---
rbac:
  # Specifies whether RBAC resources should be created
  create: true

serviceAccounts:
  nodeplugin:
    # Specifies whether a ServiceAccount should be created
    create: true
    # The name of the ServiceAccount to use.
    # If not set and create is true, a name is generated using the fullname
    name:
  provisioner:
    # Specifies whether a ServiceAccount should be created
    create: true
    # The name of the ServiceAccount to use.
    # If not set and create is true, a name is generated using the fullname
    name:

# Configuration for the CSI to connect to the cluster
# Ref: https://github.com/ceph/ceph-csi/blob/devel/examples/README.md
# Example:
# csiConfig:
#   - clusterID: "<cluster-id>"
#     monitors:
#       - "<MONValue1>"
#       - "<MONValue2>"
#     rbd:
#       netNamespaceFilePath: "{{ .kubeletDir }}/plugins/{{ .driverName }}/net"
#       mirrorDaemonCount: 1
#     readAffinity:
#       enabled: true
#       crushLocationLabels:
#         - topology.kubernetes.io/region
#         - topology.kubernetes.io/zone
csiConfig: []

# Configuration details of clusterID,PoolID and FscID mapping
# csiMapping:
#  - clusterIDMapping:
#     clusterID on site1: clusterID on site2
#    RBDPoolIDMapping:
#    - poolID on site1: poolID on site2
#    CephFSFscIDMapping:
#    - CephFS FscID on site1: CephFS FscID on site2
csiMapping: []

# Configuration for the encryption KMS
# Ref: https://github.com/ceph/ceph-csi/blob/devel/docs/rbd/deploy.md
# Example:
# encryptionKMSConfig:
#   vault-unique-id-1:
#     encryptionKMSType: vault
#     vaultAddress: https://vault.example.com
#     vaultAuthPath: /v1/auth/kubernetes/login
#     vaultRole: csi-kubernetes
#     vaultPassphraseRoot: /v1/secret
#     vaultPassphrasePath: ceph-csi/
#     vaultCAVerify: "false"
encryptionKMSConfig: {}

# Labels to apply to all resources
commonLabels: {}

# Set logging level for csi containers.
# Supported values from 0 to 5. 0 for general useful logs,
# 5 for trace level verbosity.
# logLevel is the variable for CSI driver containers's log level
logLevel: 5
# sidecarLogLevel is the variable for Kubernetes sidecar container's log level
sidecarLogLevel: 1
# Log slow operations at the specified rate.
# Operation is considered slow if it outlives its deadline.
logSlowOperationInterval: 30s

# Set fsGroupPolicy for CSI Driver object spec
# https://kubernetes-csi.github.io/docs/support-fsgroup.html
# The following modes are supported:
# - None: Indicates that volumes will be mounted with no modifications, as the
#   CSI volume driver does not support these operations.
# - File: Indicates that the CSI volume driver supports volume ownership and
#   permission change via fsGroup, and Kubernetes may use fsGroup to change
#   permissions and ownership of the volume to match user requested fsGroup in
#   the pod's SecurityPolicy regardless of fstype or access mode.
# - ReadWriteOnceWithFSType: Indicates that volumes will be examined to
#   determine if volume ownership and permissions should be modified to match
#   the pod's security policy.
# Changes will only occur if the fsType is defined and the persistent volume's
# accessModes contains ReadWriteOnce.
CSIDriver:
  fsGroupPolicy: "File"
  seLinuxMount: true

nodeplugin:
  name: nodeplugin
  # set user created priorityclassName for csi plugin pods. default is
  # system-node-critical which is high priority
  priorityClassName: system-node-critical
  # if you are using rbd-nbd client set this value to OnDelete
  updateStrategy: RollingUpdate

  httpMetrics:
    # Metrics only available for cephcsi/cephcsi => 1.2.0
    # Specifies whether http metrics should be exposed
    enabled: true
    # The port of the container to expose the metrics
    containerPort: 8080

    service:
      # Specifies whether a service should be created for the metrics
      enabled: true
      # The port to use for the service
      servicePort: 8080
      type: ClusterIP

