
claimRef:
type: object
nullable: true
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}

13644
clusters/cl01tl/manifests/rook-ceph/CustomResourceDefinition-operatorconfigs.csi.ceph.io Normal file
View File

File diff suppressed because it is too large Load Diff

77
clusters/cl01tl/manifests/rook-ceph/Deployment-ceph-csi-controller-manager.yml Normal file
View File

@@ -0,0 +1,77 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ceph-csi-controller-manager
labels:
control-plane: controller-manager
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
control-plane: ceph-csi-op-controller-manager
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
template:
metadata:
labels:
control-plane: ceph-csi-op-controller-manager
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
annotations:
kubectl.kubernetes.io/default-container: manager
spec:
containers:
- args:
- --leader-elect
command:
- /manager
env:
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CSI_SERVICE_ACCOUNT_PREFIX
value: "ceph-csi-"
- name: WATCH_NAMESPACE
value: ""
- name: KUBERNETES_CLUSTER_DOMAIN
value: "cluster.local"
image: quay.io/cephcsi/ceph-csi-operator:v0.4.1
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
imagePullSecrets: []
securityContext:
runAsNonRoot: true
serviceAccountName: ceph-csi-controller-manager
terminationGracePeriodSeconds: 10

60
clusters/cl01tl/manifests/rook-ceph/Deployment-rook-ceph-cloudflared-rgw.yml Normal file
View File

@@ -0,0 +1,60 @@
---
# Source: rook-ceph/charts/cloudflared-rgw/templates/common.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: rook-ceph-cloudflared-rgw
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cloudflared-rgw
app.kubernetes.io/version: 2025.10.0
helm.sh/chart: cloudflared-rgw-1.23.1
namespace: rook-ceph
spec:
revisionHistoryLimit: 3
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/controller: main
app.kubernetes.io/name: cloudflared-rgw
app.kubernetes.io/instance: rook-ceph
template:
metadata:
labels:
app.kubernetes.io/controller: main
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/name: cloudflared-rgw
spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
hostIPC: false
hostNetwork: false
hostPID: false
dnsPolicy: ClusterFirst
containers:
- args:
- tunnel
- --protocol
- http2
- --no-autoupdate
- run
- --token
- $(CF_MANAGED_TUNNEL_TOKEN)
env:
- name: CF_MANAGED_TUNNEL_TOKEN
valueFrom:
secretKeyRef:
key: cf-tunnel-token
name: ceph-rgw-cloudflared-secret
image: cloudflare/cloudflared:2025.11.1
imagePullPolicy: IfNotPresent
name: main
resources:
requests:
cpu: 10m
memory: 128Mi

85
clusters/cl01tl/manifests/rook-ceph/Deployment-rook-ceph-operator.yml Normal file
View File

@@ -0,0 +1,85 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: rook-ceph-operator
namespace: rook-ceph # namespace:operator
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
spec:
replicas: 1
selector:
matchLabels:
app: rook-ceph-operator
strategy:
type: Recreate
template:
metadata:
labels:
app: rook-ceph-operator
helm.sh/chart: "rook-ceph-v1.18.8"
spec:
tolerations:
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 5
containers:
- name: rook-ceph-operator
image: "docker.io/rook/ceph:v1.18.8"
imagePullPolicy: IfNotPresent
args: ["ceph", "operator"]
securityContext:
capabilities:
drop:
- ALL
runAsGroup: 2016
runAsNonRoot: true
runAsUser: 2016
volumeMounts:
- mountPath: /var/lib/rook
name: rook-config
- mountPath: /etc/ceph
name: default-config-dir
env:
- name: ROOK_CURRENT_NAMESPACE_ONLY
value: "false"
- name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED
value: "false"
- name: ROOK_DISABLE_DEVICE_HOTPLUG
value: "false"
- name: ROOK_DISCOVER_DEVICES_INTERVAL
value: "60m"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
limits:
memory: 512Mi
requests:
cpu: 200m
memory: 128Mi
serviceAccountName: rook-ceph-system
volumes:
- name: rook-config
emptyDir: {}
- name: default-config-dir
emptyDir: {}

139
clusters/cl01tl/manifests/rook-ceph/Deployment-rook-ceph-tools.yml Normal file
View File

@@ -0,0 +1,139 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/deployment.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
name: rook-ceph-tools
namespace: rook-ceph # namespace:cluster
labels:
app: rook-ceph-tools
spec:
replicas: 1
selector:
matchLabels:
app: rook-ceph-tools
template:
metadata:
labels:
app: rook-ceph-tools
spec:
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: rook-ceph-tools
image: quay.io/ceph/ceph:v19.2.3
command:
- /bin/bash
- -c
- |
# Replicate the script from toolbox.sh inline so the ceph image
# can be run directly, instead of requiring the rook toolbox
CEPH_CONFIG="/etc/ceph/ceph.conf"
MON_CONFIG="/etc/rook/mon-endpoints"
KEYRING_FILE="/etc/ceph/keyring"
# create a ceph config file in its default location so ceph/rados tools can be used
# without specifying any arguments
write_endpoints() {
endpoints=$(cat ${MON_CONFIG})
# filter out the mon names
# external cluster can have numbers or hyphens in mon names, handling them in regex
# shellcheck disable=SC2001
mon_endpoints=$(echo "${endpoints}"| sed 's/[a-z0-9_-]\+=//g')
DATE=$(date)
echo "$DATE writing mon endpoints to ${CEPH_CONFIG}: ${endpoints}"
cat <<EOF > ${CEPH_CONFIG}
[global]
mon_host = ${mon_endpoints}
[client.admin]
keyring = ${KEYRING_FILE}
EOF
}
# watch the endpoints config file and update if the mon endpoints ever change
watch_endpoints() {
# get the timestamp for the target of the soft link
real_path=$(realpath ${MON_CONFIG})
initial_time=$(stat -c %Z "${real_path}")
while true; do
real_path=$(realpath ${MON_CONFIG})
latest_time=$(stat -c %Z "${real_path}")
if [[ "${latest_time}" != "${initial_time}" ]]; then
write_endpoints
initial_time=${latest_time}
fi
sleep 10
done
}
# read the secret from an env var (for backward compatibility), or from the secret file
ceph_secret=${ROOK_CEPH_SECRET}
if [[ "$ceph_secret" == "" ]]; then
ceph_secret=$(cat /var/lib/rook-ceph-mon/secret.keyring)
fi
# create the keyring file
cat <<EOF > ${KEYRING_FILE}
[${ROOK_CEPH_USERNAME}]
key = ${ceph_secret}
EOF
# write the initial config file
write_endpoints
# continuously update the mon endpoints if they fail over
watch_endpoints
imagePullPolicy: IfNotPresent
tty: true
securityContext:
capabilities:
drop:
- ALL
runAsGroup: 2016
runAsNonRoot: true
runAsUser: 2016
env:
- name: ROOK_CEPH_USERNAME
valueFrom:
secretKeyRef:
name: rook-ceph-mon
key: ceph-username
resources:
limits:
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /etc/ceph
name: ceph-config
- name: mon-endpoint-volume
mountPath: /etc/rook
- name: ceph-admin-secret
mountPath: /var/lib/rook-ceph-mon
serviceAccountName: rook-ceph-default
volumes:
- name: ceph-admin-secret
secret:
secretName: rook-ceph-mon
optional: false
items:
- key: ceph-secret
path: secret.keyring
- name: mon-endpoint-volume
configMap:
name: rook-ceph-mon-endpoints
items:
- key: data
path: mon-endpoints
- name: ceph-config
emptyDir: {}
tolerations:
- key: "node.kubernetes.io/unreachable"
operator: "Exists"
effect: "NoExecute"
tolerationSeconds: 5

