1apiVersion: v1
2kind: Namespace
3metadata:
4 labels:
5 app.kubernetes.io/name: piraeus-datastore
6 pod-security.kubernetes.io/audit: privileged
7 pod-security.kubernetes.io/audit-version: latest
8 pod-security.kubernetes.io/enforce: privileged
9 pod-security.kubernetes.io/enforce-version: latest
10 pod-security.kubernetes.io/warn: privileged
11 pod-security.kubernetes.io/warn-version: latest
12 name: piraeus-datastore
13---
14apiVersion: apiextensions.k8s.io/v1
15kind: CustomResourceDefinition
16metadata:
17 annotations:
18 controller-gen.kubebuilder.io/version: v0.16.1
19 labels:
20 app.kubernetes.io/name: piraeus-datastore
21 name: linstorclusters.piraeus.io
22spec:
23 group: piraeus.io
24 names:
25 kind: LinstorCluster
26 listKind: LinstorClusterList
27 plural: linstorclusters
28 singular: linstorcluster
29 scope: Cluster
30 versions:
31 - name: v1
32 schema:
33 openAPIV3Schema:
34 description: LinstorCluster is the Schema for the linstorclusters API
35 properties:
36 apiVersion:
37 description: |-
38 APIVersion defines the versioned schema of this representation of an object.
39 Servers should convert recognized schemas to the latest internal value, and
40 may reject unrecognized values.
41 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
42 type: string
43 kind:
44 description: |-
45 Kind is a string value representing the REST resource this object represents.
46 Servers may infer this from the endpoint the client submits requests to.
47 Cannot be updated.
48 In CamelCase.
49 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
50 type: string
51 metadata:
52 type: object
53 spec:
54 description: LinstorClusterSpec defines the desired state of LinstorCluster
55 properties:
56 apiTLS:
57 description: |-
58 ApiTLS secures the LINSTOR API.
59
60 This configures the TLS key and certificate used to secure the LINSTOR API.
61 nullable: true
62 properties:
63 apiSecretName:
64 description: |-
65 ApiSecretName references a secret holding the TLS key and certificate used to protect the API.
66 Defaults to "linstor-api-tls".
67 type: string
68 caReference:
69 description: |-
70 CAReference configures the CA certificate to use when validating TLS certificates.
71 If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate.
72 properties:
73 key:
74 default: ca.crt
75 description: |-
76 Key to select in the resource.
77 Defaults to ca.crt if not specified.
78 type: string
79 kind:
80 default: Secret
81 description: Kind of the resource containing the CA Certificate,
82 either a ConfigMap or Secret.
83 enum:
84 - ConfigMap
85 - Secret
86 type: string
87 name:
88 description: Name of the resource containing the CA Certificate.
89 type: string
90 optional:
91 description: Optional specifies whether the resource and its
92 key must exist.
93 type: boolean
94 required:
95 - name
96 type: object
97 certManager:
98 description: |-
99 CertManager references a cert-manager Issuer or ClusterIssuer.
100 If set, cert-manager.io/Certificate resources will be created, provisioning the secrets referenced in
101 *SecretName using the issuer configured here.
102 properties:
103 group:
104 description: Group of the resource being referred to.
105 type: string
106 kind:
107 description: Kind of the resource being referred to.
108 type: string
109 name:
110 description: Name of the resource being referred to.
111 type: string
112 required:
113 - name
114 type: object
115 clientSecretName:
116 description: |-
117 ClientSecretName references a secret holding the TLS key and certificate used by the operator to configure
118 the cluster. Defaults to "linstor-client-tls".
119 type: string
120 csiControllerSecretName:
121 description: |-
122 CsiControllerSecretName references a secret holding the TLS key and certificate used by the CSI Controller
123 to provision volumes. Defaults to "linstor-csi-controller-tls".
124 type: string
125 csiNodeSecretName:
126 description: |-
127 CsiNodeSecretName references a secret holding the TLS key and certificate used by the CSI Nodes to query
128 the volume state. Defaults to "linstor-csi-node-tls".
129 type: string
130 type: object
131 controller:
132 description: Controller controls the deployment of the LINSTOR Controller
133 Deployment.
134 properties:
135 enabled:
136 default: true
137 description: Enable the component.
138 type: boolean
139 podTemplate:
140 description: |-
141 Template to apply to Pods of the component.
142
143 The template is applied as a patch to the default deployment, so it can be "sparse", not listing any
144 containers or volumes that should remain unchanged.
145 See https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates
146 type: object
147 x-kubernetes-map-type: atomic
148 x-kubernetes-preserve-unknown-fields: true
149 type: object
150 csiController:
151 description: CSIController controls the deployment of the CSI Controller
152 Deployment.
153 properties:
154 enabled:
155 default: true
156 description: Enable the component.
157 type: boolean
158 podTemplate:
159 description: |-
160 Template to apply to Pods of the component.
161
162 The template is applied as a patch to the default deployment, so it can be "sparse", not listing any
163 containers or volumes that should remain unchanged.
164 See https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates
165 type: object
166 x-kubernetes-map-type: atomic
167 x-kubernetes-preserve-unknown-fields: true
168 type: object
169 csiNode:
170 description: CSINode controls the deployment of the CSI Node DaemonSet.
171 properties:
172 enabled:
173 default: true
174 description: Enable the component.
175 type: boolean
176 podTemplate:
177 description: |-
178 Template to apply to Pods of the component.
179
180 The template is applied as a patch to the default deployment, so it can be "sparse", not listing any
181 containers or volumes that should remain unchanged.
182 See https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates
183 type: object
184 x-kubernetes-map-type: atomic
185 x-kubernetes-preserve-unknown-fields: true
186 type: object
187 externalController:
188 description: |-
189 ExternalController references an external controller.
190 When set, the Operator will skip deploying a LINSTOR Controller and instead use the external cluster
191 to register satellites.
192 properties:
193 url:
194 description: URL of the external controller.
195 minLength: 3
196 type: string
197 required:
198 - url
199 type: object
200 highAvailabilityController:
201 description: HighAvailabilityController controls the deployment of
202 the High Availability Controller DaemonSet.
203 properties:
204 enabled:
205 default: true
206 description: Enable the component.
207 type: boolean
208 podTemplate:
209 description: |-
210 Template to apply to Pods of the component.
211
212 The template is applied as a patch to the default deployment, so it can be "sparse", not listing any
213 containers or volumes that should remain unchanged.
214 See https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates
215 type: object
216 x-kubernetes-map-type: atomic
217 x-kubernetes-preserve-unknown-fields: true
218 type: object
219 internalTLS:
220 description: |-
221 InternalTLS secures the connection between LINSTOR Controller and Satellite.
222
223 This configures the client certificate used when the Controller connects to a Satellite. This only has an effect
224 when the Satellite is configured to for secure connections using `LinstorSatellite.spec.internalTLS`.
225 nullable: true
226 properties:
227 caReference:
228 description: |-
229 CAReference configures the CA certificate to use when validating TLS certificates.
230 If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate.
231 properties:
232 key:
233 default: ca.crt
234 description: |-
235 Key to select in the resource.
236 Defaults to ca.crt if not specified.
237 type: string
238 kind:
239 default: Secret
240 description: Kind of the resource containing the CA Certificate,
241 either a ConfigMap or Secret.
242 enum:
243 - ConfigMap
244 - Secret
245 type: string
246 name:
247 description: Name of the resource containing the CA Certificate.
248 type: string
249 optional:
250 description: Optional specifies whether the resource and its
251 key must exist.
252 type: boolean
253 required:
254 - name
255 type: object
256 certManager:
257 description: |-
258 CertManager references a cert-manager Issuer or ClusterIssuer.
259 If set, a Certificate resource will be created, provisioning the secret references in SecretName using the
260 issuer configured here.
261 properties:
262 group:
263 description: Group of the resource being referred to.
264 type: string
265 kind:
266 description: Kind of the resource being referred to.
267 type: string
268 name:
269 description: Name of the resource being referred to.
270 type: string
271 required:
272 - name
273 type: object
274 secretName:
275 description: SecretName references a secret holding the TLS key
276 and certificates.
277 type: string
278 type: object
279 linstorPassphraseSecret:
280 description: |-
281 LinstorPassphraseSecret used to configure the LINSTOR master passphrase.
282
283 The referenced secret must contain a single key "MASTER_PASSPHRASE". The master passphrase is used to
284 * Derive encryption keys for volumes using the LUKS layer.
285 * Store credentials for accessing remotes for backups.
286 See https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#s-encrypt_commands for more information.
287 type: string
288 nodeAffinity:
289 description: |-
290 NodeAffinity selects the nodes on which LINSTOR Satellite will be deployed.
291 See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
292 properties:
293 nodeSelectorTerms:
294 description: Required. A list of node selector terms. The terms
295 are ORed.
296 items:
297 description: |-
298 A null or empty node selector term matches no objects. The requirements of
299 them are ANDed.
300 The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
301 properties:
302 matchExpressions:
303 description: A list of node selector requirements by node's
304 labels.
305 items:
306 description: |-
307 A node selector requirement is a selector that contains values, a key, and an operator
308 that relates the key and values.
309 properties:
310 key:
311 description: The label key that the selector applies
312 to.