      # Annotations for the service
      # Example:
      # annotations:
      #   prometheus.io/scrape: "true"
      #   prometheus.io/port: "8080"
      annotations: {}

      clusterIP: ""

      ## List of IP addresses at which the stats-exporter service is available
      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
      ##
      externalIPs: []

      loadBalancerIP: ""
      loadBalancerSourceRanges: []

  ## Reference to one or more secrets to be used when pulling images
  ##
  imagePullSecrets: []
  # - name: "image-pull-secret"

  profiling:
    # enable profiling to check for memory leaks
    enabled: false

  registrar:
    image:
      repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
      tag: v2.11.1
      pullPolicy: IfNotPresent
    resources: {}

  plugin:
    image:
      repository: quay.io/cephcsi/cephcsi
      tag: canary
      pullPolicy: IfNotPresent
    resources: {}

  nodeSelector: {}

  tolerations: []

  affinity: {}

  annotations: {}

  podSecurityContext: {}

  podAnnotations: {}

provisioner:
  name: provisioner
  replicaCount: 3
  strategy:
    # RollingUpdate strategy replaces old pods with new ones gradually,
    # without incurring downtime.
    type: RollingUpdate
    rollingUpdate:
      # maxUnavailable is the maximum number of pods that can be
      # unavailable during the update process.
      maxUnavailable: 50%
  # if fstype is not specified in storageclass, ext4 is default
  defaultFSType: ext4
  # deployController to enable or disable the deployment of controller which
  # generates the OMAP data if its not Present.
  deployController: true
  # Timeout for waiting for creation or deletion of a volume
  timeout: 60s
  # cluster name to set on the RBD image
  # clustername: "k8s-cluster-1"
  # Hard limit for maximum number of nested volume clones that are taken before
  # a flatten occurs
  hardMaxCloneDepth: 8
  # Soft limit for maximum number of nested volume clones that are taken before
  # a flatten occurs
  softMaxCloneDepth: 4
  # Maximum number of snapshots allowed on rbd image without flattening
  maxSnapshotsOnImage: 450
  # Minimum number of snapshots allowed on rbd image to trigger flattening
  minSnapshotsOnImage: 250
  # skip image flattening if kernel support mapping of rbd images
  # which has the deep-flatten feature
  # skipForceFlatten: false

  # set user created priorityclassName for csi provisioner pods. default is
  # system-cluster-critical which is less priority than system-node-critical
  priorityClassName: system-cluster-critical

  # enable hostnetwork for provisioner pod. default is false
  # useful for deployments where the podNetwork has no access to ceph
  enableHostNetwork: false

  httpMetrics:
    # Metrics only available for cephcsi/cephcsi => 1.2.0
    # Specifies whether http metrics should be exposed
    enabled: true
    # The port of the container to expose the metrics
    containerPort: 8080

    service:
      # Specifies whether a service should be created for the metrics
      enabled: true
      # The port to use for the service
      servicePort: 8080
      type: ClusterIP

      # Annotations for the service
      # Example:
      # annotations:
      #   prometheus.io/scrape: "true"
      #   prometheus.io/port: "8080"
      annotations: {}

      clusterIP: ""

      ## List of IP addresses at which the stats-exporter service is available
      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
      ##
      externalIPs: []

      loadBalancerIP: ""
      loadBalancerSourceRanges: []

  ## Reference to one or more secrets to be used when pulling images
  ##
  imagePullSecrets: []
  # - name: "image-pull-secret"

  profiling:
    # enable profiling to check for memory leaks
    enabled: false

  provisioner:
    image:
      repository: registry.k8s.io/sig-storage/csi-provisioner
      tag: v5.0.1
      pullPolicy: IfNotPresent
    resources: {}
    args:
    #   # httpEndpointPort specifies the http server port for
    #   # diagnostics, health checks and metrics.
    #   # Uncomment below line to enable the `http-endpoint` arg for sidecar
    #   httpEndpointPort: 8090
    ## For further options, check
    ## https://github.com/kubernetes-csi/external-provisioner#command-line-options
    extraArgs: []

