Cephnfs v1 — ceph.rook.io

apiVersion string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata object required

spec object required

NFSGaneshaSpec represents the spec of an nfs ganesha server

rados object

RADOS is the Ganesha RADOS specification

namespace string

The namespace inside the Ceph pool (set by 'pool') where shared NFS-Ganesha config is stored. This setting is deprecated as it is internally set to the name of the CephNFS.

pool string

The Ceph pool used store the shared configuration for NFS-Ganesha daemons. This setting is deprecated, as it is internally required to be ".nfs".

security object

Security allows specifying security configurations for the NFS cluster

kerberos object

Kerberos configures NFS-Ganesha to secure NFS client connections with Kerberos.

configFiles object

ConfigFiles defines where the Kerberos configuration should be sourced from. Config files will be placed into the `/etc/krb5.conf.rook/` directory. If this is left empty, Rook will not add any files. This allows you to manage the files yourself however you wish. For example, you may build them into your custom Ceph container image or use the Vault agent injector to securely add the files via annotations on the CephNFS spec (passed to the NFS server pods). Rook configures Kerberos to log to stderr. We suggest removing logging sections from config files to avoid consuming unnecessary disk space from logging to files.

volumeSource object

configMap object

defaultMode integer

format: int32

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

emptyDir object

medium string

sizeLimit object

pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

hostPath object

path string required

type string

persistentVolumeClaim object

claimName string required

readOnly boolean

projected object

defaultMode integer

format: int32

sources []object

clusterTrustBundle object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

name string

optional boolean

path string required

signerName string

configMap object

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

downwardAPI object

items []object

fieldRef object

apiVersion string

fieldPath string required

mode integer

format: int32

path string required

resourceFieldRef object

containerName string

divisor object

pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

resource string required

podCertificate object

certificateChainPath string

credentialBundlePath string

keyPath string

keyType string required

maxExpirationSeconds integer

format: int32

signerName string required

userAnnotations object

secret object

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

serviceAccountToken object

audience string

expirationSeconds integer

format: int64

path string required

secret object

defaultMode integer

format: int32

items []object

key string required

mode integer

format: int32

path string required

optional boolean

secretName string

domainName string

DomainName should be set to the Kerberos Realm.

keytabFile object

KeytabFile defines where the Kerberos keytab should be sourced from. The keytab file will be placed into `/etc/krb5.keytab`. If this is left empty, Rook will not add the file. This allows you to manage the `krb5.keytab` file yourself however you wish. For example, you may build it into your custom Ceph container image or use the Vault agent injector to securely add the file via annotations on the CephNFS spec (passed to the NFS server pods).

volumeSource object

configMap object

defaultMode integer

format: int32

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

emptyDir object

medium string

sizeLimit object

pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

hostPath object

path string required

type string

persistentVolumeClaim object

claimName string required

readOnly boolean

projected object

defaultMode integer

format: int32

sources []object

clusterTrustBundle object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

name string

optional boolean

path string required

signerName string

configMap object

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

downwardAPI object

items []object

fieldRef object

apiVersion string

fieldPath string required

mode integer

format: int32

path string required

resourceFieldRef object

containerName string

divisor object

pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

resource string required

podCertificate object

certificateChainPath string

credentialBundlePath string

keyPath string

keyType string required

maxExpirationSeconds integer

format: int32

signerName string required

userAnnotations object

secret object

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

serviceAccountToken object

audience string

expirationSeconds integer

format: int64

path string required

secret object

defaultMode integer

format: int32

items []object

key string required

mode integer

format: int32

path string required

optional boolean

secretName string

principalName string

PrincipalName corresponds directly to NFS-Ganesha's NFS_KRB5:PrincipalName config. In practice, this is the service prefix of the principal name. The default is "nfs". This value is combined with (a) the namespace and name of the CephNFS (with a hyphen between) and (b) the Realm configured in the user-provided krb5.conf to determine the full principal name: <principalName>/<namespace>-<name>@<realm>. e.g., nfs/rook-ceph-my-nfs@example.net. See https://github.com/nfs-ganesha/nfs-ganesha/wiki/RPCSEC_GSS for more detail.

sssd object

SSSD enables integration with System Security Services Daemon (SSSD). SSSD can be used to provide user ID mapping from a number of sources. See https://sssd.io for more information about the SSSD project.

sidecar object

Sidecar tells Rook to run SSSD in a sidecar alongside the NFS-Ganesha server in each NFS pod.

