feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.19.2 ) by parsec-renovate[bot] · Pull Request #181 · parsec/home-ops

parsec-renovate · 2025-12-09T18:10:59Z

This PR contains the following updates:

Package	Update	Change
rook-ceph	minor	`v1.17.6` → `v1.19.2`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

rook/rook (rook-ceph)

`v1.19.2`

Compare Source

Improvements

Rook v1.19.2 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

csi: Update imagePullPolicy in operatorconfig and driver CR (#17084, @iPraveenParihar)
osd: Fix OSDs on multipath device with metadata device (#17083, @satoru-takeuchi)
build: Publish images with buildx instead of manifest-tool (#17079, @subhamkrai)
rgw: Update status info when http is disabled (#17050, @sp98)
object: Add ObjectStoreUserSpec.OpMask field (#17037, @jhoblitt)
exporter: Add log collector for ceph exporter pod (#16584, @subhamkrai)
csi: Update ceph-csi image to 3.16.1 (#17060, @iPraveenParihar)
build(deps): bump sigs.k8s.io/controller-runtime from 0.22.4 to 0.23.0 in the k8s-dependencies group (#16963, @dependabot[bot])
osd: In cephx key init, don't overwrite key on failure (#17052, @BlaineEXE)
nvmeof: Add default gateway topology spread constraints (#17074, @OdedViner)
nvmeof: Update expansion fields and sidecar images (#17019, @OdedViner)

`v1.19.1`

Compare Source

Improvements

Rook v1.19.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

csi: Update to ceph csi operator to v0.5 (#17029, @subhamkrai)
security: Remove unnecessary nodes/proxy RBAC enablement (#16979, @ibotty)
helm: Set default ceph image pull policy (#16954, @travisn)
nfs: Add CephNFS.spec.server.{image,imagePullPolicy} fields (#16982, @jhoblitt)
osd: Assign correct osd container in case it is not index 0 (#16969, @kyrbrbik)
csi: Remove obsolete automated node fencing code (#16922, @subhamkrai)
osd: Enable proper cancellation during OSD reconcile (#17022, @sp98)
csi: Allow running the csi controller plugin on host network (#16972, @Madhu-1)
rgw: Update ca bundle mount perms to read-all (#16968, @BlaineEXE)
mon: Change do-not-reconcile to be more granular for individual mons (#16939, @travisn)
build(deps): Bump the k8s-dependencies group with 6 updates (#16846, @dependabot[bot])
doc: add csi-operator example in configuration doc (#17001, @subhamkrai)

`v1.19.0`

Compare Source

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes

The supported Kubernetes versions are v1.30 - v1.35
The minimum supported Ceph version is v19.2.0. Rook v1.18 clusters running Ceph v18 must upgrade
to Ceph v19.2.0 or higher before upgrading Rook.
The behavior of the activeStandby property in the CephFilesystem CRD has changed. When set to false, the standby MDS daemon deployment will be scaled down and removed, rather than only disabling the standby cache while the daemon remains running.
Helm: The rook-ceph-cluster chart has changed where the Ceph image is defined, to allow separate settings for the repository and tag. For more details, see the Rook upgrade guide.
In external mode, when users provide a Ceph admin keyring to Rook, Rook will no longer create CSI Ceph clients automatically. This approach will provide more consistency to configure external mode clusters via the same external Python script.

Features

Experimental: NVMe over Fabrics (NVMe-oF) allows RBD volumes to be exposed and accessed via the NVMe/TCP protocol. This enables both Kubernetes pods within the cluster and external clients outside the cluster to connect to Ceph block storage using standard NVMe-oF initiators, providing high-performance block storage access over the network. See the NVMe-oF Configuration Guide to get started.
CephCSI v3.16 Integration:
- NVMe-oF CSI driver for provisioning and mounting volumes over the NVMe over Fabrics protocol
- Improved fencing for RBD and CephFS volumes during node failure
- Block volume usage statistics
- Configurable block encryption cipher
Experimental: Allow concurrent reconciles of the CephCluster CR when there multiple clusters being managed by the same Rook operator. Concurrency is enabled by increasing the operator setting ROOK_RECONCILE_CONCURRENT_CLUSTERS to a value greater than 1.
Improved logging with namespaced names for the controllers for more consistency in troubleshooting the rook operator log.

`v1.18.9`

Compare Source

Improvements

Rook v1.18.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

csi: Disable read affinity for ceph v20.2.0 to avoid corruption (#16895, @travisn)
core: Allow skipping cephcluster reconcile via do-not-reconcile label (#16874, @OdedViner)
helm: Merge rook-config-override ConfigMap into toolbox ceph.conf (#16862, @mheler)
helm: Add cephclusters/finalizers permission for mgr sidecar (#16854, @grandeit)
csi: Add fix to support multiple fs mount option (#16837, @subhamkrai)
operator: Watch cephConfigFromSecret changes (#16786, @cyanidium)
rgw: Support all S3 notification events in CRD validation (#16804, @arttor)
docs: Add pool parameter for erasure code optimizations (#16789, @travisn)

`v1.18.8`

Compare Source

Improvements

Rook v1.18.8 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

core: Add support for ceph tentacle (#16501, @subhamkrai)
helm: Include exporter options in CephCluster (#16745, @michaeltchapman)
toolbox: Merge rook-config-override ConfigMap into ceph.conf (#16731, @mheler)
csi: ControllerPlugin/NodePlugin resource settings were reversed (#16735, @swills)
osd: Allow snaptrimp and snaptrip_wait PGs by the PDBs during node drains (#16713, @sp98)
helm: Fix default pathType for HTTPRoute in the rook-ceph-cluster chart (#16724, @fancl20)
pool: Retry if pool status is empty in the rados namespace controller (#16705, @parth-gr)
namespace: Add retryOnConflict when updating status (#16661, @subhamkrai)

