Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update rook-ceph-suite to v1.9.12 (patch) #1631

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 9, 2022

This PR contains the following updates:

Package Update Change
rook-ceph patch v1.9.4 -> v1.9.12
rook-ceph-cluster patch v1.9.4 -> v1.9.12

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

rook/rook (rook-ceph)

v1.9.12

Compare Source

Improvements

Rook v1.9.12 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.9.11

Compare Source

Improvements

Rook v1.9.11 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.9.10

Compare Source

Improvements

Rook v1.9.10 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. Support for K8s 1.25 is added.

v1.9.9

Compare Source

Improvements

Rook v1.9.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.9.8

Compare Source

Improvements

Rook v1.9.8 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.9.7

Compare Source

Improvements

Rook v1.9.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.9.6

Compare Source

Improvements

Rook v1.9.6 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.9.5

Compare Source

Improvements

Rook v1.9.5 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented Jun 9, 2022

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.5

No changes in detected in resources

@github-actions
Copy link

github-actions bot commented Jun 9, 2022

Path: cluster/core/storage/rook-ceph-old/helm-release.yaml
Version: v1.9.4 -> v1.9.5

@@ -1569,7 +1569,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.5"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:

@github-actions
Copy link

github-actions bot commented Jun 9, 2022

Path: cluster/core/storage/rook-ceph-internal/operator/helm-release.yaml
Version: v1.9.4 -> v1.9.5

@@ -11809,7 +11809,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.5"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:

@renovate renovate bot changed the title fix(deps): update rook-ceph-suite helm releases to v1.9.5 (patch) fix(deps): update rook-ceph-suite helm releases to v1.9.6 (patch) Jun 24, 2022
@renovate renovate bot force-pushed the renovate/patch-rook-ceph-suite branch from fe8a326 to a3bad1f Compare June 24, 2022 05:02
@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.6

@@ -719,7 +719,7 @@
     prepareosd:
       limits:
         cpu: 500m
-        memory: 200Mi
+        memory: 400Mi
       requests:
         cpu: 500m
         memory: 50Mi

@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/operator/helm-release.yaml
Version: v1.9.4 -> v1.9.6

@@ -10998,6 +10998,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -11065,6 +11068,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/psp.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11809,7 +11815,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.6"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:

@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-old/helm-release.yaml
Version: v1.9.4 -> v1.9.6

@@ -758,6 +758,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -825,6 +828,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/psp.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1569,7 +1575,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.6"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:

@renovate renovate bot changed the title fix(deps): update rook-ceph-suite helm releases to v1.9.6 (patch) fix(deps): update rook/ceph to v1.9.6 Jun 24, 2022
@renovate renovate bot changed the title fix(deps): update rook/ceph to v1.9.6 fix(deps): update rook-ceph-suite helm releases to v1.9.6 (patch) Jun 28, 2022
@renovate renovate bot force-pushed the renovate/patch-rook-ceph-suite branch from a3bad1f to 565e265 Compare July 7, 2022 22:40
@renovate renovate bot changed the title fix(deps): update rook-ceph-suite helm releases to v1.9.6 (patch) fix(deps): update rook-ceph-suite helm releases to v1.9.7 (patch) Jul 7, 2022
@github-actions
Copy link

github-actions bot commented Jul 7, 2022

Path: cluster/core/storage/rook-ceph-internal/operator/helm-release.yaml
Version: v1.9.4 -> v1.9.7

@@ -91,7 +91,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +108,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +125,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +153,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +170,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -10509,7 +10509,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -10536,7 +10536,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10572,7 +10572,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10765,7 +10765,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10826,7 +10826,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10974,7 +10974,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10998,6 +10998,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -11065,6 +11068,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/psp.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11075,7 +11081,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11126,7 +11132,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11147,7 +11153,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11238,7 +11244,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11446,7 +11452,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11537,7 +11543,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11745,7 +11751,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11795,13 +11801,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -11809,7 +11817,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.7"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:

@github-actions
Copy link

github-actions bot commented Jul 7, 2022

Path: cluster/core/storage/rook-ceph-old/helm-release.yaml
Version: v1.9.4 -> v1.9.7

@@ -91,7 +91,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +108,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +125,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +153,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +170,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -269,7 +269,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -296,7 +296,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -332,7 +332,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -525,7 +525,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -586,7 +586,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -734,7 +734,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -758,6 +758,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -825,6 +828,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/psp.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -835,7 +841,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -886,7 +892,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -907,7 +913,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -998,7 +1004,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1206,7 +1212,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -1297,7 +1303,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1505,7 +1511,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1555,13 +1561,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -1569,7 +1577,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.7"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:

@github-actions
Copy link

github-actions bot commented Jul 7, 2022

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.7

@@ -9,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -26,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -43,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -71,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -105,7 +105,7 @@
 kind: StorageClass
 metadata:
   name: ceph-bucket
-provisioner: default.ceph.rook.io/bucket
+provisioner: rook-ceph.ceph.rook.io/bucket
 reclaimPolicy: Delete
 parameters:
   objectStoreName: ceph-objectstore
@@ -319,7 +319,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -719,7 +719,7 @@
     prepareosd:
       limits:
         cpu: 500m
-        memory: 200Mi
+        memory: 400Mi
       requests:
         cpu: 500m
         memory: 50Mi

