---
rbac:
  # Specifies whether RBAC resources should be created
  create: true

serviceAccounts:
  nodeplugin:
    # Specifies whether a ServiceAccount should be created
    create: true
    # The name of the ServiceAccount to use.
    # If not set and create is true, a name is generated using the fullname
    name:
  provisioner:
    # Specifies whether a ServiceAccount should be created
    create: true
    # The name of the ServiceAccount to use.
    # If not set and create is true, a name is generated using the fullname
    name:

# Configuration for the CSI to connect to the cluster
# Ref: https://github.com/ceph/ceph-csi/blob/devel/examples/README.md
# Example:
# csiConfig:
#   - clusterID: "<cluster-id>"
#     monitors:
#       - "<MONValue1>"
#       - "<MONValue2>"
csiConfig: []

# Configuration details of clusterID,PoolID and FscID mapping
# csiMapping:
#  - clusterIDMapping:
#     clusterID on site1: clusterID on site2
#    RBDPoolIDMapping:
#    - poolID on site1: poolID on site2
#    CephFSFscIDMapping:
#    - CephFS FscID on site1: CephFS FscID on site2
csiMapping: []

# Configuration for the encryption KMS
# Ref: https://github.com/ceph/ceph-csi/blob/devel/docs/deploy-rbd.md
# Example:
# encryptionKMSConfig:
#   vault-unique-id-1:
#     encryptionKMSType: vault
#     vaultAddress: https://vault.example.com
#     vaultAuthPath: /v1/auth/kubernetes/login
#     vaultRole: csi-kubernetes
#     vaultPassphraseRoot: /v1/secret
#     vaultPassphrasePath: ceph-csi/
#     vaultCAVerify: "false"
encryptionKMSConfig: {}

# Set logging level for csi containers.
# Supported values from 0 to 5. 0 for general useful logs,
# 5 for trace level verbosity.
logLevel: 5

nodeplugin:
  name: nodeplugin
  # set user created priorityclassName for csi plugin pods. default is
  # system-node-critical which is high priority
  priorityClassName: system-node-critical
  # if you are using rbd-nbd client set this value to OnDelete
  updateStrategy: RollingUpdate

  httpMetrics:
    # Metrics only available for cephcsi/cephcsi => 1.2.0
    # Specifies whether http metrics should be exposed
    enabled: true
    # The port of the container to expose the metrics
    containerPort: 8080

    service:
      # Specifies whether a service should be created for the metrics
      enabled: true
      # The port to use for the service
      servicePort: 8080
      type: ClusterIP

      # Annotations for the service
      # Example:
      # annotations:
      #   prometheus.io/scrape: "true"
      #   prometheus.io/port: "8080"
      annotations: {}

      clusterIP: ""

      ## List of IP addresses at which the stats-exporter service is available
      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
      ##
      externalIPs: []

      loadBalancerIP: ""
      loadBalancerSourceRanges: []

  profiling:
    # enable profiling to check for memory leaks
    enabled: false

  registrar:
    image:
      repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
      tag: v2.2.0
      pullPolicy: IfNotPresent
    resources: {}

  plugin:
    image:
      repository: quay.io/cephcsi/cephcsi
      tag: canary
      pullPolicy: IfNotPresent
    resources: {}

  nodeSelector: {}

  tolerations: []

  affinity: {}

  # If true, create & use Pod Security Policy resources
  # https://kubernetes.io/docs/concepts/policy/pod-security-policy/
  podSecurityPolicy:
    enabled: false

provisioner:
  name: provisioner
  replicaCount: 3
  strategy:
    # RollingUpdate strategy replaces old pods with new ones gradually,
    # without incurring downtime.
    type: RollingUpdate
    rollingUpdate:
      # maxUnavailable is the maximum number of pods that can be
      # unavailable during the update process.
      maxUnavailable: 50%
  # if fstype is not specified in storageclass, ext4 is default
  defaultFSType: ext4
  # deployController to enable or disable the deployment of controller which
  # generates the OMAP data if its not Present.
  deployController: true
  # Timeout for waiting for creation or deletion of a volume
  timeout: 60s
  # Hard limit for maximum number of nested volume clones that are taken before
  # a flatten occurs
  hardMaxCloneDepth: 8
  # Soft limit for maximum number of nested volume clones that are taken before
  # a flatten occurs
  softMaxCloneDepth: 4
  # Maximum number of snapshots allowed on rbd image without flattening
  maxSnapshotsOnImage: 450
  # Minimum number of snapshots allowed on rbd image to trigger flattening
  minSnapshotsOnImage: 250
  # skip image flattening if kernel support mapping of rbd images
  # which has the deep-flatten feature
  # skipForceFlatten: false