`v1.18.7`

Compare Source

Improvements

Rook v1.18.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

pool: Retry pool status updates in the radosnamespace controller (#16700, @parth-gr)
osd: Add device class label to the osd prepare pods (#16675, @parth-gr)
external: Fix quote parsing and message in import-external-cluster.sh (#16646, @GanghyeonSeo)
object: Fix user quotas being overwritten when obc bucketOwner is set (#16672, @jhoblitt)
docs: Example of application migration between clusters (#16659, @travisn)
mgr: Add hostNetwork field to Ceph Mgr spec (#16617, @Sunnatillo)
osd: Add CephCluster OSDMaxUpdatesInParallel to tune OSD updates (#16655, @jhoblitt)

`v1.18.6`

Compare Source

Improvements

Rook v1.18.6 is a patch release with changes only in the rook-ceph helm chart. If not affected by #16636 in v1.18.5, no need to update to this release.

helm: Remove duplicate YAML map entries (#16637, @hxtmdev)
ci: Check for duplicates in the helm linter (#16640, @hxtmdev)

`v1.18.5`

Compare Source

Improvements

Rook v1.18.5 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

mon: Wait for the canary pods to be terminated before starting mon daemons (#16619, @sp98)
mon: Trap the sigterm to respond quickly to the mon canary pod deletion (#16629, @travisn)
osd: Set osd resources for specific device class (#16614, @travisn)
mgr: Add required k8s label for endpointSlice (#16618, @subhamkrai)
pool: Skip setting the target size ratio to 0 by default (#16609, @travisn)
core: Fix ceph health check up status check (#16595, @parth-gr)
osd: Allow OSD init keyring update to be best-effort instead of fail osd start (#16603, @BlaineEXE)
osd: Add a timeout for osd create and update process (#16594, @parth-gr)
core: Add missing labels to RBAC resources to prevent ArgoCD drift (#16507, @fullstackjam)
mon: Update the clusterinfo with v2 port (#16540, @parth-gr)
file: Allow overriding MDS cache memory limit. (#16556, @timbuchwaldt)
osd: More detailed logging to check node topology conflicts (#16573, @OdedViner)

`v1.18.4`

Compare Source

Improvements

Rook v1.18.4 is a patch release with changes only in the rook-ceph-cluster helm chart. If not affected by #16567 in v1.18.3, no need to update to this release.

helm: Revert ceph image tag change (#16567, @travisn)

`v1.18.3`

Compare Source

Improvements

Rook v1.18.3 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

helm: Allow specifying the image tag and repository separately (#16512, @travisn)
csi: Allow overriding volume settings in csi operator for nixos (#16395, @travisn)
osd: Exclude down OSDs from main PDB when cluster is clean (#16112, @elias-dbx)
build: Add csi operator image to images.txt (#16563, @travisn)
csi: Update csi-operator version to v0.4.1 (#16560, @Madhu-1)
rbdmirror: Fix mirroring monitoring settings for rados namespaces (#16520, @parth-gr)
namespace: Blocklist ip:nonce in cleanup job (#16532, @Madhu-1)
osd: Clean encrypted disks from other clusters (#16488, @sp98)
csi: Avoid port conflict by removing liveness probe from the csi-operator (#16516, @Madhu-1)
csi: Add labels to the csi-operator driver pod (#16514, @subhamkrai)
helm: Refactoring to modernize templates (#16494, @consideRatio)
osd: Updated blocking pdbs when drained node comes back online (#16506, @sp98)
core: Use latest operator context to avoid reference to canceled context (#16493, @sp98)
ci: Update latest k8s version to v1.34 (#16418, @obnoxxx)
external: Fix ipv6 monitoring endpoint reconcile (#16468, @parth-gr)
pool: Allow enableCrushUpdates to be nil (#16478, @travisn)
mon: Fix mon health nil pointer exception with mons on PVC (#16484, @sp98)
helm: Refactoring of rook-ceph's configmap to be easier to read and maintain (#16457, @consideRatio)
nfs: Rotate nfs cephx key (#16456, @subhamkrai)
external: Fixing rbd provisioner secret in import-external-cluster script (#16474, @rubentsirunyan)
core: Add CRD Phase column to cephor, cephnfs, cephbn (#16541 #16542 #16543, @jhoblitt)
object: Add status.{phase,observedGeneration} to cephbn (#16499, @jhoblitt)
core: fix ObjectZoneSpec.ZoneGroup and ObjectZoneGroupSpec.Realm field descriptions (#16496, @jhoblitt)

`v1.18.2`

Compare Source

Improvements

Rook v1.18.2 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

helm: Upgrade requires either deletion of storage classes or removal of new storage class properties, see the Upgrade Guide (#16454, @parth-gr)
csi: Set host networking on the csi controller pod if host networking is enforced (#16462, @travisn)
csi: Fix cephx key deletion logic (#16452, @BlaineEXE)
csi: Add multus network annotation to csi-operator (#16448, @subhamkrai)
external: Fix secret values in import-external-cluster script (#16433, @rubentsirunyan)
osd: Remove the osd bootstrap keyring that is not needed after creation (#16421, @parth-gr)
core: Delete bootstrap keys not necessary for ceph daemons (#16372, @sp98)
core: Allow rotation of the client.admin cephx key (#16271, @BlaineEXE)
osd: Rotate lockbox keys for encrypted OSDs (#16409, @sp98)