@renovate renovate bot force-pushed the renovate/patch-rook-ceph-suite branch from 565e265 to ba03185 Compare July 26, 2022 21:48
@renovate renovate bot changed the title fix(deps): update rook-ceph-suite helm releases to v1.9.7 (patch) fix(deps): update rook-ceph-suite helm releases to v1.9.8 (patch) Jul 26, 2022
@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.8

@@ -9,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -26,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -43,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -71,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -105,7 +105,7 @@
 kind: StorageClass
 metadata:
   name: ceph-bucket
-provisioner: default.ceph.rook.io/bucket
+provisioner: rook-ceph.ceph.rook.io/bucket
 reclaimPolicy: Delete
 parameters:
   objectStoreName: ceph-objectstore
@@ -319,7 +319,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -598,7 +598,7 @@
     enabled: true
   cephVersion:
     allowUnsupported: false
-    image: quay.io/ceph/ceph:v16.2.9
+    image: quay.io/ceph/ceph:v16.2.10
   cleanupPolicy:
     allowUninstallWithVolumes: false
     confirmation: ""
@@ -719,7 +719,7 @@
     prepareosd:
       limits:
         cpu: 500m
-        memory: 200Mi
+        memory: 400Mi
       requests:
         cpu: 500m
         memory: 50Mi

@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-old/helm-release.yaml
Version: v1.9.4 -> v1.9.8

@@ -91,7 +91,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +108,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +125,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +153,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +170,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -269,7 +269,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -296,7 +296,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -332,7 +332,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -525,7 +525,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -586,7 +586,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -734,7 +734,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -758,6 +758,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -825,6 +828,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/psp.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -835,7 +841,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -886,7 +892,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -907,7 +913,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -998,7 +1004,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1206,7 +1212,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -1297,7 +1303,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1505,7 +1511,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1555,13 +1561,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -1569,7 +1577,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.8"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -1583,6 +1591,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/operator/helm-release.yaml
Version: v1.9.4 -> v1.9.8

@@ -91,7 +91,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +108,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +125,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +153,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +170,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -8842,6 +8842,11 @@
                           type: object
                       type: object
                   type: object
+                hostNetwork:
+                  description: Whether host networking is enabled for the rgw daemon. If not set, the network settings from the cluster CR will be applied.
+                  nullable: true
+                  type: boolean
+                  x-kubernetes-preserve-unknown-fields: true
                 metadataPool:
                   description: The metadata pool settings
                   nullable: true
@@ -10509,7 +10514,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -10536,7 +10541,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10572,7 +10577,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10765,7 +10770,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10826,7 +10831,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10974,7 +10979,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10998,6 +11003,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -11065,6 +11073,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/psp.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11075,7 +11086,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11126,7 +11137,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11147,7 +11158,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11238,7 +11249,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11446,7 +11457,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11537,7 +11548,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11745,7 +11756,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11795,13 +11806,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -11809,7 +11822,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.8"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -11823,6 +11836,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@renovate renovate bot force-pushed the renovate/patch-rook-ceph-suite branch from ba03185 to b7a0ed1 Compare August 11, 2022 21:51
@renovate renovate bot changed the title fix(deps): update rook-ceph-suite helm releases to v1.9.8 (patch) fix(deps): update rook-ceph-suite helm releases to v1.9.9 (patch) Aug 11, 2022
@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/operator/helm-release.yaml
Version: v1.9.4 -> v1.9.9

@@ -91,7 +91,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +108,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +125,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +153,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +170,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -1565,8 +1565,16 @@
                     enabled:
                       description: Enabled represents whether the log collector is enabled
                       type: boolean
+                    maxLogSize:
+                      anyOf:
+                        - type: integer
+                        - type: string
+                      description: MaxLogSize is the maximum size of the log per ceph daemons. Must be at least 1M.
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
                     periodicity:
-                      description: Periodicity is the periodicity of the log rotation
+                      description: Periodicity is the periodicity of the log rotation.
+                      pattern: ^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$
                       type: string
                   type: object
                 mgr:
@@ -8842,6 +8850,11 @@
                           type: object
                       type: object
                   type: object
+                hostNetwork:
+                  description: Whether host networking is enabled for the rgw daemon. If not set, the network settings from the cluster CR will be applied.
+                  nullable: true
+                  type: boolean
+                  x-kubernetes-preserve-unknown-fields: true
                 metadataPool:
                   description: The metadata pool settings
                   nullable: true
@@ -10509,7 +10522,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -10536,7 +10549,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10572,7 +10585,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10765,7 +10778,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10826,7 +10839,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10974,7 +10987,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10998,6 +11011,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -11065,6 +11081,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/psp.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11075,7 +11094,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11126,7 +11145,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11147,7 +11166,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11238,7 +11257,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11446,7 +11465,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11537,7 +11556,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11745,7 +11764,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11795,13 +11814,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -11809,7 +11830,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.9"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -11823,6 +11844,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.9

@@ -9,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -26,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -43,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -71,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -105,7 +105,7 @@
 kind: StorageClass
 metadata:
   name: ceph-bucket
-provisioner: default.ceph.rook.io/bucket
+provisioner: rook-ceph.ceph.rook.io/bucket
 reclaimPolicy: Delete
 parameters:
   objectStoreName: ceph-objectstore
@@ -319,7 +319,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -598,7 +598,7 @@
     enabled: true
   cephVersion:
     allowUnsupported: false
-    image: quay.io/ceph/ceph:v16.2.9
+    image: quay.io/ceph/ceph:v16.2.10
   cleanupPolicy:
     allowUninstallWithVolumes: false
     confirmation: ""
@@ -719,7 +719,7 @@
     prepareosd:
       limits:
         cpu: 500m
-        memory: 200Mi
+        memory: 400Mi
       requests:
         cpu: 500m
         memory: 50Mi