313 type: string
314 operator:
315 description: |-
316 Represents a key's relationship to a set of values.
317 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
318 type: string
319 values:
320 description: |-
321 An array of string values. If the operator is In or NotIn,
322 the values array must be non-empty. If the operator is Exists or DoesNotExist,
323 the values array must be empty. If the operator is Gt or Lt, the values
324 array must have a single element, which will be interpreted as an integer.
325 This array is replaced during a strategic merge patch.
326 items:
327 type: string
328 type: array
329 x-kubernetes-list-type: atomic
330 required:
331 - key
332 - operator
333 type: object
334 type: array
335 x-kubernetes-list-type: atomic
336 matchFields:
337 description: A list of node selector requirements by node's
338 fields.
339 items:
340 description: |-
341 A node selector requirement is a selector that contains values, a key, and an operator
342 that relates the key and values.
343 properties:
344 key:
345 description: The label key that the selector applies
346 to.
347 type: string
348 operator:
349 description: |-
350 Represents a key's relationship to a set of values.
351 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
352 type: string
353 values:
354 description: |-
355 An array of string values. If the operator is In or NotIn,
356 the values array must be non-empty. If the operator is Exists or DoesNotExist,
357 the values array must be empty. If the operator is Gt or Lt, the values
358 array must have a single element, which will be interpreted as an integer.
359 This array is replaced during a strategic merge patch.
360 items:
361 type: string
362 type: array
363 x-kubernetes-list-type: atomic
364 required:
365 - key
366 - operator
367 type: object
368 type: array
369 x-kubernetes-list-type: atomic
370 type: object
371 x-kubernetes-map-type: atomic
372 type: array
373 x-kubernetes-list-type: atomic
374 required:
375 - nodeSelectorTerms
376 type: object
377 x-kubernetes-map-type: atomic
378 nodeSelector:
379 additionalProperties:
380 type: string
381 description: |-
382 NodeSelector selects the nodes on which LINSTOR Satellites will be deployed.
383 See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
384 type: object
385 patches:
386 description: |-
387 Patches is a list of kustomize patches to apply.
388
389 See https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/ for how to create patches.
390 items:
391 description: Patch represent either a Strategic Merge Patch or a
392 JSON patch and its targets.
393 properties:
394 options:
395 additionalProperties:
396 type: boolean
397 description: Options is a list of options for the patch
398 type: object
399 patch:
400 description: Patch is the content of a patch.
401 minLength: 1
402 type: string
403 target:
404 description: Target points to the resources that the patch is
405 applied to
406 properties:
407 annotationSelector:
408 description: |-
409 AnnotationSelector is a string that follows the label selection expression
410 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
411 It matches against the resource annotations.
412 type: string
413 group:
414 type: string
415 kind:
416 type: string
417 labelSelector:
418 description: |-
419 LabelSelector is a string that follows the label selection expression
420 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
421 It matches against the resource labels.
422 type: string
423 name:
424 description: Name of the resource.
425 type: string
426 namespace:
427 description: Namespace the resource belongs to, if it can
428 belong to a namespace.
429 type: string
430 version:
431 type: string
432 type: object
433 required:
434 - patch
435 type: object
436 type: array
437 properties:
438 description: |-
439 Properties to apply on the cluster level.
440
441 Use to create default settings for DRBD that should apply to all resources or to configure some other cluster
442 wide default.
443 items:
444 properties:
445 name:
446 description: Name of the property to set.
447 minLength: 1
448 type: string
449 value:
450 description: Value to set the property to.
451 type: string
452 required:
453 - name
454 type: object
455 type: array
456 x-kubernetes-list-map-keys:
457 - name
458 x-kubernetes-list-type: map
459 repository:
460 description: Repository used to pull workload images.
461 type: string
462 type: object
463 status:
464 description: LinstorClusterStatus defines the observed state of LinstorCluster
465 properties:
466 conditions:
467 description: Current LINSTOR Cluster state
468 items:
469 description: Condition contains details for one aspect of the current
470 state of this API Resource.
471 properties:
472 lastTransitionTime:
473 description: |-
474 lastTransitionTime is the last time the condition transitioned from one status to another.
475 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
476 format: date-time
477 type: string
478 message:
479 description: |-
480 message is a human readable message indicating details about the transition.
481 This may be an empty string.
482 maxLength: 32768
483 type: string
484 observedGeneration:
485 description: |-
486 observedGeneration represents the .metadata.generation that the condition was set based upon.
487 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
488 with respect to the current state of the instance.
489 format: int64
490 minimum: 0
491 type: integer
492 reason:
493 description: |-
494 reason contains a programmatic identifier indicating the reason for the condition's last transition.
495 Producers of specific condition types may define expected values and meanings for this field,
496 and whether the values are considered a guaranteed API.
497 The value should be a CamelCase string.
498 This field may not be empty.
499 maxLength: 1024
500 minLength: 1
501 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
502 type: string
503 status:
504 description: status of the condition, one of True, False, Unknown.
505 enum:
506 - "True"
507 - "False"
508 - Unknown
509 type: string
510 type:
511 description: type of condition in CamelCase or in foo.example.com/CamelCase.
512 maxLength: 316
513 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
514 type: string
515 required:
516 - lastTransitionTime
517 - message
518 - reason
519 - status
520 - type
521 type: object
522 type: array
523 x-kubernetes-list-map-keys:
524 - type
525 x-kubernetes-list-type: map
526 type: object
527 type: object
528 served: true
529 storage: true
530 subresources:
531 status: {}
532---
533apiVersion: apiextensions.k8s.io/v1
534kind: CustomResourceDefinition
535metadata:
536 annotations:
537 controller-gen.kubebuilder.io/version: v0.16.1
538 labels:
539 app.kubernetes.io/name: piraeus-datastore
540 name: linstornodeconnections.piraeus.io
541spec:
542 group: piraeus.io
543 names:
544 kind: LinstorNodeConnection
545 listKind: LinstorNodeConnectionList
546 plural: linstornodeconnections
547 singular: linstornodeconnection
548 scope: Cluster
549 versions:
550 - name: v1
551 schema:
552 openAPIV3Schema:
553 description: LinstorNodeConnection is the Schema for the linstornodeconnections
554 API
555 properties:
556 apiVersion:
557 description: |-
558 APIVersion defines the versioned schema of this representation of an object.
559 Servers should convert recognized schemas to the latest internal value, and
560 may reject unrecognized values.
561 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
562 type: string
563 kind:
564 description: |-
565 Kind is a string value representing the REST resource this object represents.
566 Servers may infer this from the endpoint the client submits requests to.
567 Cannot be updated.
568 In CamelCase.
569 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
570 type: string
571 metadata:
572 type: object
573 spec:
574 description: LinstorNodeConnectionSpec defines the desired state of LinstorNodeConnection
575 properties:
576 paths:
577 description: Paths configure the network path used when connecting
578 two nodes.
579 items:
580 properties:
581 interface:
582 description: Interface to use on both nodes.
583 type: string
584 name:
585 description: Name of the path.
586 type: string
587 required:
588 - interface
589 - name
590 type: object
591 type: array
592 x-kubernetes-list-map-keys:
593 - name
594 x-kubernetes-list-type: map
595 properties:
596 description: |-
597 Properties to apply for the node connection.
598
599 Use to create default settings for DRBD that should apply to all resources connections between a set of
600 cluster nodes.
601 items:
602 properties:
603 name:
604 description: Name of the property to set.
605 minLength: 1
606 type: string
607 value:
608 description: Value to set the property to.
609 type: string
610 required:
611 - name
612 type: object
613 type: array
614 x-kubernetes-list-map-keys:
615 - name
616 x-kubernetes-list-type: map
617 selector:
618 description: |-
619 Selector selects which pair of Satellites the connection should apply to.
620 If not given, the connection will be applied to all connections.
621 items:
622 description: SelectorTerm matches pairs of nodes by checking that
623 the nodes match all specified requirements.
624 properties:
625 matchLabels:
626 description: MatchLabels is a list of match expressions that
627 the node pairs must meet.
628 items:
629 properties:
630 key:
631 description: Key is the name of a node label.
632 minLength: 1
633 type: string
634 op:
635 default: Exists
636 description: |-
637 Op to apply to the label.
638 Exists (default) checks for the presence of the label on both nodes in the pair.
639 DoesNotExist checks that the label is not present on either node in the pair.
640 In checks for the presence of the label value given by Values on both nodes in the pair.
641 NotIn checks that both nodes in the pair do not have any of the label values given by Values.
642 Same checks that the label value is equal in the node pair.
643 NotSame checks that the label value is not equal in the node pair.
644 enum:
645 - Exists
646 - DoesNotExist
647 - In
648 - NotIn
649 - Same
650 - NotSame
651 type: string
652 values:
653 description: Values to match on, using the provided Op.
654 items:
655 type: string
656 type: array
657 required:
658 - key
659 type: object
660 type: array
661 required:
662 - matchLabels
663 type: object
664 type: array
665 type: object
666 status:
667 description: LinstorNodeConnectionStatus defines the observed state of
668 LinstorNodeConnection
669 properties:
670 conditions:
671 description: Current LINSTOR Node Connection state
672 items:
673 description: Condition contains details for one aspect of the current
674 state of this API Resource.
675 properties:
676 lastTransitionTime:
677 description: |-
678 lastTransitionTime is the last time the condition transitioned from one status to another.