23
clusters/cl01tl/manifests/rook-ceph/ExternalSecret-ceph-rgw-cloudflared-secret.yml Normal file
View File

@@ -0,0 +1,23 @@
---
# Source: rook-ceph/templates/external-secret.yaml
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: ceph-rgw-cloudflared-secret
namespace: rook-ceph
labels:
app.kubernetes.io/name: ceph-rgw-cloudflared-secret
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/part-of: rook-ceph
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: cf-tunnel-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/tunnels/ceph-rgw
metadataPolicy: None
property: token

30
clusters/cl01tl/manifests/rook-ceph/HTTPRoute-http-route-rook-ceph-rgw.yml Normal file
View File

@@ -0,0 +1,30 @@
---
# Source: rook-ceph/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-rook-ceph-rgw
namespace: rook-ceph
labels:
app.kubernetes.io/name: http-route-rook-ceph-rgw
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/part-of: rook-ceph
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- objects.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: rook-ceph-rgw-ceph-objectstore
port: 80
weight: 100

30
clusters/cl01tl/manifests/rook-ceph/HTTPRoute-http-route-rook-ceph.yml Normal file
View File

@@ -0,0 +1,30 @@
---
# Source: rook-ceph/templates/http-route.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-rook-ceph
namespace: rook-ceph
labels:
app.kubernetes.io/name: http-route-rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/part-of: rook-ceph
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- ceph.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: rook-ceph-mgr-dashboard
port: 7000
weight: 100

13
clusters/cl01tl/manifests/rook-ceph/Namespace-rook-ceph.yml Normal file
View File

@@ -0,0 +1,13 @@
---
# Source: rook-ceph/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: rook-ceph
labels:
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/part-of: rook-ceph
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

870
clusters/cl01tl/manifests/rook-ceph/PrometheusRule-prometheus-ceph-rules.yml Normal file
View File

