Biohazard
Biohazard copied to clipboard
Published
20 hours ago •
JJGadgets
JJGadgets
feat(helm): update chart rook-ceph to v1.15.3
This PR contains the following updates:
| Package | Update | Change | OpenSSF |
|---|---|---|---|
| rook-ceph | minor | v1.13.4 -> v1.15.3 |
Release Notes
rook/rook (rook-ceph)
v1.15.3
Improvements
Rook v1.15.3 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- rgw: Allow CephObjectZone and CephObjectStore creation based on pre-existing pools (#14801 #14772, @jhoblitt)
- helm: Add enforce host network setting (#14791, @travisn)
- core: Allow configuration of the revision history limit (#14775, @obnoxxx)
- core: Preserve pool application name change (#14755, @sp98)
- csi: Update privileges in CSI logrotate sidecar container (#14782, @parth-gr)
- docs: Declare cephconfig settings stable in the CephCluster CR (#14752, @travisn)
- build: Allow building with golang 1.23 (#14748, @obnoxxx)
- csi: Fix the ROOK_CSI_DISABLE_DRIVER flag in the CSI driver reconcile (#14746, @parth-gr)
- external: Update MDS caps for the healthchecker/cephfs users (#14722, @subhamkrai)
- docs: Update external docs with a better structure (#14718, @parth-gr)
v1.15.2
Improvements
Rook v1.15.2 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- core: Enable annotations on crash collector (#14731, @travisn)
- exporter: Configure prio-limit for ceph exporter pod (#14717, @arttor)
- docs: Add grafana dashboards files to docs (#14679, @galexrt)
- pool: Allow negative step num in crush rule (#14709, @travisn)
- csi: Stop deleting csi-operator resources when not enabled (#14693, @subhamkrai)
- core: Check for duplicate ceph fs pool names (#14653, @sp98)
- csi: Update to CephCSI patch release v3.12.2 (#14694, @Madhu-1)
- osd: Discover metadata and wal devices for raw device cleanup (#14645, @Papawy)
- network: Allow enforcing host network on all pods (#14585, @obnoxxx)
- mon: Remove extra mon from quorum before taking down pod (#14667, @travisn)
v1.15.1
Improvements
Rook v1.15.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- csi: Update csi-addons to v0.9.1 (#14671, @Madhu-1)
- helm: Reorder volumes in rook-ceph-csi scc for argocd diff to show no changes (#14642, @raynay-r)
- rgw: Allow users to add custom volume mounts (#14616, @BlaineEXE)
- core: Spread Ceph mons across zones when using
mon.zonesspec (#14636, @BenoitKnecht) - external: Remove the false bool values from config file (#14627, @parth-gr)
- core: Host cleanup jobs to read flags correctly (#14631, @sp98)
- multus: Fix default service account handling (#14629, @BlaineEXE)
- csi: Use specific CSI operator version tag instead of latest image (#14618, @subhamkrai)
v1.15.0
Upgrade Guide
To upgrade from previous versions of Rook, see the Rook upgrade guide.
Breaking Changes
- Minimum version of Kubernetes supported is increased to K8s v1.26.
- During CephBlockPool updates, Rook will now return an error if an invalid device class is specified. Pools with invalid device classes may start failing until the correct device class is specified. For more details, see #14057.
- Rook has deprecated CSI network "holder" pods. If there are pods named
csi-*plugin-holder-*in the Rook operator namespace, see the detailed documentation to disable them. This deprecation process will be required before upgrading to the future Rook v1.16. - Ceph COSI driver images have been updated. This impacts existing COSI Buckets, BucketClaims, and BucketAccesses. Update existing clusters following the guide here.
- CephObjectStore, CephObjectStoreUser, and OBC endpoint behavior has changed when CephObjectStore
spec.hostingconfigurations are set. Use the newspec.hosting.advertiseEndpointconfig to define required behavior as documented.
Features
- Added support for Ceph Squid (v19), in addition to Reef (v18) and Quincy (v17). Quincy support will be removed in Rook v1.16.
- Ceph-CSI driver v3.12, including new options for RBD, log rotation, and updated sidecar images.