`v1.18.1`

Compare Source

Improvements

Rook v1.18.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

csi: Set the cephfs kernel mount options when network encryption is enabled (#16399, @travisn)
csi: Generate default crush topology labels for the csi operator settings (#16376, @travisn)
csi: Create csi operator resources when operator settings configmap is updated (#16382, @subhamkrai)
csi: Delete csi operator CR's when disabled (#16381, @subhamkrai)
csi: Set csi operator as default if no settings found (#16405, @travisn)
csi: Fix wrong use of daemon config for cephx status (#16396, @BlaineEXE)
helm: Recreate storage classes with helm upgrades to add keep policy and new properties (#16373, @parth-gr)
ci: Always initialize CSI driver names (#16393, @travisn)

`v1.18.0`

Compare Source

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes

Kubernetes v1.29 is now the minimum version supported by Rook through the soon-to-be K8s release v1.34.
Helm versions 3.13 and newer are supported. Previously, only the latest version of helm was tested and the docs stated only version 3.x of helm as a prerequisite. Now rook supports the six most recent minor versions of helm along with their their patch updates.
Rook now validates node topology during CephCluster creation to prevent misconfigured CRUSH hierarchies for OSDs. If child labels like topology.rook.io/rack are duplicated across zones, cluster creation will fail. The check applies only to new clusters without OSDs. Clusters with existing OSDs will only log a warning and continue. If the checks are invalid in your topology, they can be suppressed by setting ROOK_SKIP_OSD_TOPOLOGY_CHECK=true in the rook-ceph-operator-config configmap.

Features

The Ceph CSI operator is now the default and recommended component for configuring CSI drivers for RBD, CephFS, and NFS volumes. The CSI operator has been factored out of Rook to run independently to manage the Ceph-CSI driver.
- During the upgrade and throughout the v1.18.x releases, Rook will automatically convert any Rook CSI settings to the new CSI operator CRs. This transition is expected to be completely transparent. In the future v1.19 release, Rook will relinquish direct control of these settings so advanced users can have more flexibility when configuring the CSI drivers. At that time, we will have a guide on configuring these new Ceph CSI operator CRs directly.
- During install, as mentioned in the Quickstart Guide, there is a new manifest to be created: csi-operator.yaml
- If installing with the helm chart, the Ceph CSI operator will automatically be installed by default with the new helm setting csi.rookUseCsiOperator in the rook-ceph chart.
- If a blocking issue is found, the previous CSI driver can be re-enabled by setting ROOK_USE_CSI_OPERATOR: false in operator.yaml or by applying the helm setting csi.rookUseCsiOperator: false.
Ceph CSI v3.15 has a range of features and improvements for the RBD, CephFS, and NFS drivers. This release is supported both by the Ceph CSI operator and Rook's direct mode of configuration. Starting in the next release (at the end of the year), the Ceph CSI operator will be required to configure the CSI driver.
CephX key rotation is now available as an experimental feature for the CephX authentication keys used by Ceph daemons and clients. Users will begin to see new cephx status items on some Rook resources in newly-deployed Rook clusters. Users can also find spec.security.cephx settings that allow initiating CephX key rotation for various Ceph components. Full documentation for key rotation can be found here.
- Ceph version v19.2.3+ is required for key rotation.
- The Ceph admin and mon keys cannot yet be rotated. Implementation is still in progress while in experimental mode.
Add support for specifying the clusterID in the CephBlockPoolRadosNamespace and the CephFilesystemSubVolumeGroup CR.
When a mon is being failed over, if the assigned node no longer exists, the mon is failed over immediately instead of waiting for a
20 minute timeout.
Support for Ceph Tentacle v20 will be available as soon as it is released.

`v1.17.9`

Compare Source

Improvements

Rook v1.17.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

pool: Retry pool status updates in the radosnamespace controller (#16700, @parth-gr)
object: Fix user quotas being overwritten when OBC bucketOwner is set (#16672, @jhoblitt)
mon: Wait for the canary pods to be terminated (#16619, @sp98)
mon: Respond quickly to the mon canary pod deletion (#16629, @travisn)
namespace: Blocklist ip:nonce in cleanup job (#16532, @Madhu-1)
core: Fix typos in ObjectZoneSpec.ZoneGroup and ObjectZoneGroupSpec.Realm field descriptions (#16496, @jhoblitt)

`v1.17.8`

Compare Source

Improvements

Rook v1.17.8 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

helm: Enable host network for OpenShift if needed (#16343, @travisn)
pool: Allow CephBlockPool CR removal when underlying Ceph pool is already removed (#16329, @degorenko)
core: Set erasure-code-profile plugin based on pool algorithm (#16104, @BenoitKnecht)
csi: Add CrossNamespaceVolumeDataSource feature gate (#16244, @CL0Pinette)
object: Mark realm as default to avoid zone creation (#16069, @OdedViner)
object: Simplify CephObjectStoreUser deletion logic (#16052, @jhoblitt)
object: Fix bucket policy in sync detection (#16220, @jhoblitt)
cleanup: Mount udev to cleanup job and disable udev sync (#16293, @degorenko)
cleanup: Improve cleanup of /var/lib/rook during cluster teardown (#16201, @OdedViner)
cleanup: Cleanup csi folders from /var/lib/rook during uninstall (#16260, @OdedViner)

`v1.17.7`

Compare Source

Improvements

Rook v1.17.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

Important: There is a known issue in Ceph v19.2.3 where object store bucket lifecycle deletion does not take effect. See #16188 for more details.

