You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
497 lines
16 KiB
497 lines
16 KiB
# Default values for rook-ceph-operator
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
image:
|
|
repository: rook/ceph
|
|
tag: v1.10.6
|
|
pullPolicy: IfNotPresent
|
|
|
|
crds:
|
|
# Whether the helm chart should create and update the CRDs. If false, the CRDs must be
|
|
# managed independently with deploy/examples/crds.yaml.
|
|
# **WARNING** Only set during first deployment. If later disabled the cluster may be DESTROYED.
|
|
# If the CRDs are deleted in this case, see the disaster recovery guide to restore them.
|
|
# https://rook.io/docs/rook/latest/Troubleshooting/disaster-recovery/#restoring-crds-after-deletion
|
|
enabled: true
|
|
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
|
|
nodeSelector:
|
|
sapian-storage-type: ceph-rook
|
|
# Constraint rook-ceph-operator Deployment to nodes with label `disktype: ssd`.
|
|
# For more info, see https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
|
# disktype: ssd
|
|
|
|
# Tolerations for the rook-ceph-operator to allow it to run on nodes with particular taints
|
|
tolerations: []
|
|
|
|
# Delay to use in node.kubernetes.io/unreachable toleration
|
|
unreachableNodeTolerationSeconds: 5
|
|
|
|
# Whether rook watches its current namespace for CRDs or the entire cluster, defaults to false
|
|
currentNamespaceOnly: false
|
|
|
|
## Annotations to be added to pod
|
|
annotations: {}
|
|
|
|
## The logging level for the operator: ERROR | WARNING | INFO | DEBUG
|
|
logLevel: INFO
|
|
|
|
## If true, create & use RBAC resources
|
|
##
|
|
rbacEnable: true
|
|
|
|
## If true, create & use PSP resources
|
|
##
|
|
pspEnable: true
|
|
|
|
# Set the priority class for the rook operator deployment if desired
|
|
# priorityClassName: class
|
|
|
|
# If true, loop devices are allowed to be used for osds in test clusters
|
|
allowLoopDevices: false
|
|
|
|
## Settings for whether to disable the drivers or other daemons if they are not
|
|
## needed
|
|
csi:
|
|
enableRbdDriver: true
|
|
enableCephfsDriver: true
|
|
enableGrpcMetrics: false
|
|
# Set to true to enable host networking for CSI CephFS and RBD nodeplugins. This may be necessary
|
|
# in some network configurations where the SDN does not provide access to an external cluster or
|
|
# there is significant drop in read/write performance.
|
|
enableCSIHostNetwork: true
|
|
# set to false to disable deployment of snapshotter container in CephFS provisioner pod.
|
|
enableCephfsSnapshotter: true
|
|
# set to false to disable deployment of snapshotter container in NFS provisioner pod.
|
|
enableNFSSnapshotter: true
|
|
# set to false to disable deployment of snapshotter container in RBD provisioner pod.
|
|
enableRBDSnapshotter: true
|
|
# set to false if the selinux is not enabled or unavailable in cluster nodes.
|
|
enablePluginSelinuxHostMount: false
|
|
# set to true to enable Ceph CSI pvc encryption support.
|
|
enableCSIEncryption: false
|
|
|
|
# (Optional) set user created priorityclassName for csi plugin pods.
|
|
pluginPriorityClassName: system-node-critical
|
|
|
|
# (Optional) set user created priorityclassName for csi provisioner pods.
|
|
provisionerPriorityClassName: system-cluster-critical
|
|
|
|
# (Optional) policy for modifying a volume's ownership or permissions when the RBD PVC is being mounted.
|
|
# supported values are documented at https://kubernetes-csi.github.io/docs/support-fsgroup.html
|
|
rbdFSGroupPolicy: "File"
|
|
|
|
# (Optional) policy for modifying a volume's ownership or permissions when the CephFS PVC is being mounted.
|
|
# supported values are documented at https://kubernetes-csi.github.io/docs/support-fsgroup.html
|
|
cephFSFSGroupPolicy: "File"