679 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
680 format: date-time
681 type: string
682 message:
683 description: |-
684 message is a human readable message indicating details about the transition.
685 This may be an empty string.
686 maxLength: 32768
687 type: string
688 observedGeneration:
689 description: |-
690 observedGeneration represents the .metadata.generation that the condition was set based upon.
691 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
692 with respect to the current state of the instance.
693 format: int64
694 minimum: 0
695 type: integer
696 reason:
697 description: |-
698 reason contains a programmatic identifier indicating the reason for the condition's last transition.
699 Producers of specific condition types may define expected values and meanings for this field,
700 and whether the values are considered a guaranteed API.
701 The value should be a CamelCase string.
702 This field may not be empty.
703 maxLength: 1024
704 minLength: 1
705 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
706 type: string
707 status:
708 description: status of the condition, one of True, False, Unknown.
709 enum:
710 - "True"
711 - "False"
712 - Unknown
713 type: string
714 type:
715 description: type of condition in CamelCase or in foo.example.com/CamelCase.
716 maxLength: 316
717 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
718 type: string
719 required:
720 - lastTransitionTime
721 - message
722 - reason
723 - status
724 - type
725 type: object
726 type: array
727 x-kubernetes-list-map-keys:
728 - type
729 x-kubernetes-list-type: map
730 type: object
731 type: object
732 served: true
733 storage: true
734 subresources:
735 status: {}
736---
737apiVersion: apiextensions.k8s.io/v1
738kind: CustomResourceDefinition
739metadata:
740 annotations:
741 controller-gen.kubebuilder.io/version: v0.16.1
742 labels:
743 app.kubernetes.io/name: piraeus-datastore
744 name: linstorsatelliteconfigurations.piraeus.io
745spec:
746 group: piraeus.io
747 names:
748 kind: LinstorSatelliteConfiguration
749 listKind: LinstorSatelliteConfigurationList
750 plural: linstorsatelliteconfigurations
751 singular: linstorsatelliteconfiguration
752 scope: Cluster
753 versions:
754 - name: v1
755 schema:
756 openAPIV3Schema:
757 description: LinstorSatelliteConfiguration is the Schema for the linstorsatelliteconfigurations
758 API
759 properties:
760 apiVersion:
761 description: |-
762 APIVersion defines the versioned schema of this representation of an object.
763 Servers should convert recognized schemas to the latest internal value, and
764 may reject unrecognized values.
765 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
766 type: string
767 kind:
768 description: |-
769 Kind is a string value representing the REST resource this object represents.
770 Servers may infer this from the endpoint the client submits requests to.
771 Cannot be updated.
772 In CamelCase.
773 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
774 type: string
775 metadata:
776 type: object
777 spec:
778 description: |-
779 LinstorSatelliteConfigurationSpec defines a partial, desired state of a LinstorSatelliteSpec.
780
781 All the LinstorSatelliteConfiguration resources with matching NodeSelector will
782 be merged into a single LinstorSatelliteSpec.
783 properties:
784 internalTLS:
785 description: |-
786 InternalTLS configures secure communication for the LINSTOR Satellite.
787
788 If set, the control traffic between LINSTOR Controller and Satellite will be encrypted using mTLS.
789 nullable: true
790 properties:
791 caReference:
792 description: |-
793 CAReference configures the CA certificate to use when validating TLS certificates.
794 If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate.
795 properties:
796 key:
797 default: ca.crt
798 description: |-
799 Key to select in the resource.
800 Defaults to ca.crt if not specified.
801 type: string
802 kind:
803 default: Secret
804 description: Kind of the resource containing the CA Certificate,
805 either a ConfigMap or Secret.
806 enum:
807 - ConfigMap
808 - Secret
809 type: string
810 name:
811 description: Name of the resource containing the CA Certificate.
812 type: string
813 optional:
814 description: Optional specifies whether the resource and its
815 key must exist.
816 type: boolean
817 required:
818 - name
819 type: object
820 certManager:
821 description: |-
822 CertManager references a cert-manager Issuer or ClusterIssuer.
823 If set, a Certificate resource will be created, provisioning the secret references in SecretName using the
824 issuer configured here.
825 properties:
826 group:
827 description: Group of the resource being referred to.
828 type: string
829 kind:
830 description: Kind of the resource being referred to.
831 type: string
832 name:
833 description: Name of the resource being referred to.
834 type: string
835 required:
836 - name
837 type: object
838 secretName:
839 description: SecretName references a secret holding the TLS key
840 and certificates.
841 type: string
842 tlsHandshakeDaemon:
843 description: |-
844 TLSHandshakeDaemon enables tlshd for establishing TLS sessions for use by DRBD.
845
846 If enabled, adds a new sidecar to the LINSTOR Satellite that runs the tlshd handshake daemon.
847 The daemon uses the TLS certificate and key to establish secure connections on behalf of DRBD.
848 type: boolean
849 type: object
850 ipFamilies:
851 description: |-
852 IPFamilies configures the IP Family (IPv4 or IPv6) to use to connect to the LINSTOR Satellite.
853
854 If set, the control traffic between LINSTOR Controller and Satellite will use only the given IP Family.
855 If not set, the Operator will configure all families found in the Satellites Pods' Status.
856 items:
857 description: IPFamily represents the IP Family (IPv4 or IPv6).
858 enum:
859 - IPv4
860 - IPv6
861 type: string
862 type: array
863 nodeAffinity:
864 description: |-
865 NodeAffinity selects which LinstorSatellite resources this spec should be applied to.
866 See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
867 properties:
868 nodeSelectorTerms:
869 description: Required. A list of node selector terms. The terms
870 are ORed.
871 items:
872 description: |-
873 A null or empty node selector term matches no objects. The requirements of
874 them are ANDed.
875 The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
876 properties:
877 matchExpressions:
878 description: A list of node selector requirements by node's
879 labels.
880 items:
881 description: |-
882 A node selector requirement is a selector that contains values, a key, and an operator
883 that relates the key and values.
884 properties:
885 key:
886 description: The label key that the selector applies
887 to.
888 type: string
889 operator:
890 description: |-
891 Represents a key's relationship to a set of values.
892 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
893 type: string
894 values:
895 description: |-
896 An array of string values. If the operator is In or NotIn,
897 the values array must be non-empty. If the operator is Exists or DoesNotExist,
898 the values array must be empty. If the operator is Gt or Lt, the values
899 array must have a single element, which will be interpreted as an integer.
900 This array is replaced during a strategic merge patch.
901 items:
902 type: string
903 type: array
904 x-kubernetes-list-type: atomic
905 required:
906 - key
907 - operator
908 type: object
909 type: array
910 x-kubernetes-list-type: atomic
911 matchFields:
912 description: A list of node selector requirements by node's
913 fields.
914 items:
915 description: |-
916 A node selector requirement is a selector that contains values, a key, and an operator
917 that relates the key and values.
918 properties:
919 key:
920 description: The label key that the selector applies
921 to.
922 type: string
923 operator:
924 description: |-
925 Represents a key's relationship to a set of values.
926 Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
927 type: string
928 values:
929 description: |-
930 An array of string values. If the operator is In or NotIn,
931 the values array must be non-empty. If the operator is Exists or DoesNotExist,
932 the values array must be empty. If the operator is Gt or Lt, the values
933 array must have a single element, which will be interpreted as an integer.
934 This array is replaced during a strategic merge patch.
935 items:
936 type: string
937 type: array
938 x-kubernetes-list-type: atomic
939 required:
940 - key
941 - operator
942 type: object
943 type: array
944 x-kubernetes-list-type: atomic
945 type: object
946 x-kubernetes-map-type: atomic
947 type: array
948 x-kubernetes-list-type: atomic
949 required:
950 - nodeSelectorTerms
951 type: object
952 x-kubernetes-map-type: atomic
953 nodeSelector:
954 additionalProperties:
955 type: string
956 description: |-
957 NodeSelector selects which LinstorSatellite resources this spec should be applied to.
958 See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
959 type: object
960 patches:
961 description: |-
962 Patches is a list of kustomize patches to apply.
963
964 See https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/ for how to create patches.
965 items:
966 description: Patch represent either a Strategic Merge Patch or a
967 JSON patch and its targets.
968 properties:
969 options:
970 additionalProperties:
971 type: boolean
972 description: Options is a list of options for the patch
973 type: object
974 patch:
975 description: Patch is the content of a patch.
976 minLength: 1
977 type: string
978 target:
979 description: Target points to the resources that the patch is
980 applied to
981 properties:
982 annotationSelector:
983 description: |-
984 AnnotationSelector is a string that follows the label selection expression
985 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
986 It matches against the resource annotations.
987 type: string
988 group:
989 type: string
990 kind:
991 type: string
992 labelSelector:
993 description: |-
994 LabelSelector is a string that follows the label selection expression
995 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
996 It matches against the resource labels.
997 type: string
998 name:
999 description: Name of the resource.
1000 type: string
1001 namespace:
1002 description: Namespace the resource belongs to, if it can
1003 belong to a namespace.
1004 type: string
1005 version:
1006 type: string
1007 type: object
1008 required:
1009 - patch
1010 type: object
1011 type: array
1012 podTemplate:
1013 description: |-
1014 Template to apply to Satellite Pods.
1015
1016 The template is applied as a patch to the default resource, so it can be "sparse", not listing any
1017 containers or volumes that should remain unchanged.