@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-old/helm-release.yaml
Version: v1.9.4 -> v1.9.9

@@ -91,7 +91,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +108,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +125,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +153,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +170,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -269,7 +269,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -296,7 +296,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -332,7 +332,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -525,7 +525,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -586,7 +586,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -734,7 +734,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -758,6 +758,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -825,6 +828,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/psp.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -835,7 +841,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -886,7 +892,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -907,7 +913,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -998,7 +1004,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1206,7 +1212,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -1297,7 +1303,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1505,7 +1511,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1555,13 +1561,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -1569,7 +1577,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.9"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -1583,6 +1591,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@renovate renovate bot changed the title fix(deps): update rook-ceph-suite helm releases to v1.9.9 (patch) fix(deps): update rook-ceph-suite to v1.9.9 (patch) Aug 24, 2022
@renovate renovate bot force-pushed the renovate/patch-rook-ceph-suite branch from b7a0ed1 to ac9a9f6 Compare August 30, 2022 00:43
@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.10

@@ -9,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -26,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -43,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -71,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -105,7 +105,7 @@
 kind: StorageClass
 metadata:
   name: ceph-bucket
-provisioner: default.ceph.rook.io/bucket
+provisioner: rook-ceph.ceph.rook.io/bucket
 reclaimPolicy: Delete
 parameters:
   objectStoreName: ceph-objectstore
@@ -319,7 +319,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -598,7 +598,7 @@
     enabled: true
   cephVersion:
     allowUnsupported: false
-    image: quay.io/ceph/ceph:v16.2.9
+    image: quay.io/ceph/ceph:v16.2.10
   cleanupPolicy:
     allowUninstallWithVolumes: false
     confirmation: ""
@@ -719,7 +719,7 @@
     prepareosd:
       limits:
         cpu: 500m
-        memory: 200Mi
+        memory: 400Mi
       requests:
         cpu: 500m
         memory: 50Mi

@renovate renovate bot force-pushed the renovate/patch-rook-ceph-suite branch from ac9a9f6 to 7ebd4a4 Compare September 27, 2022 20:48
@renovate renovate bot changed the title fix(deps): update rook-ceph-suite to v1.9.10 (patch) fix(deps): update rook-ceph-suite to v1.9.11 (patch) Sep 27, 2022
@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.11

@@ -9,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -26,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -43,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -71,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -310,102 +310,6 @@
       - update
 ---
 # Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -598,7 +502,7 @@
     enabled: true
   cephVersion:
     allowUnsupported: false
-    image: quay.io/ceph/ceph:v16.2.9
+    image: quay.io/ceph/ceph:v16.2.10
   cleanupPolicy:
     allowUninstallWithVolumes: false
     confirmation: ""
@@ -719,7 +623,7 @@
     prepareosd:
       limits:
         cpu: 500m
-        memory: 200Mi
+        memory: 400Mi
       requests:
         cpu: 500m
         memory: 50Mi

@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/operator/helm-release.yaml
Version: v1.9.4 -> v1.9.11

