1 # ============LICENSE_START=======================================================
2 # Copyright (C) 2019 The Nordix Foundation. All rights reserved.
3 # ================================================================================
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
16 # SPDX-License-Identifier: Apache-2.0
17 # ============LICENSE_END=========================================================
19 #################################################################################################################
20 # The deployment for the rook operator
21 # Contains the common settings for most Kubernetes deployments.
22 # For example, to create the rook-ceph cluster:
23 # kubectl create -f common.yaml
24 # kubectl create -f operator.yaml
25 # kubectl create -f cluster.yaml
27 # Also see other operator sample files for variations of operator.yaml:
28 # - operator-openshift.yaml: Common settings for running in OpenShift
29 #################################################################################################################
30 # OLM: BEGIN OPERATOR DEPLOYMENT
34 name: rook-ceph-operator
35 namespace: "{{ rook_namespace }}"
42 app: rook-ceph-operator
47 app: rook-ceph-operator
49 serviceAccountName: rook-ceph-system
51 - name: rook-ceph-operator
52 image: "{{ rook_repository }}:{{ rook_version }}"
53 args: ["ceph", "operator"]
55 - mountPath: /var/lib/rook
57 - mountPath: /etc/ceph
58 name: default-config-dir
60 # If the operator should only watch for cluster CRDs in the same namespace, set this to "true".
61 # If this is not set to true, the operator will watch for cluster CRDs in all namespaces.
62 - name: ROOK_CURRENT_NAMESPACE_ONLY
64 # To disable RBAC, uncomment the following:
65 # - name: RBAC_ENABLED
67 # Rook Agent toleration. Will tolerate all taints with all keys.
68 # Choose between NoSchedule, PreferNoSchedule and NoExecute:
69 # - name: AGENT_TOLERATION
71 # (Optional) Rook Agent toleration key. Set this to the key of the taint you want to tolerate
72 # - name: AGENT_TOLERATION_KEY
73 # value: "<KeyOfTheTaintToTolerate>"
74 # (Optional) Rook Agent tolerations list. Put here list of taints you want to tolerate in YAML format.
75 # - name: AGENT_TOLERATIONS
77 # - effect: NoSchedule
78 # key: node-role.kubernetes.io/controlplane
81 # key: node-role.kubernetes.io/etcd
83 # (Optional) Rook Agent NodeAffinity.
84 # - name: AGENT_NODE_AFFINITY
85 # value: "role=storage-node; storage=rook,ceph"
86 # (Optional) Rook Agent mount security mode. Can by `Any` or `Restricted`.
87 # `Any` uses Ceph admin credentials by default/fallback.
88 # For using `Restricted` you must have a Ceph secret in each namespace storage should be consumed from and
89 # set `mountUser` to the Ceph user, `mountSecret` to the Kubernetes secret name.
90 # to the namespace in which the `mountSecret` Kubernetes secret namespace.
91 # - name: AGENT_MOUNT_SECURITY_MODE
93 # Set the path where the Rook agent can find the flex volumes
94 # - name: FLEXVOLUME_DIR_PATH
95 # value: "<PathToFlexVolumes>"
96 # Set the path where kernel modules can be found
97 # - name: LIB_MODULES_DIR_PATH
98 # value: "<PathToLibModules>"
99 # Mount any extra directories into the agent container
100 # - name: AGENT_MOUNTS
101 # value: "somemount=/host/path:/container/path,someothermount=/host/path2:/container/path2"
102 # Rook Discover toleration. Will tolerate all taints with all keys.
103 # Choose between NoSchedule, PreferNoSchedule and NoExecute:
104 # - name: DISCOVER_TOLERATION
105 # value: "NoSchedule"
106 # (Optional) Rook Discover toleration key. Set this to the key of the taint you want to tolerate
107 # - name: DISCOVER_TOLERATION_KEY
108 # value: "<KeyOfTheTaintToTolerate>"
109 # (Optional) Rook Discover tolerations list. Put here list of taints you want to tolerate in YAML format.
110 # - name: DISCOVER_TOLERATIONS
112 # - effect: NoSchedule
113 # key: node-role.kubernetes.io/controlplane
115 # - effect: NoExecute
116 # key: node-role.kubernetes.io/etcd
118 # (Optional) Discover Agent NodeAffinity.
119 # - name: DISCOVER_AGENT_NODE_AFFINITY
120 # value: "role=storage-node; storage=rook, ceph"
121 # Allow rook to create multiple file systems. Note: This is considered
122 # an experimental feature in Ceph as described at
123 # http://docs.ceph.com/docs/master/cephfs/experimental-features/#multiple-filesystems-within-a-ceph-cluster
124 # which might cause mons to crash as seen in https://github.com/rook/rook/issues/1027
125 - name: ROOK_ALLOW_MULTIPLE_FILESYSTEMS
128 # The logging level for the operator: INFO | DEBUG
129 - name: ROOK_LOG_LEVEL
132 # The interval to check the health of the ceph cluster and update the status in the custom resource.
133 - name: ROOK_CEPH_STATUS_CHECK_INTERVAL
136 # The interval to check if every mon is in the quorum.
137 - name: ROOK_MON_HEALTHCHECK_INTERVAL
140 # The duration to wait before trying to failover or remove/replace the
141 # current mon with a new mon (useful for compensating flapping network).
142 - name: ROOK_MON_OUT_TIMEOUT
145 # The duration between discovering devices in the rook-discover daemonset.