1018 See https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates
1019 type: object
1020 x-kubernetes-map-type: atomic
1021 x-kubernetes-preserve-unknown-fields: true
1022 properties:
1023 description: Properties is a list of properties to set on the node.
1024 items:
1025 properties:
1026 expandFrom:
1027 description: |-
1028 ExpandFrom can reference multiple resource fields at once.
1029 It either sets the property to an aggregate value based on matched resource fields, or expands to multiple
1030 properties.
1031 properties:
1032 delimiter:
1033 description: Delimiter used to join multiple key and value
1034 pairs together.
1035 type: string
1036 nameTemplate:
1037 description: |-
1038 NameTemplate defines how the property key is expanded.
1039 If set, the template is appended to the defined property name, creating multiple properties instead of one
1040 aggregate.
1041 * $1 is replaced with the matched key.
1042 * $2 is replaced with the matched value.
1043 type: string
1044 nodeFieldRef:
1045 description: Select a field of the node. Supports `metadata.name`,
1046 `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`.
1047 minLength: 1
1048 type: string
1049 valueTemplate:
1050 description: |-
1051 ValueTemplate defines how the property value is expanded.
1052 * $1 is replaced with the matched key.
1053 * $2 is replaced with the matched value.
1054 type: string
1055 required:
1056 - nodeFieldRef
1057 type: object
1058 name:
1059 description: Name of the property to set.
1060 minLength: 1
1061 type: string
1062 optional:
1063 description: Optional values are only set if they have a non-empty
1064 value
1065 type: boolean
1066 value:
1067 description: Value to set the property to.
1068 type: string
1069 valueFrom:
1070 description: ValueFrom sets the value from an existing resource.
1071 properties:
1072 nodeFieldRef:
1073 description: Select a field of the node. Supports `metadata.name`,
1074 `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`.
1075 minLength: 1
1076 type: string
1077 required:
1078 - nodeFieldRef
1079 type: object
1080 required:
1081 - name
1082 type: object
1083 type: array
1084 x-kubernetes-list-map-keys:
1085 - name
1086 x-kubernetes-list-type: map
1087 storagePools:
1088 description: StoragePools is a list of storage pools to configure
1089 on the node.
1090 items:
1091 properties:
1092 filePool:
1093 description: Configures a file system based storage pool, allocating
1094 a regular file per volume.
1095 properties:
1096 directory:
1097 description: Directory is the path to the host directory
1098 used to store volume data.
1099 type: string
1100 type: object
1101 fileThinPool:
1102 description: Configures a file system based storage pool, allocating
1103 a sparse file per volume.
1104 properties:
1105 directory:
1106 description: Directory is the path to the host directory
1107 used to store volume data.
1108 type: string
1109 type: object
1110 lvmPool:
1111 description: Configures a LVM Volume Group as storage pool.
1112 properties:
1113 volumeGroup:
1114 type: string
1115 type: object
1116 lvmThinPool:
1117 description: Configures a LVM Thin Pool as storage pool.
1118 properties:
1119 thinPool:
1120 description: ThinPool is the name of the thinpool LV (without
1121 VG prefix).
1122 type: string
1123 volumeGroup:
1124 type: string
1125 type: object
1126 name:
1127 description: Name of the storage pool in linstor.
1128 minLength: 3
1129 type: string
1130 properties:
1131 description: Properties to set on the storage pool.
1132 items:
1133 properties:
1134 expandFrom:
1135 description: |-
1136 ExpandFrom can reference multiple resource fields at once.
1137 It either sets the property to an aggregate value based on matched resource fields, or expands to multiple
1138 properties.
1139 properties:
1140 delimiter:
1141 description: Delimiter used to join multiple key and
1142 value pairs together.
1143 type: string
1144 nameTemplate:
1145 description: |-
1146 NameTemplate defines how the property key is expanded.
1147 If set, the template is appended to the defined property name, creating multiple properties instead of one
1148 aggregate.
1149 * $1 is replaced with the matched key.
1150 * $2 is replaced with the matched value.
1151 type: string
1152 nodeFieldRef:
1153 description: Select a field of the node. Supports
1154 `metadata.name`, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`.
1155 minLength: 1
1156 type: string
1157 valueTemplate:
1158 description: |-
1159 ValueTemplate defines how the property value is expanded.
1160 * $1 is replaced with the matched key.
1161 * $2 is replaced with the matched value.
1162 type: string
1163 required:
1164 - nodeFieldRef
1165 type: object
1166 name:
1167 description: Name of the property to set.
1168 minLength: 1
1169 type: string
1170 optional:
1171 description: Optional values are only set if they have
1172 a non-empty value
1173 type: boolean
1174 value:
1175 description: Value to set the property to.
1176 type: string
1177 valueFrom:
1178 description: ValueFrom sets the value from an existing
1179 resource.
1180 properties:
1181 nodeFieldRef:
1182 description: Select a field of the node. Supports
1183 `metadata.name`, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`.
1184 minLength: 1
1185 type: string
1186 required:
1187 - nodeFieldRef
1188 type: object
1189 required:
1190 - name
1191 type: object
1192 type: array
1193 x-kubernetes-list-map-keys:
1194 - name
1195 x-kubernetes-list-type: map
1196 source:
1197 properties:
1198 hostDevices:
1199 description: HostDevices is a list of device paths used
1200 to configure the given pool.
1201 items:
1202 type: string
1203 minItems: 1
1204 type: array
1205 type: object
1206 zfsPool:
1207 description: Configures a ZFS system based storage pool, allocating
1208 zvols from the given zpool.
1209 properties:
1210 zPool:
1211 description: ZPool is the name of the ZFS zpool.
1212 type: string
1213 type: object
1214 zfsThinPool:
1215 description: Configures a ZFS system based storage pool, allocating
1216 sparse zvols from the given zpool.
1217 properties:
1218 zPool:
1219 description: ZPool is the name of the ZFS zpool.
1220 type: string
1221 type: object
1222 required:
1223 - name
1224 type: object
1225 type: array
1226 type: object
1227 status:
1228 description: LinstorSatelliteConfigurationStatus defines the observed
1229 state of LinstorSatelliteConfiguration
1230 properties:
1231 conditions:
1232 description: Current LINSTOR Satellite Config state
1233 items:
1234 description: Condition contains details for one aspect of the current
1235 state of this API Resource.
1236 properties:
1237 lastTransitionTime:
1238 description: |-
1239 lastTransitionTime is the last time the condition transitioned from one status to another.
1240 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1241 format: date-time
1242 type: string
1243 message:
1244 description: |-
1245 message is a human readable message indicating details about the transition.
1246 This may be an empty string.
1247 maxLength: 32768
1248 type: string
1249 observedGeneration:
1250 description: |-
1251 observedGeneration represents the .metadata.generation that the condition was set based upon.
1252 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1253 with respect to the current state of the instance.
1254 format: int64
1255 minimum: 0
1256 type: integer
1257 reason:
1258 description: |-
1259 reason contains a programmatic identifier indicating the reason for the condition's last transition.
1260 Producers of specific condition types may define expected values and meanings for this field,
1261 and whether the values are considered a guaranteed API.
1262 The value should be a CamelCase string.
1263 This field may not be empty.
1264 maxLength: 1024
1265 minLength: 1
1266 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1267 type: string
1268 status:
1269 description: status of the condition, one of True, False, Unknown.
1270 enum:
1271 - "True"
1272 - "False"
1273 - Unknown
1274 type: string
1275 type:
1276 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1277 maxLength: 316
1278 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1279 type: string
1280 required:
1281 - lastTransitionTime
1282 - message
1283 - reason
1284 - status
1285 - type
1286 type: object
1287 type: array
1288 x-kubernetes-list-map-keys:
1289 - type
1290 x-kubernetes-list-type: map
1291 type: object
1292 type: object
1293 served: true
1294 storage: true
1295 subresources:
1296 status: {}
1297---
1298apiVersion: apiextensions.k8s.io/v1
1299kind: CustomResourceDefinition
1300metadata:
1301 annotations:
1302 controller-gen.kubebuilder.io/version: v0.16.1
1303 labels:
1304 app.kubernetes.io/name: piraeus-datastore
1305 name: linstorsatellites.piraeus.io
1306spec:
1307 group: piraeus.io
1308 names:
1309 kind: LinstorSatellite
1310 listKind: LinstorSatelliteList
1311 plural: linstorsatellites
1312 singular: linstorsatellite
1313 scope: Cluster
1314 versions:
1315 - name: v1
1316 schema:
1317 openAPIV3Schema:
1318 description: LinstorSatellite is the Schema for the linstorsatellites API
1319 properties:
1320 apiVersion:
1321 description: |-
1322 APIVersion defines the versioned schema of this representation of an object.
1323 Servers should convert recognized schemas to the latest internal value, and
1324 may reject unrecognized values.
1325 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
1326 type: string
1327 kind:
1328 description: |-
1329 Kind is a string value representing the REST resource this object represents.
1330 Servers may infer this from the endpoint the client submits requests to.
1331 Cannot be updated.
1332 In CamelCase.
1333 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1334 type: string
1335 metadata:
1336 type: object
1337 spec:
1338 description: LinstorSatelliteSpec defines the desired state of LinstorSatellite
1339 properties:
1340 clusterRef:
1341 description: ClusterRef references the LinstorCluster used to create
1342 this LinstorSatellite.
