+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################################################################
+# The deployment for the rook operator
+# Contains the common settings for most Kubernetes deployments.
+# For example, to create the rook-ceph cluster:
+# kubectl create -f common.yaml
+# kubectl create -f operator.yaml
+# kubectl create -f cluster.yaml
+#
+# Also see other operator sample files for variations of operator.yaml:
+# - operator-openshift.yaml: Common settings for running in OpenShift
+#################################################################################################################
+# OLM: BEGIN OPERATOR DEPLOYMENT
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: rook-ceph-operator
+ namespace: "{{ rook_namespace }}"
+ labels:
+ operator: rook
+ storage-backend: ceph
+spec:
+ selector:
+ matchLabels:
+ app: rook-ceph-operator
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: rook-ceph-operator
+ spec:
+ serviceAccountName: rook-ceph-system
+ containers:
+ - name: rook-ceph-operator
+ image: "{{ rook_repository }}:{{ rook_version }}"
+ args: ["ceph", "operator"]
+ volumeMounts:
+ - mountPath: /var/lib/rook
+ name: rook-config
+ - mountPath: /etc/ceph
+ name: default-config-dir
+ env:
+ # If the operator should only watch for cluster CRDs in the same namespace, set this to "true".
+ # If this is not set to true, the operator will watch for cluster CRDs in all namespaces.
+ - name: ROOK_CURRENT_NAMESPACE_ONLY
+ value: "false"
+ # To disable RBAC, uncomment the following:
+ # - name: RBAC_ENABLED
+ # value: "false"
+ # Rook Agent toleration. Will tolerate all taints with all keys.
+ # Choose between NoSchedule, PreferNoSchedule and NoExecute:
+ # - name: AGENT_TOLERATION
+ # value: "NoSchedule"
+ # (Optional) Rook Agent toleration key. Set this to the key of the taint you want to tolerate
+ # - name: AGENT_TOLERATION_KEY
+ # value: "<KeyOfTheTaintToTolerate>"
+ # (Optional) Rook Agent tolerations list. Put here list of taints you want to tolerate in YAML format.
+ # - name: AGENT_TOLERATIONS
+ # value: |
+ # - effect: NoSchedule
+ # key: node-role.kubernetes.io/controlplane
+ # operator: Exists
+ # - effect: NoExecute
+ # key: node-role.kubernetes.io/etcd
+ # operator: Exists
+ # (Optional) Rook Agent NodeAffinity.
+ # - name: AGENT_NODE_AFFINITY
+ # value: "role=storage-node; storage=rook,ceph"
+ # (Optional) Rook Agent mount security mode. Can by `Any` or `Restricted`.
+ # `Any` uses Ceph admin credentials by default/fallback.
+ # For using `Restricted` you must have a Ceph secret in each namespace storage should be consumed from and
+ # set `mountUser` to the Ceph user, `mountSecret` to the Kubernetes secret name.
+ # to the namespace in which the `mountSecret` Kubernetes secret namespace.
+ # - name: AGENT_MOUNT_SECURITY_MODE
+ # value: "Any"
+ # Set the path where the Rook agent can find the flex volumes
+ # - name: FLEXVOLUME_DIR_PATH
+ # value: "<PathToFlexVolumes>"
+ # Set the path where kernel modules can be found
+ # - name: LIB_MODULES_DIR_PATH
+ # value: "<PathToLibModules>"
+ # Mount any extra directories into the agent container
+ # - name: AGENT_MOUNTS
+ # value: "somemount=/host/path:/container/path,someothermount=/host/path2:/container/path2"
+ # Rook Discover toleration. Will tolerate all taints with all keys.
+ # Choose between NoSchedule, PreferNoSchedule and NoExecute:
+ # - name: DISCOVER_TOLERATION
+ # value: "NoSchedule"
+ # (Optional) Rook Discover toleration key. Set this to the key of the taint you want to tolerate
+ # - name: DISCOVER_TOLERATION_KEY
+ # value: "<KeyOfTheTaintToTolerate>"
+ # (Optional) Rook Discover tolerations list. Put here list of taints you want to tolerate in YAML format.