core: Update ceph version to v19.2.3 (#16186, @travisn)
csi: Update ceph-csi to 3.14.2 (#16157, @Madhu-1)
osd: Exclude labels with a value of null from the topology string (#16109, @hit1943)
rgw: Increase timeout for admin user creation (#16203, @travisn)
core: Log panics that were previously hidden during controller reconcile (#16150, @OdedViner)
mds: Use bash for executing liveness probe script (#16146, @xose)
helm: Correct example discover daemon resources (#16123, @swills)
helm Update SecurityContextConstraints for rook-ceph helm chart (#16153, @masonwb)
multus: Support copy file to cmd-proxy container for rgw zone set (#16133, @arttor)
mds: Fix nil pointer panic when startupProbe is set in cephfilesystem (#16144, @OdedViner)
core: Update go modules to latest except for go 1.24 (#16140, @travisn)
helm: Add HTTPRoute for dashboard and objectstore (#16135, @synthe102)
osd: Treat non existing OSD nodes as drained (#16087, @elias-dbx)
test: Add pathType with ingress dashboard host (#16129, @subhamkrai)
docs: Document how a storage class can consume a SubVolumeGroup (#16079, @raaizik)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

github-actions · 2025-12-09T23:19:01Z

--- kubernetes/apps/rook-ceph/rook-ceph/app Kustomization: flux-system/rook-ceph HelmRelease: rook-ceph/rook-ceph-operator

+++ kubernetes/apps/rook-ceph/rook-ceph/app Kustomization: flux-system/rook-ceph HelmRelease: rook-ceph/rook-ceph-operator

@@ -13,13 +13,13 @@

     spec:
       chart: rook-ceph
       sourceRef:
         kind: HelmRepository
         name: rook-ceph
         namespace: flux-system
-      version: v1.17.6
+      version: v1.19.2
   dependsOn:
   - name: snapshot-controller
     namespace: storage
   install:
     remediation:
       retries: 3

github-actions · 2026-01-13T20:12:52Z

--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-osd

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-osd

@@ -1,13 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-osd
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-mgr

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-mgr

@@ -1,13 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-mgr
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-cmd-reporter

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-cmd-reporter

@@ -1,13 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-cmd-reporter
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-purge-osd

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-purge-osd

@@ -1,7 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-purge-osd
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-rgw

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-rgw

@@ -1,13 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-rgw
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-default

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-default

@@ -1,10 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-default
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-system

@@ -1,13 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-system
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-csi-cephfs-plugin-sa

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-csi-cephfs-plugin-sa

@@ -1,7 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-csi-cephfs-plugin-sa
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-csi-cephfs-provisioner-sa

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-csi-cephfs-provisioner-sa

@@ -1,7 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-csi-cephfs-provisioner-sa
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-csi-rbd-plugin-sa

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-csi-rbd-plugin-sa

@@ -1,7 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-csi-rbd-plugin-sa
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-csi-rbd-provisioner-sa

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-csi-rbd-provisioner-sa

@@ -1,7 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-csi-rbd-provisioner-sa
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/objectstorage-provisioner

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/objectstorage-provisioner

@@ -1,9 +1,9 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: objectstorage-provisioner
   namespace: rook-ceph
   labels:
     app.kubernetes.io/part-of: container-object-storage-interface
     app.kubernetes.io/component: driver-ceph
--- HelmRelease: rook-ceph/rook-ceph-operator ConfigMap: rook-ceph/rook-ceph-operator-config

+++ HelmRelease: rook-ceph/rook-ceph-operator ConfigMap: rook-ceph/rook-ceph-operator-config

@@ -1,19 +1,28 @@

 ---
 kind: ConfigMap
 apiVersion: v1
 metadata:
   name: rook-ceph-operator-config
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 data:
   ROOK_LOG_LEVEL: INFO
   ROOK_CEPH_COMMANDS_TIMEOUT_SECONDS: '15'
   ROOK_OBC_WATCH_OPERATOR_NAMESPACE: 'true'
   ROOK_OBC_ALLOW_ADDITIONAL_CONFIG_FIELDS: maxObjects,maxSize
   ROOK_CEPH_ALLOW_LOOP_DEVICES: 'false'
   ROOK_ENABLE_DISCOVERY_DAEMON: 'true'
+  ROOK_USE_CSI_OPERATOR: 'true'
   ROOK_CSI_ENABLE_RBD: 'true'
   ROOK_CSI_ENABLE_CEPHFS: 'true'
   ROOK_CSI_DISABLE_DRIVER: 'false'
   CSI_ENABLE_CEPHFS_SNAPSHOTTER: 'true'
   CSI_ENABLE_NFS_SNAPSHOTTER: 'true'
   CSI_ENABLE_RBD_SNAPSHOTTER: 'true'
@@ -26,21 +35,22 @@

   CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical
   CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical
   CSI_RBD_FSGROUPPOLICY: File
   CSI_CEPHFS_FSGROUPPOLICY: File
   CSI_NFS_FSGROUPPOLICY: File
   CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: ms_mode=prefer-crc
-  ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.14.1
-  ROOK_CSI_REGISTRAR_IMAGE: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0
-  ROOK_CSI_PROVISIONER_IMAGE: registry.k8s.io/sig-storage/csi-provisioner:v5.2.0
-  ROOK_CSI_SNAPSHOTTER_IMAGE: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.1
-  ROOK_CSI_ATTACHER_IMAGE: registry.k8s.io/sig-storage/csi-attacher:v4.8.1
-  ROOK_CSI_RESIZER_IMAGE: registry.k8s.io/sig-storage/csi-resizer:v1.13.2
+  ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.16.1
+  ROOK_CSI_REGISTRAR_IMAGE: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.15.0
+  ROOK_CSI_PROVISIONER_IMAGE: registry.k8s.io/sig-storage/csi-provisioner:v6.0.0
+  ROOK_CSI_SNAPSHOTTER_IMAGE: registry.k8s.io/sig-storage/csi-snapshotter:v8.4.0
+  ROOK_CSI_ATTACHER_IMAGE: registry.k8s.io/sig-storage/csi-attacher:v4.10.0
+  ROOK_CSI_RESIZER_IMAGE: registry.k8s.io/sig-storage/csi-resizer:v2.0.0
   ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent
   CSI_ENABLE_CSIADDONS: 'false'
-  ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.12.0
+  ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.14.0
+  CSI_ENABLE_CROSS_NAMESPACE_VOLUME_DATA_SOURCE: 'false'
   CSI_ENABLE_TOPOLOGY: 'false'
   ROOK_CSI_ENABLE_NFS: 'false'
   CSI_ENABLE_LIVENESS: 'true'
   CSI_FORCE_CEPHFS_KERNEL_CLIENT: 'true'
   CSI_GRPC_TIMEOUT_SECONDS: '150'
   CSI_PROVISIONER_REPLICAS: '2'
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-system