1343 properties:
1344 caReference:
1345 description: |-
1346 CAReference configures the CA certificate to use when validating TLS certificates.
1347 If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate.
1348 properties:
1349 key:
1350 default: ca.crt
1351 description: |-
1352 Key to select in the resource.
1353 Defaults to ca.crt if not specified.
1354 type: string
1355 kind:
1356 default: Secret
1357 description: Kind of the resource containing the CA Certificate,
1358 either a ConfigMap or Secret.
1359 enum:
1360 - ConfigMap
1361 - Secret
1362 type: string
1363 name:
1364 description: Name of the resource containing the CA Certificate.
1365 type: string
1366 optional:
1367 description: Optional specifies whether the resource and its
1368 key must exist.
1369 type: boolean
1370 required:
1371 - name
1372 type: object
1373 clientSecretName:
1374 description: ClientSecretName references the secret used by the
1375 operator to validate the https endpoint.
1376 type: string
1377 externalController:
1378 description: |-
1379 ExternalController references an external controller.
1380 When set, the Operator uses the external cluster to register satellites.
1381 properties:
1382 url:
1383 description: URL of the external controller.
1384 minLength: 3
1385 type: string
1386 required:
1387 - url
1388 type: object
1389 name:
1390 description: Name of the LinstorCluster resource controlling this
1391 satellite.
1392 type: string
1393 type: object
1394 internalTLS:
1395 description: |-
1396 InternalTLS configures secure communication for the LINSTOR Satellite.
1397
1398 If set, the control traffic between LINSTOR Controller and Satellite will be encrypted using mTLS.
1399 The Controller will use the client key from `LinstorCluster.spec.internalTLS` when connecting.
1400 nullable: true
1401 properties:
1402 caReference:
1403 description: |-
1404 CAReference configures the CA certificate to use when validating TLS certificates.
1405 If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate.
1406 properties:
1407 key:
1408 default: ca.crt
1409 description: |-
1410 Key to select in the resource.
1411 Defaults to ca.crt if not specified.
1412 type: string
1413 kind:
1414 default: Secret
1415 description: Kind of the resource containing the CA Certificate,
1416 either a ConfigMap or Secret.
1417 enum:
1418 - ConfigMap
1419 - Secret
1420 type: string
1421 name:
1422 description: Name of the resource containing the CA Certificate.
1423 type: string
1424 optional:
1425 description: Optional specifies whether the resource and its
1426 key must exist.
1427 type: boolean
1428 required:
1429 - name
1430 type: object
1431 certManager:
1432 description: |-
1433 CertManager references a cert-manager Issuer or ClusterIssuer.
1434 If set, a Certificate resource will be created, provisioning the secret references in SecretName using the
1435 issuer configured here.
1436 properties:
1437 group:
1438 description: Group of the resource being referred to.
1439 type: string
1440 kind:
1441 description: Kind of the resource being referred to.
1442 type: string
1443 name:
1444 description: Name of the resource being referred to.
1445 type: string
1446 required:
1447 - name
1448 type: object
1449 secretName:
1450 description: SecretName references a secret holding the TLS key
1451 and certificates.
1452 type: string
1453 tlsHandshakeDaemon:
1454 description: |-
1455 TLSHandshakeDaemon enables tlshd for establishing TLS sessions for use by DRBD.
1456
1457 If enabled, adds a new sidecar to the LINSTOR Satellite that runs the tlshd handshake daemon.
1458 The daemon uses the TLS certificate and key to establish secure connections on behalf of DRBD.
1459 type: boolean
1460 type: object
1461 ipFamilies:
1462 description: |-
1463 IPFamilies configures the IP Family (IPv4 or IPv6) to use to connect to the LINSTOR Satellite.
1464
1465 If set, the control traffic between LINSTOR Controller and Satellite will use only the given IP Family.
1466 If not set, the Operator will configure all families found in the Satellites Pods' Status.
1467 items:
1468 description: IPFamily represents the IP Family (IPv4 or IPv6).
1469 enum:
1470 - IPv4
1471 - IPv6
1472 type: string
1473 type: array
1474 patches:
1475 description: |-
1476 Patches is a list of kustomize patches to apply.
1477
1478 See https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/ for how to create patches.
1479 items:
1480 description: Patch represent either a Strategic Merge Patch or a
1481 JSON patch and its targets.
1482 properties:
1483 options:
1484 additionalProperties:
1485 type: boolean
1486 description: Options is a list of options for the patch
1487 type: object
1488 patch:
1489 description: Patch is the content of a patch.
1490 minLength: 1
1491 type: string
1492 target:
1493 description: Target points to the resources that the patch is
1494 applied to
1495 properties:
1496 annotationSelector:
1497 description: |-
1498 AnnotationSelector is a string that follows the label selection expression
1499 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
1500 It matches against the resource annotations.
1501 type: string
1502 group:
1503 type: string
1504 kind:
1505 type: string
1506 labelSelector:
1507 description: |-
1508 LabelSelector is a string that follows the label selection expression
1509 https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
1510 It matches against the resource labels.
1511 type: string
1512 name:
1513 description: Name of the resource.
1514 type: string
1515 namespace:
1516 description: Namespace the resource belongs to, if it can
1517 belong to a namespace.
1518 type: string
1519 version:
1520 type: string
1521 type: object
1522 required:
1523 - patch
1524 type: object
1525 type: array
1526 properties:
1527 description: Properties is a list of properties to set on the node.
1528 items:
1529 properties:
1530 expandFrom:
1531 description: |-
1532 ExpandFrom can reference multiple resource fields at once.
1533 It either sets the property to an aggregate value based on matched resource fields, or expands to multiple
1534 properties.
1535 properties:
1536 delimiter:
1537 description: Delimiter used to join multiple key and value
1538 pairs together.
1539 type: string
1540 nameTemplate:
1541 description: |-
1542 NameTemplate defines how the property key is expanded.
1543 If set, the template is appended to the defined property name, creating multiple properties instead of one
1544 aggregate.
1545 * $1 is replaced with the matched key.
1546 * $2 is replaced with the matched value.
1547 type: string
1548 nodeFieldRef:
1549 description: Select a field of the node. Supports `metadata.name`,
1550 `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`.
1551 minLength: 1
1552 type: string
1553 valueTemplate:
1554 description: |-
1555 ValueTemplate defines how the property value is expanded.
1556 * $1 is replaced with the matched key.
1557 * $2 is replaced with the matched value.
1558 type: string
1559 required:
1560 - nodeFieldRef
1561 type: object
1562 name:
1563 description: Name of the property to set.
1564 minLength: 1
1565 type: string
1566 optional:
1567 description: Optional values are only set if they have a non-empty
1568 value
1569 type: boolean
1570 value:
1571 description: Value to set the property to.
1572 type: string
1573 valueFrom:
1574 description: ValueFrom sets the value from an existing resource.
1575 properties:
1576 nodeFieldRef:
1577 description: Select a field of the node. Supports `metadata.name`,
1578 `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`.
1579 minLength: 1
1580 type: string
1581 required:
1582 - nodeFieldRef
1583 type: object
1584 required:
1585 - name
1586 type: object
1587 type: array
1588 x-kubernetes-list-map-keys:
1589 - name
1590 x-kubernetes-list-type: map
1591 repository:
1592 description: Repository used to pull workload images.
1593 type: string
1594 storagePools:
1595 description: StoragePools is a list of storage pools to configure
1596 on the node.
1597 items:
1598 properties:
1599 filePool:
1600 description: Configures a file system based storage pool, allocating
1601 a regular file per volume.
1602 properties:
1603 directory:
1604 description: Directory is the path to the host directory
1605 used to store volume data.
1606 type: string
1607 type: object
1608 fileThinPool:
1609 description: Configures a file system based storage pool, allocating
1610 a sparse file per volume.
1611 properties:
1612 directory:
1613 description: Directory is the path to the host directory
1614 used to store volume data.
1615 type: string
1616 type: object
1617 lvmPool:
1618 description: Configures a LVM Volume Group as storage pool.
1619 properties:
1620 volumeGroup:
1621 type: string
1622 type: object
1623 lvmThinPool:
1624 description: Configures a LVM Thin Pool as storage pool.
1625 properties:
1626 thinPool:
1627 description: ThinPool is the name of the thinpool LV (without
1628 VG prefix).
1629 type: string
1630 volumeGroup:
1631 type: string
1632 type: object
1633 name:
1634 description: Name of the storage pool in linstor.
1635 minLength: 3
1636 type: string
1637 properties:
1638 description: Properties to set on the storage pool.
1639 items:
1640 properties:
1641 expandFrom:
1642 description: |-
1643 ExpandFrom can reference multiple resource fields at once.
1644 It either sets the property to an aggregate value based on matched resource fields, or expands to multiple
1645 properties.
1646 properties:
1647 delimiter:
1648 description: Delimiter used to join multiple key and
1649 value pairs together.
1650 type: string
1651 nameTemplate:
1652 description: |-
1653 NameTemplate defines how the property key is expanded.
1654 If set, the template is appended to the defined property name, creating multiple properties instead of one
1655 aggregate.
1656 * $1 is replaced with the matched key.
1657 * $2 is replaced with the matched value.
1658 type: string
1659 nodeFieldRef:
1660 description: Select a field of the node. Supports
1661 `metadata.name`, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`.
