apiVersion: v1 kind: Namespace metadata: labels: app.kubernetes.io/name: piraeus-datastore pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit-version: latest pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce-version: latest pod-security.kubernetes.io/warn: privileged pod-security.kubernetes.io/warn-version: latest name: piraeus-datastore --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.1 labels: app.kubernetes.io/name: piraeus-datastore name: linstorclusters.piraeus.io spec: group: piraeus.io names: kind: LinstorCluster listKind: LinstorClusterList plural: linstorclusters singular: linstorcluster scope: Cluster versions: - name: v1 schema: openAPIV3Schema: description: LinstorCluster is the Schema for the linstorclusters API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: LinstorClusterSpec defines the desired state of LinstorCluster properties: apiTLS: description: |- ApiTLS secures the LINSTOR API. This configures the TLS key and certificate used to secure the LINSTOR API. nullable: true properties: apiSecretName: description: |- ApiSecretName references a secret holding the TLS key and certificate used to protect the API. Defaults to "linstor-api-tls". type: string caReference: description: |- CAReference configures the CA certificate to use when validating TLS certificates. If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate. properties: key: default: ca.crt description: |- Key to select in the resource. Defaults to ca.crt if not specified. type: string kind: default: Secret description: Kind of the resource containing the CA Certificate, either a ConfigMap or Secret. enum: - ConfigMap - Secret type: string name: description: Name of the resource containing the CA Certificate. type: string optional: description: Optional specifies whether the resource and its key must exist. type: boolean required: - name type: object certManager: description: |- CertManager references a cert-manager Issuer or ClusterIssuer. If set, cert-manager.io/Certificate resources will be created, provisioning the secrets referenced in *SecretName using the issuer configured here. properties: group: description: Group of the resource being referred to. type: string kind: description: Kind of the resource being referred to. type: string name: description: Name of the resource being referred to. type: string required: - name type: object clientSecretName: description: |- ClientSecretName references a secret holding the TLS key and certificate used by the operator to configure the cluster. Defaults to "linstor-client-tls". type: string csiControllerSecretName: description: |- CsiControllerSecretName references a secret holding the TLS key and certificate used by the CSI Controller to provision volumes. Defaults to "linstor-csi-controller-tls". type: string csiNodeSecretName: description: |- CsiNodeSecretName references a secret holding the TLS key and certificate used by the CSI Nodes to query the volume state. Defaults to "linstor-csi-node-tls". type: string type: object controller: description: Controller controls the deployment of the LINSTOR Controller Deployment. properties: enabled: default: true description: Enable the component. type: boolean podTemplate: description: |- Template to apply to Pods of the component. The template is applied as a patch to the default deployment, so it can be "sparse", not listing any containers or volumes that should remain unchanged. See https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates type: object x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true type: object csiController: description: CSIController controls the deployment of the CSI Controller Deployment. properties: enabled: default: true description: Enable the component. type: boolean podTemplate: description: |- Template to apply to Pods of the component. The template is applied as a patch to the default deployment, so it can be "sparse", not listing any containers or volumes that should remain unchanged. See https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates type: object x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true type: object csiNode: description: CSINode controls the deployment of the CSI Node DaemonSet. properties: enabled: default: true description: Enable the component. type: boolean podTemplate: description: |- Template to apply to Pods of the component. The template is applied as a patch to the default deployment, so it can be "sparse", not listing any containers or volumes that should remain unchanged. See https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates type: object x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true type: object externalController: description: |- ExternalController references an external controller. When set, the Operator will skip deploying a LINSTOR Controller and instead use the external cluster to register satellites. properties: url: description: URL of the external controller. minLength: 3 type: string required: - url type: object highAvailabilityController: description: HighAvailabilityController controls the deployment of the High Availability Controller DaemonSet. properties: enabled: default: true description: Enable the component. type: boolean podTemplate: description: |- Template to apply to Pods of the component. The template is applied as a patch to the default deployment, so it can be "sparse", not listing any containers or volumes that should remain unchanged. See https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates type: object x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true type: object internalTLS: description: |- InternalTLS secures the connection between LINSTOR Controller and Satellite. This configures the client certificate used when the Controller connects to a Satellite. This only has an effect when the Satellite is configured to for secure connections using `LinstorSatellite.spec.internalTLS`. nullable: true properties: caReference: description: |- CAReference configures the CA certificate to use when validating TLS certificates. If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate. properties: key: default: ca.crt description: |- Key to select in the resource. Defaults to ca.crt if not specified. type: string kind: default: Secret description: Kind of the resource containing the CA Certificate, either a ConfigMap or Secret. enum: - ConfigMap - Secret type: string name: description: Name of the resource containing the CA Certificate. type: string optional: description: Optional specifies whether the resource and its key must exist. type: boolean required: - name type: object certManager: description: |- CertManager references a cert-manager Issuer or ClusterIssuer. If set, a Certificate resource will be created, provisioning the secret references in SecretName using the issuer configured here. properties: group: description: Group of the resource being referred to. type: string kind: description: Kind of the resource being referred to. type: string name: description: Name of the resource being referred to. type: string required: - name type: object secretName: description: SecretName references a secret holding the TLS key and certificates. type: string type: object linstorPassphraseSecret: description: |- LinstorPassphraseSecret used to configure the LINSTOR master passphrase. The referenced secret must contain a single key "MASTER_PASSPHRASE". The master passphrase is used to * Derive encryption keys for volumes using the LUKS layer. * Store credentials for accessing remotes for backups. See https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#s-encrypt_commands for more information. type: string nodeAffinity: description: |- NodeAffinity selects the nodes on which LINSTOR Satellite will be deployed. See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: description: |- A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object x-kubernetes-map-type: atomic nodeSelector: additionalProperties: type: string description: |- NodeSelector selects the nodes on which LINSTOR Satellites will be deployed. See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object patches: description: |- Patches is a list of kustomize patches to apply. See https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/ for how to create patches. items: description: Patch represent either a Strategic Merge Patch or a JSON patch and its targets. properties: options: additionalProperties: type: boolean description: Options is a list of options for the patch type: object patch: description: Patch is the content of a patch. minLength: 1 type: string target: description: Target points to the resources that the patch is applied to properties: annotationSelector: description: |- AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource annotations. type: string group: type: string kind: type: string labelSelector: description: |- LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource labels. type: string name: description: Name of the resource. type: string namespace: description: Namespace the resource belongs to, if it can belong to a namespace. type: string version: type: string type: object required: - patch type: object type: array properties: description: |- Properties to apply on the cluster level. Use to create default settings for DRBD that should apply to all resources or to configure some other cluster wide default. items: properties: name: description: Name of the property to set. minLength: 1 type: string value: description: Value to set the property to. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map repository: description: Repository used to pull workload images. type: string type: object status: description: LinstorClusterStatus defines the observed state of LinstorCluster properties: conditions: description: Current LINSTOR Cluster state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.1 labels: app.kubernetes.io/name: piraeus-datastore name: linstornodeconnections.piraeus.io spec: group: piraeus.io names: kind: LinstorNodeConnection listKind: LinstorNodeConnectionList plural: linstornodeconnections singular: linstornodeconnection scope: Cluster versions: - name: v1 schema: openAPIV3Schema: description: LinstorNodeConnection is the Schema for the linstornodeconnections API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: LinstorNodeConnectionSpec defines the desired state of LinstorNodeConnection properties: paths: description: Paths configure the network path used when connecting two nodes. items: properties: interface: description: Interface to use on both nodes. type: string name: description: Name of the path. type: string required: - interface - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map properties: description: |- Properties to apply for the node connection. Use to create default settings for DRBD that should apply to all resources connections between a set of cluster nodes. items: properties: name: description: Name of the property to set. minLength: 1 type: string value: description: Value to set the property to. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map selector: description: |- Selector selects which pair of Satellites the connection should apply to. If not given, the connection will be applied to all connections. items: description: SelectorTerm matches pairs of nodes by checking that the nodes match all specified requirements. properties: matchLabels: description: MatchLabels is a list of match expressions that the node pairs must meet. items: properties: key: description: Key is the name of a node label. minLength: 1 type: string op: default: Exists description: |- Op to apply to the label. Exists (default) checks for the presence of the label on both nodes in the pair. DoesNotExist checks that the label is not present on either node in the pair. In checks for the presence of the label value given by Values on both nodes in the pair. NotIn checks that both nodes in the pair do not have any of the label values given by Values. Same checks that the label value is equal in the node pair. NotSame checks that the label value is not equal in the node pair. enum: - Exists - DoesNotExist - In - NotIn - Same - NotSame type: string values: description: Values to match on, using the provided Op. items: type: string type: array required: - key type: object type: array required: - matchLabels type: object type: array type: object status: description: LinstorNodeConnectionStatus defines the observed state of LinstorNodeConnection properties: conditions: description: Current LINSTOR Node Connection state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.1 labels: app.kubernetes.io/name: piraeus-datastore name: linstorsatelliteconfigurations.piraeus.io spec: group: piraeus.io names: kind: LinstorSatelliteConfiguration listKind: LinstorSatelliteConfigurationList plural: linstorsatelliteconfigurations singular: linstorsatelliteconfiguration scope: Cluster versions: - name: v1 schema: openAPIV3Schema: description: LinstorSatelliteConfiguration is the Schema for the linstorsatelliteconfigurations API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: |- LinstorSatelliteConfigurationSpec defines a partial, desired state of a LinstorSatelliteSpec. All the LinstorSatelliteConfiguration resources with matching NodeSelector will be merged into a single LinstorSatelliteSpec. properties: internalTLS: description: |- InternalTLS configures secure communication for the LINSTOR Satellite. If set, the control traffic between LINSTOR Controller and Satellite will be encrypted using mTLS. nullable: true properties: caReference: description: |- CAReference configures the CA certificate to use when validating TLS certificates. If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate. properties: key: default: ca.crt description: |- Key to select in the resource. Defaults to ca.crt if not specified. type: string kind: default: Secret description: Kind of the resource containing the CA Certificate, either a ConfigMap or Secret. enum: - ConfigMap - Secret type: string name: description: Name of the resource containing the CA Certificate. type: string optional: description: Optional specifies whether the resource and its key must exist. type: boolean required: - name type: object certManager: description: |- CertManager references a cert-manager Issuer or ClusterIssuer. If set, a Certificate resource will be created, provisioning the secret references in SecretName using the issuer configured here. properties: group: description: Group of the resource being referred to. type: string kind: description: Kind of the resource being referred to. type: string name: description: Name of the resource being referred to. type: string required: - name type: object secretName: description: SecretName references a secret holding the TLS key and certificates. type: string tlsHandshakeDaemon: description: |- TLSHandshakeDaemon enables tlshd for establishing TLS sessions for use by DRBD. If enabled, adds a new sidecar to the LINSTOR Satellite that runs the tlshd handshake daemon. The daemon uses the TLS certificate and key to establish secure connections on behalf of DRBD. type: boolean type: object ipFamilies: description: |- IPFamilies configures the IP Family (IPv4 or IPv6) to use to connect to the LINSTOR Satellite. If set, the control traffic between LINSTOR Controller and Satellite will use only the given IP Family. If not set, the Operator will configure all families found in the Satellites Pods' Status. items: description: IPFamily represents the IP Family (IPv4 or IPv6). enum: - IPv4 - IPv6 type: string type: array nodeAffinity: description: |- NodeAffinity selects which LinstorSatellite resources this spec should be applied to. See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: description: |- A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. items: description: |- A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: |- Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: |- An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object x-kubernetes-map-type: atomic nodeSelector: additionalProperties: type: string description: |- NodeSelector selects which LinstorSatellite resources this spec should be applied to. See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object patches: description: |- Patches is a list of kustomize patches to apply. See https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/ for how to create patches. items: description: Patch represent either a Strategic Merge Patch or a JSON patch and its targets. properties: options: additionalProperties: type: boolean description: Options is a list of options for the patch type: object patch: description: Patch is the content of a patch. minLength: 1 type: string target: description: Target points to the resources that the patch is applied to properties: annotationSelector: description: |- AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource annotations. type: string group: type: string kind: type: string labelSelector: description: |- LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource labels. type: string name: description: Name of the resource. type: string namespace: description: Namespace the resource belongs to, if it can belong to a namespace. type: string version: type: string type: object required: - patch type: object type: array podTemplate: description: |- Template to apply to Satellite Pods. The template is applied as a patch to the default resource, so it can be "sparse", not listing any containers or volumes that should remain unchanged. See https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates type: object x-kubernetes-map-type: atomic x-kubernetes-preserve-unknown-fields: true properties: description: Properties is a list of properties to set on the node. items: properties: expandFrom: description: |- ExpandFrom can reference multiple resource fields at once. It either sets the property to an aggregate value based on matched resource fields, or expands to multiple properties. properties: delimiter: description: Delimiter used to join multiple key and value pairs together. type: string nameTemplate: description: |- NameTemplate defines how the property key is expanded. If set, the template is appended to the defined property name, creating multiple properties instead of one aggregate. * $1 is replaced with the matched key. * $2 is replaced with the matched value. type: string nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string valueTemplate: description: |- ValueTemplate defines how the property value is expanded. * $1 is replaced with the matched key. * $2 is replaced with the matched value. type: string required: - nodeFieldRef type: object name: description: Name of the property to set. minLength: 1 type: string optional: description: Optional values are only set if they have a non-empty value type: boolean value: description: Value to set the property to. type: string valueFrom: description: ValueFrom sets the value from an existing resource. properties: nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string required: - nodeFieldRef type: object required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map storagePools: description: StoragePools is a list of storage pools to configure on the node. items: properties: filePool: description: Configures a file system based storage pool, allocating a regular file per volume. properties: directory: description: Directory is the path to the host directory used to store volume data. type: string type: object fileThinPool: description: Configures a file system based storage pool, allocating a sparse file per volume. properties: directory: description: Directory is the path to the host directory used to store volume data. type: string type: object lvmPool: description: Configures a LVM Volume Group as storage pool. properties: volumeGroup: type: string type: object lvmThinPool: description: Configures a LVM Thin Pool as storage pool. properties: thinPool: description: ThinPool is the name of the thinpool LV (without VG prefix). type: string volumeGroup: type: string type: object name: description: Name of the storage pool in linstor. minLength: 3 type: string properties: description: Properties to set on the storage pool. items: properties: expandFrom: description: |- ExpandFrom can reference multiple resource fields at once. It either sets the property to an aggregate value based on matched resource fields, or expands to multiple properties. properties: delimiter: description: Delimiter used to join multiple key and value pairs together. type: string nameTemplate: description: |- NameTemplate defines how the property key is expanded. If set, the template is appended to the defined property name, creating multiple properties instead of one aggregate. * $1 is replaced with the matched key. * $2 is replaced with the matched value. type: string nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string valueTemplate: description: |- ValueTemplate defines how the property value is expanded. * $1 is replaced with the matched key. * $2 is replaced with the matched value. type: string required: - nodeFieldRef type: object name: description: Name of the property to set. minLength: 1 type: string optional: description: Optional values are only set if they have a non-empty value type: boolean value: description: Value to set the property to. type: string valueFrom: description: ValueFrom sets the value from an existing resource. properties: nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string required: - nodeFieldRef type: object required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map source: properties: hostDevices: description: HostDevices is a list of device paths used to configure the given pool. items: type: string minItems: 1 type: array type: object zfsPool: description: Configures a ZFS system based storage pool, allocating zvols from the given zpool. properties: zPool: description: ZPool is the name of the ZFS zpool. type: string type: object zfsThinPool: description: Configures a ZFS system based storage pool, allocating sparse zvols from the given zpool. properties: zPool: description: ZPool is the name of the ZFS zpool. type: string type: object required: - name type: object type: array type: object status: description: LinstorSatelliteConfigurationStatus defines the observed state of LinstorSatelliteConfiguration properties: conditions: description: Current LINSTOR Satellite Config