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-system
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-cluster-mgmt

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-cluster-mgmt

@@ -1,14 +1,16 @@

 ---
+kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
 metadata:
   name: rook-ceph-cluster-mgmt
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-global

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-global

@@ -1,24 +1,25 @@

 ---
+kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
 metadata:
   name: rook-ceph-global
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - pods
   - nodes
-  - nodes/proxy
   - secrets
   - configmaps
   verbs:
   - get
   - list
   - watch
@@ -39,12 +40,20 @@

   - watch
   - patch
   - create
   - update
   - delete
 - apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
   - storage.k8s.io
   resources:
   - storageclasses
   verbs:
   - get
   - list
@@ -67,12 +76,13 @@

   resources:
   - cephclients
   - cephclusters
   - cephblockpools
   - cephfilesystems
   - cephnfses
+  - cephnvmeofgateways
   - cephobjectstores
   - cephobjectstoreusers
   - cephobjectrealms
   - cephobjectzonegroups
   - cephobjectzones
   - cephbuckettopics
@@ -92,12 +102,13 @@

   resources:
   - cephclients/status
   - cephclusters/status
   - cephblockpools/status
   - cephfilesystems/status
   - cephnfses/status
+  - cephnvmeofgateways/status
   - cephobjectstores/status
   - cephobjectstoreusers/status
   - cephobjectrealms/status
   - cephobjectzonegroups/status
   - cephobjectzones/status
   - cephbuckettopics/status
@@ -113,12 +124,13 @@

   resources:
   - cephclients/finalizers
   - cephclusters/finalizers
   - cephblockpools/finalizers
   - cephfilesystems/finalizers
   - cephnfses/finalizers
+  - cephnvmeofgateways/finalizers
   - cephobjectstores/finalizers
   - cephobjectstoreusers/finalizers
   - cephobjectrealms/finalizers
   - cephobjectzonegroups/finalizers
   - cephobjectzones/finalizers
   - cephbuckettopics/finalizers
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-mgr-cluster

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-mgr-cluster

@@ -3,22 +3,23 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr-cluster
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - configmaps
   - nodes
-  - nodes/proxy
   - persistentvolumes
   verbs:
   - get
   - list
   - watch
 - apiGroups:
@@ -29,12 +30,20 @@

   - create
   - patch
   - list
   - get
   - watch
 - apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
   - storage.k8s.io
   resources:
   - storageclasses
   verbs:
   - get
   - list
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-mgr-system

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-mgr-system

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr-system
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - configmaps
   verbs:
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-object-bucket

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-object-bucket

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-object-bucket
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-osd

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rook-ceph-osd

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-osd
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - nodes
   verbs:
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/cephfs-csi-nodeplugin

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/cephfs-csi-nodeplugin

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-csi-nodeplugin
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - nodes
   verbs:
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/cephfs-external-provisioner-runner

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/cephfs-external-provisioner-runner

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-external-provisioner-runner
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - secrets
   verbs:
@@ -70,12 +78,20 @@

   verbs:
   - list
   - watch
   - create
   - update
   - patch
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
 - apiGroups:
   - storage.k8s.io
   resources:
   - volumeattachments
   verbs:
   - get
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rbd-csi-nodeplugin

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rbd-csi-nodeplugin

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-nodeplugin
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rbd-external-provisioner-runner

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/rbd-external-provisioner-runner

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-external-provisioner-runner
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - secrets
   verbs:
@@ -49,12 +57,20 @@

   - list
   - watch
   - create
   - update
   - patch
 - apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
   - storage.k8s.io
   resources:
   - volumeattachments
   verbs:
   - get
   - list
@@ -170,12 +186,20 @@

   - nodes
   verbs:
   - get
   - list
   - watch
 - apiGroups:
+  - gateway.networking.k8s.io
+  resources:
+  - referencegrants
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
   - replication.storage.openshift.io
   resources:
   - volumegroupreplicationcontents
   verbs:
   - get
   - list
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/objectstorage-provisioner-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/objectstorage-provisioner-role

@@ -44,7 +44,15 @@

   - events
   verbs:
   - get
   - delete
   - update
   - create
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
 
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rook-ceph-mgr-cluster

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rook-ceph-mgr-cluster

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr-cluster
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: rook-ceph-mgr-cluster
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rook-ceph-osd

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rook-ceph-osd

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-osd
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: rook-ceph-osd
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rook-ceph-system

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-system
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rook-ceph-global

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rook-ceph-global

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-global
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rook-ceph-object-bucket

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rook-ceph-object-bucket

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-object-bucket
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: rook-ceph-object-bucket
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rbd-csi-nodeplugin

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rbd-csi-nodeplugin

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-nodeplugin
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-rbd-plugin-sa
   namespace: rook-ceph
 roleRef:
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/cephfs-csi-provisioner-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/cephfs-csi-provisioner-role

