apiVersion: v1 kind: Namespace metadata: labels: app.kubernetes.io/name: linbit-sds pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce-version: latest name: linbit-sds --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/name: linbit-sds name: linstorclusters.piraeus.io spec: group: piraeus.io names: kind: LinstorCluster listKind: LinstorClusterList plural: linstorclusters singular: linstorcluster scope: Cluster versions: - name: v1 schema: openAPIV3Schema: description: LinstorCluster is the Schema for the linstorclusters API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: LinstorClusterSpec defines the desired state of LinstorCluster properties: apiTLS: description: "ApiTLS secures the LINSTOR API. \n This configures the TLS key and certificate used to secure the LINSTOR API." nullable: true properties: apiSecretName: description: ApiSecretName references a secret holding the TLS key and certificate used to protect the API. Defaults to "linstor-api-tls". type: string certManager: description: CertManager references a cert-manager Issuer or ClusterIssuer. If set, cert-manager.io/Certificate resources will be created, provisioning the secrets referenced in *SecretName using the issuer configured here. properties: group: description: Group of the resource being referred to. type: string kind: description: Kind of the resource being referred to. type: string name: description: Name of the resource being referred to. type: string required: - name type: object clientSecretName: description: ClientSecretName references a secret holding the TLS key and certificate used by the operator to configure the cluster. Defaults to "linstor-client-tls". type: string csiControllerSecretName: description: CsiControllerSecretName references a secret holding the TLS key and certificate used by the CSI Controller to provision volumes. Defaults to "linstor-csi-controller-tls". type: string csiNodeSecretName: description: CsiNodeSecretName references a secret holding the TLS key and certificate used by the CSI Nodes to query the volume state. Defaults to "linstor-csi-node-tls". type: string type: object externalController: description: ExternalController references an external controller. When set, the Operator will skip deploying a LINSTOR Controller and instead use the external cluster to register satellites. properties: url: description: URL of the external controller. minLength: 3 type: string required: - url type: object internalTLS: description: "InternalTLS secures the connection between LINSTOR Controller and Satellite. \n This configures the client certificate used when the Controller connects to a Satellite. This only has an effect when the Satellite is configured to for secure connections using `LinstorSatellite.spec.internalTLS`." nullable: true properties: certManager: description: CertManager references a cert-manager Issuer or ClusterIssuer. If set, a Certificate resource will be created, provisioning the secret references in SecretName using the issuer configured here. properties: group: description: Group of the resource being referred to. type: string kind: description: Kind of the resource being referred to. type: string name: description: Name of the resource being referred to. type: string required: - name type: object secretName: description: SecretName references a secret holding the TLS key and certificates. type: string type: object linstorPassphraseSecret: description: "LinstorPassphraseSecret used to configure the LINSTOR master passphrase. \n The referenced secret must contain a single key \"MASTER_PASSPHRASE\". The master passphrase is used to * Derive encryption keys for volumes using the LUKS layer. * Store credentials for accessing remotes for backups. See https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#s-encrypt_commands for more information." type: string nodeSelector: additionalProperties: type: string description: NodeSelector selects the nodes on which LINSTOR Satellites will be deployed. See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object patches: description: "Patches is a list of kustomize patches to apply. \n See https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/ for how to create patches." items: description: Patch represent either a Strategic Merge Patch or a JSON patch and its targets. properties: options: additionalProperties: type: boolean description: Options is a list of options for the patch type: object patch: description: Patch is the content of a patch. minLength: 1 type: string target: description: Target points to the resources that the patch is applied to properties: annotationSelector: description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource annotations. type: string group: type: string kind: type: string labelSelector: description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource labels. type: string name: description: Name of the resource. type: string namespace: description: Namespace the resource belongs to, if it can belong to a namespace. type: string version: type: string type: object type: object type: array properties: description: "Properties to apply on the cluster level. \n Use to create default settings for DRBD that should apply to all resources or to configure some other cluster wide default." items: properties: name: description: Name of the property to set. minLength: 1 type: string value: description: Value to set the property to. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map repository: description: Repository used to pull workload images. type: string type: object status: description: LinstorClusterStatus defines the observed state of LinstorCluster properties: conditions: description: Current LINSTOR Cluster state items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/name: linbit-sds name: linstorsatelliteconfigurations.piraeus.io spec: group: piraeus.io names: kind: LinstorSatelliteConfiguration listKind: LinstorSatelliteConfigurationList plural: linstorsatelliteconfigurations singular: linstorsatelliteconfiguration scope: Cluster versions: - name: v1 schema: openAPIV3Schema: description: LinstorSatelliteConfiguration is the Schema for the linstorsatelliteconfigurations API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: "LinstorSatelliteConfigurationSpec defines a partial, desired state of a LinstorSatelliteSpec. \n All the LinstorSatelliteConfiguration resources with matching NodeSelector will be merged into a single LinstorSatelliteSpec." properties: internalTLS: description: "InternalTLS configures secure communication for the LINSTOR Satellite. \n If set, the control traffic between LINSTOR Controller and Satellite will be encrypted using mTLS." nullable: true properties: certManager: description: CertManager references a cert-manager Issuer or ClusterIssuer. If set, a Certificate resource will be created, provisioning the secret references in SecretName using the issuer configured here. properties: group: description: Group of the resource being referred to. type: string kind: description: Kind of the resource being referred to. type: string name: description: Name of the resource being referred to. type: string required: - name type: object secretName: description: SecretName references a secret holding the TLS key and certificates. type: string type: object nodeSelector: additionalProperties: type: string description: NodeSelector selects which LinstorSatellite resources this spec should be applied to. See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object patches: description: "Patches is a list of kustomize patches to apply. \n See https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/ for how to create patches." items: description: Patch represent either a Strategic Merge Patch or a JSON patch and its targets. properties: options: additionalProperties: type: boolean description: Options is a list of options for the patch type: object patch: description: Patch is the content of a patch. minLength: 1 type: string target: description: Target points to the resources that the patch is applied to properties: annotationSelector: description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource annotations. type: string group: type: string kind: type: string labelSelector: description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource labels. type: string name: description: Name of the resource. type: string namespace: description: Namespace the resource belongs to, if it can belong to a namespace. type: string version: type: string type: object type: object type: array properties: description: Properties is a list of properties to set on the node. items: properties: name: description: Name of the property to set. minLength: 1 type: string optional: description: Optional values are only set if they have a non-empty value type: boolean value: description: Value to set the property to. type: string valueFrom: description: ValueFrom sets the value from an existing resource. properties: nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string type: object required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map storagePools: description: StoragePools is a list of storage pools to configure on the node. items: properties: filePool: description: Configures a file system based storage pool, allocating a regular file per volume. properties: directory: description: Directory is the path to the host directory used to store volume data. type: string type: object fileThinPool: description: Configures a file system based storage pool, allocating a sparse file per volume. properties: directory: description: Directory is the path to the host directory used to store volume data. type: string type: object lvmPool: description: Configures a LVM Volume Group as storage pool. properties: volumeGroup: type: string type: object lvmThinPool: description: Configures a LVM Thin Pool as storage pool. properties: thinPool: description: ThinPool is the name of the thinpool LV (without VG prefix). type: string volumeGroup: type: string type: object name: description: Name of the storage pool in linstor. minLength: 3 type: string properties: description: Properties to set on the storage pool. items: properties: name: description: Name of the property to set. minLength: 1 type: string optional: description: Optional values are only set if they have a non-empty value type: boolean value: description: Value to set the property to. type: string valueFrom: description: ValueFrom sets the value from an existing resource. properties: nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string type: object required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map source: properties: hostDevices: description: HostDevices is a list of device paths used to configure the given pool. items: type: string minItems: 1 type: array type: object required: - name type: object type: array type: object status: description: LinstorSatelliteConfigurationStatus defines the observed state of LinstorSatelliteConfiguration properties: conditions: description: Current LINSTOR Satellite Config state items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null labels: app.kubernetes.io/name: linbit-sds name: linstorsatellites.piraeus.io spec: group: piraeus.io names: kind: LinstorSatellite listKind: LinstorSatelliteList plural: linstorsatellites singular: linstorsatellite scope: Cluster versions: - name: v1 schema: openAPIV3Schema: description: LinstorSatellite is the Schema for the linstorsatellites API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: LinstorSatelliteSpec defines the desired state of LinstorSatellite properties: clusterRef: description: ClusterRef references the LinstorCluster used to create this LinstorSatellite. properties: clientSecretName: description: ClientSecretName references the secret used by the operator to validate the https endpoint. type: string externalController: description: ExternalController references an external controller. When set, the Operator uses the external cluster to register satellites. properties: url: description: URL of the external controller. minLength: 3 type: string required: - url type: object name: description: Name of the LinstorCluster resource controlling this satellite. type: string type: object internalTLS: description: "InternalTLS configures secure communication for the LINSTOR Satellite. \n If set, the control traffic between LINSTOR Controller and Satellite will be encrypted using mTLS. The Controller will use the client key from `LinstorCluster.spec.internalTLS` when connecting." nullable: true properties: certManager: description: CertManager references a cert-manager Issuer or ClusterIssuer. If set, a Certificate resource will be created, provisioning the secret references in SecretName using the issuer configured here. properties: group: description: Group of the resource being referred to. type: string kind: description: Kind of the resource being referred to. type: string name: description: Name of the resource being referred to. type: string required: - name type: object secretName: description: SecretName references a secret holding the TLS key and certificates. type: string type: object patches: description: "Patches is a list of kustomize patches to apply. \n See https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/ for how to create patches." items: description: Patch represent either a Strategic Merge Patch or a JSON patch and its targets. properties: options: additionalProperties: type: boolean description: Options is a list of options for the patch type: object patch: description: Patch is the content of a patch. minLength: 1 type: string target: description: Target points to the resources that the patch is applied to properties: annotationSelector: description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource annotations. type: string group: type: string kind: type: string labelSelector: description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches against the resource labels. type: string name: description: Name of the resource. type: string namespace: description: Namespace the resource belongs to, if it can belong to a namespace. type: string version: type: string type: object type: object type: array properties: description: Properties is a list of properties to set on the node. items: properties: name: description: Name of the property to set. minLength: 1 type: string optional: description: Optional values are only set if they have a non-empty value type: boolean value: description: Value to set the property to. type: string valueFrom: description: ValueFrom sets the value from an existing resource. properties: nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string type: object required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map repository: description: Repository used to pull workload images. type: string storagePools: description: StoragePools is a list of storage pools to configure on the node. items: properties: filePool: description: Configures a file system based storage pool, allocating a regular file per volume. properties: directory: description: Directory is the path to the host directory used to store volume data. type: string type: object fileThinPool: description: Configures a file system based storage pool, allocating a sparse file per volume. properties: directory: description: Directory is the path to the host directory used to store volume data. type: string type: object lvmPool: description: Configures a LVM Volume Group as storage pool. properties: volumeGroup: type: string