@@ -1,85 +1,3 @@
-# Source: rook-ceph/templates/psp.yaml
-# We expect most Kubernetes teams to follow the Kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# PSPs are applied based on the first match alphabetically. `rook-ceph-operator` comes after
-# `restricted` alphabetically, so we name this `00-rook-privileged`, so it stays somewhere
-# close to the top and so `rook-system` gets the intended PSP. This may need to be renamed in
-# environments with other `00`-prefixed PSPs.
-#
-# More on PSP ordering: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: 00-rook-privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
-  privileged: true
-  allowedCapabilities:
-    # required by CSI
-    - SYS_ADMIN
-    - MKNOD
-  fsGroup:
-    rule: RunAsAny
-  # runAsUser, supplementalGroups - Rook needs to run some pods as root
-  # Ceph pods could be run as the Ceph user, but that user isn't always known ahead of time
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  # seLinux - seLinux context is unknown ahead of time; set if this is well-known
-  seLinux:
-    rule: RunAsAny
-  volumes:
-    # recommended minimum set
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - persistentVolumeClaim
-    - secret
-    - projected
-    # required for Rook
-    - hostPath
-  # allowedHostPaths can be set to Rook's known host volume mount points when they are fully-known
-  # allowedHostPaths:
-  #   - pathPrefix: "/run/udev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/dev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/var/lib/rook"  # or whatever the dataDirHostPath value is set to
-  #     readOnly: false
-  # Ceph requires host IPC for setting up encrypted devices
-  hostIPC: true
-  # Ceph OSDs need to share the same PID namespace
-  hostPID: true
-  # hostNetwork can be set to 'false' if host networking isn't used
-  hostNetwork: true
-  hostPorts:
-    # Ceph messenger protocol v1
-    - min: 6789
-      max: 6790 # <- support old default port
-    # Ceph messenger protocol v2
-    - min: 3300
-      max: 3300
-    # Ceph RADOS ports for OSDs, MDSes
-    - min: 6800
-      max: 7300
-    # # Ceph dashboard port HTTP (not recommended)
-    # - min: 7000
-    #   max: 7000
-    # Ceph dashboard port HTTPS
-    - min: 8443
-      max: 8443
-    # Ceph mgr Prometheus Metrics
-    - min: 9283
-      max: 9283
-    # port for CSIAddons
-    - min: 9070
-      max: 9070
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -91,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +88,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -1565,8 +1483,16 @@
                     enabled:
                       description: Enabled represents whether the log collector is enabled
                       type: boolean
+                    maxLogSize:
+                      anyOf:
+                        - type: integer
+                        - type: string
+                      description: MaxLogSize is the maximum size of the log per ceph daemons. Must be at least 1M.
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
                     periodicity:
-                      description: Periodicity is the periodicity of the log rotation
+                      description: Periodicity is the periodicity of the log rotation.
+                      pattern: ^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$
                       type: string
                   type: object
                 mgr:
@@ -7897,6 +7823,11 @@
                         type: object
                       nullable: true
                       type: array
+                    hostNetwork:
+                      description: Whether host networking is enabled for the rgw daemon. If not set, the network settings from the cluster CR will be applied.
+                      nullable: true
+                      type: boolean
+                      x-kubernetes-preserve-unknown-fields: true
                     instances:
                       description: The number of pods in the rgw replicaset.
                       format: int32
@@ -10509,7 +10440,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -10536,7 +10467,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10572,7 +10503,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10765,7 +10696,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10826,7 +10757,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10974,7 +10905,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10998,6 +10929,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -11065,27 +10999,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'psp:rook'
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-privileged
-    verbs:
-      - use
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
@@ -11126,7 +11042,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11147,7 +11063,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11229,82 +11145,6 @@
   name: rbd-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
 ---
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-ceph-system-psp
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-provisioner-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-provisioner-sa
-    namespace: default # namespace:operator
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11446,7 +11286,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11528,102 +11368,6 @@
     verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11745,7 +11489,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11795,13 +11539,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -11809,7 +11555,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.11"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -11823,6 +11569,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-old/helm-release.yaml
Version: v1.9.4 -> v1.9.11

@@ -1,85 +1,3 @@
-# Source: rook-ceph/templates/psp.yaml
-# We expect most Kubernetes teams to follow the Kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# PSPs are applied based on the first match alphabetically. `rook-ceph-operator` comes after
-# `restricted` alphabetically, so we name this `00-rook-privileged`, so it stays somewhere
-# close to the top and so `rook-system` gets the intended PSP. This may need to be renamed in
-# environments with other `00`-prefixed PSPs.
-#
-# More on PSP ordering: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: 00-rook-privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
-  privileged: true
-  allowedCapabilities:
-    # required by CSI
-    - SYS_ADMIN
-    - MKNOD
-  fsGroup:
-    rule: RunAsAny
-  # runAsUser, supplementalGroups - Rook needs to run some pods as root
-  # Ceph pods could be run as the Ceph user, but that user isn't always known ahead of time
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  # seLinux - seLinux context is unknown ahead of time; set if this is well-known
-  seLinux:
-    rule: RunAsAny
-  volumes:
-    # recommended minimum set
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - persistentVolumeClaim
-    - secret
-    - projected
-    # required for Rook
-    - hostPath
-  # allowedHostPaths can be set to Rook's known host volume mount points when they are fully-known
-  # allowedHostPaths:
-  #   - pathPrefix: "/run/udev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/dev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/var/lib/rook"  # or whatever the dataDirHostPath value is set to
-  #     readOnly: false
-  # Ceph requires host IPC for setting up encrypted devices
-  hostIPC: true
-  # Ceph OSDs need to share the same PID namespace
-  hostPID: true
-  # hostNetwork can be set to 'false' if host networking isn't used
-  hostNetwork: true
-  hostPorts:
-    # Ceph messenger protocol v1
-    - min: 6789
-      max: 6790 # <- support old default port
-    # Ceph messenger protocol v2
-    - min: 3300
-      max: 3300
-    # Ceph RADOS ports for OSDs, MDSes
-    - min: 6800
-      max: 7300
-    # # Ceph dashboard port HTTP (not recommended)
-    # - min: 7000
-    #   max: 7000
-    # Ceph dashboard port HTTPS
-    - min: 8443
-      max: 8443
-    # Ceph mgr Prometheus Metrics
-    - min: 9283
-      max: 9283
-    # port for CSIAddons
-    - min: 9070
-      max: 9070
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -91,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +88,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -269,7 +187,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -296,7 +214,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -332,7 +250,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -525,7 +443,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -586,7 +504,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -734,7 +652,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -758,6 +676,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -825,27 +746,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'psp:rook'
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-privileged
-    verbs:
-      - use
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
@@ -886,7 +789,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -907,7 +810,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -989,82 +892,6 @@
   name: rbd-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
 ---
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-ceph-system-psp
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-provisioner-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-provisioner-sa
-    namespace: default # namespace:operator
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1206,7 +1033,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -1288,102 +1115,6 @@
     verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1505,7 +1236,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1555,13 +1286,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -1569,7 +1302,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.11"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -1583,6 +1316,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@renovate renovate bot force-pushed the renovate/patch-rook-ceph-suite branch from 7ebd4a4 to 19f0a08 Compare October 6, 2022 21:19
@renovate renovate bot changed the title fix(deps): update rook-ceph-suite to v1.9.11 (patch) fix(deps): update rook-ceph-suite to v1.9.12 (patch) Oct 6, 2022
@github-actions
Copy link

