infrastructure/clusters/cl01tl/storage/rook-ceph/values.yaml

rook-ceph:
  crds:
    enabled: true
  csi:
    enableMetadata: true
    cephFSKernelMountOptions: "ms_mode=secure"
    provisionerReplicas: 3
    serviceMonitor:
      enabled: true
  enableDiscoveryDaemon: true
  monitoring:
    enabled: true

rook-ceph-cluster:
  operatorNamespace: rook-ceph
  toolbox:
    enabled: true
  monitoring:
    enabled: true
    createPrometheusRules: true
  cephClusterSpec:
    cephVersion:
      # https://quay.io/repository/ceph/ceph?tab=tags
      image: quay.io/ceph/ceph:v19.2.2-20250409
    mon:
      count: 3
    mgr:
      count: 1
      modules:
        - name: pg_autoscaler
          enabled: true
        - name: rook
          enabled: true
    dashboard:
      enabled: true
      ssl: false
    network:
      connections:
        encryption:
          enabled: true
        compression:
          enabled: true
        requireMsgr2: true
    placement:
      all:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/rook-osd-node
                    operator: Exists
      mon:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/rook-mon-node
                    operator: Exists
                  - key: node-role.kubernetes.io/control-plane
                    operator: Exists
        tolerations:
          - key: node-role.kubernetes.io/rook-mon-node
            operator: Exists
          - key: node-role.kubernetes.io/control-plane
            operator: Exists
    resources:
      mgr:
        requests:
          cpu: 100m
          memory: 512Mi
      mon:
        requests:
          cpu: 200m
          memory: 256Mi
      osd:
        requests:
          cpu: 100m
          memory: 2Gi
      prepareosd:
        requests:
          cpu: 100m
          memory: 128Mi
    storage:
      useAllNodes: true
      useAllDevices: true
      deviceFilter: sda
      config:
          osdsPerDevice: "1"
    csi:
      readAffinity:
        enabled: true
  cephBlockPools:
    - name: ceph-blockpool
      spec:
        failureDomain: host
        replicated:
          size: 3
        enableRBDStats: false
      storageClass:
        enabled: true
        name: ceph-block
        isDefault: true
        reclaimPolicy: Delete
        allowVolumeExpansion: true
        volumeBindingMode: "Immediate"
        parameters:
          imageFormat: "2"
          imageFeatures: layering,exclusive-lock,object-map,fast-diff
          csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
          csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}"
          csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
          csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}"
          csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
          csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}"
          csi.storage.k8s.io/fstype: ext4
  cephFileSystems:
    - name: ceph-filesystem
      spec:
        metadataPool:
          replicated:
            size: 3
        dataPools:
          - failureDomain: host
            replicated:
              size: 3
            name: data0
        metadataServer:
          activeCount: 1
          activeStandby: true
          resources:
            requests:
              cpu: "1000m"
              memory: "4Gi"
          priorityClassName: system-cluster-critical
      storageClass:
        enabled: true
        isDefault: false
        name: ceph-filesystem
        pool: data0
        reclaimPolicy: Delete
        allowVolumeExpansion: true
        volumeBindingMode: "Immediate"
        parameters:
          csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
          csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}"
          csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
          csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}"
          csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
          csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}"
          csi.storage.k8s.io/fstype: ext4
  cephFileSystemVolumeSnapshotClass:
    enabled: true
    name: ceph-filesystem
    isDefault: false
    deletionPolicy: Delete
  cephBlockPoolsVolumeSnapshotClass:
    enabled: true
    name: ceph-blockpool-snapshot
    isDefault: true
    deletionPolicy: Delete
  cephObjectStores:
    - name: ceph-objectstore
      spec:
        metadataPool:
          failureDomain: host
          replicated:
            size: 3
        dataPool:
          failureDomain: host
          erasureCoded:
            dataChunks: 2
            codingChunks: 1
          parameters:
            bulk: "true"
        preservePoolsOnDelete: true
        gateway:
          port: 80
          resources:
            requests:
              cpu: "1000m"
              memory: "1Gi"
          instances: 1
          priorityClassName: system-cluster-critical
        hosting:
          dnsNames:
            - objects.alexlebens.dev
            - objects.alexlebens.net
      storageClass:
        enabled: true
        name: ceph-bucket
        reclaimPolicy: Delete
        volumeBindingMode: "Immediate"
        parameters:
          region: us-east-1

cloudflared-rgw:
  existingSecretName: ceph-rgw-cloudflared-secret
  name: cloudflared-rgw