@@ -0,0 +1,870 @@
---
# Source: rook-ceph/charts/rook-ceph-cluster/templates/prometheusrules.yaml
kind: PrometheusRule
apiVersion: monitoring.coreos.com/v1
metadata:
labels:
prometheus: rook-prometheus
role: alert-rules
name: prometheus-ceph-rules
namespace: rook-ceph
spec:
groups:
- name: cluster health
rules:
- alert: CephHealthError
annotations:
description: The cluster state has been HEALTH_ERROR for more than 5 minutes. Please check 'ceph health detail' for more information.
summary: Ceph is in the ERROR state
expr: ceph_health_status == 2
for: 5m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.2.1
severity: critical
type: ceph_default
- alert: CephHealthWarning
annotations:
description: The cluster state has been HEALTH_WARN for more than 15 minutes. Please check 'ceph health detail' for more information.
summary: Ceph is in the WARNING state
expr: ceph_health_status == 1
for: 15m
labels:
severity: warning
type: ceph_default
- name: mon
rules:
- alert: CephMonDownQuorumAtRisk
annotations:
description: '{{ $min := query "floor(count(ceph_mon_metadata) / 2) + 1" | first | value }}Quorum requires a majority of monitors (x {{ $min }}) to be active. Without quorum the cluster will become inoperable, affecting all services and connected clients. The following monitors are down: {{- range query "(ceph_mon_quorum_status == 0) + on(ceph_daemon) group_left(hostname) (ceph_mon_metadata * 0)" }} - {{ .Labels.ceph_daemon }} on {{ .Labels.hostname }} {{- end }}'
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-down
summary: Monitor quorum is at risk
expr: |
(
(ceph_health_detail{name="MON_DOWN"} == 1) * on() (
count(ceph_mon_quorum_status == 1) == bool (floor(count(ceph_mon_metadata) / 2) + 1)
)
) == 1
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.3.1
severity: critical
type: ceph_default
- alert: CephMonDown
annotations:
description: |
{{ $down := query "count(ceph_mon_quorum_status == 0)" | first | value }}{{ $s := "" }}{{ if gt $down 1.0 }}{{ $s = "s" }}{{ end }}You have {{ $down }} monitor{{ $s }} down. Quorum is still intact, but the loss of an additional monitor will make your cluster inoperable. The following monitors are down: {{- range query "(ceph_mon_quorum_status == 0) + on(ceph_daemon) group_left(hostname) (ceph_mon_metadata * 0)" }} - {{ .Labels.ceph_daemon }} on {{ .Labels.hostname }} {{- end }}
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-down
summary: One or more monitors down
expr: |
count(ceph_mon_quorum_status == 0) <= (count(ceph_mon_metadata) - floor(count(ceph_mon_metadata) / 2) + 1)
for: 30s
labels:
severity: warning
type: ceph_default
- alert: CephMonDiskspaceCritical
annotations:
description: The free space available to a monitor's store is critically low. You should increase the space available to the monitor(s). The default directory is /var/lib/ceph/mon-*/data/store.db on traditional deployments, and /var/lib/rook/mon-*/data/store.db on the mon pod's worker node for Rook. Look for old, rotated versions of *.log and MANIFEST*. Do NOT touch any *.sst files. Also check any other directories under /var/lib/rook and other directories on the same filesystem, often /var/log and /var/tmp are culprits. Your monitor hosts are; {{- range query "ceph_mon_metadata"}} - {{ .Labels.hostname }} {{- end }}
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-disk-crit
summary: Filesystem space on at least one monitor is critically low
expr: ceph_health_detail{name="MON_DISK_CRIT"} == 1
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.3.2
severity: critical
type: ceph_default
- alert: CephMonDiskspaceLow
annotations:
description: The space available to a monitor's store is approaching full (>70% is the default). You should increase the space available to the monitor(s). The default directory is /var/lib/ceph/mon-*/data/store.db on traditional deployments, and /var/lib/rook/mon-*/data/store.db on the mon pod's worker node for Rook. Look for old, rotated versions of *.log and MANIFEST*. Do NOT touch any *.sst files. Also check any other directories under /var/lib/rook and other directories on the same filesystem, often /var/log and /var/tmp are culprits. Your monitor hosts are; {{- range query "ceph_mon_metadata"}} - {{ .Labels.hostname }} {{- end }}
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-disk-low
summary: Drive space on at least one monitor is approaching full
expr: ceph_health_detail{name="MON_DISK_LOW"} == 1
for: 5m
labels:
severity: warning
type: ceph_default
- alert: CephMonClockSkew
annotations:
description: Ceph monitors rely on closely synchronized time to maintain quorum and cluster consistency. This event indicates that the time on at least one mon has drifted too far from the lead mon. Review cluster status with ceph -s. This will show which monitors are affected. Check the time sync status on each monitor host with 'ceph time-sync-status' and the state and peers of your ntpd or chrony daemon.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-clock-skew
summary: Clock skew detected among monitors
expr: ceph_health_detail{name="MON_CLOCK_SKEW"} == 1
for: 1m
labels:
severity: warning
type: ceph_default
- name: osd
rules:
- alert: CephOSDDownHigh
annotations:
description: '{{ $value | humanize }}% or {{ with query "count(ceph_osd_up == 0)" }}{{ . | first | value }}{{ end }} of {{ with query "count(ceph_osd_up)" }}{{ . | first | value }}{{ end }} OSDs are down (>= 10%). The following OSDs are down: {{- range query "(ceph_osd_up * on(ceph_daemon) group_left(hostname) ceph_osd_metadata) == 0" }} - {{ .Labels.ceph_daemon }} on {{ .Labels.hostname }} {{- end }}'
summary: More than 10% of OSDs are down
expr: count(ceph_osd_up == 0) / count(ceph_osd_up) * 100 >= 10
for: 5m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.4.1
severity: critical
type: ceph_default
- alert: CephOSDHostDown
annotations:
description: 'The following OSDs are down: {{- range query "(ceph_osd_up * on(ceph_daemon) group_left(hostname) ceph_osd_metadata) == 0" }} - {{ .Labels.hostname }} : {{ .Labels.ceph_daemon }} {{- end }}'
summary: An OSD host is offline
expr: ceph_health_detail{name="OSD_HOST_DOWN"} == 1
for: 5m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.4.8
severity: warning
type: ceph_default
- alert: CephOSDDown
annotations:
description: |
{{ $num := query "count(ceph_osd_up == 0)" | first | value }}{{ $s := "" }}{{ if gt $num 1.0 }}{{ $s = "s" }}{{ end }}{{ $num }} OSD{{ $s }} down for over 5mins. The following OSD{{ $s }} {{ if eq $s "" }}is{{ else }}are{{ end }} down: {{- range query "(ceph_osd_up * on(ceph_daemon) group_left(hostname) ceph_osd_metadata) == 0"}} - {{ .Labels.ceph_daemon }} on {{ .Labels.hostname }} {{- end }}
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-down
summary: An OSD has been marked down
expr: ceph_health_detail{name="OSD_DOWN"} == 1
for: 5m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.4.2
severity: warning
type: ceph_default
- alert: CephOSDNearFull
annotations:
description: One or more OSDs have reached the NEARFULL threshold. Use 'ceph health detail' and 'ceph osd df' to identify the problem. To resolve, add capacity to the affected OSD's failure domain, restore down/out OSDs, or delete unwanted data.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-nearfull
summary: OSD(s) running low on free space (NEARFULL)
expr: ceph_health_detail{name="OSD_NEARFULL"} == 1
for: 5m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.4.3
severity: warning
type: ceph_default
- alert: CephOSDFull
annotations:
description: An OSD has reached the FULL threshold. Writes to pools that share the affected OSD will be blocked. Use 'ceph health detail' and 'ceph osd df' to identify the problem. To resolve, add capacity to the affected OSD's failure domain, restore down/out OSDs, or delete unwanted data.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-full
summary: OSD full, writes blocked
expr: ceph_health_detail{name="OSD_FULL"} > 0
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.4.6
severity: critical
type: ceph_default
- alert: CephOSDBackfillFull
annotations:
description: An OSD has reached the BACKFILL FULL threshold. This will prevent rebalance operations from completing. Use 'ceph health detail' and 'ceph osd df' to identify the problem. To resolve, add capacity to the affected OSD's failure domain, restore down/out OSDs, or delete unwanted data.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-backfillfull