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-csi-provisioner-role
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-cephfs-provisioner-sa
   namespace: rook-ceph
 roleRef:
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/cephfs-csi-nodeplugin-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/cephfs-csi-nodeplugin-role

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-csi-nodeplugin-role
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-cephfs-plugin-sa
   namespace: rook-ceph
 roleRef:
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rbd-csi-provisioner-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/rbd-csi-provisioner-role

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-provisioner-role
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-rbd-provisioner-sa
   namespace: rook-ceph
 roleRef:
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-osd

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-osd

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-osd
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - secrets
   verbs:
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-mgr

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-mgr

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - pods
   - services
@@ -31,15 +39,17 @@

   - delete
 - apiGroups:
   - ceph.rook.io
   resources:
   - cephclients
   - cephclusters
+  - cephclusters/finalizers
   - cephblockpools
   - cephfilesystems
   - cephnfses
+  - cephnvmeofgateways
   - cephobjectstores
   - cephobjectstoreusers
   - cephobjectrealms
   - cephobjectzonegroups
   - cephobjectzones
   - cephbuckettopics
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-cmd-reporter

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-cmd-reporter

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-cmd-reporter
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - pods
   - configmaps
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-purge-osd

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-purge-osd

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-purge-osd
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - configmaps
   verbs:
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-monitoring

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-monitoring

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-monitoring
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - monitoring.coreos.com
   resources:
   - servicemonitors
   verbs:
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-monitoring-mgr

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-monitoring-mgr

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-monitoring-mgr
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - monitoring.coreos.com
   resources:
   - servicemonitors
   verbs:
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rook-ceph-system

@@ -1,15 +1,17 @@

 ---
+kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
 metadata:
   name: rook-ceph-system
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/cephfs-external-provisioner-cfg

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/cephfs-external-provisioner-cfg

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-external-provisioner-cfg
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - coordination.k8s.io
   resources:
   - leases
   verbs:
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rbd-external-provisioner-cfg

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/rbd-external-provisioner-cfg

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-external-provisioner-cfg
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - coordination.k8s.io
   resources:
   - leases
   verbs:
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-cluster-mgmt

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-cluster-mgmt

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-cluster-mgmt
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: rook-ceph-cluster-mgmt
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-osd

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-osd

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-osd
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-osd
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-mgr

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-mgr

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-mgr
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-mgr-system

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-mgr-system

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr-system
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: rook-ceph-mgr-system
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-cmd-reporter

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-cmd-reporter

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-cmd-reporter
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-cmd-reporter
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-purge-osd

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-purge-osd

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-purge-osd
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-purge-osd
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-monitoring

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-monitoring

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-monitoring
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-monitoring
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-monitoring-mgr

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-monitoring-mgr

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-monitoring-mgr
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-monitoring-mgr
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rook-ceph-system

@@ -4,12 +4,14 @@

 metadata:
   name: rook-ceph-system
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/cephfs-csi-provisioner-role-cfg

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/cephfs-csi-provisioner-role-cfg

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-csi-provisioner-role-cfg
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-cephfs-provisioner-sa
   namespace: rook-ceph
 roleRef:
   kind: Role
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rbd-csi-provisioner-role-cfg

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/rbd-csi-provisioner-role-cfg

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-provisioner-role-cfg
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-rbd-provisioner-sa
   namespace: rook-ceph
 roleRef:
   kind: Role
--- HelmRelease: rook-ceph/rook-ceph-operator Deployment: rook-ceph/rook-ceph-operator

+++ HelmRelease: rook-ceph/rook-ceph-operator Deployment: rook-ceph/rook-ceph-operator

@@ -1,15 +1,17 @@

 ---
+kind: Deployment
 apiVersion: apps/v1
-kind: Deployment
 metadata:
   name: rook-ceph-operator
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
@@ -26,13 +28,13 @@

       - effect: NoExecute
         key: node.kubernetes.io/unreachable
         operator: Exists
         tolerationSeconds: 5
       containers:
       - name: rook-ceph-operator
-        image: docker.io/rook/ceph:v1.17.6
+        image: docker.io/rook/ceph:v1.19.2
         imagePullPolicy: IfNotPresent
         args:
         - ceph
         - operator
         securityContext:
           capabilities:
@@ -46,12 +48,14 @@

           name: rook-config
         - mountPath: /etc/ceph
           name: default-config-dir
         env:
         - name: ROOK_CURRENT_NAMESPACE_ONLY
           value: 'false'
+        - name: ROOK_RECONCILE_CONCURRENT_CLUSTERS
+          value: '1'
         - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED
           value: 'false'
         - name: ROOK_DISABLE_DEVICE_HOTPLUG
           value: 'false'
         - name: ROOK_DISCOVER_DEVICES_INTERVAL
           value: 60m
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceMonitor: rook-ceph/csi-metrics

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceMonitor: rook-ceph/csi-metrics

@@ -1,13 +1,17 @@

 ---
+kind: ServiceMonitor
 apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
 metadata:
   name: csi-metrics
   namespace: rook-ceph
   labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   namespaceSelector:
     matchNames:
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-cephfs-ctrlplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-cephfs-ctrlplugin-sa

@@ -0,0 +1,11 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-cephfs-ctrlplugin-sa
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-cephfs-nodeplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-cephfs-nodeplugin-sa

@@ -0,0 +1,11 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-cephfs-nodeplugin-sa
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-controller-manager

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-controller-manager

@@ -0,0 +1,11 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-controller-manager
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-nfs-ctrlplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-nfs-ctrlplugin-sa