|
|
|
|
# (Optional) policy for modifying a volume's ownership or permissions when the NFS PVC is being mounted.
|
|
# supported values are documented at https://kubernetes-csi.github.io/docs/support-fsgroup.html
|
|
nfsFSGroupPolicy: "File"
|
|
|
|
# OMAP generator generates the omap mapping between the PV name and the RBD image
|
|
# which helps CSI to identify the rbd images for CSI operations.
|
|
# CSI_ENABLE_OMAP_GENERATOR need to be enabled when we are using rbd mirroring feature.
|
|
# By default OMAP generator is disabled and when enabled it will be deployed as a
|
|
# sidecar with CSI provisioner pod, to enable set it to true.
|
|
enableOMAPGenerator: false
|
|
|
|
# (Optional) set to true to enable adding volume metadata on the CephFS subvolumes and RBD images.
|
|
# Not all users might be interested in getting volume/snapshot details as metadata on CephFS subvolume and RBD images.
|
|
# Hence enable metadata is false by default.
|
|
enableMetadata: false
|
|
|
|
# Set replicas for csi provisioner deployment.
|
|
provisionerReplicas: 2
|
|
|
|
# (Optional) cluster name identifier to set as metadata on the CephFS subvolume and RBD images. This will be useful
|
|
# in cases like for example, when two container orchestrator clusters (Kubernetes/OCP) are using a single ceph cluster.
|
|
# clusterName: "my-prod-cluster"
|
|
# Set logging level for cephCSI containers maintained by the cephCSI.
|
|
# Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity.
|
|
#logLevel: 0
|
|
# Set logging level for Kubernetes-csi sidecar containers.
|
|
# Supported values from 0 to 5. 0 for general useful logs (the default), 5 for trace level verbosity.
|
|
#sidecarLogLevel: 0
|
|
# CSI RBD plugin daemonset update strategy, supported values are OnDelete and RollingUpdate.
|
|
# Default value is RollingUpdate.
|
|
#rbdPluginUpdateStrategy: OnDelete
|
|
# CSI CephFS plugin daemonset update strategy, supported values are OnDelete and RollingUpdate.
|
|
# Default value is RollingUpdate.
|
|
#cephFSPluginUpdateStrategy: OnDelete
|
|
# CSI NFS plugin daemonset update strategy, supported values are OnDelete and RollingUpdate.
|
|
# Default value is RollingUpdate.
|
|
#nfsPluginUpdateStrategy: OnDelete
|
|
# The CSI GRPC timeout value (in seconds). It should be >= 120. If this variable is not set or is an invalid value, it's default to 150.
|
|
grpcTimeoutInSeconds: 150
|
|
|
|
# Allow starting unsupported ceph-csi image
|
|
allowUnsupportedVersion: false
|
|
|
|
# CephCSI RBD plugin Volumes
|
|
# csiRBDPluginVolume:
|
|
# - name: lib-modules
|
|
# hostPath:
|
|
# path: /run/booted-system/kernel-modules/lib/modules/
|
|
# - name: host-nix
|
|
# hostPath:
|
|
# path: /nix
|
|
|
|
# CephCSI RBD plugin Volume mounts
|
|
# csiRBDPluginVolumeMount:
|
|
# - name: host-nix
|
|
# mountPath: /nix
|
|
# readOnly: true
|
|
|
|
# CephCSI CephFS plugin Volumes
|
|
# csiCephFSPluginVolume:
|
|
# - name: lib-modules
|
|
# hostPath:
|
|
# path: /run/booted-system/kernel-modules/lib/modules/
|
|
# - name: host-nix
|
|
# hostPath:
|
|
# path: /nix
|
|
|
|
# CephCSI CephFS plugin Volume mounts
|
|
# csiCephFSPluginVolumeMount:
|
|
# - name: host-nix
|
|
# mountPath: /nix
|
|
# readOnly: true
|
|
|
|
# CEPH CSI RBD provisioner resource requirement list, Put here list of resource
|
|
# requests and limits you want to apply for provisioner pod
|
|
# csi-omap-generator resources will be applied only if enableOMAPGenerator is set to true
|
|
csiRBDProvisionerResource: |
|
|
- name : csi-provisioner
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
- name : csi-resizer
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
- name : csi-attacher
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
- name : csi-snapshotter
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
- name : csi-rbdplugin
|
|
resource:
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 250m
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: 500m
|
|
- name : csi-omap-generator
|
|
resource:
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 250m
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: 500m
|
|
- name : liveness-prometheus
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 50m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
# CEPH CSI RBD plugin resource requirement list, Put here list of resource
|
|
# requests and limits you want to apply for plugin pod
|
|
csiRBDPluginResource: |