summary: OSD(s) too full for backfill operations
expr: ceph_health_detail{name="OSD_BACKFILLFULL"} > 0
for: 1m
labels:
severity: warning
type: ceph_default
- alert: CephOSDTooManyRepairs
annotations:
description: Reads from an OSD have used a secondary PG to return data to the client, indicating a potential failing drive.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-too-many-repairs
summary: OSD reports a high number of read errors
expr: ceph_health_detail{name="OSD_TOO_MANY_REPAIRS"} == 1
for: 30s
labels:
severity: warning
type: ceph_default
- alert: CephOSDTimeoutsPublicNetwork
annotations:
description: OSD heartbeats on the cluster's 'public' network (frontend) are running slow. Investigate the network for latency or loss issues. Use 'ceph health detail' to show the affected OSDs.
summary: Network issues delaying OSD heartbeats (public network)
expr: ceph_health_detail{name="OSD_SLOW_PING_TIME_FRONT"} == 1
for: 1m
labels:
severity: warning
type: ceph_default
- alert: CephOSDTimeoutsClusterNetwork
annotations:
description: OSD heartbeats on the cluster's 'cluster' network (backend) are slow. Investigate the network for latency issues on this subnet. Use 'ceph health detail' to show the affected OSDs.
summary: Network issues delaying OSD heartbeats (cluster network)
expr: ceph_health_detail{name="OSD_SLOW_PING_TIME_BACK"} == 1
for: 1m
labels:
severity: warning
type: ceph_default
- alert: CephOSDInternalDiskSizeMismatch
annotations:
description: One or more OSDs have an internal inconsistency between metadata and the size of the device. This could lead to the OSD(s) crashing in future. You should redeploy the affected OSDs.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#bluestore-disk-size-mismatch
summary: OSD size inconsistency error
expr: ceph_health_detail{name="BLUESTORE_DISK_SIZE_MISMATCH"} == 1
for: 1m
labels:
severity: warning
type: ceph_default
- alert: CephDeviceFailurePredicted
annotations:
description: The device health module has determined that one or more devices will fail soon. To review device status use 'ceph device ls'. To show a specific device use 'ceph device info <dev id>'. Mark the OSD out so that data may migrate to other OSDs. Once the OSD has drained, destroy the OSD, replace the device, and redeploy the OSD.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#id2
summary: Device(s) predicted to fail soon
expr: ceph_health_detail{name="DEVICE_HEALTH"} == 1
for: 1m
labels:
severity: warning
type: ceph_default
- alert: CephDeviceFailurePredictionTooHigh
annotations:
description: The device health module has determined that devices predicted to fail can not be remediated automatically, since too many OSDs would be removed from the cluster to ensure performance and availability. Prevent data integrity issues by adding new OSDs so that data may be relocated.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#device-health-toomany
summary: Too many devices are predicted to fail, unable to resolve
expr: ceph_health_detail{name="DEVICE_HEALTH_TOOMANY"} == 1
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.4.7
severity: critical
type: ceph_default
- alert: CephDeviceFailureRelocationIncomplete
annotations:
description: "The device health module has determined that one or more devices will fail soon, but the normal process of relocating the data on the device to other OSDs in the cluster is blocked. \nEnsure that the cluster has available free space. It may be necessary to add capacity to the cluster to allow data from the failing device to successfully migrate, or to enable the balancer."
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#device-health-in-use
summary: Device failure is predicted, but unable to relocate data
expr: ceph_health_detail{name="DEVICE_HEALTH_IN_USE"} == 1
for: 1m
labels:
severity: warning
type: ceph_default
- alert: CephOSDFlapping
annotations:
description: OSD {{ $labels.ceph_daemon }} on {{ $labels.hostname }} was marked down and back up {{ $value | humanize }} times once a minute for 5 minutes. This may indicate a network issue (latency, packet loss, MTU mismatch) on the cluster network, or the public network if no cluster network is deployed. Check the network stats on the listed host(s).
documentation: https://docs.ceph.com/en/latest/rados/troubleshooting/troubleshooting-osd#flapping-osds
summary: Network issues are causing OSDs to flap (mark each other down)
expr: (rate(ceph_osd_up[5m]) * on(ceph_daemon) group_left(hostname) ceph_osd_metadata) * 60 > 1
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.4.4
severity: warning
type: ceph_default
- alert: CephOSDReadErrors
annotations:
description: An OSD has encountered read errors, but the OSD has recovered by retrying the reads. This may indicate an issue with hardware or the kernel.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#bluestore-spurious-read-errors
summary: Device read errors detected
expr: ceph_health_detail{name="BLUESTORE_SPURIOUS_READ_ERRORS"} == 1
for: 30s
labels:
severity: warning
type: ceph_default
- alert: CephPGImbalance
annotations:
description: OSD {{ $labels.ceph_daemon }} on {{ $labels.hostname }} deviates by more than 30% from average PG count.
summary: PGs are not balanced across OSDs
expr: |
abs(
((ceph_osd_numpg > 0) - on (job) group_left avg(ceph_osd_numpg > 0) by (job)) /
on (job) group_left avg(ceph_osd_numpg > 0) by (job)
) * on (ceph_daemon) group_left(hostname) ceph_osd_metadata > 0.30
for: 5m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.4.5
severity: warning
type: ceph_default
- name: mds
rules:
- alert: CephFilesystemDamaged
annotations:
description: Filesystem metadata has been corrupted. Data may be inaccessible. Analyze metrics from the MDS daemon admin socket, or escalate to support.
documentation: https://docs.ceph.com/en/latest/cephfs/health-messages#cephfs-health-messages
summary: CephFS filesystem is damaged.
expr: ceph_health_detail{name="MDS_DAMAGE"} > 0
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.5.1
severity: critical
type: ceph_default
- alert: CephFilesystemOffline
annotations:
description: All MDS ranks are unavailable. The MDS daemons managing metadata are down, rendering the filesystem offline.
documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#mds-all-down
summary: CephFS filesystem is offline
expr: ceph_health_detail{name="MDS_ALL_DOWN"} > 0
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.5.3
severity: critical
type: ceph_default
- alert: CephFilesystemDegraded
annotations:
description: One or more metadata daemons (MDS ranks) are failed or in a damaged state. At best the filesystem is partially available, at worst the filesystem is completely unusable.
documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#fs-degraded
summary: CephFS filesystem is degraded
expr: ceph_health_detail{name="FS_DEGRADED"} > 0
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.5.4
severity: critical
type: ceph_default
- alert: CephFilesystemMDSRanksLow
annotations:
description: The filesystem's 'max_mds' setting defines the number of MDS ranks in the filesystem. The current number of active MDS daemons is less than this value.
documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#mds-up-less-than-max
summary: Ceph MDS daemon count is lower than configured
expr: ceph_health_detail{name="MDS_UP_LESS_THAN_MAX"} > 0
for: 1m
labels:
severity: warning
type: ceph_default
- alert: CephFilesystemInsufficientStandby
annotations:
description: The minimum number of standby daemons required by standby_count_wanted is less than the current number of standby daemons. Adjust the standby count or increase the number of MDS daemons.
documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#mds-insufficient-standby
summary: Ceph filesystem standby daemons too few
expr: ceph_health_detail{name="MDS_INSUFFICIENT_STANDBY"} > 0
for: 1m
labels:
severity: warning
type: ceph_default
- alert: CephFilesystemFailureNoStandby
annotations:
description: An MDS daemon has failed, leaving only one active rank and no available standby. Investigate the cause of the failure or add a standby MDS.
documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#fs-with-failed-mds