@@ -0,0 +1,11 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-nfs-ctrlplugin-sa
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-nfs-nodeplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-nfs-nodeplugin-sa

@@ -0,0 +1,11 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-nfs-nodeplugin-sa
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-rbd-ctrlplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-rbd-ctrlplugin-sa

@@ -0,0 +1,11 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-rbd-ctrlplugin-sa
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-rbd-nodeplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/ceph-csi-rbd-nodeplugin-sa

@@ -0,0 +1,11 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-rbd-nodeplugin-sa
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-nvmeof

+++ HelmRelease: rook-ceph/rook-ceph-operator ServiceAccount: rook-ceph/rook-ceph-nvmeof

@@ -0,0 +1,15 @@

+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: rook-ceph-nvmeof
+  namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-cephconnection-viewer-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-cephconnection-viewer-role

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-cephconnection-viewer-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-cephconnections-editor-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-cephconnections-editor-role

@@ -0,0 +1,29 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-cephconnections-editor-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-cephfs-ctrlplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-cephfs-ctrlplugin-cr

@@ -0,0 +1,210 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-cephfs-ctrlplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csinodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+  - update
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - update
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments/status
+  verbs:
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims/status
+  verbs:
+  - patch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshots
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - update
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattributesclasses
+  verbs:
+  - get
+  - list
+  - watch
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-cephfs-nodeplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-cephfs-nodeplugin-cr

@@ -0,0 +1,66 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-cephfs-nodeplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumes
+  - persistentvolumeclaims
+  verbs:
+  - get
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-clientprofile-viewer-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-clientprofile-viewer-role

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-clientprofile-viewer-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofiles
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofiles/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-clientprofilemapping-editor-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-clientprofilemapping-editor-role

@@ -0,0 +1,29 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-clientprofilemapping-editor-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-clientprofilemapping-viewer-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-clientprofilemapping-viewer-role

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-clientprofilemapping-viewer-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-clientprofiles-editor-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-clientprofiles-editor-role

@@ -0,0 +1,29 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-clientprofiles-editor-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofiles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofiles/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-driver-editor-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-driver-editor-role

@@ -0,0 +1,29 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-driver-editor-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - drivers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - drivers/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-driver-viewer-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-driver-viewer-role

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-driver-viewer-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - drivers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - drivers/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-manager-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-manager-role

@@ -0,0 +1,107 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-manager-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cbt.storage.k8s.io
+  resources:
+  - snapshotmetadataservices
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections
+  verbs:
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings
+  - clientprofiles
+  - drivers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings/finalizers
+  - clientprofiles/finalizers
+  - drivers/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings/status
+  - clientprofiles/status
+  - drivers/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csidrivers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-metrics-auth-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-metrics-auth-role

@@ -0,0 +1,23 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-metrics-auth-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-metrics-reader

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-metrics-reader

@@ -0,0 +1,15 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-metrics-reader
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-nfs-ctrlplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-nfs-ctrlplugin-cr

@@ -0,0 +1,146 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-nfs-ctrlplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - update
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csinodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshots
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims/status
+  verbs:
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments/status
+  verbs:
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattributesclasses
+  verbs:
+  - get
+  - list
+  - watch
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-nfs-nodeplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-nfs-nodeplugin-cr

@@ -0,0 +1,17 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-nfs-nodeplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-operatorconfig-editor-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-operatorconfig-editor-role

@@ -0,0 +1,29 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-operatorconfig-editor-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-operatorconfig-viewer-role

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-operatorconfig-viewer-role

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-operatorconfig-viewer-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-rbd-ctrlplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-rbd-ctrlplugin-cr

@@ -0,0 +1,239 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-rbd-ctrlplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+  - update
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments/status
+  verbs:
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csinodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims/status
+  verbs:
+  - patch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshots
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - update
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationcontents
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - cbt.storage.k8s.io
+  resources:
+  - snapshotmetadataservices
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattributesclasses
+  verbs:
+  - get
+  - list
+  - watch
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-rbd-nodeplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRole: rook-ceph/ceph-csi-rbd-nodeplugin-cr

@@ -0,0 +1,79 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-rbd-nodeplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-cephfs-ctrlplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-cephfs-ctrlplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-cephfs-ctrlplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-cephfs-nodeplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-cephfs-nodeplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-cephfs-nodeplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-manager-rolebinding

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-manager-rolebinding

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-manager-rolebinding
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-manager-role
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-controller-manager
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-metrics-auth-rolebinding

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-metrics-auth-rolebinding

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-metrics-auth-rolebinding
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-metrics-auth-role
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-controller-manager
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-nfs-ctrlplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-nfs-ctrlplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-nfs-ctrlplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-nfs-ctrlplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-nfs-ctrlplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-nfs-nodeplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-nfs-nodeplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-nfs-nodeplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-nfs-nodeplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-nfs-nodeplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-rbd-ctrlplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-rbd-ctrlplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-rbd-ctrlplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph-operator ClusterRoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-rbd-nodeplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-rbd-nodeplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-rbd-nodeplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/ceph-csi-cephfs-ctrlplugin-r

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/ceph-csi-cephfs-ctrlplugin-r

@@ -0,0 +1,53 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ceph-csi-cephfs-ctrlplugin-r
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - watch
+  - list
+  - delete
+  - update
+  - create
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - csiaddonsnodes
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  - daemonsets/finalizers
+  verbs:
+  - update
+
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/ceph-csi-cephfs-nodeplugin-r

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/ceph-csi-cephfs-nodeplugin-r

@@ -0,0 +1,42 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ceph-csi-cephfs-nodeplugin-r
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - csiaddonsnodes
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  - daemonsets/finalizers
+  verbs:
+  - update
+
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/ceph-csi-leader-election-role