- Allow updating the device class of OSDs, if
allowDeviceClassUpdate: trueis set in the CephCluster CR. - Allow updating the weight of an OSD, if
allowOsdCrushWeightUpdate: trueis set in the CephCluster CR. - Use fully-qualified image names (
docker.io/rook/ceph) in operator manifests and helm charts.
Experimental Features
- CephObjectStore support for keystone authentication for S3 and Swift. See the Object store documentation to configure.
- CSI operator: CSI settings are moving to CRs managed by a new operator. Once enabled, Rook will convert the settings previously defined in the operator configmap or env vars into the new CRs managed by the CSI operator. There are two steps to enable:
- Create csi-operator.yaml
- Set ROOK_USE_CSI_OPERATOR: true in
operator.yaml.
v1.14.11
Improvements
Rook v1.14.11 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- core: Enable annotations on crash collector (#14731, @travisn)
- helm: Reorder volumes in rook-ceph-csi scc for argocd diff to show no changes (#14642, @raynay-r)
- core: Fix Ceph monitor placement when zones are specifically defined in a non-stretch cluster (#14636, @BenoitKnecht)
- core: Fix host cleanup jobs to read flags correctly (#14631, @sp98)
- multus: Default service account handling for the multus tool (#14629, @BlaineEXE)
v1.14.10
Improvements
Rook v1.14.10 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- core: Configuration option added for metrics bindAddress (#14598, @jrcichra)
- core: Annotations and labels configurable on detect version jobs (#14576, @travisn)
- docs: Troubleshooting topic for containerd LimitNOFILE issue (#14500, @nicofnt)
v1.14.9
Improvements
Rook v1.14.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- manifest: Update the ceph recommended version to v18.2.4 (#14491, @travisn)
- mgr: Properly detect if dashboard cert already exists to avoid unnecessary dashboard module restarts (#14484, @travisn)
- mgr: Lookup cluster crd on active mgr watch (#14482, @arttor)
- csi: Make kube apiserver qps configurable (#14420, @YiteGu)
- multus: Reset validation tool debounce time to 30 (#14451, @BlaineEXE)
- multus: Add host checking to validation tool (#14230, @BlaineEXE)
- pool: Skip updating crush rules for stretch clusters (#14447, @travisn)
v1.14.8
Improvements
Rook v1.14.8 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- osd: Fix activate failure when block device moves (#14374, @BlaineEXE)
- csi: Update csi-addons repo link for correctly versioned downloads (#14408, @Madhu-1)
- build: Update go-retryablehttp from 0.7.6 to 0.7.7 (#14391, @subhamkrai)
- osd: Use old passphrase to kill the LUKS slot during key rotation (#14367, @black-dragon74)
- csi: Skip creating networkFence when csi is disabled (#14294, @subhamkrai)
v1.14.7
What's Changed
monitoring: fix CephPoolGrowthWarning expression (#14346, @matofeder) monitoring: Set honor labels on the service monitor (#14339, @travisn)
Full Changelog: https://github.com/rook/rook/compare/v1.14.6...v1.14.7
v1.14.6
What's Changed
- build: add result of codegen (#14287, @obnoxxx)
- build: remove iproute build dependency on centos repo (#14299, @BlaineEXE)
- mon: Allow overriding the mon endpoint with annotation (#13500, @travisn)
- multus: add and test ipv6 support for validation tool (#14302, @BlaineEXE)
- monitoring: fix exporter service monitor selector (#14313, @matofeder)
- monitoring: update to the latest ceph prometheus rules (#14312, @matofeder)
- doc: add recommendation for nfs in external cluster (#13876, @parth-gr)
- pool: get the exact deviceClass name instead of crushroot+deviceClass (#14325, @ideepika)
- helm: allow custom labels and annotations for storage classes (#14323, @catdog2)
- core: Update go modules for snyk security check (#14331, @travisn)
v1.14.5
Improvements
Rook v1.14.5 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- mon: Fix the bind address when IPv6 and msgr2 are enabled (#14248, @BlaineEXE)
- osd: Configure cluster full settings related to OSDs filling up (#14281, @travisn)