  # set user created priorityclassName for csi provisioner pods. default is
  # system-cluster-critical which is less priority than system-node-critical
  priorityClassName: system-cluster-critical

  httpMetrics:
    # Metrics only available for cephcsi/cephcsi => 1.2.0
    # Specifies whether http metrics should be exposed
    enabled: true
    # The port of the container to expose the metrics
    containerPort: 8080

    service:
      # Specifies whether a service should be created for the metrics
      enabled: true
      # The port to use for the service
      servicePort: 8080
      type: ClusterIP

      # Annotations for the service
      # Example:
      # annotations:
      #   prometheus.io/scrape: "true"
      #   prometheus.io/port: "8080"
      annotations: {}

      clusterIP: ""

      ## List of IP addresses at which the stats-exporter service is available
      ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
      ##
      externalIPs: []

      loadBalancerIP: ""
      loadBalancerSourceRanges: []

  profiling:
    # enable profiling to check for memory leaks
    enabled: false

  provisioner:
    image:
      repository: k8s.gcr.io/sig-storage/csi-provisioner
      tag: v2.2.2
      pullPolicy: IfNotPresent
    resources: {}

  attacher:
    name: attacher
    enabled: true
    image:
      repository: k8s.gcr.io/sig-storage/csi-attacher
      tag: v3.2.1
      pullPolicy: IfNotPresent
    resources: {}

  resizer:
    name: resizer
    enabled: true
    image:
      repository: k8s.gcr.io/sig-storage/csi-resizer
      tag: v1.2.0
      pullPolicy: IfNotPresent
    resources: {}

  snapshotter:
    image:
      repository: k8s.gcr.io/sig-storage/csi-snapshotter
      tag: v4.1.1
      pullPolicy: IfNotPresent
    resources: {}

  nodeSelector: {}

  tolerations: []

  affinity: {}

  # If true, create & use Pod Security Policy resources
  # https://kubernetes.io/docs/concepts/policy/pod-security-policy/
  podSecurityPolicy:
    enabled: false

topology:
  # Specifies whether topology based provisioning support should
  # be exposed by CSI
  enabled: false
  # domainLabels define which node labels to use as domains
  # for CSI nodeplugins to advertise their domains
  # NOTE: the value here serves as an example and needs to be
  # updated with node labels that define domains of interest
  domainLabels:
    - failure-domain/region
    - failure-domain/zone

storageClass:
  # Specifies whether the storageclass should be created
  create: false
  name: csi-rbd-sc
  # (required) String representing a Ceph cluster to provision storage from.
  # Should be unique across all Ceph clusters in use for provisioning,
  # cannot be greater than 36 bytes in length, and should remain immutable for
  # the lifetime of the StorageClass in use.
  clusterID: <cluster-ID>

  # (optional) If you want to use erasure coded pool with RBD, you need to
  # create two pools. one erasure coded and one replicated.
  # You need to specify the replicated pool here in the `pool` parameter, it is
  # used for the metadata of the images.
  # The erasure coded pool must be set as the `dataPool` parameter below.
  # dataPool: <ec-data-pool>
  dataPool: ""

  # (required) Ceph pool into which the RBD image shall be created
  # eg: pool: replicapool
  pool: replicapool

  # Set thickProvision to true if you want RBD images to be fully allocated on
  # creation (thin provisioning is the default).
  thickProvision: false

  # (required) RBD image features, CSI creates image with image-format 2
  # CSI RBD currently supports `layering`, `journaling`, `exclusive-lock`
  # features. If `journaling` is enabled, must enable `exclusive-lock` too.
  # imageFeatures: layering,journaling,exclusive-lock
  imageFeatures: layering