github-actions bot commented Oct 6, 2022

Path: cluster/core/storage/rook-ceph-internal/operator/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -1,85 +1,3 @@
-# Source: rook-ceph/templates/psp.yaml
-# We expect most Kubernetes teams to follow the Kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# PSPs are applied based on the first match alphabetically. `rook-ceph-operator` comes after
-# `restricted` alphabetically, so we name this `00-rook-privileged`, so it stays somewhere
-# close to the top and so `rook-system` gets the intended PSP. This may need to be renamed in
-# environments with other `00`-prefixed PSPs.
-#
-# More on PSP ordering: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: 00-rook-privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
-  privileged: true
-  allowedCapabilities:
-    # required by CSI
-    - SYS_ADMIN
-    - MKNOD
-  fsGroup:
-    rule: RunAsAny
-  # runAsUser, supplementalGroups - Rook needs to run some pods as root
-  # Ceph pods could be run as the Ceph user, but that user isn't always known ahead of time
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  # seLinux - seLinux context is unknown ahead of time; set if this is well-known
-  seLinux:
-    rule: RunAsAny
-  volumes:
-    # recommended minimum set
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - persistentVolumeClaim
-    - secret
-    - projected
-    # required for Rook
-    - hostPath
-  # allowedHostPaths can be set to Rook's known host volume mount points when they are fully-known
-  # allowedHostPaths:
-  #   - pathPrefix: "/run/udev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/dev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/var/lib/rook"  # or whatever the dataDirHostPath value is set to
-  #     readOnly: false
-  # Ceph requires host IPC for setting up encrypted devices
-  hostIPC: true
-  # Ceph OSDs need to share the same PID namespace
-  hostPID: true
-  # hostNetwork can be set to 'false' if host networking isn't used
-  hostNetwork: true
-  hostPorts:
-    # Ceph messenger protocol v1
-    - min: 6789
-      max: 6790 # <- support old default port
-    # Ceph messenger protocol v2
-    - min: 3300
-      max: 3300
-    # Ceph RADOS ports for OSDs, MDSes
-    - min: 6800
-      max: 7300
-    # # Ceph dashboard port HTTP (not recommended)
-    # - min: 7000
-    #   max: 7000
-    # Ceph dashboard port HTTPS
-    - min: 8443
-      max: 8443
-    # Ceph mgr Prometheus Metrics
-    - min: 9283
-      max: 9283
-    # port for CSIAddons
-    - min: 9070
-      max: 9070
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -91,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +88,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -1565,8 +1483,16 @@
                     enabled:
                       description: Enabled represents whether the log collector is enabled
                       type: boolean
+                    maxLogSize:
+                      anyOf:
+                        - type: integer
+                        - type: string
+                      description: MaxLogSize is the maximum size of the log per ceph daemons. Must be at least 1M.
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
                     periodicity:
-                      description: Periodicity is the periodicity of the log rotation
+                      description: Periodicity is the periodicity of the log rotation.
+                      pattern: ^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$
                       type: string
                   type: object
                 mgr:
@@ -7897,6 +7823,11 @@
                         type: object
                       nullable: true
                       type: array
+                    hostNetwork:
+                      description: Whether host networking is enabled for the rgw daemon. If not set, the network settings from the cluster CR will be applied.
+                      nullable: true
+                      type: boolean
+                      x-kubernetes-preserve-unknown-fields: true
                     instances:
                       description: The number of pods in the rgw replicaset.
                       format: int32
@@ -10509,7 +10440,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -10536,7 +10467,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10572,7 +10503,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10765,7 +10696,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10826,7 +10757,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10974,7 +10905,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10998,6 +10929,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -11065,27 +10999,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'psp:rook'
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-privileged
-    verbs:
-      - use
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
@@ -11126,7 +11042,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11147,7 +11063,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11229,82 +11145,6 @@
   name: rbd-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
 ---
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-ceph-system-psp
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-provisioner-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-provisioner-sa
-    namespace: default # namespace:operator
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11446,7 +11286,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11528,102 +11368,6 @@
     verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11745,7 +11489,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11795,13 +11539,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -11809,7 +11555,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.12"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -11823,6 +11569,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@github-actions
Copy link

github-actions bot commented Oct 6, 2022

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -9,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -26,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -43,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -71,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -310,102 +310,6 @@
       - update
 ---
 # Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -598,7 +502,7 @@
     enabled: true
   cephVersion:
     allowUnsupported: false
-    image: quay.io/ceph/ceph:v16.2.9
+    image: quay.io/ceph/ceph:v16.2.10
   cleanupPolicy:
     allowUninstallWithVolumes: false
     confirmation: ""
@@ -717,9 +621,6 @@
         cpu: 1000m
         memory: 4Gi
     prepareosd:
-      limits:
-        cpu: 500m
-        memory: 200Mi
       requests:
         cpu: 500m
         memory: 50Mi