- core: Remove unnecessary owner refs in resource cleanup jobs (#14234, @sp98)
- mgr: Set balancer mode for the balancer mgr module in the CephCluster CR (#14232, @sp98)
- osd: Reduce safe-to-destroy retry timeout to 15s (#14257, @bdowling)
- docs: Document how to define a StorageClass to consume a RADOS namespace (#14173, @obnoxxx)
- core: Fix missing env in subvolume group cleanup job (#14236, @sp98)
v1.14.4
Improvements
Rook v1.14.4 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- core: Remove obsolete Ceph Pacific checks (#14210, @satoru-takeuchi)
- osd: Add cephcluster status for deprecated OSDs that should be replaced (#14187, @travisn)
- mgr: Fix UpdateActiveMgrLabel to retry label update on failure (#14160, @rkachach)
- ci: Update ubuntu image from 20.04 to 22.04 (#14166, @subhamkrai)
v1.14.3
Improvements
Rook v1.14.3 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- csi: Fix missing namespace in internal csi cluster config map (#14154, @BlaineEXE)
- osd: Limit storageClassDeviceSet names to 40 chars (#14134, @subhamkrai)
- mon: Disable the msgr v1 port listening inside the mon pod if msgr2 is required (#14147, @travisn)
- external: Restructure external cluster examples manifests (#13932, @smoshiur1237)
- mon: Allow mon scale-down when mons are portable (#14106, @subhamkrai)
- osd: Legacy LVM-based OSDs on PVCs crash on resize init container (#14100, @travisn)
- csi: Update csi sidecars image version (#14129, @iPraveenParihar)
- csi: Create csi configmap if csi controller is disabled (#14125, @parth-gr)
- operator: Support custom dashboard service labels and annotations (#14115, @sfackler)
- external: Add support for rados namespace for rbd EC pools (#13769, @parth-gr)
- ci: Use markdownlint to enforce mkdocs compatibility (#14114, @BlaineEXE)
v1.14.2
Improvements
Rook v1.14.2 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- ci: Add K8s 1.30 support (#14093, @subhamkrai)
- helm: Use correct metadata and data EC block pool (#14088, @travisn)
- csi: Only create CSI config configmap in CSI reconciler (#14089, @BlaineEXE)
v1.14.1
Improvements
Rook v1.14.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- crds: More verbose kubectl info for CephBlockPoolRadosNamespace and CephFilesystemSubVolumeGroup (#14049, @NymanRobin)
- subvolumegroup: Add support for quota and datapool (#14036, @Madhu-1)
- osd: Add option to require healthy PGs during OSD upgrade (#14040, @mmaoyu)
- core: Cleanup RADOS namespace with forced deletion annotation (#14052, @sp98)
- core: Cleanup Subvolumegroups with forced deletion annotation (#14026, @sp98)
- osd: Prevent osd reconcile when device set names duplicated (#14002, @travisn)
- doc: Host networking required for CSI driver (#14023, @BlaineEXE)
- operator: Ensure cluster owner info is set in LoadClusterInfo (#14079, @BlaineEXE)
v1.14.0
Upgrade Guide
To upgrade from previous versions of Rook, see the Rook upgrade guide.
Breaking Changes
- The minimum supported version of Kubernetes is v1.25. Upgrade to Kubernetes v1.25 or higher before upgrading Rook.
- The image
repositoryandtagsettings are specified separately in the helm chart values.yaml for the CSI images. Helm users previously specifying the CSI images with theimagesetting will need to update their values.yaml with the separaterepositoryandtagsettings. - Rook is beginning the process of deprecating CSI network "holder" pods. If there are pods named
csi-*plugin-holder-*in the Rook operator namespace, see the holder pod deprecation documentation to disable them. Migration of affected clusters is optional for v1.14, but will be required in a future release. - The Rook operator config
CSI_ENABLE_READ_AFFINITYwas removed. v1.13 clusters that have modified this value to be"true"must set the option as desired in each CephCluster as documented here before upgrading to v1.14.
Features
- Kubernetes versions v1.25 through v1.29 are supported. K8s v1.30 will be supported as soon as released.
