mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-14 10:20:20 +00:00
8265abc2c9
CephNFS can enable different security flavours for exported volumes. This can be configured in the optional `secTypes` parameter in the StorageClass. Signed-off-by: Niels de Vos <ndevos@redhat.com>
56 lines
2.1 KiB
YAML
56 lines
2.1 KiB
YAML
---
|
|
apiVersion: storage.k8s.io/v1
|
|
kind: StorageClass
|
|
metadata:
|
|
name: csi-nfs-sc
|
|
provisioner: nfs.csi.ceph.com
|
|
parameters:
|
|
# (required) Name of the NFS-cluster as managed by Ceph.
|
|
nfsCluster: <nfs-cluster>
|
|
|
|
# (required) Hostname, ip-address or service that points to the Ceph managed
|
|
# NFS-server that will be used for mounting the NFS-export.
|
|
server: <nfs-server>
|
|
|
|
#
|
|
# The parameters below are standard CephFS options, these are used for
|
|
# managing the underlying CephFS volume.
|
|
#
|
|
|
|
# (required) String representing a Ceph cluster to provision storage from.
|
|
# Should be unique across all Ceph clusters in use for provisioning,
|
|
# cannot be greater than 36 bytes in length, and should remain immutable for
|
|
# the lifetime of the StorageClass in use.
|
|
# Ensure to create an entry in the configmap named ceph-csi-config, based on
|
|
# csi-config-map-sample.yaml, to accompany the string chosen to
|
|
# represent the Ceph cluster in clusterID below
|
|
clusterID: <cluster-id>
|
|
|
|
# (required) CephFS filesystem name into which the volume shall be created
|
|
# eg: fsName: myfs
|
|
fsName: <cephfs-name>
|
|
|
|
# (optional) Ceph pool into which volume data shall be stored
|
|
# pool: <cephfs-data-pool>
|
|
|
|
# The secrets have to contain user and/or Ceph admin credentials.
|
|
csi.storage.k8s.io/provisioner-secret-name: csi-cephfs-secret
|
|
csi.storage.k8s.io/provisioner-secret-namespace: default
|
|
csi.storage.k8s.io/controller-expand-secret-name: csi-cephfs-secret
|
|
csi.storage.k8s.io/controller-expand-secret-namespace: default
|
|
csi.storage.k8s.io/node-stage-secret-name: csi-cephfs-secret
|
|
csi.storage.k8s.io/node-stage-secret-namespace: default
|
|
|
|
# (optional) Prefix to use for naming subvolumes.
|
|
# If omitted, defaults to "csi-vol-".
|
|
volumeNamePrefix: nfs-export-
|
|
|
|
# (optional) Security requirements for the NFS-export. Valid flavours
|
|
# include: none, sys, krb5, krb5i and krb5p. The <sectype-list> is a comma
|
|
# delimited string, for example "sys,krb5".
|
|
# This option is available with Ceph v17.2.6 and newer.
|
|
# secTypes: <sectype-list>
|
|
|
|
reclaimPolicy: Delete
|
|
allowVolumeExpansion: true
|