additionalFiles []object

AdditionalFiles defines any number of additional files that should be mounted into the SSSD sidecar with a directory root of `/etc/sssd/rook-additional/`. These files may be referenced by the sssd.conf config file.

subPath string required

SubPath defines the sub-path (subdirectory) of the directory root where the volumeSource will be mounted. All files/keys in the volume source's volume will be mounted to the subdirectory. This is not the same as the Kubernetes `subPath` volume mount option. Each subPath definition must be unique and must not contain ':'.

pattern: ^[^:]+$

minLength: 1

volumeSource object required

configMap object

defaultMode integer

format: int32

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

emptyDir object

medium string

sizeLimit object

pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

hostPath object

path string required

type string

persistentVolumeClaim object

claimName string required

readOnly boolean

projected object

defaultMode integer

format: int32

sources []object

clusterTrustBundle object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

name string

optional boolean

path string required

signerName string

configMap object

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

downwardAPI object

items []object

fieldRef object

apiVersion string

fieldPath string required

mode integer

format: int32

path string required

resourceFieldRef object

containerName string

divisor object

pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

resource string required

podCertificate object

certificateChainPath string

credentialBundlePath string

keyPath string

keyType string required

maxExpirationSeconds integer

format: int32

signerName string required

userAnnotations object

secret object

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

serviceAccountToken object

audience string

expirationSeconds integer

format: int64

path string required

secret object

defaultMode integer

format: int32

items []object

key string required

mode integer

format: int32

path string required

optional boolean

secretName string

debugLevel integer

DebugLevel sets the debug level for SSSD. If unset or set to 0, Rook does nothing. Otherwise, this may be a value between 1 and 10. See SSSD docs for more info: https://sssd.io/troubleshooting/basics.html#sssd-debug-logs

minimum: 0

maximum: 10

image string required

Image defines the container image that should be used for the SSSD sidecar.

minLength: 1

resources object

Resources allow specifying resource requests/limits on the SSSD sidecar container.

claims []object

Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.

name string required

Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.

request string

Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.

limits object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requests object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

sssdConfigFile object

SSSDConfigFile defines where the SSSD configuration should be sourced from. The config file will be placed into `/etc/sssd/sssd.conf`. If this is left empty, Rook will not add the file. This allows you to manage the `sssd.conf` file yourself however you wish. For example, you may build it into your custom Ceph container image or use the Vault agent injector to securely add the file via annotations on the CephNFS spec (passed to the NFS server pods).

volumeSource object

configMap object

defaultMode integer

format: int32

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

emptyDir object

medium string

sizeLimit object

pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

hostPath object

path string required

type string

persistentVolumeClaim object

claimName string required

readOnly boolean

projected object

defaultMode integer

format: int32

sources []object

clusterTrustBundle object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

name string

optional boolean

path string required

signerName string

configMap object

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

downwardAPI object

items []object

fieldRef object

apiVersion string

fieldPath string required

mode integer

format: int32

path string required

resourceFieldRef object

containerName string

divisor object

pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

resource string required

podCertificate object

certificateChainPath string

credentialBundlePath string

keyPath string

keyType string required

maxExpirationSeconds integer

format: int32

signerName string required

userAnnotations object

secret object

items []object

key string required

mode integer

format: int32

path string required

name string

optional boolean

serviceAccountToken object

audience string

expirationSeconds integer

format: int64

path string required

secret object

defaultMode integer

format: int32

items []object

key string required

mode integer

format: int32

path string required

optional boolean

secretName string

server object required

Server is the Ganesha Server specification

active integer required

The number of active Ganesha servers

annotations object

The annotations-related configuration to add/set on each Pod related object.

hostNetwork boolean

Whether host networking is enabled for the Ganesha server. If not set, the network settings from the cluster CR will be applied.

image string

Image is the container image used to launch the Ceph NFS (Ganesha) daemon(s). The image must include the NFS Ganesha binaries, such as are included with the official Ceph releases. E.g.: quay.io/ceph/ceph:<tag> If not specified, the Ceph image defined in the CephCluster is used. Overriding the CephCluster defined image is not normally necessary when using the official Ceph images. The image must contain the NFS Ganesha and dbus packages. If the SSSD sidecar is enabled, the image must also contain the sssd-client package.

minLength: 1

maxLength: 1572864

imagePullPolicy string

ImagePullPolicy describes a policy for if/when to pull a container image One of Always, Never, IfNotPresent. This field only has effect if an image is specified.