summary: MDS daemon failed, no further standby available
expr: ceph_health_detail{name="FS_WITH_FAILED_MDS"} > 0
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.5.5
severity: critical
type: ceph_default
- alert: CephFilesystemReadOnly
annotations:
description: The filesystem has switched to READ ONLY due to an unexpected error when writing to the metadata pool. Either analyze the output from the MDS daemon admin socket, or escalate to support.
documentation: https://docs.ceph.com/en/latest/cephfs/health-messages#cephfs-health-messages
summary: CephFS filesystem in read only mode due to write error(s)
expr: ceph_health_detail{name="MDS_HEALTH_READ_ONLY"} > 0
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.5.2
severity: critical
type: ceph_default
- name: mgr
rules:
- alert: CephMgrModuleCrash
annotations:
description: One or more mgr modules have crashed and have yet to be acknowledged by an administrator. A crashed module may impact functionality within the cluster. Use the 'ceph crash' command to determine which module has failed, and archive it to acknowledge the failure.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#recent-mgr-module-crash
summary: A manager module has recently crashed
expr: ceph_health_detail{name="RECENT_MGR_MODULE_CRASH"} == 1
for: 5m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.6.1
severity: critical
type: ceph_default
- alert: CephMgrPrometheusModuleInactive
annotations:
description: The mgr/prometheus module at {{ $labels.instance }} is unreachable. This could mean that the module has been disabled or the mgr daemon itself is down. Without the mgr/prometheus module metrics and alerts will no longer function. Open a shell to an admin node or toolbox pod and use 'ceph -s' to to determine whether the mgr is active. If the mgr is not active, restart it, otherwise you can determine module status with 'ceph mgr module ls'. If it is not listed as enabled, enable it with 'ceph mgr module enable prometheus'.
summary: The mgr/prometheus module is not available
expr: up{job="ceph"} == 0
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.6.2
severity: critical
type: ceph_default
- name: pgs
rules:
- alert: CephPGsInactive
annotations:
description: '{{ $value }} PGs have been inactive for more than 5 minutes in pool {{ $labels.name }}. Inactive placement groups are not able to serve read/write requests.'
summary: One or more placement groups are inactive
expr: ceph_pool_metadata * on(pool_id,instance) group_left() (ceph_pg_total - ceph_pg_active) > 0
for: 5m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.7.1
severity: critical
type: ceph_default
- alert: CephPGsUnclean
annotations:
description: '{{ $value }} PGs have been unclean for more than 15 minutes in pool {{ $labels.name }}. Unclean PGs have not recovered from a previous failure.'
summary: One or more placement groups are marked unclean
expr: ceph_pool_metadata * on(pool_id,instance) group_left() (ceph_pg_total - ceph_pg_clean) > 0
for: 15m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.7.2
severity: warning
type: ceph_default
- alert: CephPGsDamaged
annotations:
description: During data consistency checks (scrub), at least one PG has been flagged as being damaged or inconsistent. Check to see which PG is affected, and attempt a manual repair if necessary. To list problematic placement groups, use 'rados list-inconsistent-pg <pool>'. To repair PGs use the 'ceph pg repair <pg_num>' command.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-damaged
summary: Placement group damaged, manual intervention needed
expr: ceph_health_detail{name=~"PG_DAMAGED|OSD_SCRUB_ERRORS"} == 1
for: 5m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.7.4
severity: critical
type: ceph_default
- alert: CephPGRecoveryAtRisk
annotations:
description: Data redundancy is at risk since one or more OSDs are at or above the 'full' threshold. Add more capacity to the cluster, restore down/out OSDs, or delete unwanted data.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-recovery-full
summary: OSDs are too full for recovery
expr: ceph_health_detail{name="PG_RECOVERY_FULL"} == 1
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.7.5
severity: critical
type: ceph_default
- alert: CephPGUnavailableBlockingIO
annotations:
description: Data availability is reduced, impacting the cluster's ability to service I/O. One or more placement groups (PGs) are in a state that blocks I/O.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-availability
summary: PG is unavailable, blocking I/O
expr: ((ceph_health_detail{name="PG_AVAILABILITY"} == 1) - scalar(ceph_health_detail{name="OSD_DOWN"})) == 1
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.7.3
severity: critical
type: ceph_default
- alert: CephPGBackfillAtRisk
annotations:
description: Data redundancy may be at risk due to lack of free space within the cluster. One or more OSDs have reached the 'backfillfull' threshold. Add more capacity, or delete unwanted data.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-backfill-full
summary: Backfill operations are blocked due to lack of free space
expr: ceph_health_detail{name="PG_BACKFILL_FULL"} == 1
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.7.6
severity: critical
type: ceph_default
- alert: CephPGNotScrubbed
annotations:
description: 'One or more PGs have not been scrubbed recently. Scrubs check metadata integrity, protecting against bit-rot. They check that metadata is consistent across data replicas. When PGs miss their scrub interval, it may indicate that the scrub window is too small, or PGs were not in a ''clean'' state during the scrub window. You can manually initiate a scrub with: ceph pg scrub <pgid>'
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-not-scrubbed
summary: Placement group(s) have not been scrubbed
expr: ceph_health_detail{name="PG_NOT_SCRUBBED"} == 1
for: 5m
labels:
severity: warning
type: ceph_default
- alert: CephPGsHighPerOSD
annotations:
description: |-
The number of placement groups per OSD is too high (exceeds the mon_max_pg_per_osd setting).
Check that the pg_autoscaler has not been disabled for any pools with 'ceph osd pool autoscale-status', and that the profile selected is appropriate. You may also adjust the target_size_ratio of a pool to guide the autoscaler based on the expected relative size of the pool ('ceph osd pool set cephfs.cephfs.meta target_size_ratio .1') or set the pg_autoscaler mode to 'warn' and adjust pg_num appropriately for one or more pools.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks/#too-many-pgs
summary: Placement groups per OSD is too high
expr: ceph_health_detail{name="TOO_MANY_PGS"} == 1
for: 1m
labels:
severity: warning
type: ceph_default
- alert: CephPGNotDeepScrubbed
annotations:
description: One or more PGs have not been deep scrubbed recently. Deep scrubs protect against bit-rot. They compare data replicas to ensure consistency. When PGs miss their deep scrub interval, it may indicate that the window is too small or PGs were not in a 'clean' state during the deep-scrub window.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-not-deep-scrubbed
summary: Placement group(s) have not been deep scrubbed
expr: ceph_health_detail{name="PG_NOT_DEEP_SCRUBBED"} == 1
for: 5m
labels:
severity: warning
type: ceph_default
- name: nodes
rules:
- alert: CephNodeRootFilesystemFull
annotations:
description: 'Root volume is dangerously full: {{ $value | humanize }}% free.'
summary: Root filesystem is dangerously full
expr: node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} * 100 < 5
for: 5m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.8.1
severity: critical
type: ceph_default
- alert: CephNodeNetworkPacketDrops
annotations:
description: Node {{ $labels.instance }} experiences packet drop > 0.5% or > 10 packets/s on interface {{ $labels.device }}.
summary: One or more NICs reports packet drops
expr: |
(
rate(node_network_receive_drop_total{device!="lo"}[1m]) +
rate(node_network_transmit_drop_total{device!="lo"}[1m])
) / (
rate(node_network_receive_packets_total{device!="lo"}[1m]) +
rate(node_network_transmit_packets_total{device!="lo"}[1m])
) >= 0.0050000000000000001 and (
rate(node_network_receive_drop_total{device!="lo"}[1m]) +
rate(node_network_transmit_drop_total{device!="lo"}[1m])
) >= 10
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.8.2