1662 minLength: 1
1663 type: string
1664 valueTemplate:
1665 description: |-
1666 ValueTemplate defines how the property value is expanded.
1667 * $1 is replaced with the matched key.
1668 * $2 is replaced with the matched value.
1669 type: string
1670 required:
1671 - nodeFieldRef
1672 type: object
1673 name:
1674 description: Name of the property to set.
1675 minLength: 1
1676 type: string
1677 optional:
1678 description: Optional values are only set if they have
1679 a non-empty value
1680 type: boolean
1681 value:
1682 description: Value to set the property to.
1683 type: string
1684 valueFrom:
1685 description: ValueFrom sets the value from an existing
1686 resource.
1687 properties:
1688 nodeFieldRef:
1689 description: Select a field of the node. Supports
1690 `metadata.name`, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`.
1691 minLength: 1
1692 type: string
1693 required:
1694 - nodeFieldRef
1695 type: object
1696 required:
1697 - name
1698 type: object
1699 type: array
1700 x-kubernetes-list-map-keys:
1701 - name
1702 x-kubernetes-list-type: map
1703 source:
1704 properties:
1705 hostDevices:
1706 description: HostDevices is a list of device paths used
1707 to configure the given pool.
1708 items:
1709 type: string
1710 minItems: 1
1711 type: array
1712 type: object
1713 zfsPool:
1714 description: Configures a ZFS system based storage pool, allocating
1715 zvols from the given zpool.
1716 properties:
1717 zPool:
1718 description: ZPool is the name of the ZFS zpool.
1719 type: string
1720 type: object
1721 zfsThinPool:
1722 description: Configures a ZFS system based storage pool, allocating
1723 sparse zvols from the given zpool.
1724 properties:
1725 zPool:
1726 description: ZPool is the name of the ZFS zpool.
1727 type: string
1728 type: object
1729 required:
1730 - name
1731 type: object
1732 type: array
1733 required:
1734 - clusterRef
1735 type: object
1736 status:
1737 description: LinstorSatelliteStatus defines the observed state of LinstorSatellite
1738 properties:
1739 conditions:
1740 description: Current LINSTOR Satellite state
1741 items:
1742 description: Condition contains details for one aspect of the current
1743 state of this API Resource.
1744 properties:
1745 lastTransitionTime:
1746 description: |-
1747 lastTransitionTime is the last time the condition transitioned from one status to another.
1748 This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
1749 format: date-time
1750 type: string
1751 message:
1752 description: |-
1753 message is a human readable message indicating details about the transition.
1754 This may be an empty string.
1755 maxLength: 32768
1756 type: string
1757 observedGeneration:
1758 description: |-
1759 observedGeneration represents the .metadata.generation that the condition was set based upon.
1760 For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
1761 with respect to the current state of the instance.
1762 format: int64
1763 minimum: 0
1764 type: integer
1765 reason:
1766 description: |-
1767 reason contains a programmatic identifier indicating the reason for the condition's last transition.
1768 Producers of specific condition types may define expected values and meanings for this field,
1769 and whether the values are considered a guaranteed API.
1770 The value should be a CamelCase string.
1771 This field may not be empty.
1772 maxLength: 1024
1773 minLength: 1
1774 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
1775 type: string
1776 status:
1777 description: status of the condition, one of True, False, Unknown.
1778 enum:
1779 - "True"
1780 - "False"
1781 - Unknown
1782 type: string
1783 type:
1784 description: type of condition in CamelCase or in foo.example.com/CamelCase.
1785 maxLength: 316
1786 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
1787 type: string
1788 required:
1789 - lastTransitionTime
1790 - message
1791 - reason
1792 - status
1793 - type
1794 type: object
1795 type: array
1796 x-kubernetes-list-map-keys:
1797 - type
1798 x-kubernetes-list-type: map
1799 type: object
1800 type: object
1801 served: true
1802 storage: true
1803 subresources:
1804 status: {}
1805---
1806apiVersion: v1
1807kind: ServiceAccount
1808metadata:
1809 labels:
1810 app.kubernetes.io/name: piraeus-datastore
1811 name: piraeus-operator-controller-manager
1812 namespace: piraeus-datastore
1813---
1814apiVersion: v1
1815kind: ServiceAccount
1816metadata:
1817 labels:
1818 app.kubernetes.io/name: piraeus-datastore
1819 name: piraeus-operator-gencert
1820 namespace: piraeus-datastore
1821---
1822apiVersion: rbac.authorization.k8s.io/v1
1823kind: Role
1824metadata:
1825 labels:
1826 app.kubernetes.io/name: piraeus-datastore
1827 name: piraeus-operator-gencert
1828 namespace: piraeus-datastore
1829rules:
1830- apiGroups:
1831 - ""
1832 resources:
1833 - secrets
1834 verbs:
1835 - get
1836 - list
1837 - watch
1838 - create
1839 - patch
1840 - update
1841---
1842apiVersion: rbac.authorization.k8s.io/v1
1843kind: Role
1844metadata:
1845 labels:
1846 app.kubernetes.io/name: piraeus-datastore
1847 name: piraeus-operator-leader-election-role
1848 namespace: piraeus-datastore
1849rules:
1850- apiGroups:
1851 - ""
1852 resources:
1853 - configmaps
1854 verbs:
1855 - get
1856 - list
1857 - watch
1858 - create
1859 - update
1860 - patch
1861 - delete
1862- apiGroups:
1863 - coordination.k8s.io
1864 resources:
1865 - leases
1866 verbs:
1867 - get
1868 - list
1869 - watch
1870 - create
1871 - update
1872 - patch
1873 - delete
1874- apiGroups:
1875 - ""
1876 resources:
1877 - events
1878 verbs:
1879 - create
1880 - patch
1881---
1882apiVersion: rbac.authorization.k8s.io/v1
1883kind: ClusterRole
1884metadata:
1885 labels:
1886 app.kubernetes.io/name: piraeus-datastore
1887 name: piraeus-operator-controller-manager
1888rules:
1889- apiGroups:
1890 - ""
1891 resources:
1892 - configmaps
1893 - events
1894 - persistentvolumes
1895 - pods
1896 - secrets
1897 - serviceaccounts
1898 - services
1899 verbs:
1900 - create
1901 - delete
1902 - get
1903 - list
1904 - patch
1905 - update
1906 - watch
1907- apiGroups:
1908 - ""
1909 resources:
1910 - nodes
1911 - persistentvolumeclaims
1912 verbs:
1913 - get
1914 - list
1915 - patch
1916 - update
1917 - watch
1918- apiGroups:
1919 - ""
1920 resources:
1921 - persistentvolumeclaims/status
1922 verbs:
1923 - patch
1924- apiGroups:
1925 - ""
1926 resources:
1927 - pods/eviction
1928 verbs:
1929 - create
1930- apiGroups:
1931 - apiextensions.k8s.io
1932 resources:
1933 - customresourcedefinitions
1934 verbs:
1935 - create
1936 - delete
1937 - get
1938 - list
1939 - patch
1940 - update
1941 - watch
1942- apiGroups:
1943 - apps
1944 resources:
1945 - daemonsets
1946 - deployments
1947 verbs:
1948 - create
1949 - delete
1950 - get
1951 - list
1952 - patch
1953 - update
1954 - watch
1955- apiGroups:
1956 - apps
1957 resources:
1958 - replicasets
1959 verbs:
1960 - get
1961- apiGroups:
1962 - cert-manager.io
1963 resources:
1964 - certificates
1965 verbs:
1966 - create
1967 - delete
1968 - get
1969 - list
1970 - patch
1971 - update
1972 - watch
1973- apiGroups:
1974 - events.k8s.io
1975 resources:
1976 - events
1977 verbs:
1978 - create
1979 - get
1980 - list
1981 - patch
1982 - update
1983 - watch
1984- apiGroups:
1985 - internal.linstor.linbit.com
1986 resources:
1987 - '*'
1988 verbs:
1989 - create
1990 - delete
1991 - deletecollection
1992 - get
1993 - list
1994 - patch
1995 - update
1996 - watch
1997- apiGroups:
1998 - piraeus.io
1999 resources:
2000 - linstorclusters
2001 - linstornodeconnections
2002 - linstorsatellites
2003 verbs:
2004 - create
2005 - delete
2006 - get
2007 - list
2008 - patch
2009 - update
2010 - watch
2011- apiGroups:
2012 - piraeus.io
2013 resources:
2014 - linstorclusters/finalizers
2015 - linstornodeconnections/finalizers
2016 - linstorsatellites/finalizers
2017 verbs:
2018 - update
2019- apiGroups:
2020 - piraeus.io
2021 resources:
2022 - linstorclusters/status
2023 - linstornodeconnections/status
2024 - linstorsatelliteconfigurations/status
2025 - linstorsatellites/status
2026 verbs:
2027 - get
2028 - patch
2029 - update
2030- apiGroups:
2031 - piraeus.io
2032 resources:
2033 - linstorsatelliteconfigurations
2034 verbs:
2035 - get
2036 - list
2037 - watch
2038- apiGroups:
2039 - rbac.authorization.k8s.io
2040 resources:
2041 - clusterrolebindings
2042 - clusterroles
2043 - rolebindings
2044 - roles
2045 verbs:
2046 - create
2047 - delete
2048 - get
2049 - list
2050 - patch
2051 - update
2052 - watch
2053- apiGroups:
2054 - security.openshift.io
2055 resourceNames:
2056 - privileged
2057 resources:
2058 - securitycontextconstraints
2059 verbs:
2060 - use
2061- apiGroups:
2062 - snapshot.storage.k8s.io
2063 resources:
2064 - volumesnapshotclasses
2065 - volumesnapshots
2066 verbs:
2067 - get
2068 - list
2069 - watch
2070- apiGroups:
2071 - snapshot.storage.k8s.io
2072 resources:
2073 - volumesnapshotcontents
2074 verbs:
2075 - delete
2076 - get
2077 - list
2078 - patch
2079 - update
2080 - watch
2081- apiGroups:
2082 - snapshot.storage.k8s.io
2083 resources:
2084 - volumesnapshotcontents/status
2085 verbs:
2086 - patch
2087 - update
2088- apiGroups:
2089 - storage.k8s.io
2090 resources:
2091 - csidrivers
2092 - csistoragecapacities
2093 verbs:
2094 - create
2095 - delete
2096 - get
2097 - list
2098 - patch
2099 - update
2100 - watch
2101- apiGroups:
2102 - storage.k8s.io
2103 resources:
2104 - csinodes
2105 verbs:
2106 - get
2107 - list
2108 - patch
2109 - watch
2110- apiGroups:
2111 - storage.k8s.io
2112 resources:
2113 - storageclasses
2114 verbs:
2115 - get
2116 - list
2117 - watch
2118- apiGroups:
2119 - storage.k8s.io
2120 resources:
2121 - volumeattachments
2122 verbs:
2123 - delete
2124 - get
2125 - list
2126 - patch
2127 - watch
2128- apiGroups:
2129 - storage.k8s.io
2130 resources:
2131 - volumeattachments/status
2132 verbs:
2133 - patch
2134---
2135apiVersion: rbac.authorization.k8s.io/v1
2136kind: ClusterRole
2137metadata:
2138 labels:
2139 app.kubernetes.io/name: piraeus-datastore
2140 name: piraeus-operator-gencert
2141rules:
2142- apiGroups:
2143 - admissionregistration.k8s.io
2144 resourceNames:
2145 - piraeus-operator-validating-webhook-configuration
2146 resources:
2147 - validatingwebhookconfigurations
2148 verbs:
2149 - get
2150 - list
2151 - watch
2152 - update
2153---
2154apiVersion: rbac.authorization.k8s.io/v1
2155kind: RoleBinding
2156metadata:
2157 labels:
2158 app.kubernetes.io/name: piraeus-datastore
2159 name: piraeus-operator-gencert
2160 namespace: piraeus-datastore
2161roleRef:
2162 apiGroup: rbac.authorization.k8s.io
2163 kind: Role
2164 name: piraeus-operator-gencert
2165subjects:
2166- kind: ServiceAccount
2167 name: piraeus-operator-gencert
2168 namespace: piraeus-datastore
2169---
2170apiVersion: rbac.authorization.k8s.io/v1
2171kind: RoleBinding
2172metadata:
2173 labels:
2174 app.kubernetes.io/name: piraeus-datastore
2175 name: piraeus-operator-leader-election-rolebinding
2176 namespace: piraeus-datastore
2177roleRef:
2178 apiGroup: rbac.authorization.k8s.io
2179 kind: Role
2180 name: piraeus-operator-leader-election-role
2181subjects:
2182- kind: ServiceAccount
2183 name: piraeus-operator-controller-manager
2184 namespace: piraeus-datastore
2185- kind: ServiceAccount
2186 name: piraeus-operator-gencert
2187 namespace: piraeus-datastore
2188---
2189apiVersion: rbac.authorization.k8s.io/v1
2190kind: ClusterRoleBinding
2191metadata:
2192 labels:
2193 app.kubernetes.io/name: piraeus-datastore
2194 name: piraeus-operator-gencert
2195roleRef:
2196 apiGroup: rbac.authorization.k8s.io
2197 kind: ClusterRole
2198 name: piraeus-operator-gencert
2199subjects:
2200- kind: ServiceAccount
2201 name: piraeus-operator-gencert
2202 namespace: piraeus-datastore
2203---
2204apiVersion: rbac.authorization.k8s.io/v1
2205kind: ClusterRoleBinding
2206metadata:
2207 labels:
2208 app.kubernetes.io/name: piraeus-datastore
2209 name: piraeus-operator-manager-rolebinding
2210roleRef:
2211 apiGroup: rbac.authorization.k8s.io
2212 kind: ClusterRole
2213 name: piraeus-operator-controller-manager
2214subjects:
2215- kind: ServiceAccount
2216 name: piraeus-operator-controller-manager
2217 namespace: piraeus-datastore
2218---
2219apiVersion: v1
2220data:
2221 0_piraeus_datastore_images.yaml: |
2222 ---
2223 # This is the configuration for default images used by piraeus-operator
2224 #
2225 # "base" is the default repository prefix to use.
2226 base: quay.io/piraeusdatastore
2227 # "components" is a mapping of image placeholders to actual image names with tag.
2228 # For example, the image name "linstor-controller" in the kustomize-resources will be replaced by:
2229 # quay.io/piraeusdatastore/piraeus-server:v1.24.2
2230 components:
2231 linstor-controller:
2232 tag: v1.29.2
2233 image: piraeus-server
2234 linstor-satellite:
2235 # Pin with digest to ensure we pull the version with downgraded thin-send-recv
2236 tag: v1.29.2
2237 image: piraeus-server
2238 linstor-csi:
2239 tag: v1.6.4
2240 image: piraeus-csi
2241 drbd-reactor:
2242 tag: v1.6.0
2243 image: drbd-reactor
2244 ha-controller:
2245 tag: v1.2.2
2246 image: piraeus-ha-controller
2247 drbd-shutdown-guard:
2248 tag: v1.0.0
2249 image: drbd-shutdown-guard
2250 ktls-utils:
2251 tag: v0.11
2252 image: ktls-utils
2253 drbd-module-loader:
2254 tag: v9.2.12
2255 # The special "match" attribute is used to select an image based on the node's reported OS.
2256 # The operator will first check the k8s node's ".status.nodeInfo.osImage" field, and compare it against the list
2257 # here. If one matches, that specific image name will be used instead of the fallback image.
2258 image: drbd9-noble # Fallback image: chose a recent kernel, which can hopefully compile whatever config is actually in use
2259 match:
2260 - osImage: Red Hat Enterprise Linux Server 7\.
2261 image: drbd9-centos7
2262 - osImage: Red Hat Enterprise Linux 8\.
2263 image: drbd9-almalinux8
2264 - osImage: Red Hat Enterprise Linux 9\.
2265 image: drbd9-almalinux9
2266 - osImage: "Red Hat Enterprise Linux CoreOS 41[3-9]"
2267 image: drbd9-almalinux9
2268 - osImage: Red Hat Enterprise Linux CoreOS
2269 image: drbd9-almalinux8
2270 - osImage: CentOS Linux 7
2271 image: drbd9-centos7
2272 - osImage: CentOS Linux 8
2273 image: drbd9-almalinux8
2274 - osImage: AlmaLinux 8
2275 image: drbd9-almalinux8
2276 - osImage: AlmaLinux 9
2277 image: drbd9-almalinux9
2278 - osImage: Oracle Linux Server 8\.
2279 image: drbd9-almalinux8
2280 - osImage: Oracle Linux Server 9\.