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/ceph-csi-leader-election-role

@@ -0,0 +1,43 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ceph-csi-leader-election-role
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/ceph-csi-rbd-ctrlplugin-r

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/ceph-csi-rbd-ctrlplugin-r

@@ -0,0 +1,53 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ceph-csi-rbd-ctrlplugin-r
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - watch
+  - list
+  - delete
+  - update
+  - create
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - csiaddonsnodes
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  - daemonsets/finalizers
+  verbs:
+  - update
+
--- HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/ceph-csi-rbd-nodeplugin-r

+++ HelmRelease: rook-ceph/rook-ceph-operator Role: rook-ceph/ceph-csi-rbd-nodeplugin-r

@@ -0,0 +1,42 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ceph-csi-rbd-nodeplugin-r
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - csiaddonsnodes
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  - daemonsets/finalizers
+  verbs:
+  - update
+
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-rb

@@ -0,0 +1,19 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ceph-csi-cephfs-ctrlplugin-rb
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ceph-csi-cephfs-ctrlplugin-r
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-cephfs-ctrlplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-rb

@@ -0,0 +1,19 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ceph-csi-cephfs-nodeplugin-rb
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ceph-csi-cephfs-nodeplugin-r
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-cephfs-nodeplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/ceph-csi-leader-election-rolebinding

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/ceph-csi-leader-election-rolebinding

@@ -0,0 +1,19 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ceph-csi-leader-election-rolebinding
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ceph-csi-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-controller-manager
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-rb

@@ -0,0 +1,19 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ceph-csi-rbd-ctrlplugin-rb
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ceph-csi-rbd-ctrlplugin-r
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-rbd-ctrlplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph-operator RoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-rb

@@ -0,0 +1,19 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ceph-csi-rbd-nodeplugin-rb
+  namespace: rook-ceph
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ceph-csi-rbd-nodeplugin-r
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-rbd-nodeplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph-operator Deployment: rook-ceph/ceph-csi-controller-manager

+++ HelmRelease: rook-ceph/rook-ceph-operator Deployment: rook-ceph/ceph-csi-controller-manager

@@ -0,0 +1,76 @@

+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ceph-csi-controller-manager
+  namespace: rook-ceph
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      control-plane: ceph-csi-op-controller-manager
+      app.kubernetes.io/name: ceph-csi
+      app.kubernetes.io/instance: rook-ceph-operator
+  template:
+    metadata:
+      labels:
+        control-plane: ceph-csi-op-controller-manager
+        app.kubernetes.io/name: ceph-csi
+        app.kubernetes.io/instance: rook-ceph-operator
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+    spec:
+      containers:
+      - args:
+        - --leader-elect
+        command:
+        - /manager
+        env:
+        - name: OPERATOR_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CSI_SERVICE_ACCOUNT_PREFIX
+          value: ceph-csi-
+        - name: WATCH_NAMESPACE
+          value: ''
+        - name: KUBERNETES_CLUSTER_DOMAIN
+          value: cluster.local
+        image: quay.io/cephcsi/ceph-csi-operator:v0.5.0
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: manager
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+      imagePullSecrets: []
+      securityContext:
+        runAsNonRoot: true
+      serviceAccountName: ceph-csi-controller-manager
+      terminationGracePeriodSeconds: 10
+

parsec-renovate bot added renovate/helm type/minor labels Dec 9, 2025

github-actions bot added the area/kubernetes label Dec 9, 2025

parsec-renovate bot force-pushed the renovate/rook-ceph-1.x branch from 9ea711b to 32b4d5f Compare December 9, 2025 23:18

parsec-renovate bot force-pushed the renovate/rook-ceph-1.x branch from 32b4d5f to e5cb695 Compare January 13, 2026 20:12

parsec-renovate bot changed the title ~~feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.18.8 )~~ feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.18.9 ) Jan 13, 2026

parsec-renovate bot force-pushed the renovate/rook-ceph-1.x branch from e5cb695 to 902a51e Compare January 20, 2026 20:31

parsec-renovate bot changed the title ~~feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.18.9 )~~ feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.19.0 ) Jan 20, 2026

parsec-renovate bot force-pushed the renovate/rook-ceph-1.x branch from 902a51e to 65b1654 Compare February 5, 2026 22:13

parsec-renovate bot changed the title ~~feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.19.0 )~~ feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.19.1 ) Feb 5, 2026

feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.19.2 )

e27efc9

parsec-renovate bot force-pushed the renovate/rook-ceph-1.x branch from 65b1654 to e27efc9 Compare February 24, 2026 19:30

parsec-renovate bot changed the title ~~feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.19.1 )~~ feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.19.2 ) Feb 24, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.19.2 )#181

feat(helm): update chart rook-ceph ( v1.17.6 ➔ v1.19.2 )#181
parsec-renovate[bot] wants to merge 1 commit intomainfrom
renovate/rook-ceph-1.x

parsec-renovate bot commented Dec 9, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Dec 9, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Jan 13, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

parsec-renovate bot commented Dec 9, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Improvements

Improvements

Upgrade Guide

Breaking Changes

Features

Improvements

Improvements

Improvements

Improvements

Improvements

Improvements

Improvements

Improvements

Improvements

Upgrade Guide

Breaking Changes

Features

Improvements

Improvements

Improvements

Configuration

Uh oh!

github-actions bot commented Dec 9, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Jan 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

parsec-renovate bot commented Dec 9, 2025 •

edited

Loading

github-actions bot commented Dec 9, 2025 •

edited

Loading

github-actions bot commented Jan 13, 2026 •

edited

Loading