  # (optional) uncomment the following to use rbd-nbd as mounter
  # on supported nodes
  # mounter: rbd-nbd
  mounter: ""

  # (optional) Prefix to use for naming RBD images.
  # If omitted, defaults to "csi-vol-".
  # volumeNamePrefix: "foo-bar-"
  volumeNamePrefix: ""

  # (optional) Instruct the plugin it has to encrypt the volume
  # By default it is disabled. Valid values are "true" or "false".
  # A string is expected here, i.e. "true", not true.
  # encrypted: "true"
  encrypted: ""

  # (optional) Use external key management system for encryption passphrases by
  # specifying a unique ID matching KMS ConfigMap. The ID is only used for
  # correlation to configmap entry.
  encryptionKMSID: ""

  # Add topology constrained pools configuration, if topology based pools
  # are setup, and topology constrained provisioning is required.
  # For further information read TODO<doc>
  # topologyConstrainedPools: |
  #   [{"poolName":"pool0",
  #     "dataPool":"ec-pool0" # optional, erasure-coded pool for data
  #     "domainSegments":[
  #       {"domainLabel":"region","value":"east"},
  #       {"domainLabel":"zone","value":"zone1"}]},
  #    {"poolName":"pool1",
  #     "dataPool":"ec-pool1" # optional, erasure-coded pool for data
  #     "domainSegments":[
  #       {"domainLabel":"region","value":"east"},
  #       {"domainLabel":"zone","value":"zone2"}]},
  #    {"poolName":"pool2",
  #     "dataPool":"ec-pool2" # optional, erasure-coded pool for data
  #     "domainSegments":[
  #       {"domainLabel":"region","value":"west"},
  #       {"domainLabel":"zone","value":"zone1"}]}
  #   ]
  topologyConstrainedPools: []

  # (optional) mapOptions is a comma-separated list of map options.
  # For krbd options refer
  # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
  # For nbd options refer
  # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
  mapOptions: ""

  # (optional) unmapOptions is a comma-separated list of unmap options.
  # For krbd options refer
  # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
  # For nbd options refer
  # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
  unmapOptions: ""

  # The secrets have to contain Ceph credentials with required access
  # to the 'pool'.
  provisionerSecret: csi-rbd-secret
  # If Namespaces are left empty, the secrets are assumed to be in the
  # Release namespace.
  provisionerSecretNamespace: ""
  controllerExpandSecret: csi-rbd-secret
  controllerExpandSecretNamespace: ""
  nodeStageSecret: csi-rbd-secret
  nodeStageSecretNamespace: ""
  # Specify the filesystem type of the volume. If not specified,
  # csi-provisioner will set default as `ext4`.
  fstype: ext4
  reclaimPolicy: Delete
  allowVolumeExpansion: true
  mountOptions: []
  # Mount Options
  # Example:
  # mountOptions:
  #   - discard

secret:
  # Specifies whether the secret should be created
  create: false
  name: csi-rbd-secret
  # Key values correspond to a user name and its key, as defined in the
  # ceph cluster. User ID should have required access to the 'pool'
  # specified in the storage class
  userID: <plaintext ID>
  userKey: <Ceph auth key corresponding to userID above>
  # Encryption passphrase
  encryptionPassphrase: test_passphrase

#########################################################
# Variables for 'internal' use please use with caution! #
#########################################################

# The filename of the provisioner socket
provisionerSocketFile: csi-provisioner.sock
# The filename of the plugin socket
pluginSocketFile: csi.sock
# kubelet working directory,can be set using `--root-dir` when starting kubelet.
kubeletDir: /var/lib/kubelet
# Name of the csi-driver
driverName: rbd.csi.ceph.com
# Name of the configmap used for state
configMapName: ceph-csi-config
# Key to use in the Configmap if not config.json
# configMapKey:
# Use an externally provided configmap
externallyManagedConfigmap: false
# Name of the configmap used for encryption kms configuration
kmsConfigMapName: ceph-csi-encryption-kms-config