enum: IfNotPresent, Always, Never,

labels object

The labels-related configuration to add/set on each Pod related object.

livenessProbe object

A liveness-probe to verify that Ganesha server has valid run-time state. If LivenessProbe.Disabled is false and LivenessProbe.Probe is nil uses default probe.

disabled boolean

Disabled determines whether probe is disable or not

probe object

Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.

exec object

Exec specifies a command to execute in the container.

command []string

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.

failureThreshold integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

format: int32

grpc object

GRPC specifies a GRPC HealthCheckRequest.

port integer required

Port number of the gRPC service. Number must be in the range 1 to 65535.

format: int32

service string

Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.

httpGet object

HTTPGet specifies an HTTP GET request to perform.

host string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders []object

Custom headers to set in the request. HTTP allows repeated headers.

name string required

The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.

value string required

The header field value

path string

Path to access on the HTTP server.

port object required

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme string

Scheme to use for connecting to the host. Defaults to HTTP.

initialDelaySeconds integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

format: int32

periodSeconds integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

format: int32

successThreshold integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

format: int32

tcpSocket object

TCPSocket specifies a connection to a TCP port.

host string

Optional: Host name to connect to, defaults to the pod IP.

port object required

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

terminationGracePeriodSeconds integer

format: int64

timeoutSeconds integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

format: int32

logLevel string

LogLevel set logging level

placement object

nodeAffinity object

preferredDuringSchedulingIgnoredDuringExecution []object

preference object required

matchExpressions []object

key string required

operator string required

values []string

matchFields []object

key string required

operator string required

values []string

weight integer required

format: int32

requiredDuringSchedulingIgnoredDuringExecution object

nodeSelectorTerms []object required

matchExpressions []object

key string required

operator string required

values []string

matchFields []object

key string required

operator string required

values []string

podAffinity object

preferredDuringSchedulingIgnoredDuringExecution []object

podAffinityTerm object required

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

matchLabelKeys []string

mismatchLabelKeys []string

namespaceSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

namespaces []string

topologyKey string required

weight integer required

format: int32

requiredDuringSchedulingIgnoredDuringExecution []object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

matchLabelKeys []string

mismatchLabelKeys []string

namespaceSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

namespaces []string

topologyKey string required

podAntiAffinity object

preferredDuringSchedulingIgnoredDuringExecution []object

podAffinityTerm object required

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

matchLabelKeys []string

mismatchLabelKeys []string

namespaceSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

namespaces []string

topologyKey string required

weight integer required

format: int32

requiredDuringSchedulingIgnoredDuringExecution []object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

matchLabelKeys []string

mismatchLabelKeys []string

namespaceSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

namespaces []string

topologyKey string required

tolerations []object

effect string

key string

operator string

tolerationSeconds integer

format: int64

value string

topologySpreadConstraints []object

labelSelector object

matchExpressions []object

key string required

operator string required

values []string

matchLabels object

matchLabelKeys []string

maxSkew integer required

format: int32

minDomains integer

format: int32

nodeAffinityPolicy string

nodeTaintsPolicy string

topologyKey string required

whenUnsatisfiable string required

priorityClassName string

PriorityClassName sets the priority class on the pods

resources object

Resources set resource requests and limits

claims []object

name string required

Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.

request string

Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.

limits object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requests object

status object

NFSStatus represents the status of Ceph NFS

cephx object

daemon object

Daemon shows the CephX key status for local Ceph daemons associated with this resources.

keyCephVersion string

KeyCephVersion reports the Ceph version that created the current generation's keys. This is same string format as reported by `CephCluster.status.version.version` to allow them to be compared. E.g., `20.2.0-0`. For all newly-created resources, this field set to the version of Ceph that created the key. The special value "Uninitialized" indicates that keys are being created for the first time. An empty string indicates that the version is unknown, as expected in brownfield deployments.

keyGeneration integer

KeyGeneration represents the CephX key generation for the last successful reconcile. For all newly-created resources, this field is set to `1`. When keys are rotated due to any rotation policy, the generation is incremented or updated to the configured policy generation. Generation `0` indicates that keys existed prior to the implementation of key tracking.

format: int32

conditions []object

lastHeartbeatTime string

format: date-time

lastTransitionTime string

format: date-time

message string

reason string

ConditionReason is a reason for a condition

status string

type string

ConditionType represent a resource's status

observedGeneration integer

ObservedGeneration is the latest generation observed by the controller.

format: int64

phase string