  # set metadata on volume
  setmetadata: true

  attacher:
    name: attacher
    enabled: true
    image:
      repository: registry.k8s.io/sig-storage/csi-attacher
      tag: v4.6.1
      pullPolicy: IfNotPresent
    resources: {}
    args:
    #   # httpEndpointPort specifies the http server port for
    #   # diagnostics, health checks and metrics.
    #   # Uncomment below line to enable the `http-endpoint` arg for sidecar
    #   httpEndpointPort: 8093
    ## For further options, check
    ## https://github.com/kubernetes-csi/external-attacher#command-line-options
    extraArgs: []

  resizer:
    name: resizer
    enabled: true
    image:
      repository: registry.k8s.io/sig-storage/csi-resizer
      tag: v1.11.1
      pullPolicy: IfNotPresent
    resources: {}
    args:
    #   # httpEndpointPort specifies the http server port for
    #   # diagnostics, health checks and metrics.
    #   # Uncomment below line to enable the `http-endpoint` arg for sidecar
    #   httpEndpointPort: 8091
    ## For further options, check
    ## https://github.com/kubernetes-csi/external-resizer#recommended-optional-arguments
    extraArgs: []

  snapshotter:
    image:
      repository: registry.k8s.io/sig-storage/csi-snapshotter
      tag: v8.2.0
      pullPolicy: IfNotPresent
    resources: {}
    args:
      # enableVolumeGroupSnapshots enables support for volume group snapshots
      enableVolumeGroupSnapshots: false
      # httpEndpointPort specifies the http server port for
      # diagnostics, health checks and metrics.
      # Uncomment below line to enable the `http-endpoint` arg for sidecar
      # httpEndpointPort: 8092
    ## For further options, check
    ## https://github.com/kubernetes-csi/external-snapshotter#csi-external-snapshotter-sidecar-command-line-options
    extraArgs: []

  nodeSelector: {}

  tolerations: []

  affinity: {}

  annotations: {}

  podSecurityContext: {}

  podAnnotations: {}

topology:
  # domainLabels define which node labels to use as domains
  # for CSI nodeplugins to advertise their domains
  # NOTE: the value here serves as an example and needs to be
  # updated with node labels that define domains of interest
  domainLabels: []
  # - topology.kubernetes.io/region
  # - topology.kubernetes.io/zone

# readAffinity:
# Enable read affinity for RBD volumes. Recommended to
# set to true if running kernel 5.8 or newer.
# enabled: false
# Define which node labels to use as CRUSH location.
# This should correspond to the values set in the CRUSH map.
# NOTE: the value here serves as an example
# crushLocationLabels:
#   - topology.kubernetes.io/region
#   - topology.kubernetes.io/zone

storageClass:
  # Specifies whether the storageclass should be created
  create: false
  name: csi-rbd-sc

  # Annotations for the storage class
  # Example:
  # annotations:
  #   storageclass.kubernetes.io/is-default-class: "true"
  annotations: {}

  # (required) String representing a Ceph cluster to provision storage from.
  # Should be unique across all Ceph clusters in use for provisioning,
  # cannot be greater than 36 bytes in length, and should remain immutable for
  # the lifetime of the StorageClass in use.
  clusterID: <cluster-ID>

  # (optional) If you want to use erasure coded pool with RBD, you need to
  # create two pools. one erasure coded and one replicated.
  # You need to specify the replicated pool here in the `pool` parameter, it is
  # used for the metadata of the images.
  # The erasure coded pool must be set as the `dataPool` parameter below.
  # dataPool: <ec-data-pool>
  dataPool: ""

  # (required) Ceph pool into which the RBD image shall be created
  # (optional) if topologyConstrainedPools is provided
  # eg: pool: replicapool
  pool: replicapool