+ # - name: DISCOVER_TOLERATIONS
+ # value: |
+ # - effect: NoSchedule
+ # key: node-role.kubernetes.io/controlplane
+ # operator: Exists
+ # - effect: NoExecute
+ # key: node-role.kubernetes.io/etcd
+ # operator: Exists
+ # (Optional) Discover Agent NodeAffinity.
+ # - name: DISCOVER_AGENT_NODE_AFFINITY
+ # value: "role=storage-node; storage=rook, ceph"
+ # Allow rook to create multiple file systems. Note: This is considered
+ # an experimental feature in Ceph as described at
+ # http://docs.ceph.com/docs/master/cephfs/experimental-features/#multiple-filesystems-within-a-ceph-cluster
+ # which might cause mons to crash as seen in https://github.com/rook/rook/issues/1027
+ - name: ROOK_ALLOW_MULTIPLE_FILESYSTEMS
+ value: "false"
+
+ # The logging level for the operator: INFO | DEBUG
+ - name: ROOK_LOG_LEVEL
+ value: "INFO"
+
+ # The interval to check the health of the ceph cluster and update the status in the custom resource.
+ - name: ROOK_CEPH_STATUS_CHECK_INTERVAL
+ value: "60s"
+
+ # The interval to check if every mon is in the quorum.
+ - name: ROOK_MON_HEALTHCHECK_INTERVAL
+ value: "45s"
+
+ # The duration to wait before trying to failover or remove/replace the
+ # current mon with a new mon (useful for compensating flapping network).
+ - name: ROOK_MON_OUT_TIMEOUT
+ value: "600s"
+
+ # The duration between discovering devices in the rook-discover daemonset.
+ - name: ROOK_DISCOVER_DEVICES_INTERVAL
+ value: "60m"
+
+ # Whether to start pods as privileged that mount a host path, which includes the Ceph mon and osd pods.
+ # This is necessary to workaround the anyuid issues when running on OpenShift.
+ # For more details see https://github.com/rook/rook/issues/1314#issuecomment-355799641
+ - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED
+ value: "false"
+
+ # In some situations SELinux relabelling breaks (times out) on large filesystems, and doesn't work with cephfs ReadWriteMany volumes (last relabel wins).
+ # Disable it here if you have similar issues.
+ # For more details see https://github.com/rook/rook/issues/2417
+ - name: ROOK_ENABLE_SELINUX_RELABELING
+ value: "true"
+
+ # In large volumes it will take some time to chown all the files. Disable it here if you have performance issues.
+ # For more details see https://github.com/rook/rook/issues/2254
+ - name: ROOK_ENABLE_FSGROUP
+ value: "true"
+
+ # Disable automatic orchestration when new devices are discovered
+ - name: ROOK_DISABLE_DEVICE_HOTPLUG
+ value: "false"
+
+ # Whether to enable the flex driver. By default it is enabled and is fully supported, but will be deprecated in some future release
+ # in favor of the CSI driver.
+ - name: ROOK_ENABLE_FLEX_DRIVER
+ value: "true"
+
+ # Whether to start the discovery daemon to watch for raw storage devices on nodes in the cluster.
+ # This daemon does not need to run if you are only going to create your OSDs based on StorageClassDeviceSets with PVCs.
+ - name: ROOK_ENABLE_DISCOVERY_DAEMON
+ value: "false"
+
+ # Enable the default version of the CSI CephFS driver. To start another version of the CSI driver, see image properties below.
+ - name: ROOK_CSI_ENABLE_CEPHFS
+ value: "true"
+
+ # Enable the default version of the CSI RBD driver. To start another version of the CSI driver, see image properties below.