- Ceph daemon pods using the
defaultservice account now use a newrook-ceph-defaultservice account. - A custom Ceph
applicationcan be applied to a CephBlockPool CR. - Object stores can be created with shared metadata and data pools. Isolation between object stores is enabled via RADOS namespaces. This configuration is recommended to limit the number of pools when multiple object stores are created.
- Support for VolumeSnapshotGroup is available for the RBD and CephFS CSI drivers.
- Support for virtual style hosting for s3 buckets is added in the CephObjectStore, by adding hosting.dnsNames to the object store.
- A static prefix can be specified for the CSI drivers and OBC provisioner (the default prefix is the
rook-cephnamespace). - Azure Key Vault KMS support is added for storing OSD encryption keys.
- Additional status columns added to the
kubectloutput for Rook CRDs.
v1.13.10
Improvements
Rook v1.13.10 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- osd: Fix activate failure when block device moves (#14374, @BlaineEXE)
- csi: Update csi-addons repo link for correctly versioned download (#14408, @Madhu-1)
v1.13.9
Improvements
Rook v1.13.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- mgr: Fix UpdateActiveMgrLabel to retry label update on failure (#14160, @rkachach)
- core: Remove obsolete Ceph Pacific checks (#14210, @satoru-takeuchi)
- osd: Add cephcluster status for deprecated OSDs that should be replaced (#14187, @travisn)
- osd: Remove support for resize of legacy LVM-based OSDs on PVCs due to crash in resize container (#14100, @travisn)
- osd: Prevent osd reconcile when device set names duplicated (#14002, @travisn)
v1.13.8
Improvements
Rook v1.13.8 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- external: Fix v2 port check in external script (#13982, @parth-gr)
- security: Update go dependency go-jose to pass Snyk security scan (#13960, @subhamkrai)
- osd: Start encrypted OSDs with metadata device using shared key (#13830, @cupnes)
- helm: Use toYaml for discovery nodeAffinity (#13931, @hhk7734)
v1.13.7
Improvements
Rook v1.13.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- core: Set default ceph version to v18.2.2 (#13913, @travisn)
- monitoring: Increase default metrics scraping interval from 5s to 10s (#13923, @rkachach)
- exporter: Apply labels from
monitoringsection of CephCluster to ceph-exporter (#13902, @rkachach)
v1.13.6
Improvements
Rook v1.13.6 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- helm: Replace the
mastertag in the values.yaml with the release tag (#13897, @travisn) - manifest: Reduce CRD size by removing some descriptions (#13793, @rkachach)
- csi: Update CSIDriverOption params during saving cluster config (#13836, @Rakshith-R)
- external: Remove requirement for v1 port and allow exclusive v2 mon port configuration (#13856, @parth-gr)
- csi: Update sidecars to latest release (#13846, @Madhu-1)
- operator: Use Linux container CPU quota (#13816, @uhthomas)
- helm: Fix links to obsolete ceph master documentation (#13877, @galexrt)
v1.13.5
Improvements
Rook v1.13.5 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.
- pool: Skip crush rule update when not needed (#13772, @travisn)
- osd: Support OSD creation with a metadata partition (#13314, @microyahoo)
- csi: Update Ceph-CSI image to 3.10.2 (#13736, @Madhu-1)
- mon: Set mon PDB max unavailable as 2 when there are 5 or more mons. (#13794, @sp98)
- external: fix syntax error import-external-cluster.sh (#13780, @timolow)
- core: Continue processing PVs for network fencing when no node IPs found (#13768, @Madhu-1)
- mgr: Remove unnecessary privileged security context from mgr sidecar container (#13741, @rkachach)
- network: Disallow legacy hostNetwork provider when a non-default provider is specified (#13693, @obnoxxx)
- csi: Disable CephFS network fencing (#13806, @subhamkrai)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Renovate Bot.