state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.1 labels: app.kubernetes.io/name: piraeus-datastore name: linstorsatellites.piraeus.io spec: group: piraeus.io names: kind: LinstorSatellite listKind: LinstorSatelliteList plural: linstorsatellites singular: linstorsatellite scope: Cluster versions: - name: v1 schema: openAPIV3Schema: description: LinstorSatellite is the Schema for the linstorsatellites API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: LinstorSatelliteSpec defines the desired state of LinstorSatellite properties: clusterRef: description: ClusterRef references the LinstorCluster used to create this LinstorSatellite. properties: caReference: description: |- CAReference configures the CA certificate to use when validating TLS certificates. If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate. properties: key: default: ca.crt description: |- Key to select in the resource. Defaults to ca.crt if not specified. type: string kind: default: Secret description: Kind of the resource containing the CA Certificate, either a ConfigMap or Secret. enum: - ConfigMap - Secret type: string name: description: Name of the resource containing the CA Certificate. type: string optional: description: Optional specifies whether the resource and its key must exist. type: boolean required: - name type: object clientSecretName: description: ClientSecretName references the secret used by the operator to validate the https endpoint. type: string externalController: description: |- ExternalController references an external controller. When set, the Operator uses the external cluster to register satellites. properties: url: description: URL of the external controller. minLength: 3 type: string required: - url type: object name: description: Name of the LinstorCluster resource controlling this satellite. type: string type: object internalTLS: description: |- InternalTLS configures secure communication for the LINSTOR Satellite. If set, the control traffic between LINSTOR Controller and Satellite will be encrypted using mTLS. The Controller will use the client key from `LinstorCluster.spec.internalTLS` when connecting. nullable: true properties: caReference: description: |- CAReference configures the CA certificate to use when validating TLS certificates. If not set, the TLS secret is expected to contain a "ca.crt" containing the CA certificate. properties: key: default: ca.crt description: |- Key to select in the resource. Defaults to ca.crt if not specified. type: string kind: default: Secret description: Kind of the resource containing the CA Certificate, either a ConfigMap or Secret. enum: - ConfigMap - Secret type: string name: description: Name of the resource containing the CA Certificate. type: string optional: description: Optional specifies whether the resource and its key must exist. type: boolean required: - name type: object certManager: description: |- CertManager references a cert-manager Issuer or ClusterIssuer. If set, a Certificate resource will be created, provisioning the secret references in SecretName using the issuer configured here. properties: group: description: Group of the resource being referred to. type: string kind: description: Kind of the resource being referred to. type: string name: description: Name of the resource being referred to. type: string required: - name type: object secretName: description: SecretName references a secret holding the TLS key and certificates. type: string tlsHandshakeDaemon: description: |- TLSHandshakeDaemon enables tlshd for establishing TLS sessions for use by DRBD. If enabled, adds a new sidecar to the LINSTOR Satellite that runs the tlshd handshake daemon. The daemon uses the TLS certificate and key to establish secure connections on behalf of DRBD. type: boolean type: object ipFamilies: description: |- IPFamilies configures the IP Family (IPv4 or IPv6) to use to connect to the LINSTOR Satellite. If set, the control traffic between LINSTOR Controller and Satellite will use only the given IP Family. If not set, the Operator will configure all families found in the Satellites Pods' Status. items: description: IPFamily represents the IP Family (IPv4 or IPv6). enum: - IPv4 - IPv6 type: string type: array patches: description: |- Patches is a list of kustomize patches to apply. See https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/ for how to create patches. items: description: Patch represent either a Strategic Merge Patch or a JSON patch and its targets. properties: options: additionalProperties: type: boolean description: Options is a list of options for the patch type: object patch: description: Patch is the content of a patch. minLength: 1 type: string target: description: Target points to the resources that the patch is applied to properties: annotationSelector: description: |- AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource annotations. type: string group: type: string kind: type: string labelSelector: description: |- LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource labels. type: string name: description: Name of the resource. type: string namespace: description: Namespace the resource belongs to, if it can belong to a namespace. type: string version: type: string type: object required: - patch type: object type: array properties: description: Properties is a list of properties to set on the node. items: properties: expandFrom: description: |- ExpandFrom can reference multiple resource fields at once. It either sets the property to an aggregate value based on matched resource fields, or expands to multiple properties. properties: delimiter: description: Delimiter used to join multiple key and value pairs together. type: string nameTemplate: description: |- NameTemplate defines how the property key is expanded. If set, the template is appended to the defined property name, creating multiple properties instead of one aggregate. * $1 is replaced with the matched key. * $2 is replaced with the matched value. type: string nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string valueTemplate: description: |- ValueTemplate defines how the property value is expanded. * $1 is replaced with the matched key. * $2 is replaced with the matched value. type: string required: - nodeFieldRef type: object name: description: Name of the property to set. minLength: 1 type: string optional: description: Optional values are only set if they have a non-empty value type: boolean value: description: Value to set the property to. type: string valueFrom: description: ValueFrom sets the value from an existing resource. properties: nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string required: - nodeFieldRef type: object required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map repository: description: Repository used to pull workload images. type: string storagePools: description: StoragePools is a list of storage pools to configure on the node. items: properties: filePool: description: Configures a file system based storage pool, allocating a regular file per volume. properties: directory: description: Directory is the path to the host directory used to store volume data. type: string type: object fileThinPool: description: Configures a file system based storage pool, allocating a sparse file per volume. properties: directory: description: Directory is the path to the host directory used to store volume data. type: string type: object lvmPool: description: Configures a LVM Volume Group as storage pool. properties: volumeGroup: type: string type: object lvmThinPool: description: Configures a LVM Thin Pool as storage pool. properties: thinPool: description: ThinPool is the name of the thinpool LV (without VG prefix). type: string volumeGroup: type: string type: object name: description: Name of the storage pool in linstor. minLength: 3 type: string properties: description: Properties to set on the storage pool. items: properties: expandFrom: description: |- ExpandFrom can reference multiple resource fields at once. It either sets the property to an aggregate value based on matched resource fields, or expands to multiple properties. properties: delimiter: description: Delimiter used to join multiple key and value pairs together. type: string nameTemplate: description: |- NameTemplate defines how the property key is expanded. If set, the template is appended to the defined property name, creating multiple properties instead of one aggregate. * $1 is replaced with the matched key. * $2 is replaced with the matched value. type: string nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string valueTemplate: description: |- ValueTemplate defines how the property value is expanded. * $1 is replaced with the matched key. * $2 is replaced with the matched value. type: string required: - nodeFieldRef type: object name: description: Name of the property to set. minLength: 1 type: string optional: description: Optional values are only set if they have a non-empty value type: boolean value: description: Value to set the property to. type: string valueFrom: description: ValueFrom sets the value from an existing resource. properties: nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string required: - nodeFieldRef type: object required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map source: properties: hostDevices: description: HostDevices is a list of device paths used to configure the given pool. items: type: string minItems: 1 type: array type: object zfsPool: description: Configures a ZFS system based storage pool, allocating zvols from the given zpool. properties: zPool: description: ZPool is the name of the ZFS zpool. type: string type: object zfsThinPool: description: Configures a ZFS system based storage pool, allocating sparse zvols from the given zpool. properties: zPool: description: ZPool is the name of the ZFS zpool. type: string type: object required: - name type: object type: array required: - clusterRef type: object status: description: LinstorSatelliteStatus defines the observed state of LinstorSatellite properties: conditions: description: Current LINSTOR Satellite state items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object type: object served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-controller-manager namespace: piraeus-datastore --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-gencert namespace: piraeus-datastore --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-gencert namespace: piraeus-datastore rules: - apiGroups: - "" resources: - secrets verbs: - get - list - watch - create - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-leader-election-role namespace: piraeus-datastore rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-controller-manager rules: - apiGroups: - "" resources: - configmaps - events - persistentvolumes - pods - secrets - serviceaccounts - services verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - nodes - persistentvolumeclaims verbs: - get - list - patch - update - watch - apiGroups: - "" resources: - persistentvolumeclaims/status verbs: - patch - apiGroups: - "" resources: - pods/eviction verbs: - create - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - daemonsets - deployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - replicasets