+ - name: ROOK_CSI_ENABLE_RBD
+ value: "true"
+ - name: ROOK_CSI_ENABLE_GRPC_METRICS
+ value: "true"
+ # The default version of CSI supported by Rook will be started. To change the version
+ # of the CSI driver to something other than what is officially supported, change
+ # these images to the desired release of the CSI driver.
+ #- name: ROOK_CSI_CEPH_IMAGE
+ # value: "quay.io/cephcsi/cephcsi:v1.2.1"
+ #- name: ROOK_CSI_REGISTRAR_IMAGE
+ # value: "quay.io/k8scsi/csi-node-driver-registrar:v1.1.0"
+ #- name: ROOK_CSI_PROVISIONER_IMAGE
+ # value: "quay.io/k8scsi/csi-provisioner:v1.3.0"
+ #- name: ROOK_CSI_SNAPSHOTTER_IMAGE
+ # value: "quay.io/k8scsi/csi-snapshotter:v1.2.0"
+ #- name: ROOK_CSI_ATTACHER_IMAGE
+ # value: "quay.io/k8scsi/csi-attacher:v1.2.0"
+ # kubelet directory path, if kubelet configured to use other than /var/lib/kubelet path.
+ #- name: ROOK_CSI_KUBELET_DIR_PATH
+ # value: "/var/lib/kubelet"
+ # (Optional) Ceph Provisioner NodeAffinity.
+ # - name: CSI_PROVISIONER_NODE_AFFINITY
+ # value: "role=storage-node; storage=rook, ceph"
+ # (Optional) CEPH CSI provisioner tolerations list. Put here list of taints you want to tolerate in YAML format.
+ # CSI provisioner would be best to start on the same nodes as other ceph daemons.
+ # - name: CSI_PROVISIONER_TOLERATIONS
+ # value: |
+ # - effect: NoSchedule
+ # key: node-role.kubernetes.io/controlplane
+ # operator: Exists
+ # - effect: NoExecute
+ # key: node-role.kubernetes.io/etcd
+ # operator: Exists
+ # (Optional) Ceph CSI plugin NodeAffinity.
+ # - name: CSI_PLUGIN_NODE_AFFINITY
+ # value: "role=storage-node; storage=rook, ceph"
+ # (Optional) CEPH CSI plugin tolerations list. Put here list of taints you want to tolerate in YAML format.
+ # CSI plugins need to be started on all the nodes where the clients need to mount the storage.
+ # - name: CSI_PLUGIN_TOLERATIONS
+ # value: |
+ # - effect: NoSchedule
+ # key: node-role.kubernetes.io/controlplane
+ # operator: Exists
+ # - effect: NoExecute
+ # key: node-role.kubernetes.io/etcd
+ # operator: Exists
+ # The name of the node to pass with the downward API
+ - name: ROOK_CSI_CEPH_IMAGE
+ value: "{{ cephcsi_repository }}:{{ cephcsi_version }}"
+ - name: ROOK_CSI_REGISTRAR_IMAGE
+ value: "{{ csi_node_driver_registrar_repository }}:{{ csi_node_driver_registrar_version }}"
+ - name: ROOK_CSI_PROVISIONER_IMAGE
+ value: "{{ csi_provisioner_repository }}:{{ csi_provisioner_version }}"
+ - name: ROOK_CSI_SNAPSHOTTER_IMAGE
+ value: "{{ csi_snapshotter_repository }}:{{ csi_snapshotter_version }}"
+ - name: ROOK_CSI_ATTACHER_IMAGE
+ value: "{{ csi_attacherr_repository }}:{{ csi_attacher_version }}"
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ # The pod name to pass with the downward API
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ # The pod namespace to pass with the downward API
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ volumes:
+ - name: rook-config
+ emptyDir: {}
+ - name: default-config-dir
+ emptyDir: {}
+# OLM: END OPERATOR DEPLOYMENT