@github-actions
Copy link

github-actions bot commented Oct 6, 2022

Path: cluster/core/storage/rook-ceph-old/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -1,85 +1,3 @@
-# Source: rook-ceph/templates/psp.yaml
-# We expect most Kubernetes teams to follow the Kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# PSPs are applied based on the first match alphabetically. `rook-ceph-operator` comes after
-# `restricted` alphabetically, so we name this `00-rook-privileged`, so it stays somewhere
-# close to the top and so `rook-system` gets the intended PSP. This may need to be renamed in
-# environments with other `00`-prefixed PSPs.
-#
-# More on PSP ordering: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: 00-rook-privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
-  privileged: true
-  allowedCapabilities:
-    # required by CSI
-    - SYS_ADMIN
-    - MKNOD
-  fsGroup:
-    rule: RunAsAny
-  # runAsUser, supplementalGroups - Rook needs to run some pods as root
-  # Ceph pods could be run as the Ceph user, but that user isn't always known ahead of time
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  # seLinux - seLinux context is unknown ahead of time; set if this is well-known
-  seLinux:
-    rule: RunAsAny
-  volumes:
-    # recommended minimum set
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - persistentVolumeClaim
-    - secret
-    - projected
-    # required for Rook
-    - hostPath
-  # allowedHostPaths can be set to Rook's known host volume mount points when they are fully-known
-  # allowedHostPaths:
-  #   - pathPrefix: "/run/udev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/dev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/var/lib/rook"  # or whatever the dataDirHostPath value is set to
-  #     readOnly: false
-  # Ceph requires host IPC for setting up encrypted devices
-  hostIPC: true
-  # Ceph OSDs need to share the same PID namespace
-  hostPID: true
-  # hostNetwork can be set to 'false' if host networking isn't used
-  hostNetwork: true
-  hostPorts:
-    # Ceph messenger protocol v1
-    - min: 6789
-      max: 6790 # <- support old default port
-    # Ceph messenger protocol v2
-    - min: 3300
-      max: 3300
-    # Ceph RADOS ports for OSDs, MDSes
-    - min: 6800
-      max: 7300
-    # # Ceph dashboard port HTTP (not recommended)
-    # - min: 7000
-    #   max: 7000
-    # Ceph dashboard port HTTPS
-    - min: 8443
-      max: 8443
-    # Ceph mgr Prometheus Metrics
-    - min: 9283
-      max: 9283
-    # port for CSIAddons
-    - min: 9070
-      max: 9070
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -91,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +88,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -269,7 +187,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -296,7 +214,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -332,7 +250,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -525,7 +443,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -586,7 +504,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -734,7 +652,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -758,6 +676,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -825,27 +746,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'psp:rook'
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-privileged
-    verbs:
-      - use
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
@@ -886,7 +789,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -907,7 +810,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -989,82 +892,6 @@
   name: rbd-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
 ---
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-ceph-system-psp
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-provisioner-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-provisioner-sa
-    namespace: default # namespace:operator
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1206,7 +1033,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -1288,102 +1115,6 @@
     verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1505,7 +1236,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1555,13 +1286,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -1569,7 +1302,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.12"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -1583,6 +1316,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@renovate renovate bot force-pushed the renovate/patch-rook-ceph-suite branch from 19f0a08 to badc8b2 Compare November 1, 2022 14:32
@github-actions
Copy link

github-actions bot commented Nov 1, 2022

Path: cluster/core/storage/rook-ceph-old/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -1,85 +1,3 @@
-# Source: rook-ceph/templates/psp.yaml
-# We expect most Kubernetes teams to follow the Kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# PSPs are applied based on the first match alphabetically. `rook-ceph-operator` comes after
-# `restricted` alphabetically, so we name this `00-rook-privileged`, so it stays somewhere
-# close to the top and so `rook-system` gets the intended PSP. This may need to be renamed in
-# environments with other `00`-prefixed PSPs.
-#
-# More on PSP ordering: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: 00-rook-privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
-  privileged: true
-  allowedCapabilities:
-    # required by CSI
-    - SYS_ADMIN
-    - MKNOD
-  fsGroup:
-    rule: RunAsAny
-  # runAsUser, supplementalGroups - Rook needs to run some pods as root
-  # Ceph pods could be run as the Ceph user, but that user isn't always known ahead of time
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  # seLinux - seLinux context is unknown ahead of time; set if this is well-known
-  seLinux:
-    rule: RunAsAny
-  volumes:
-    # recommended minimum set
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - persistentVolumeClaim
-    - secret
-    - projected
-    # required for Rook
-    - hostPath
-  # allowedHostPaths can be set to Rook's known host volume mount points when they are fully-known
-  # allowedHostPaths:
-  #   - pathPrefix: "/run/udev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/dev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/var/lib/rook"  # or whatever the dataDirHostPath value is set to
-  #     readOnly: false
-  # Ceph requires host IPC for setting up encrypted devices
-  hostIPC: true
-  # Ceph OSDs need to share the same PID namespace
-  hostPID: true
-  # hostNetwork can be set to 'false' if host networking isn't used
-  hostNetwork: true
-  hostPorts:
-    # Ceph messenger protocol v1
-    - min: 6789
-      max: 6790 # <- support old default port
-    # Ceph messenger protocol v2
-    - min: 3300
-      max: 3300
-    # Ceph RADOS ports for OSDs, MDSes
-    - min: 6800
-      max: 7300
-    # # Ceph dashboard port HTTP (not recommended)
-    # - min: 7000
-    #   max: 7000
-    # Ceph dashboard port HTTPS
-    - min: 8443
-      max: 8443
-    # Ceph mgr Prometheus Metrics
-    - min: 9283
-      max: 9283
-    # port for CSIAddons
-    - min: 9070
-      max: 9070
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -91,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +88,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -269,7 +187,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -296,7 +214,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -332,7 +250,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -525,7 +443,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -586,7 +504,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -734,7 +652,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -758,6 +676,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -825,27 +746,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'psp:rook'
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-privileged
-    verbs:
-      - use
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
@@ -886,7 +789,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -907,7 +810,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -989,82 +892,6 @@
   name: rbd-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
 ---
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-ceph-system-psp
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-provisioner-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-provisioner-sa
-    namespace: default # namespace:operator
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1206,7 +1033,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -1288,102 +1115,6 @@
     verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1505,7 +1236,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1555,13 +1286,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -1569,7 +1302,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.12"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -1583,6 +1316,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@github-actions
Copy link