verbs: - get - apiGroups: - cert-manager.io resources: - certificates verbs: - create - delete - get - list - patch - update - watch - apiGroups: - events.k8s.io resources: - events verbs: - create - get - list - patch - update - watch - apiGroups: - internal.linstor.linbit.com resources: - '*' verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - piraeus.io resources: - linstorclusters - linstornodeconnections - linstorsatellites verbs: - create - delete - get - list - patch - update - watch - apiGroups: - piraeus.io resources: - linstorclusters/finalizers - linstornodeconnections/finalizers - linstorsatellites/finalizers verbs: - update - apiGroups: - piraeus.io resources: - linstorclusters/status - linstornodeconnections/status - linstorsatelliteconfigurations/status - linstorsatellites/status verbs: - get - patch - update - apiGroups: - piraeus.io resources: - linstorsatelliteconfigurations verbs: - get - list - watch - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings - clusterroles - rolebindings - roles verbs: - create - delete - get - list - patch - update - watch - apiGroups: - security.openshift.io resourceNames: - privileged resources: - securitycontextconstraints verbs: - use - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshotclasses - volumesnapshots verbs: - get - list - watch - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshotcontents verbs: - delete - get - list - patch - update - watch - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshotcontents/status verbs: - patch - update - apiGroups: - storage.k8s.io resources: - csidrivers - csistoragecapacities verbs: - create - delete - get - list - patch - update - watch - apiGroups: - storage.k8s.io resources: - csinodes verbs: - get - list - patch - watch - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch - apiGroups: - storage.k8s.io resources: - volumeattachments verbs: - delete - get - list - patch - watch - apiGroups: - storage.k8s.io resources: - volumeattachments/status verbs: - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-gencert rules: - apiGroups: - admissionregistration.k8s.io resourceNames: - piraeus-operator-validating-webhook-configuration resources: - validatingwebhookconfigurations verbs: - get - list - watch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-gencert namespace: piraeus-datastore roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: piraeus-operator-gencert subjects: - kind: ServiceAccount name: piraeus-operator-gencert namespace: piraeus-datastore --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-leader-election-rolebinding namespace: piraeus-datastore roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: piraeus-operator-leader-election-role subjects: - kind: ServiceAccount name: piraeus-operator-controller-manager namespace: piraeus-datastore - kind: ServiceAccount name: piraeus-operator-gencert namespace: piraeus-datastore --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-gencert roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: piraeus-operator-gencert subjects: - kind: ServiceAccount name: piraeus-operator-gencert namespace: piraeus-datastore --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: piraeus-operator-controller-manager subjects: - kind: ServiceAccount name: piraeus-operator-controller-manager namespace: piraeus-datastore --- apiVersion: v1 data: 0_piraeus_datastore_images.yaml: | --- # This is the configuration for default images used by piraeus-operator # # "base" is the default repository prefix to use. base: quay.io/piraeusdatastore # "components" is a mapping of image placeholders to actual image names with tag. # For example, the image name "linstor-controller" in the kustomize-resources will be replaced by: # quay.io/piraeusdatastore/piraeus-server:v1.24.2 components: linstor-controller: tag: v1.29.2 image: piraeus-server linstor-satellite: # Pin with digest to ensure we pull the version with downgraded thin-send-recv tag: v1.29.2 image: piraeus-server linstor-csi: tag: v1.6.4 image: piraeus-csi drbd-reactor: tag: v1.6.0 image: drbd-reactor ha-controller: tag: v1.2.2 image: piraeus-ha-controller drbd-shutdown-guard: tag: v1.0.0 image: drbd-shutdown-guard ktls-utils: tag: v0.11 image: ktls-utils drbd-module-loader: tag: v9.2.12 # The special "match" attribute is used to select an image based on the node's reported OS. # The operator will first check the k8s node's ".status.nodeInfo.osImage" field, and compare it against the list # here. If one matches, that specific image name will be used instead of the fallback image. image: drbd9-noble # Fallback image: chose a recent kernel, which can hopefully compile whatever config is actually in use match: - osImage: Red Hat Enterprise Linux Server 7\. image: drbd9-centos7 - osImage: Red Hat Enterprise Linux 8\. image: drbd9-almalinux8 - osImage: Red Hat Enterprise Linux 9\. image: drbd9-almalinux9 - osImage: "Red Hat Enterprise Linux CoreOS 41[3-9]" image: drbd9-almalinux9 - osImage: Red Hat Enterprise Linux CoreOS image: drbd9-almalinux8 - osImage: CentOS Linux 7 image: drbd9-centos7 - osImage: CentOS Linux 8 image: drbd9-almalinux8 - osImage: AlmaLinux 8 image: drbd9-almalinux8 - osImage: AlmaLinux 9 image: drbd9-almalinux9 - osImage: Oracle Linux Server 8\. image: drbd9-almalinux8 - osImage: Oracle Linux Server 9\. image: drbd9-almalinux9 - osImage: Rocky Linux 8 image: drbd9-almalinux8 - osImage: Rocky Linux 9 image: drbd9-almalinux9 - osImage: Ubuntu 18\.04 image: drbd9-bionic - osImage: Ubuntu 20\.04 image: drbd9-focal - osImage: Ubuntu 22\.04 image: drbd9-jammy - osImage: Ubuntu 24\.04 