severity: warning
type: ceph_default
- alert: CephNodeNetworkPacketErrors
annotations:
description: Node {{ $labels.instance }} experiences packet errors > 0.01% or > 10 packets/s on interface {{ $labels.device }}.
summary: One or more NICs reports packet errors
expr: |
(
rate(node_network_receive_errs_total{device!="lo"}[1m]) +
rate(node_network_transmit_errs_total{device!="lo"}[1m])
) / (
rate(node_network_receive_packets_total{device!="lo"}[1m]) +
rate(node_network_transmit_packets_total{device!="lo"}[1m])
) >= 0.0001 or (
rate(node_network_receive_errs_total{device!="lo"}[1m]) +
rate(node_network_transmit_errs_total{device!="lo"}[1m])
) >= 10
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.8.3
severity: warning
type: ceph_default
- alert: CephNodeNetworkBondDegraded
annotations:
description: Bond {{ $labels.master }} is degraded on Node {{ $labels.instance }}.
summary: Degraded Bond on Node {{ $labels.instance }}
expr: |
node_bonding_slaves - node_bonding_active != 0
labels:
severity: warning
type: ceph_default
- alert: CephNodeInconsistentMTU
annotations:
description: Node {{ $labels.instance }} has a different MTU size ({{ $value }}) than the median of devices named {{ $labels.device }}.
summary: MTU settings across Ceph hosts are inconsistent
expr: node_network_mtu_bytes * (node_network_up{device!="lo"} > 0) == scalar( max by (device) (node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) != quantile by (device) (.5, node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) )or node_network_mtu_bytes * (node_network_up{device!="lo"} > 0) == scalar( min by (device) (node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) != quantile by (device) (.5, node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) )
labels:
severity: warning
type: ceph_default
- name: pools
rules:
- alert: CephPoolGrowthWarning
annotations:
description: Pool '{{ $labels.name }}' will be full in less than 5 days assuming the average fill-up rate of the past 48 hours.
summary: Pool growth rate may soon exceed capacity
expr: (predict_linear(ceph_pool_percent_used[2d], 3600 * 24 * 5) * on(pool_id, instance, pod) group_right() ceph_pool_metadata) >= 95
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.9.2
severity: warning
type: ceph_default
- alert: CephPoolBackfillFull
annotations:
description: A pool is approaching the near full threshold, which will prevent recovery/backfill operations from completing. Consider adding more capacity.
summary: Free space in a pool is too low for recovery/backfill
expr: ceph_health_detail{name="POOL_BACKFILLFULL"} > 0
labels:
severity: warning
type: ceph_default
- alert: CephPoolFull
annotations:
description: A pool has reached its MAX quota, or OSDs supporting the pool have reached the FULL threshold. Until this is resolved, writes to the pool will be blocked. Pool Breakdown (top 5) {{- range query "topk(5, sort_desc(ceph_pool_percent_used * on(pool_id) group_right ceph_pool_metadata))" }} - {{ .Labels.name }} at {{ .Value }}% {{- end }} Increase the pool's quota, or add capacity to the cluster first then increase the pool's quota (e.g. ceph osd pool set quota <pool_name> max_bytes <bytes>)
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pool-full
summary: Pool is full - writes are blocked
expr: ceph_health_detail{name="POOL_FULL"} > 0
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.9.1
severity: critical
type: ceph_default
- alert: CephPoolNearFull
annotations:
description: A pool has exceeded the warning (percent full) threshold, or OSDs supporting the pool have reached the NEARFULL threshold. Writes may continue, but you are at risk of the pool going read-only if more capacity isn't made available. Determine the affected pool with 'ceph df detail', looking at QUOTA BYTES and STORED. Increase the pool's quota, or add capacity to the cluster first then increase the pool's quota (e.g. ceph osd pool set quota <pool_name> max_bytes <bytes>). Also ensure that the balancer is active.
summary: One or more Ceph pools are nearly full
expr: ceph_health_detail{name="POOL_NEAR_FULL"} > 0
for: 5m
labels:
severity: warning
type: ceph_default
- name: healthchecks
rules:
- alert: CephSlowOps
annotations:
description: '{{ $value }} OSD requests are taking too long to process (osd_op_complaint_time exceeded)'
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#slow-ops
summary: OSD operations are slow to complete
expr: ceph_healthcheck_slow_ops > 0
for: 30s
labels:
severity: warning
type: ceph_default
- alert: CephDaemonSlowOps
annotations:
description: '{{ $labels.ceph_daemon }} operations are taking too long to process (complaint time exceeded)'
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#slow-ops
summary: '{{ $labels.ceph_daemon }} operations are slow to complete'
expr: ceph_daemon_health_metrics{type="SLOW_OPS"} > 0
for: 30s
labels:
severity: warning
type: ceph_default
- name: hardware
rules:
- alert: HardwareStorageError
annotations:
description: Some storage devices are in error. Check `ceph health detail`.
summary: Storage devices error(s) detected
expr: ceph_health_detail{name="HARDWARE_STORAGE"} > 0
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.13.1
severity: critical
type: ceph_default
- alert: HardwareMemoryError
annotations:
description: DIMM error(s) detected. Check `ceph health detail`.
summary: DIMM error(s) detected
expr: ceph_health_detail{name="HARDWARE_MEMORY"} > 0
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.13.2
severity: critical
type: ceph_default
- alert: HardwareProcessorError
annotations:
description: Processor error(s) detected. Check `ceph health detail`.
summary: Processor error(s) detected
expr: ceph_health_detail{name="HARDWARE_PROCESSOR"} > 0
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.13.3
severity: critical
type: ceph_default
- alert: HardwareNetworkError
annotations:
description: Network error(s) detected. Check `ceph health detail`.
summary: Network error(s) detected
expr: ceph_health_detail{name="HARDWARE_NETWORK"} > 0
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.13.4
severity: critical
type: ceph_default
- alert: HardwarePowerError
annotations:
description: Power supply error(s) detected. Check `ceph health detail`.
summary: Power supply error(s) detected
expr: ceph_health_detail{name="HARDWARE_POWER"} > 0
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.13.5
severity: critical
type: ceph_default
- alert: HardwareFanError
annotations:
description: Fan error(s) detected. Check `ceph health detail`.
summary: Fan error(s) detected
expr: ceph_health_detail{name="HARDWARE_FANS"} > 0
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.13.6
severity: critical
type: ceph_default
- name: PrometheusServer
rules:
- alert: PrometheusJobMissing
annotations:
description: The prometheus job that scrapes from Ceph MGR is no longer defined, this will effectively mean you'll have no metrics or alerts for the cluster. Please review the job definitions in the prometheus.yml file of the prometheus instance.
summary: The scrape job for Ceph MGR is missing from Prometheus
expr: absent(up{job="rook-ceph-mgr"})
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.12.1
severity: critical
type: ceph_default
- alert: PrometheusJobExporterMissing
annotations:
description: The prometheus job that scrapes from Ceph Exporter is no longer defined, this will effectively mean you'll have no metrics or alerts for the cluster. Please review the job definitions in the prometheus.yml file of the prometheus instance.
summary: The scrape job for Ceph Exporter is missing from Prometheus
expr: sum(absent(up{job="rook-ceph-exporter"})) and sum(ceph_osd_metadata{ceph_version=~"^ceph version (1[89]|[2-9][0-9]).*"}) > 0
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.12.1
severity: critical
type: ceph_default
- name: rados
rules:
- alert: CephObjectMissing
annotations:
description: The latest version of a RADOS object can not be found, even though all OSDs are up. I/O requests for this object from clients will block (hang). Resolving this issue may require the object to be rolled back to a prior version manually, and manually verified.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#object-unfound
summary: Object(s) marked UNFOUND