  # (optional) RBD image features, CSI creates image with image-format 2 CSI
  # RBD currently supports `layering`, `journaling`, `exclusive-lock`,
  # `object-map`, `fast-diff`, `deep-flatten` features.
  # Refer https://docs.ceph.com/en/latest/rbd/rbd-config-ref/#image-features
  # for image feature dependencies.
  # imageFeatures: layering,journaling,exclusive-lock,object-map,fast-diff
  imageFeatures: "layering"

  # (optional) Specifies whether to try other mounters in case if the current
  # mounter fails to mount the rbd image for any reason. True means fallback
  # to next mounter, default is set to false.
  # Note: tryOtherMounters is currently useful to fallback from krbd to rbd-nbd
  # in case if any of the specified imageFeatures is not supported by krbd
  # driver on node scheduled for application pod launch, but in the future this
  # should work with any mounter type.
  # tryOtherMounters: false

  # (optional) Options to pass to the `mkfs` command while creating the
  # filesystem on the RBD device. Check the man-page for the `mkfs` command
  # for the filesystem for more details. When `mkfsOptions` is set here, the
  # defaults will not be used, consider including them in this parameter.
  #
  # The default options depend on the csi.storage.k8s.io/fstype setting:
  # - ext4: "-m0 -Enodiscard,lazy_itable_init=1,lazy_journal_init=1"
  # - xfs: "-K"
  #
  # mkfsOptions: "-m0 -Ediscard -i1024"

  # (optional) uncomment the following to use rbd-nbd as mounter
  # on supported nodes
  # mounter: rbd-nbd
  mounter: ""

  # (optional) ceph client log location, eg: rbd-nbd
  # By default host-path /var/log/ceph of node is bind-mounted into
  # csi-rbdplugin pod at /var/log/ceph mount path. This is to configure
  # target bindmount path used inside container for ceph clients logging.
  # See docs/design/proposals/rbd-nbd.md for available configuration options.
  # cephLogDir: /var/log/ceph
  cephLogDir: ""

  # (optional) ceph client log strategy
  # By default, log file belonging to a particular volume will be deleted
  # on unmap, but you can choose to just compress instead of deleting it
  # or even preserve the log file in text format as it is.
  # Available options `remove` or `compress` or `preserve`
  # cephLogStrategy: remove
  cephLogStrategy: ""

  # (optional) Prefix to use for naming RBD images.
  # If omitted, defaults to "csi-vol-".
  # volumeNamePrefix: "foo-bar-"
  volumeNamePrefix: ""

  # (optional) Instruct the plugin it has to encrypt the volume
  # By default it is disabled. Valid values are "true" or "false".
  # A string is expected here, i.e. "true", not true.
  # encrypted: "true"
  encrypted: ""

  # (optional) Use external key management system for encryption passphrases by
  # specifying a unique ID matching KMS ConfigMap. The ID is only used for
  # correlation to configmap entry.
  encryptionKMSID: ""

  # Add topology constrained pools configuration, if topology based pools
  # are setup, and topology constrained provisioning is required.
  # For further information read TODO<doc>
  # topologyConstrainedPools: |
  #   [{"poolName":"pool0",
  #     "dataPool":"ec-pool0" # optional, erasure-coded pool for data
  #     "domainSegments":[
  #       {"domainLabel":"region","value":"east"},
  #       {"domainLabel":"zone","value":"zone1"}]},
  #    {"poolName":"pool1",
  #     "dataPool":"ec-pool1" # optional, erasure-coded pool for data
  #     "domainSegments":[
  #       {"domainLabel":"region","value":"east"},
  #       {"domainLabel":"zone","value":"zone2"}]},
  #    {"poolName":"pool2",
  #     "dataPool":"ec-pool2" # optional, erasure-coded pool for data
  #     "domainSegments":[
  #       {"domainLabel":"region","value":"west"},
  #       {"domainLabel":"zone","value":"zone1"}]}
  #   ]
  topologyConstrainedPools: []