2281 image: drbd9-almalinux9
2282 - osImage: Rocky Linux 8
2283 image: drbd9-almalinux8
2284 - osImage: Rocky Linux 9
2285 image: drbd9-almalinux9
2286 - osImage: Ubuntu 18\.04
2287 image: drbd9-bionic
2288 - osImage: Ubuntu 20\.04
2289 image: drbd9-focal
2290 - osImage: Ubuntu 22\.04
2291 image: drbd9-jammy
2292 - osImage: Ubuntu 24\.04
2293 image: drbd9-noble
2294 - osImage: Debian GNU/Linux 12
2295 image: drbd9-bookworm
2296 - osImage: Debian GNU/Linux 11
2297 image: drbd9-bullseye
2298 - osImage: Debian GNU/Linux 10
2299 image: drbd9-buster
2300 0_sig_storage_images.yaml: |
2301 ---
2302 base: registry.k8s.io/sig-storage
2303 components:
2304 csi-attacher:
2305 tag: v4.7.0
2306 image: csi-attacher
2307 csi-livenessprobe:
2308 tag: v2.14.0
2309 image: livenessprobe
2310 csi-provisioner:
2311 tag: v5.1.0
2312 image: csi-provisioner
2313 csi-snapshotter:
2314 tag: v8.1.0
2315 image: csi-snapshotter
2316 csi-resizer:
2317 tag: v1.12.0
2318 image: csi-resizer
2319 csi-external-health-monitor-controller:
2320 tag: v0.13.0
2321 image: csi-external-health-monitor-controller
2322 csi-node-driver-registrar:
2323 tag: v2.12.0
2324 image: csi-node-driver-registrar
2325kind: ConfigMap
2326metadata:
2327 labels:
2328 app.kubernetes.io/name: piraeus-datastore
2329 name: piraeus-operator-image-config
2330 namespace: piraeus-datastore
2331---
2332apiVersion: v1
2333kind: Service
2334metadata:
2335 labels:
2336 app.kubernetes.io/name: piraeus-datastore
2337 name: piraeus-operator-webhook-service
2338 namespace: piraeus-datastore
2339spec:
2340 ports:
2341 - port: 443
2342 protocol: TCP
2343 targetPort: 9443
2344 selector:
2345 app.kubernetes.io/component: piraeus-operator
2346 app.kubernetes.io/name: piraeus-datastore
2347---
2348apiVersion: apps/v1
2349kind: Deployment
2350metadata:
2351 labels:
2352 app.kubernetes.io/component: piraeus-operator
2353 app.kubernetes.io/name: piraeus-datastore
2354 name: piraeus-operator-controller-manager
2355 namespace: piraeus-datastore
2356spec:
2357 replicas: 1
2358 selector:
2359 matchLabels:
2360 app.kubernetes.io/component: piraeus-operator
2361 app.kubernetes.io/name: piraeus-datastore
2362 template:
2363 metadata:
2364 annotations:
2365 kubectl.kubernetes.io/default-container: manager
2366 labels:
2367 app.kubernetes.io/component: piraeus-operator
2368 app.kubernetes.io/name: piraeus-datastore
2369 spec:
2370 containers:
2371 - args:
2372 - --leader-elect
2373 - --metrics-bind-address=0
2374 - --namespace=$(NAMESPACE)
2375 - --image-config-map-name=$(IMAGE_CONFIG_MAP_NAME)
2376 command:
2377 - /manager
2378 env:
2379 - name: NAMESPACE
2380 valueFrom:
2381 fieldRef:
2382 fieldPath: metadata.namespace
2383 - name: IMAGE_CONFIG_MAP_NAME
2384 value: piraeus-operator-image-config
2385 image: quay.io/piraeusdatastore/piraeus-operator:v2.7.1
2386 livenessProbe:
2387 httpGet:
2388 path: /healthz
2389 port: 8081
2390 initialDelaySeconds: 15
2391 periodSeconds: 20
2392 name: manager
2393 ports:
2394 - containerPort: 9443
2395 name: webhook-server
2396 protocol: TCP
2397 readinessProbe:
2398 httpGet:
2399 path: /readyz
2400 port: 8081
2401 initialDelaySeconds: 5
2402 periodSeconds: 10
2403 resources:
2404 limits:
2405 cpu: 500m
2406 memory: 256Mi
2407 requests:
2408 cpu: 10m
2409 memory: 64Mi
2410 securityContext:
2411 allowPrivilegeEscalation: false
2412 readOnlyRootFilesystem: true
2413 volumeMounts:
2414 - mountPath: /tmp/k8s-webhook-server/serving-certs
2415 name: cert
2416 readOnly: true
2417 priorityClassName: system-cluster-critical
2418 securityContext:
2419 runAsNonRoot: true
2420 serviceAccountName: piraeus-operator-controller-manager
2421 terminationGracePeriodSeconds: 10
2422 tolerations:
2423 - effect: NoSchedule
2424 key: drbd.linbit.com/lost-quorum
2425 - effect: NoSchedule
2426 key: drbd.linbit.com/force-io-error
2427 volumes:
2428 - name: cert
2429 secret:
2430 defaultMode: 420
2431 secretName: webhook-server-cert
2432---
2433apiVersion: apps/v1
2434kind: Deployment
2435metadata:
2436 labels:
2437 app.kubernetes.io/component: piraeus-operator-gencert
2438 app.kubernetes.io/name: piraeus-datastore
2439 name: piraeus-operator-gencert
2440 namespace: piraeus-datastore
2441spec:
2442 replicas: 1
2443 selector:
2444 matchLabels:
2445 app.kubernetes.io/component: piraeus-operator-gencert
2446 app.kubernetes.io/name: piraeus-datastore
2447 template:
2448 metadata:
2449 annotations:
2450 kubectl.kubernetes.io/default-container: gencert
2451 labels:
2452 app.kubernetes.io/component: piraeus-operator-gencert
2453 app.kubernetes.io/name: piraeus-datastore
2454 spec:
2455 containers:
2456 - args:
2457 - --leader-elect
2458 - --namespace=$(NAMESPACE)
2459 - --webhook-configuration-name=$(WEBHOOK_CONFIGURATION_NAME)
2460 - --webhook-service-name=$(WEBHOOK_SERVICE_NAME)
2461 - --webhook-tls-secret-name=$(WEBHOOK_TLS_SECRET_NAME)
2462 command:
2463 - /gencert
2464 env:
2465 - name: NAMESPACE
2466 valueFrom:
2467 fieldRef:
2468 fieldPath: metadata.namespace
2469 - name: WEBHOOK_CONFIGURATION_NAME
2470 value: piraeus-operator-validating-webhook-configuration
2471 - name: WEBHOOK_SERVICE_NAME
2472 value: piraeus-operator-webhook-service
2473 - name: WEBHOOK_TLS_SECRET_NAME
2474 value: webhook-server-cert
2475 image: quay.io/piraeusdatastore/piraeus-operator:v2.7.1
2476 livenessProbe:
2477 httpGet:
2478 path: /healthz
2479 port: 8081
2480 initialDelaySeconds: 15
2481 periodSeconds: 20
2482 name: gencert
2483 readinessProbe:
2484 httpGet:
2485 path: /readyz
2486 port: 8081
2487 initialDelaySeconds: 5
2488 periodSeconds: 10
2489 resources:
2490 limits:
2491 cpu: 50m
2492 memory: 128Mi
2493 requests:
2494 cpu: 5m
2495 memory: 32Mi
2496 securityContext:
2497 allowPrivilegeEscalation: false
2498 readOnlyRootFilesystem: true
2499 priorityClassName: system-cluster-critical
2500 securityContext:
2501 runAsNonRoot: true
2502 serviceAccountName: piraeus-operator-gencert
2503 terminationGracePeriodSeconds: 10
2504 tolerations:
2505 - effect: NoSchedule
2506 key: drbd.linbit.com/lost-quorum
2507 - effect: NoSchedule
2508 key: drbd.linbit.com/force-io-error
2509---
2510apiVersion: admissionregistration.k8s.io/v1
2511kind: ValidatingWebhookConfiguration
2512metadata:
2513 labels:
2514 app.kubernetes.io/name: piraeus-datastore
2515 name: piraeus-operator-validating-webhook-configuration
2516webhooks:
2517- admissionReviewVersions:
2518 - v1
2519 clientConfig:
2520 service:
2521 name: piraeus-operator-webhook-service
2522 namespace: piraeus-datastore
2523 path: /validate-piraeus-io-v1-linstorcluster
2524 failurePolicy: Fail
2525 name: vlinstorcluster.kb.io
2526 rules:
2527 - apiGroups:
2528 - piraeus.io
2529 apiVersions:
2530 - v1
2531 operations:
2532 - CREATE
2533 - UPDATE
2534 resources:
2535 - linstorclusters
2536 sideEffects: None
2537- admissionReviewVersions:
2538 - v1
2539 clientConfig:
2540 service:
2541 name: piraeus-operator-webhook-service
2542 namespace: piraeus-datastore
2543 path: /validate-piraeus-io-v1-linstornodeconnection
2544 failurePolicy: Fail
2545 name: vlinstornodeconnection.kb.io
2546 rules:
2547 - apiGroups:
2548 - piraeus.io
2549 apiVersions:
2550 - v1
2551 operations:
2552 - CREATE
2553 - UPDATE
2554 resources:
2555 - linstornodeconnections
2556 sideEffects: None
2557- admissionReviewVersions:
2558 - v1
2559 clientConfig:
2560 service:
2561 name: piraeus-operator-webhook-service
2562 namespace: piraeus-datastore
2563 path: /validate-piraeus-io-v1-linstorsatellite
2564 failurePolicy: Fail
2565 name: vlinstorsatellite.kb.io
2566 rules:
2567 - apiGroups:
2568 - piraeus.io
2569 apiVersions:
2570 - v1
2571 operations:
2572 - CREATE
2573 - UPDATE
2574 resources:
2575 - linstorsatellites
2576 sideEffects: None
2577- admissionReviewVersions:
2578 - v1
2579 clientConfig:
2580 service:
2581 name: piraeus-operator-webhook-service
2582 namespace: piraeus-datastore
2583 path: /validate-piraeus-io-v1-linstorsatelliteconfiguration
2584 failurePolicy: Fail
2585 name: vlinstorsatelliteconfiguration.kb.io
2586 rules:
2587 - apiGroups:
2588 - piraeus.io
2589 apiVersions:
2590 - v1
2591 operations:
2592 - CREATE
2593 - UPDATE
2594 resources:
2595 - linstorsatelliteconfigurations
2596 sideEffects: None
2597- admissionReviewVersions:
2598 - v1
2599 clientConfig:
2600 service:
2601 name: piraeus-operator-webhook-service
2602 namespace: piraeus-datastore
2603 path: /validate-storage-k8s-io-v1-storageclass
2604 failurePolicy: Fail
2605 name: vstorageclass.kb.io
2606 rules:
2607 - apiGroups:
2608 - storage.k8s.io
2609 apiVersions:
2610 - v1
2611 operations:
2612 - CREATE
2613 - UPDATE
2614 resources:
2615 - storageclasses
2616 sideEffects: None
View as plain text