expr: (ceph_health_detail{name="OBJECT_UNFOUND"} == 1) * on() (count(ceph_osd_up == 1) == bool count(ceph_osd_metadata)) == 1
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.10.1
severity: critical
type: ceph_default
- name: generic
rules:
- alert: CephDaemonCrash
annotations:
description: One or more daemons have crashed recently, and need to be acknowledged. This notification ensures that software crashes do not go unseen. To acknowledge a crash, use the 'ceph crash archive <id>' command.
documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks/#recent-crash
summary: One or more Ceph daemons have crashed, and are pending acknowledgement
expr: ceph_health_detail{name="RECENT_CRASH"} == 1
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.1.2
severity: critical
type: ceph_default
- name: rbdmirror
rules:
- alert: CephRBDMirrorImagesPerDaemonHigh
annotations:
description: Number of image replications per daemon is not supposed to go beyond threshold 100
summary: Number of image replications are now above 100
expr: sum by (ceph_daemon, namespace) (ceph_rbd_mirror_snapshot_image_snapshots) > 100
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.10.2
severity: critical
type: ceph_default
- alert: CephRBDMirrorImagesNotInSync
annotations:
description: Both local and remote RBD mirror images should be in sync.
summary: Some of the RBD mirror images are not in sync with the remote counter parts.
expr: sum by (ceph_daemon, image, namespace, pool) (topk by (ceph_daemon, image, namespace, pool) (1, ceph_rbd_mirror_snapshot_image_local_timestamp) - topk by (ceph_daemon, image, namespace, pool) (1, ceph_rbd_mirror_snapshot_image_remote_timestamp)) != 0
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.10.3
severity: critical
type: ceph_default
- alert: CephRBDMirrorImagesNotInSyncVeryHigh
annotations:
description: More than 10% of the images have synchronization problems
summary: Number of unsynchronized images are very high.
expr: count by (ceph_daemon) ((topk by (ceph_daemon, image, namespace, pool) (1, ceph_rbd_mirror_snapshot_image_local_timestamp) - topk by (ceph_daemon, image, namespace, pool) (1, ceph_rbd_mirror_snapshot_image_remote_timestamp)) != 0) > (sum by (ceph_daemon) (ceph_rbd_mirror_snapshot_snapshots)*.1)
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.10.4
severity: critical
type: ceph_default
- alert: CephRBDMirrorImageTransferBandwidthHigh
annotations:
description: Detected a heavy increase in bandwidth for rbd replications (over 80%) in the last 30 min. This might not be a problem, but it is good to review the number of images being replicated simultaneously
summary: The replication network usage has been increased over 80% in the last 30 minutes. Review the number of images being replicated. This alert will be cleaned automatically after 30 minutes
expr: rate(ceph_rbd_mirror_journal_replay_bytes[30m]) > 0.80
for: 1m
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.10.5
severity: warning
type: ceph_default
- name: nvmeof
rules:
- alert: NVMeoFSubsystemNamespaceLimit
annotations:
description: Subsystems have a max namespace limit defined at creation time. This alert means that no more namespaces can be added to {{ $labels.nqn }}
summary: '{{ $labels.nqn }} subsystem has reached its maximum number of namespaces '
expr: (count by(nqn) (ceph_nvmeof_subsystem_namespace_metadata)) >= ceph_nvmeof_subsystem_namespace_limit
for: 1m
labels:
severity: warning
type: ceph_default
- alert: NVMeoFTooManyGateways
annotations:
description: You may create many gateways, but 4 is the tested limit
summary: 'Max supported gateways exceeded '
expr: count(ceph_nvmeof_gateway_info) > 4.00
for: 1m
labels:
severity: warning
type: ceph_default
- alert: NVMeoFMaxGatewayGroupSize
annotations:
description: You may create many gateways in a gateway group, but 2 is the tested limit
summary: 'Max gateways within a gateway group ({{ $labels.group }}) exceeded '
expr: count by(group) (ceph_nvmeof_gateway_info) > 2.00
for: 1m
labels:
severity: warning
type: ceph_default
- alert: NVMeoFSingleGatewayGroup
annotations:
description: Although a single member gateway group is valid, it should only be used for test purposes
summary: 'The gateway group {{ $labels.group }} consists of a single gateway - HA is not possible '
expr: count by(group) (ceph_nvmeof_gateway_info) == 1
for: 5m
labels:
severity: warning
type: ceph_default
- alert: NVMeoFHighGatewayCPU
annotations:
description: Typically, high CPU may indicate degraded performance. Consider increasing the number of reactor cores
summary: 'CPU used by {{ $labels.instance }} NVMe-oF Gateway is high '
expr: label_replace(avg by(instance) (rate(ceph_nvmeof_reactor_seconds_total{mode="busy"}[1m])),"instance","$1","instance","(.*):.*") > 80.00
for: 10m
labels:
severity: warning
type: ceph_default
- alert: NVMeoFGatewayOpenSecurity
annotations:
description: It is good practice to ensure subsystems use host security to reduce the risk of unexpected data loss
summary: 'Subsystem {{ $labels.nqn }} has been defined without host level security '
expr: ceph_nvmeof_subsystem_metadata{allow_any_host="yes"}
for: 5m
labels:
severity: warning
type: ceph_default
- alert: NVMeoFTooManySubsystems
annotations:
description: Although you may continue to create subsystems in {{ $labels.gateway_host }}, the configuration may not be supported
summary: 'The number of subsystems defined to the gateway exceeds supported values '
expr: count by(gateway_host) (label_replace(ceph_nvmeof_subsystem_metadata,"gateway_host","$1","instance","(.*):.*")) > 16.00
for: 1m
labels:
severity: warning
type: ceph_default
- alert: NVMeoFVersionMismatch
annotations:
description: This may indicate an issue with deployment. Check cephadm logs
summary: 'The cluster has different NVMe-oF gateway releases active '
expr: count(count by(version) (ceph_nvmeof_gateway_info)) > 1
for: 1h
labels:
severity: warning
type: ceph_default
- alert: NVMeoFHighClientCount
annotations:
description: The supported limit for clients connecting to a subsystem is 32
summary: 'The number of clients connected to {{ $labels.nqn }} is too high '
expr: ceph_nvmeof_subsystem_host_count > 32.00
for: 1m
labels:
severity: warning
type: ceph_default
- alert: NVMeoFHighHostCPU
annotations:
description: High CPU on a gateway host can lead to CPU contention and performance degradation
summary: 'The CPU is high ({{ $value }}%) on NVMeoF Gateway host ({{ $labels.host }}) '
expr: 100-((100*(avg by(host) (label_replace(rate(node_cpu_seconds_total{mode="idle"}[5m]),"host","$1","instance","(.*):.*")) * on(host) group_right label_replace(ceph_nvmeof_gateway_info,"host","$1","instance","(.*):.*")))) >= 80.00
for: 10m
labels:
severity: warning
type: ceph_default
- alert: NVMeoFInterfaceDown
annotations:
description: A NIC used by one or more subsystems is in a down state
summary: 'Network interface {{ $labels.device }} is down '
expr: ceph_nvmeof_subsystem_listener_iface_info{operstate="down"}
for: 30s
labels:
oid: 1.3.6.1.4.1.50495.1.2.1.14.1
severity: warning
type: ceph_default
- alert: NVMeoFInterfaceDuplex
annotations:
description: Until this is resolved, performance from the gateway will be degraded
summary: 'Network interface {{ $labels.device }} is not running in full duplex mode '
expr: ceph_nvmeof_subsystem_listener_iface_info{duplex!="full"}
for: 30s
labels:
severity: warning
type: ceph_default
- alert: NVMeoFHighReadLatency
annotations:
description: High latencies may indicate a constraint within the cluster e.g. CPU, network. Please investigate
summary: The average read latency over the last 5 mins has reached 10 ms or more on {{ $labels.gateway }}
expr: label_replace((avg by(instance) ((rate(ceph_nvmeof_bdev_read_seconds_total[1m]) / rate(ceph_nvmeof_bdev_reads_completed_total[1m])))),"gateway","$1","instance","(.*):.*") > 0.01
for: 5m
labels:
severity: warning
type: ceph_default
- alert: NVMeoFHighWriteLatency
annotations:
description: High latencies may indicate a constraint within the cluster e.g. CPU, network. Please investigate
summary: The average write latency over the last 5 mins has reached 20 ms or more on {{ $labels.gateway }}
expr: label_replace((avg by(instance) ((rate(ceph_nvmeof_bdev_write_seconds_total[5m]) / rate(ceph_nvmeof_bdev_writes_completed_total[5m])))),"gateway","$1","instance","(.*):.*") > 0.02
for: 5m
labels:
severity: warning
type: ceph_default