image: drbd9-noble - osImage: Debian GNU/Linux 12 image: drbd9-bookworm - osImage: Debian GNU/Linux 11 image: drbd9-bullseye - osImage: Debian GNU/Linux 10 image: drbd9-buster 0_sig_storage_images.yaml: | --- base: registry.k8s.io/sig-storage components: csi-attacher: tag: v4.7.0 image: csi-attacher csi-livenessprobe: tag: v2.14.0 image: livenessprobe csi-provisioner: tag: v5.1.0 image: csi-provisioner csi-snapshotter: tag: v8.1.0 image: csi-snapshotter csi-resizer: tag: v1.12.0 image: csi-resizer csi-external-health-monitor-controller: tag: v0.13.0 image: csi-external-health-monitor-controller csi-node-driver-registrar: tag: v2.12.0 image: csi-node-driver-registrar kind: ConfigMap metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-image-config namespace: piraeus-datastore --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-webhook-service namespace: piraeus-datastore spec: ports: - port: 443 protocol: TCP targetPort: 9443 selector: app.kubernetes.io/component: piraeus-operator app.kubernetes.io/name: piraeus-datastore --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: piraeus-operator app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-controller-manager namespace: piraeus-datastore spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: piraeus-operator app.kubernetes.io/name: piraeus-datastore template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: app.kubernetes.io/component: piraeus-operator app.kubernetes.io/name: piraeus-datastore spec: containers: - args: - --leader-elect - --metrics-bind-address=0 - --namespace=$(NAMESPACE) - --image-config-map-name=$(IMAGE_CONFIG_MAP_NAME) command: - /manager env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: IMAGE_CONFIG_MAP_NAME value: piraeus-operator-image-config image: quay.io/piraeusdatastore/piraeus-operator:v2.7.1 livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 256Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true priorityClassName: system-cluster-critical securityContext: runAsNonRoot: true serviceAccountName: piraeus-operator-controller-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule key: drbd.linbit.com/lost-quorum - effect: NoSchedule key: drbd.linbit.com/force-io-error volumes: - name: cert secret: defaultMode: 420 secretName: webhook-server-cert --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: piraeus-operator-gencert app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-gencert namespace: piraeus-datastore spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: piraeus-operator-gencert app.kubernetes.io/name: piraeus-datastore template: metadata: annotations: kubectl.kubernetes.io/default-container: gencert labels: app.kubernetes.io/component: piraeus-operator-gencert app.kubernetes.io/name: piraeus-datastore spec: containers: - args: - --leader-elect - --namespace=$(NAMESPACE) - --webhook-configuration-name=$(WEBHOOK_CONFIGURATION_NAME) - --webhook-service-name=$(WEBHOOK_SERVICE_NAME) - --webhook-tls-secret-name=$(WEBHOOK_TLS_SECRET_NAME) command: - /gencert env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: WEBHOOK_CONFIGURATION_NAME value: piraeus-operator-validating-webhook-configuration - name: WEBHOOK_SERVICE_NAME value: piraeus-operator-webhook-service - name: WEBHOOK_TLS_SECRET_NAME value: webhook-server-cert image: quay.io/piraeusdatastore/piraeus-operator:v2.7.1 livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: gencert readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 50m memory: 128Mi requests: cpu: 5m memory: 32Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true priorityClassName: system-cluster-critical securityContext: runAsNonRoot: true serviceAccountName: piraeus-operator-gencert terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule key: drbd.linbit.com/lost-quorum - effect: NoSchedule key: drbd.linbit.com/force-io-error --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: labels: app.kubernetes.io/name: piraeus-datastore name: piraeus-operator-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: piraeus-operator-webhook-service namespace: piraeus-datastore path: /validate-piraeus-io-v1-linstorcluster failurePolicy: Fail name: vlinstorcluster.kb.io rules: - apiGroups: - piraeus.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - linstorclusters sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: piraeus-operator-webhook-service namespace: piraeus-datastore path: /validate-piraeus-io-v1-linstornodeconnection failurePolicy: Fail name: vlinstornodeconnection.kb.io rules: - apiGroups: - piraeus.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - linstornodeconnections sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: piraeus-operator-webhook-service namespace: piraeus-datastore path: /validate-piraeus-io-v1-linstorsatellite failurePolicy: Fail name: vlinstorsatellite.kb.io rules: - apiGroups: - piraeus.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - linstorsatellites sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: piraeus-operator-webhook-service namespace: piraeus-datastore path: /validate-piraeus-io-v1-linstorsatelliteconfiguration failurePolicy: Fail name: vlinstorsatelliteconfiguration.kb.io rules: - apiGroups: - piraeus.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - linstorsatelliteconfigurations sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: piraeus-operator-webhook-service namespace: piraeus-datastore path: /validate-storage-k8s-io-v1-storageclass failurePolicy: Fail name: vstorageclass.kb.io rules: - apiGroups: - storage.k8s.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - storageclasses sideEffects: None