![tinfoild[bot] avatar](https://avatars.githubusercontent.com/u/5709019?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploying jjgadgets-biohazard with 
Cloudflare Pages
| Latest commit: |
ae79f35
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://311246cd.jjgadgets-biohazard.pages.dev |
| Branch Preview URL: | https://renovate-rook-ceph-1-x.jjgadgets-biohazard.pages.dev |
![cloudflare-workers-and-pages[bot] avatar](https://avatars.githubusercontent.com/in/85455?v=4 "Published by a pub.dev verified publisher"){kind=small}
--- kube/deploy/core/storage/rook-ceph/app Kustomization: flux-system/1-core-storage-rook-ceph-app HelmRelease: rook-ceph/rook-ceph
+++ kube/deploy/core/storage/rook-ceph/app Kustomization: flux-system/1-core-storage-rook-ceph-app HelmRelease: rook-ceph/rook-ceph
@@ -12,13 +12,13 @@
spec:
chart: rook-ceph
sourceRef:
kind: HelmRepository
name: rook-ceph
namespace: flux-system
- version: v1.13.4
+ version: v1.15.4
driftDetection:
ignore:
- paths:
- /spec/replicas
mode: warn
install:
--- HelmRelease: rook-ceph/rook-ceph ConfigMap: rook-ceph/rook-ceph-operator-config
+++ HelmRelease: rook-ceph/rook-ceph ConfigMap: rook-ceph/rook-ceph-operator-config
@@ -9,31 +9,39 @@
ROOK_CEPH_COMMANDS_TIMEOUT_SECONDS: '15'
ROOK_OBC_WATCH_OPERATOR_NAMESPACE: 'true'
ROOK_CEPH_ALLOW_LOOP_DEVICES: 'false'
ROOK_ENABLE_DISCOVERY_DAEMON: 'false'
ROOK_CSI_ENABLE_RBD: 'true'
ROOK_CSI_ENABLE_CEPHFS: 'true'
+ ROOK_CSI_DISABLE_DRIVER: 'false'
CSI_ENABLE_CEPHFS_SNAPSHOTTER: 'true'
CSI_ENABLE_NFS_SNAPSHOTTER: 'true'
CSI_ENABLE_RBD_SNAPSHOTTER: 'true'
CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: 'false'
CSI_ENABLE_ENCRYPTION: 'false'
CSI_ENABLE_OMAP_GENERATOR: 'false'
CSI_ENABLE_HOST_NETWORK: 'true'
+ CSI_DISABLE_HOLDER_PODS: 'true'
CSI_ENABLE_METADATA: 'true'
+ CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: 'true'
CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical
CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical
CSI_RBD_FSGROUPPOLICY: File
CSI_CEPHFS_FSGROUPPOLICY: File
CSI_NFS_FSGROUPPOLICY: File
CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: ms_mode=prefer-secure,recover_session=clean
+ ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.12.2
+ ROOK_CSI_REGISTRAR_IMAGE: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1
+ ROOK_CSI_PROVISIONER_IMAGE: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1
+ ROOK_CSI_SNAPSHOTTER_IMAGE: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1
+ ROOK_CSI_ATTACHER_IMAGE: registry.k8s.io/sig-storage/csi-attacher:v4.6.1
+ ROOK_CSI_RESIZER_IMAGE: registry.k8s.io/sig-storage/csi-resizer:v1.11.1
ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent
CSI_ENABLE_CSIADDONS: 'true'
- ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.8.0
+ ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.9.1
CSI_ENABLE_TOPOLOGY: 'false'
- CSI_ENABLE_READ_AFFINITY: 'true'
ROOK_CSI_ENABLE_NFS: 'false'
CSI_FORCE_CEPHFS_KERNEL_CLIENT: 'true'
CSI_GRPC_TIMEOUT_SECONDS: '150'
CSI_PROVISIONER_REPLICAS: '2'
CSI_RBD_PROVISIONER_RESOURCE: |
- name : csi-provisioner
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-system
+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-system
@@ -32,13 +32,58 @@
- create
- get
- update
- delete
- watch
- list
+ - deletecollection
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
+- apiGroups:
+ - csi.ceph.io
+ resources:
+ - cephconnections
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - csi.ceph.io
+ resources:
+ - clientprofiles
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - csi.ceph.io
+ resources:
+ - operatorconfigs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - csi.ceph.io
+ resources:
+ - drivers
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - update
+ - watch
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-csi-nodeplugin
+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-csi-nodeplugin
@@ -7,7 +7,31 @@
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
+- apiGroups:
+ - ''
+ resources:
+ - secrets