146 - name: ROOK_DISCOVER_DEVICES_INTERVAL
149 # Whether to start pods as privileged that mount a host path, which includes the Ceph mon and osd pods.
150 # This is necessary to workaround the anyuid issues when running on OpenShift.
151 # For more details see https://github.com/rook/rook/issues/1314#issuecomment-355799641
152 - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED
155 # In some situations SELinux relabelling breaks (times out) on large filesystems, and doesn't work with cephfs ReadWriteMany volumes (last relabel wins).
156 # Disable it here if you have similar issues.
157 # For more details see https://github.com/rook/rook/issues/2417
158 - name: ROOK_ENABLE_SELINUX_RELABELING
161 # In large volumes it will take some time to chown all the files. Disable it here if you have performance issues.
162 # For more details see https://github.com/rook/rook/issues/2254
163 - name: ROOK_ENABLE_FSGROUP
166 # Disable automatic orchestration when new devices are discovered
167 - name: ROOK_DISABLE_DEVICE_HOTPLUG
170 # Whether to enable the flex driver. By default it is enabled and is fully supported, but will be deprecated in some future release
171 # in favor of the CSI driver.
172 - name: ROOK_ENABLE_FLEX_DRIVER
175 # Whether to start the discovery daemon to watch for raw storage devices on nodes in the cluster.
176 # This daemon does not need to run if you are only going to create your OSDs based on StorageClassDeviceSets with PVCs.
177 - name: ROOK_ENABLE_DISCOVERY_DAEMON
180 # Enable the default version of the CSI CephFS driver. To start another version of the CSI driver, see image properties below.
181 - name: ROOK_CSI_ENABLE_CEPHFS
184 # Enable the default version of the CSI RBD driver. To start another version of the CSI driver, see image properties below.
185 - name: ROOK_CSI_ENABLE_RBD
187 - name: ROOK_CSI_ENABLE_GRPC_METRICS
189 # The default version of CSI supported by Rook will be started. To change the version
190 # of the CSI driver to something other than what is officially supported, change
191 # these images to the desired release of the CSI driver.
192 #- name: ROOK_CSI_CEPH_IMAGE
193 # value: "quay.io/cephcsi/cephcsi:v1.2.1"
194 #- name: ROOK_CSI_REGISTRAR_IMAGE
195 # value: "quay.io/k8scsi/csi-node-driver-registrar:v1.1.0"
196 #- name: ROOK_CSI_PROVISIONER_IMAGE
197 # value: "quay.io/k8scsi/csi-provisioner:v1.3.0"
198 #- name: ROOK_CSI_SNAPSHOTTER_IMAGE
199 # value: "quay.io/k8scsi/csi-snapshotter:v1.2.0"
200 #- name: ROOK_CSI_ATTACHER_IMAGE
201 # value: "quay.io/k8scsi/csi-attacher:v1.2.0"
202 # kubelet directory path, if kubelet configured to use other than /var/lib/kubelet path.
203 #- name: ROOK_CSI_KUBELET_DIR_PATH
204 # value: "/var/lib/kubelet"
205 # (Optional) Ceph Provisioner NodeAffinity.
206 # - name: CSI_PROVISIONER_NODE_AFFINITY
207 # value: "role=storage-node; storage=rook, ceph"
208 # (Optional) CEPH CSI provisioner tolerations list. Put here list of taints you want to tolerate in YAML format.
209 # CSI provisioner would be best to start on the same nodes as other ceph daemons.
210 # - name: CSI_PROVISIONER_TOLERATIONS
212 # - effect: NoSchedule
213 # key: node-role.kubernetes.io/controlplane
215 # - effect: NoExecute
216 # key: node-role.kubernetes.io/etcd
218 # (Optional) Ceph CSI plugin NodeAffinity.
219 # - name: CSI_PLUGIN_NODE_AFFINITY
220 # value: "role=storage-node; storage=rook, ceph"
221 # (Optional) CEPH CSI plugin tolerations list. Put here list of taints you want to tolerate in YAML format.
222 # CSI plugins need to be started on all the nodes where the clients need to mount the storage.
223 # - name: CSI_PLUGIN_TOLERATIONS
225 # - effect: NoSchedule
226 # key: node-role.kubernetes.io/controlplane
228 # - effect: NoExecute
229 # key: node-role.kubernetes.io/etcd
231 # The name of the node to pass with the downward API
232 - name: ROOK_CSI_CEPH_IMAGE
233 value: "{{ cephcsi_repository }}:{{ cephcsi_version }}"
234 - name: ROOK_CSI_REGISTRAR_IMAGE
235 value: "{{ csi_node_driver_registrar_repository }}:{{ csi_node_driver_registrar_version }}"
236 - name: ROOK_CSI_PROVISIONER_IMAGE
237 value: "{{ csi_provisioner_repository }}:{{ csi_provisioner_version }}"
238 - name: ROOK_CSI_SNAPSHOTTER_IMAGE
239 value: "{{ csi_snapshotter_repository }}:{{ csi_snapshotter_version }}"
240 - name: ROOK_CSI_ATTACHER_IMAGE
241 value: "{{ csi_attacherr_repository }}:{{ csi_attacher_version }}"
245 fieldPath: spec.nodeName
246 # The pod name to pass with the downward API
250 fieldPath: metadata.name
251 # The pod namespace to pass with the downward API
252 - name: POD_NAMESPACE
255 fieldPath: metadata.namespace
259 - name: default-config-dir
261 # OLM: END OPERATOR DEPLOYMENT