  # (optional) mapOptions is a comma-separated list of map options.
  # For krbd options refer
  # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
  # For nbd options refer
  # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
  # Format:
  # mapOptions: "<mounter>:op1,op2;<mounter>:op1,op2"
  # An empty mounter field is treated as krbd type for compatibility.
  # eg:
  # mapOptions: "krbd:lock_on_read,queue_depth=1024;nbd:try-netlink"
  mapOptions: ""

  # (optional) unmapOptions is a comma-separated list of unmap options.
  # For krbd options refer
  # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
  # For nbd options refer
  # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
  # Format:
  # unmapOptions: "<mounter>:op1,op2;<mounter>:op1,op2"
  # An empty mounter field is treated as krbd type for compatibility.
  # eg:
  # unmapOptions: "krbd:force;nbd:force"
  unmapOptions: ""

  # (optional) stripe unit in bytes
  # If set, stripeCount must also be specified
  # For defaults, refer to
  # https://docs.ceph.com/en/latest/man/8/rbd/#striping
  stripeUnit: ""

  # (optional) number of objects to stripe over before looping
  # If set, stripeUnit must also be specified
  # For defaults, refer to
  # https://docs.ceph.com/en/latest/man/8/rbd/#striping
  stripeCount: ""

  # (optional) object size in bytes
  # If set, must be a power of 2
  objectSize: ""

  # The secrets have to contain Ceph credentials with required access
  # to the 'pool'.
  provisionerSecret: csi-rbd-secret
  # If Namespaces are left empty, the secrets are assumed to be in the
  # Release namespace.
  provisionerSecretNamespace: ""
  controllerExpandSecret: csi-rbd-secret
  controllerExpandSecretNamespace: ""
  nodeStageSecret: csi-rbd-secret
  nodeStageSecretNamespace: ""
  # Specify the filesystem type of the volume. If not specified,
  # csi-provisioner will set default as `ext4`.
  fstype: ext4
  reclaimPolicy: Delete
  allowVolumeExpansion: true
  mountOptions: []
  # Mount Options
  # Example:
  # mountOptions:
  #   - discard

# Mount the host /etc/selinux inside pods to support
# selinux-enabled filesystems
selinuxMount: true

secret:
  # Specifies whether the secret should be created
  create: false
  name: csi-rbd-secret
  annotations: {}
  # Key values correspond to a user name and its key, as defined in the
  # ceph cluster. User ID should have required access to the 'pool'
  # specified in the storage class
  userID: <plaintext ID>
  userKey: <Ceph auth key corresponding to userID above>
  # Encryption passphrase
  encryptionPassphrase: test_passphrase

# This is a sample configmap that helps define a Ceph configuration as required
# by the CSI plugins.
# Sample ceph.conf available at
# https://github.com/ceph/ceph/blob/master/src/sample.ceph.conf Detailed
# documentation is available at
# https://docs.ceph.com/en/latest/rados/configuration/ceph-conf/
cephconf: |
  [global]
    auth_cluster_required = cephx
    auth_service_required = cephx
    auth_client_required = cephx

# Array of extra objects to deploy with the release
extraDeploy: []

#########################################################
# Variables for 'internal' use please use with caution! #
#########################################################

# The filename of the provisioner socket
provisionerSocketFile: csi-provisioner.sock
# The filename of the plugin socket
pluginSocketFile: csi.sock
# kubelet working directory,can be set using `--root-dir` when starting kubelet.
kubeletDir: /var/lib/kubelet
# Host path location for ceph client processes logging, ex: rbd-nbd
cephLogDirHostPath: /var/log/ceph
# Name of the csi-driver
driverName: rbd.csi.ceph.com
# Name of the configmap used for state
configMapName: ceph-csi-config
# Key to use in the Configmap if not config.json
# configMapKey:
# Use an externally provided configmap
externallyManagedConfigmap: false
# Name of the configmap used for ceph.conf
cephConfConfigMapName: ceph-config
# Name of the configmap used for encryption kms configuration
kmsConfigMapName: ceph-csi-encryption-kms-config
# Unique ID distinguishing this instance of Ceph CSI among other instances,
# when sharing Ceph clusters across CSI instances for provisioning
# instanceID: default