54
clusters/cl01tl/manifests/rook-ceph/Role-ceph-csi-cephfs-ctrlplugin-r.yml Normal file
View File

@@ -0,0 +1,54 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-ctrlplugin-r-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ceph-csi-cephfs-ctrlplugin-r
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- watch
- list
- delete
- update
- create
- apiGroups:
- csiaddons.openshift.io
resources:
- csiaddonsnodes
verbs:
- get
- watch
- list
- create
- update
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- apps
resources:
- deployments/finalizers
- daemonsets/finalizers
verbs:
- update

43
clusters/cl01tl/manifests/rook-ceph/Role-ceph-csi-cephfs-nodeplugin-r.yml Normal file
View File

@@ -0,0 +1,43 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/cephfs-nodeplugin-r-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ceph-csi-cephfs-nodeplugin-r
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csiaddons.openshift.io
resources:
- csiaddonsnodes
verbs:
- get
- watch
- list
- create
- update
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- apps
resources:
- deployments/finalizers
- daemonsets/finalizers
verbs:
- update

44
clusters/cl01tl/manifests/rook-ceph/Role-ceph-csi-leader-election-role.yml Normal file
View File

@@ -0,0 +1,44 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/leader-election-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ceph-csi-leader-election-role
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

54
clusters/cl01tl/manifests/rook-ceph/Role-ceph-csi-rbd-ctrlplugin-r.yml Normal file
View File

@@ -0,0 +1,54 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-ctrlplugin-r-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ceph-csi-rbd-ctrlplugin-r
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- watch
- list
- delete
- update
- create
- apiGroups:
- csiaddons.openshift.io
resources:
- csiaddonsnodes
verbs:
- get
- watch
- list
- create
- update
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- apps
resources:
- deployments/finalizers
- daemonsets/finalizers
verbs:
- update

43
clusters/cl01tl/manifests/rook-ceph/Role-ceph-csi-rbd-nodeplugin-r.yml Normal file
View File

@@ -0,0 +1,43 @@
---
# Source: rook-ceph/charts/rook-ceph/charts/ceph-csi-operator/templates/rbd-nodeplugin-r-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ceph-csi-rbd-nodeplugin-r
labels:
helm.sh/chart: ceph-csi-operator-0.4.1
app.kubernetes.io/name: ceph-csi
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: "v0.4.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- csiaddons.openshift.io
resources:
- csiaddonsnodes
verbs:
- get
- watch
- list
- create
- update
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- apps
resources:
- deployments/finalizers
- daemonsets/finalizers
verbs:
- update

21
clusters/cl01tl/manifests/rook-ceph/Role-cephfs-external-provisioner-cfg.yml Normal file
View File

@@ -0,0 +1,21 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cephfs-external-provisioner-cfg
namespace: rook-ceph # namespace:operator
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]

21
clusters/cl01tl/manifests/rook-ceph/Role-rbd-external-provisioner-cfg.yml Normal file
View File

@@ -0,0 +1,21 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-external-provisioner-cfg
namespace: rook-ceph # namespace:operator
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]

30
clusters/cl01tl/manifests/rook-ceph/Role-rook-ceph-cmd-reporter.yml Normal file
View File

@@ -0,0 +1,30 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-cmd-reporter
namespace: rook-ceph # namespace:cluster
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups:
- ""
resources:
- pods
- configmaps
verbs:
- get
- list
- watch
- create
- update
- delete

85
clusters/cl01tl/manifests/rook-ceph/Role-rook-ceph-mgr.yml Normal file
View File

@@ -0,0 +1,85 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
# Aspects of ceph-mgr that operate within the cluster's namespace
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-mgr
namespace: rook-ceph # namespace:cluster
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups:
- ""
resources:
- pods
- services
- pods/log
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- ceph.rook.io
resources:
- cephclients
- cephclusters
- cephblockpools
- cephfilesystems
- cephnfses
- cephobjectstores
- cephobjectstoreusers
- cephobjectrealms
- cephobjectzonegroups
- cephobjectzones
- cephbuckettopics
- cephbucketnotifications
- cephrbdmirrors
- cephfilesystemmirrors
- cephfilesystemsubvolumegroups
- cephblockpoolradosnamespaces
- cephcosidrivers
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- apps
resources:
- deployments/scale
- deployments
verbs:
- patch
- delete
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- delete

28
clusters/cl01tl/manifests/rook-ceph/Role-rook-ceph-monitoring-mgr.yml Normal file
View File

@@ -0,0 +1,28 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
# Allow management of monitoring resources in the mgr
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-monitoring-mgr
namespace: rook-ceph # namespace:cluster
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- list
- create
- update

29
clusters/cl01tl/manifests/rook-ceph/Role-rook-ceph-monitoring.yml Normal file
View File

@@ -0,0 +1,29 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-monitoring
namespace: rook-ceph # namespace:cluster
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
- apiGroups:
- "monitoring.coreos.com"
resources:
- servicemonitors
verbs:
- get
- list
- watch
- create
- update
- delete

29
clusters/cl01tl/manifests/rook-ceph/Role-rook-ceph-osd.yml Normal file
View File

@@ -0,0 +1,29 @@
---
# Source: rook-ceph/charts/rook-ceph/templates/cluster-rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rook-ceph-osd
namespace: rook-ceph # namespace:cluster
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/instance: rook-ceph
app.kubernetes.io/version: v1.18.8
app.kubernetes.io/part-of: rook-ceph-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: helm
helm.sh/chart: "rook-ceph-v1.18.8"
rules:
# this is needed for rook's "key-management" CLI to fetch the vault token from the secret when
# validating the connection details and for key rotation operations.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "update"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch", "create", "update", "delete"]
- apiGroups: ["ceph.rook.io"]
resources: ["cephclusters", "cephclusters/finalizers"]
verbs: ["get", "list", "create", "update", "delete"]

Some files were not shown because too many files have changed in this diff Show More