github-actions bot commented Nov 1, 2022

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -9,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -26,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -43,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -71,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -310,102 +310,6 @@
       - update
 ---
 # Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -598,7 +502,7 @@
     enabled: true
   cephVersion:
     allowUnsupported: false
-    image: quay.io/ceph/ceph:v16.2.9
+    image: quay.io/ceph/ceph:v16.2.10
   cleanupPolicy:
     allowUninstallWithVolumes: false
     confirmation: ""
@@ -717,9 +621,6 @@
         cpu: 1000m
         memory: 4Gi
     prepareosd:
-      limits:
-        cpu: 500m
-        memory: 200Mi
       requests:
         cpu: 500m
         memory: 50Mi

@github-actions
Copy link

github-actions bot commented Nov 1, 2022

Path: cluster/core/storage/rook-ceph-internal/operator/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -1,85 +1,3 @@
-# Source: rook-ceph/templates/psp.yaml
-# We expect most Kubernetes teams to follow the Kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# PSPs are applied based on the first match alphabetically. `rook-ceph-operator` comes after
-# `restricted` alphabetically, so we name this `00-rook-privileged`, so it stays somewhere
-# close to the top and so `rook-system` gets the intended PSP. This may need to be renamed in
-# environments with other `00`-prefixed PSPs.
-#
-# More on PSP ordering: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: 00-rook-privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
-  privileged: true
-  allowedCapabilities:
-    # required by CSI
-    - SYS_ADMIN
-    - MKNOD
-  fsGroup:
-    rule: RunAsAny
-  # runAsUser, supplementalGroups - Rook needs to run some pods as root
-  # Ceph pods could be run as the Ceph user, but that user isn't always known ahead of time
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  # seLinux - seLinux context is unknown ahead of time; set if this is well-known
-  seLinux:
-    rule: RunAsAny
-  volumes:
-    # recommended minimum set
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - persistentVolumeClaim
-    - secret
-    - projected
-    # required for Rook
-    - hostPath
-  # allowedHostPaths can be set to Rook's known host volume mount points when they are fully-known
-  # allowedHostPaths:
-  #   - pathPrefix: "/run/udev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/dev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/var/lib/rook"  # or whatever the dataDirHostPath value is set to
-  #     readOnly: false
-  # Ceph requires host IPC for setting up encrypted devices
-  hostIPC: true
-  # Ceph OSDs need to share the same PID namespace
-  hostPID: true
-  # hostNetwork can be set to 'false' if host networking isn't used
-  hostNetwork: true
-  hostPorts:
-    # Ceph messenger protocol v1
-    - min: 6789
-      max: 6790 # <- support old default port
-    # Ceph messenger protocol v2
-    - min: 3300
-      max: 3300
-    # Ceph RADOS ports for OSDs, MDSes
-    - min: 6800
-      max: 7300
-    # # Ceph dashboard port HTTP (not recommended)
-    # - min: 7000
-    #   max: 7000
-    # Ceph dashboard port HTTPS
-    - min: 8443
-      max: 8443
-    # Ceph mgr Prometheus Metrics
-    - min: 9283
-      max: 9283
-    # port for CSIAddons
-    - min: 9070
-      max: 9070
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -91,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +88,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -1565,8 +1483,16 @@
                     enabled:
                       description: Enabled represents whether the log collector is enabled
                       type: boolean
+                    maxLogSize:
+                      anyOf:
+                        - type: integer
+                        - type: string
+                      description: MaxLogSize is the maximum size of the log per ceph daemons. Must be at least 1M.
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
                     periodicity:
-                      description: Periodicity is the periodicity of the log rotation
+                      description: Periodicity is the periodicity of the log rotation.
+                      pattern: ^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$
                       type: string
                   type: object
                 mgr:
@@ -7897,6 +7823,11 @@
                         type: object
                       nullable: true
                       type: array
+                    hostNetwork:
+                      description: Whether host networking is enabled for the rgw daemon. If not set, the network settings from the cluster CR will be applied.
+                      nullable: true
+                      type: boolean
+                      x-kubernetes-preserve-unknown-fields: true
                     instances:
                       description: The number of pods in the rgw replicaset.
                       format: int32
@@ -10509,7 +10440,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -10536,7 +10467,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10572,7 +10503,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10765,7 +10696,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10826,7 +10757,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10974,7 +10905,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10998,6 +10929,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -11065,27 +10999,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'psp:rook'
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-privileged
-    verbs:
-      - use
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
@@ -11126,7 +11042,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11147,7 +11063,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11229,82 +11145,6 @@
   name: rbd-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
 ---
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-ceph-system-psp
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-provisioner-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-provisioner-sa
-    namespace: default # namespace:operator
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11446,7 +11286,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11528,102 +11368,6 @@
     verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11745,7 +11489,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11795,13 +11539,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -11809,7 +11555,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.12"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -11823,6 +11569,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@renovate renovate bot force-pushed the renovate/patch-rook-ceph-suite branch from badc8b2 to 089ec9b Compare November 3, 2022 22:07
@renovate renovate bot changed the title fix(deps): update rook-ceph-suite to v1.9.12 (patch) fix(deps): update rook-ceph-suite (patch) Nov 3, 2022
@github-actions
Copy link