|
|
- name : driver-registrar
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 50m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
- name : csi-rbdplugin
|
|
resource:
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 250m
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: 500m
|
|
- name : liveness-prometheus
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 50m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
# CEPH CSI CephFS provisioner resource requirement list, Put here list of resource
|
|
# requests and limits you want to apply for provisioner pod
|
|
csiCephFSProvisionerResource: |
|
|
- name : csi-provisioner
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
- name : csi-resizer
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
- name : csi-attacher
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
- name : csi-snapshotter
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
- name : csi-cephfsplugin
|
|
resource:
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 250m
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: 500m
|
|
- name : liveness-prometheus
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 50m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
# CEPH CSI CephFS plugin resource requirement list, Put here list of resource
|
|
# requests and limits you want to apply for plugin pod
|
|
csiCephFSPluginResource: |
|
|
- name : driver-registrar
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 50m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
- name : csi-cephfsplugin
|
|
resource:
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 250m
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: 500m
|
|
- name : liveness-prometheus
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 50m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
# CEPH CSI NFS provisioner resource requirement list, Put here list of resource
|
|
# requests and limits you want to apply for provisioner pod
|
|
csiNFSProvisionerResource: |
|
|
- name : csi-provisioner
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 200m
|
|
- name : csi-nfsplugin
|
|
resource:
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 250m
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: 500m
|
|
# CEPH CSI NFS plugin resource requirement list, Put here list of resource
|
|
# requests and limits you want to apply for plugin pod
|
|
csiNFSPluginResource: |
|
|
- name : driver-registrar
|
|
resource:
|
|
requests:
|
|
memory: 128Mi
|
|
cpu: 50m
|
|
limits:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
- name : csi-nfsplugin
|
|
resource:
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 250m
|
|
limits:
|
|
memory: 1Gi
|
|
cpu: 500m
|
|
|
|
# Set provisionerTolerations and provisionerNodeAffinity for provisioner pod.
|
|
# The CSI provisioner would be best to start on the same nodes as other ceph daemons.
|
|
# provisionerTolerations:
|
|
# - key: key
|
|
# operator: Exists
|
|
# effect: NoSchedule
|
|
# provisionerNodeAffinity: key1=value1,value2; key2=value3
|
|
# Set pluginTolerations and pluginNodeAffinity for plugin daemonset pods.
|
|
# The CSI plugins need to be started on all the nodes where the clients need to mount the storage.
|
|
# pluginTolerations:
|
|
# - key: key
|
|
# operator: Exists
|
|
# effect: NoSchedule
|
|
# pluginNodeAffinity: key1=value1,value2; key2=value3
|
|
# Set to true to enable Ceph CSI liveness container.
|
|
enableLiveness: false
|
|
#cephfsGrpcMetricsPort: 9091
|
|
#cephfsLivenessMetricsPort: 9081
|
|
#rbdGrpcMetricsPort: 9090
|
|
#csiAddonsPort: 9070
|
|
# Enable Ceph Kernel clients on kernel < 4.17. If your kernel does not support quotas for CephFS
|
|
# you may want to disable this setting. However, this will cause an issue during upgrades
|
|
# with the FUSE client. See the upgrade guide: https://rook.io/docs/rook/v1.2/ceph-upgrade.html
|
|
forceCephFSKernelClient: true
|
|
#rbdLivenessMetricsPort: 9080
|
|
#kubeletDirPath: /var/lib/kubelet
|
|
#cephcsi:
|
|
# image: quay.io/cephcsi/cephcsi:v3.7.2
|
|
#registrar:
|
|
# image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1
|
|
#provisioner:
|
|
# image: registry.k8s.io/sig-storage/csi-provisioner:v3.3.0
|
|
#snapshotter:
|
|
# image: registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0
|
|
#attacher:
|
|
# image: registry.k8s.io/sig-storage/csi-attacher:v4.0.0
|
|
#resizer:
|
|
# image: registry.k8s.io/sig-storage/csi-resizer:v1.6.0
|
|
#imagePullPolicy: IfNotPresent
|
|
# Labels to add to the CSI CephFS Deployments and DaemonSets Pods.
|
|
#cephfsPodLabels: "key1=value1,key2=value2"
|
|
# Labels to add to the CSI NFS Deployments and DaemonSets Pods.
|
|
#nfsPodLabels: "key1=value1,key2=value2"
|
|
# Labels to add to the CSI RBD Deployments and DaemonSets Pods.
|
|
#rbdPodLabels: "key1=value1,key2=value2"
|
|
# Enable the CSIAddons sidecar.
|
|
csiAddons:
|
|
enabled: false
|
|
#image: "quay.io/csiaddons/k8s-sidecar:v0.5.0"
|
|
# Enable the nfs csi driver.
|
|
nfs:
|
|
enabled: false
|
|
# Enable topology based provisioning.
|
|
topology:
|
|
enabled: false
|
|
# domainLabels define which node labels to use as domains
|
|
# for CSI nodeplugins to advertise their domains
|
|
# NOTE: the value here serves as an example and needs to be
|
|
# updated with node labels that define domains of interest
|
|
# domainLabels:
|
|
# - kubernetes.io/hostname
|
|
# - topology.kubernetes.io/zone
|
|
# - topology.rook.io/rack
|
|
enableDiscoveryDaemon: false
|
|
cephCommandsTimeoutSeconds: "15"
|
|
|
|
## if true, run rook operator on the host network
|
|
# useOperatorHostNetwork: true
|
|
|
|
## Rook Discover configuration
|
|
## toleration: NoSchedule, PreferNoSchedule or NoExecute
|
|
## tolerationKey: Set this to the specific key of the taint to tolerate
|
|
## tolerations: Array of tolerations in YAML format which will be added to agent deployment
|
|
## nodeAffinity: Set to labels of the node to match
|
|
# discover:
|
|
# toleration: NoSchedule
|
|
# tolerationKey: key
|
|
# tolerations:
|
|
# - key: key
|
|
# operator: Exists
|
|
# effect: NoSchedule
|
|
# nodeAffinity: key1=value1,value2; key2=value3
|
|
# podLabels: "key1=value1,key2=value2"
|
|
# resources:
|
|
# - limits:
|
|
# cpu: 500m
|
|
# memory: 512Mi
|
|
# - requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
disableAdmissionController: false
|
|
|
|
# Writing to the hostPath is required for the Ceph mon and osd pods. Given the restricted permissions in OpenShift with SELinux,
|
|
# the pod must be running privileged in order to write to the hostPath volume, this must be set to true then.
|
|
hostpathRequiresPrivileged: false
|
|
|
|
# Disable automatic orchestration when new devices are discovered.
|
|
disableDeviceHotplug: false
|
|
|
|
# Blacklist certain disks according to the regex provided.
|
|
discoverDaemonUdev:
|
|
|
|
# imagePullSecrets option allow to pull docker images from private docker registry. Option will be passed to all service accounts.
|
|
# imagePullSecrets:
|
|
# - name: my-registry-secret
|
|
|
|
# Whether the OBC provisioner should watch on the operator namespace or not, if not the namespace of the cluster will be used
|
|
enableOBCWatchOperatorNamespace: true
|
|
|
|
admissionController:
|
|
# Set tolerations and nodeAffinity for admission controller pod.
|
|
# The admission controller would be best to start on the same nodes as other ceph daemons.
|
|
# tolerations:
|
|
# - key: key
|
|
# operator: Exists
|
|
# effect: NoSchedule
|
|
# nodeAffinity: key1=value1,value2; key2=value3
|
|
|
|
monitoring:
|
|
# requires Prometheus to be pre-installed
|
|
# enabling will also create RBAC rules to allow Operator to create ServiceMonitors
|
|
enabled: false
|
|
|