type: object lvmThinPool: description: Configures a LVM Thin Pool as storage pool. properties: thinPool: description: ThinPool is the name of the thinpool LV (without VG prefix). type: string volumeGroup: type: string type: object name: description: Name of the storage pool in linstor. minLength: 3 type: string properties: description: Properties to set on the storage pool. items: properties: name: description: Name of the property to set. minLength: 1 type: string optional: description: Optional values are only set if they have a non-empty value type: boolean value: description: Value to set the property to. type: string valueFrom: description: ValueFrom sets the value from an existing resource. properties: nodeFieldRef: description: Select a field of the node. Supports `metadata.name`, `metadata.labels['']`, `metadata.annotations['']`. minLength: 1 type: string type: object required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map source: properties: hostDevices: description: HostDevices is a list of device paths used to configure the given pool. items: type: string minItems: 1 type: array type: object required: - name type: object type: array required: - clusterRef type: object status: description: LinstorSatelliteStatus defines the observed state of LinstorSatellite properties: conditions: description: Current LINSTOR Satellite state items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-controller-manager namespace: linbit-sds --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-leader-election-role namespace: linbit-sds rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-controller-manager rules: - apiGroups: - "" resources: - configmaps - events - persistentvolumes - secrets - serviceaccounts - services verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - configmaps - pods - secrets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - nodes verbs: - get - list - watch - apiGroups: - "" resources: - nodes - persistentvolumeclaims verbs: - get - list - patch - update - watch - apiGroups: - "" resources: - persistentvolumeclaims/status verbs: - patch - apiGroups: - "" resources: - pods verbs: - delete - list - watch - apiGroups: - "" resources: - pods/eviction verbs: - create - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - daemonsets - deployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - replicasets verbs: - get - apiGroups: - cert-manager.io resources: - certificates verbs: - create - delete - get - list - patch - update - watch - apiGroups: - events.k8s.io resources: - events verbs: - create - get - list - patch - update - watch - apiGroups: - internal.linstor.linbit.com resources: - '*' verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - create - delete - get - list - patch - update - watch - apiGroups: - piraeus.io resources: - linstorclusters verbs: - create - delete - get - list - patch - update - watch - apiGroups: - piraeus.io resources: - linstorclusters/finalizers verbs: - update - apiGroups: - piraeus.io resources: - linstorclusters/status verbs: - get - patch - update - apiGroups: - piraeus.io resources: - linstorsatelliteconfigurations verbs: - get - list - watch - apiGroups: - piraeus.io resources: - linstorsatelliteconfigurations/status verbs: - get - patch - update - apiGroups: - piraeus.io resources: - linstorsatellites verbs: - create - delete - get - list - patch - update - watch - apiGroups: - piraeus.io resources: - linstorsatellites/finalizers verbs: - update - apiGroups: - piraeus.io resources: - linstorsatellites/status verbs: - get - patch - update - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings - clusterroles - rolebindings - roles verbs: - create - delete - get - list - patch - update - watch - apiGroups: - security.openshift.io resourceNames: - privileged resources: - securitycontextconstraints verbs: - use - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshotclasses - volumesnapshots verbs: - get - list - watch - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshotcontents verbs: - delete - get - list - patch - update - watch - apiGroups: - snapshot.storage.k8s.io resources: - volumesnapshotcontents/status verbs: - patch - update - apiGroups: - storage.k8s.io resources: - csidrivers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - storage.k8s.io resources: - csinodes verbs: - get - list - patch - watch - apiGroups: - storage.k8s.io resources: - csistoragecapacities verbs: - create - delete - get - list - patch - update - watch - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch - apiGroups: - storage.k8s.io resources: - volumeattachments verbs: - delete - get - list - patch - watch - apiGroups: - storage.k8s.io resources: - volumeattachments/status verbs: - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-metrics-reader rules: - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-proxy-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-leader-election-rolebinding namespace: linbit-sds roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: linstor-operator-leader-election-role subjects: - kind: ServiceAccount name: linstor-operator-controller-manager namespace: linbit-sds --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: linstor-operator-controller-manager subjects: - kind: ServiceAccount name: linstor-operator-controller-manager namespace: linbit-sds --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: linstor-operator-proxy-role subjects: - kind: ServiceAccount name: linstor-operator-controller-manager namespace: linbit-sds --- apiVersion: v1 data: images.yaml: | base: drbd.io components: linstor-controller: tag: v1.23.0 image: linstor-controller linstor-satellite: tag: v1.23.0 image: linstor-satellite linstor-csi: tag: v1.1.0 image: linstor-csi drbd-reactor: tag: v1.2.0 image: drbd-reactor ha-controller: tag: v1.1.4 image: linstor-k8s-ha-controller drbd-shutdown-guard: tag: v1.0.0 image: drbd-shutdown-guard drbd-module-loader: tag: v9.2.3 image: drbd9-jammy # Fallback image: chose a fairly recent kernel, which can hopefully compile whatever config is actually in use match: - osImage: Red Hat Enterprise Linux 7\. image: drbd9-rhel7 precompiled: true - osImage: Red Hat Enterprise Linux 8\. image: drbd9-rhel8 precompiled: true - osImage: Red Hat Enterprise Linux 9\. image: drbd9-rhel9 precompiled: true - osImage: Red Hat Enterprise Linux CoreOS image: drbd9-rhel8 precompiled: true - osImage: CentOS Linux 7 image: drbd9-rhel7 precompiled: true - osImage: CentOS Linux 8 image: drbd9-rhel8 precompiled: true - osImage: AlmaLinux 8 image: drbd9-rhel8 precompiled: true - osImage: AlmaLinux 9 image: drbd9-rhel9 precompiled: true - osImage: Amazon Linux 2 image: drbd9-amzn2 - osImage: Ubuntu 18\.04 image: drbd9-bionic - osImage: Ubuntu 20\.04 image: drbd9-focal - osImage: Ubuntu 22\.04 image: drbd9-jammy kind: ConfigMap metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-image-config namespace: linbit-sds --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: piraeus-operator app.kubernetes.io/name: linbit-sds name: linstor-operator-controller-manager-metrics-service namespace: linbit-sds spec: ports: - name: https port: 8443 protocol: TCP targetPort: https selector: app.kubernetes.io/component: piraeus-operator app.kubernetes.io/name: linbit-sds --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-webhook-service namespace: linbit-sds spec: ports: - port: 443 protocol: TCP targetPort: 9443 selector: app.kubernetes.io/component: piraeus-operator app.kubernetes.io/name: linbit-sds --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: piraeus-operator app.kubernetes.io/name: linbit-sds name: linstor-operator-controller-manager namespace: linbit-sds spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: piraeus-operator app.kubernetes.io/name: linbit-sds template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: app.kubernetes.io/component: piraeus-operator app.kubernetes.io/name: linbit-sds spec: containers: - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect command: - /manager env: - name: PULL_SECRET value: drbdio-pull-secret - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: IMAGE_CONFIG_MAP_NAME value: linstor-operator-image-config image: $PRIVREGHOST:$PRIVREGPORT/linstor-operator:v2.1.1 livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 256Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=0 image: $PRIVREGHOST:$PRIVREGPORT/kube-rbac-proxy:v0.11.0 name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP resources: limits: cpu: 500m memory: 128Mi requests: cpu: 5m memory: 64Mi imagePullSecrets: - name: drbdio-pull-secret securityContext: runAsNonRoot: true serviceAccountName: linstor-operator-controller-manager terminationGracePeriodSeconds: 10 volumes: - name: cert secret: defaultMode: 420 secretName: webhook-server-cert --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-serving-cert namespace: linbit-sds spec: dnsNames: - linstor-operator-webhook-service.linbit-sds.svc - linstor-operator-webhook-service.linbit-sds.svc.cluster.local issuerRef: kind: Issuer name: linstor-operator-selfsigned-issuer secretName: webhook-server-cert --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-selfsigned-issuer namespace: linbit-sds spec: selfSigned: {} --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: linbit-sds/linstor-operator-serving-cert labels: app.kubernetes.io/name: linbit-sds name: linstor-operator-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: linstor-operator-webhook-service namespace: linbit-sds path: /validate-piraeus-io-v1-linstorcluster failurePolicy: Fail name: vlinstorcluster.kb.io rules: - apiGroups: - piraeus.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - linstorclusters sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: linstor-operator-webhook-service namespace: linbit-sds path: /validate-piraeus-io-v1-linstorsatellite failurePolicy: Fail name: vlinstorsatellite.kb.io rules: - apiGroups: - piraeus.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - linstorsatellites sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: linstor-operator-webhook-service namespace: linbit-sds path: /validate-piraeus-io-v1-linstorsatelliteconfiguration failurePolicy: Fail name: vlinstorsatelliteconfiguration.kb.io rules: - apiGroups: - piraeus.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - linstorsatelliteconfigurations sideEffects: None