+ verbs:
+ - get
+- apiGroups:
+ - ''
+ resources:
+ - configmaps
+ verbs:
+ - get
+- apiGroups:
+ - ''
+ resources:
+ - serviceaccounts
+ verbs:
+ - get
+- apiGroups:
+ - ''
+ resources:
+ - serviceaccounts/token
+ verbs:
+ - create
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-external-provisioner-runner
+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-external-provisioner-runner
@@ -11,13 +11,27 @@
verbs:
- get
- list
- apiGroups:
- ''
resources:
+ - configmaps
+ verbs:
+ - get
+- apiGroups:
+ - ''
+ resources:
- nodes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - csinodes
verbs:
- get
- list
- watch
- apiGroups:
- ''
@@ -84,12 +98,16 @@
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
+ - watch
+ - update
+ - patch
+ - create
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotclasses
verbs:
- get
@@ -102,14 +120,52 @@
verbs:
- get
- list
- watch
- patch
- update
+ - create
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents/status
verbs:
- update
- patch
+- apiGroups:
+ - groupsnapshot.storage.k8s.io
+ resources:
+ - volumegroupsnapshotclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - groupsnapshot.storage.k8s.io
+ resources:
+ - volumegroupsnapshotcontents
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+- apiGroups:
+ - groupsnapshot.storage.k8s.io
+ resources:
+ - volumegroupsnapshotcontents/status
+ verbs:
+ - update
+ - patch
+- apiGroups:
+ - ''
+ resources:
+ - serviceaccounts
+ verbs:
+ - get
+- apiGroups:
+ - ''
+ resources:
+ - serviceaccounts/token
+ verbs:
+ - create
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rbd-external-provisioner-runner
+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rbd-external-provisioner-runner
@@ -93,12 +93,15 @@
resources:
- volumesnapshots
verbs:
- get
- list
- watch
+ - update
+ - patch
+ - create
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotclasses
verbs:
- get
@@ -111,16 +114,42 @@
verbs:
- get
- list
- watch
- patch
- update
+ - create
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents/status
+ verbs:
+ - update
+ - patch
+- apiGroups:
+ - groupsnapshot.storage.k8s.io
+ resources:
+ - volumegroupsnapshotclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - groupsnapshot.storage.k8s.io
+ resources:
+ - volumegroupsnapshotcontents
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+- apiGroups:
+ - groupsnapshot.storage.k8s.io
+ resources:
+ - volumegroupsnapshotcontents/status
verbs:
- update
- patch
- apiGroups:
- ''
resources:
@@ -144,15 +173,7 @@
resources:
- nodes
verbs:
- get
- list
- watch
-- apiGroups:
- - storage.k8s.io
- resources:
- - csinodes
- verbs:
- - get
- - list
- - watch
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-rgw
+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-rgw
@@ -1,14 +0,0 @@
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: rook-ceph-rgw
- namespace: rook-ceph
-rules:
-- apiGroups:
- - ''
- resources:
- - configmaps
- verbs:
- - get
-
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-rgw
+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-rgw
@@ -1,15 +0,0 @@
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: rook-ceph-rgw
- namespace: rook-ceph
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: rook-ceph-rgw
-subjects:
-- kind: ServiceAccount
- name: rook-ceph-rgw
- namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph Deployment: rook-ceph/rook-ceph-operator
+++ HelmRelease: rook-ceph/rook-ceph Deployment: rook-ceph/rook-ceph-operator
@@ -26,13 +26,13 @@
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 5
containers:
- name: rook-ceph-operator
- image: rook/ceph:v1.13.4
+ image: docker.io/rook/ceph:v1.15.4
imagePullPolicy: IfNotPresent
args:
- ceph
- operator
securityContext:
capabilities:
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-default
+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-default
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: rook-ceph-default
+ namespace: rook-ceph
+ labels:
+ operator: rook
+ storage-backend: ceph
+