github-actions bot commented Nov 3, 2022

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -9,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -26,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -43,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -71,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -310,102 +310,6 @@
       - update
 ---
 # Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -598,7 +502,7 @@
     enabled: true
   cephVersion:
     allowUnsupported: false
-    image: quay.io/ceph/ceph:v16.2.9
+    image: quay.io/ceph/ceph:v16.2.10
   cleanupPolicy:
     allowUninstallWithVolumes: false
     confirmation: ""
@@ -717,9 +621,6 @@
         cpu: 1000m
         memory: 4Gi
     prepareosd:
-      limits:
-        cpu: 500m
-        memory: 200Mi
       requests:
         cpu: 500m
         memory: 50Mi

@github-actions
Copy link

github-actions bot commented Nov 3, 2022

Path: cluster/core/storage/rook-ceph-internal/operator/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -1,85 +1,3 @@
-# Source: rook-ceph/templates/psp.yaml
-# We expect most Kubernetes teams to follow the Kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# PSPs are applied based on the first match alphabetically. `rook-ceph-operator` comes after
-# `restricted` alphabetically, so we name this `00-rook-privileged`, so it stays somewhere
-# close to the top and so `rook-system` gets the intended PSP. This may need to be renamed in
-# environments with other `00`-prefixed PSPs.
-#
-# More on PSP ordering: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: 00-rook-privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
-  privileged: true
-  allowedCapabilities:
-    # required by CSI
-    - SYS_ADMIN
-    - MKNOD
-  fsGroup:
-    rule: RunAsAny
-  # runAsUser, supplementalGroups - Rook needs to run some pods as root
-  # Ceph pods could be run as the Ceph user, but that user isn't always known ahead of time
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  # seLinux - seLinux context is unknown ahead of time; set if this is well-known
-  seLinux:
-    rule: RunAsAny
-  volumes:
-    # recommended minimum set
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - persistentVolumeClaim
-    - secret
-    - projected
-    # required for Rook
-    - hostPath
-  # allowedHostPaths can be set to Rook's known host volume mount points when they are fully-known
-  # allowedHostPaths:
-  #   - pathPrefix: "/run/udev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/dev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/var/lib/rook"  # or whatever the dataDirHostPath value is set to
-  #     readOnly: false
-  # Ceph requires host IPC for setting up encrypted devices
-  hostIPC: true
-  # Ceph OSDs need to share the same PID namespace
-  hostPID: true
-  # hostNetwork can be set to 'false' if host networking isn't used
-  hostNetwork: true
-  hostPorts:
-    # Ceph messenger protocol v1
-    - min: 6789
-      max: 6790 # <- support old default port
-    # Ceph messenger protocol v2
-    - min: 3300
-      max: 3300
-    # Ceph RADOS ports for OSDs, MDSes
-    - min: 6800
-      max: 7300
-    # # Ceph dashboard port HTTP (not recommended)
-    # - min: 7000
-    #   max: 7000
-    # Ceph dashboard port HTTPS
-    - min: 8443
-      max: 8443
-    # Ceph mgr Prometheus Metrics
-    - min: 9283
-      max: 9283
-    # port for CSIAddons
-    - min: 9070
-      max: 9070
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -91,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +88,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -1565,8 +1483,16 @@
                     enabled:
                       description: Enabled represents whether the log collector is enabled
                       type: boolean
+                    maxLogSize:
+                      anyOf:
+                        - type: integer
+                        - type: string
+                      description: MaxLogSize is the maximum size of the log per ceph daemons. Must be at least 1M.
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
                     periodicity:
-                      description: Periodicity is the periodicity of the log rotation
+                      description: Periodicity is the periodicity of the log rotation.
+                      pattern: ^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$
                       type: string
                   type: object
                 mgr:
@@ -7897,6 +7823,11 @@
                         type: object
                       nullable: true
                       type: array
+                    hostNetwork:
+                      description: Whether host networking is enabled for the rgw daemon. If not set, the network settings from the cluster CR will be applied.
+                      nullable: true
+                      type: boolean
+                      x-kubernetes-preserve-unknown-fields: true
                     instances:
                       description: The number of pods in the rgw replicaset.
                       format: int32
@@ -10509,7 +10440,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -10536,7 +10467,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10572,7 +10503,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10765,7 +10696,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10826,7 +10757,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10974,7 +10905,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10998,6 +10929,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -11065,27 +10999,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'psp:rook'
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-privileged
-    verbs:
-      - use
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
@@ -11126,7 +11042,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11147,7 +11063,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11229,82 +11145,6 @@
   name: rbd-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
 ---
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-ceph-system-psp
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-provisioner-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-provisioner-sa
-    namespace: default # namespace:operator
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11446,7 +11286,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11528,102 +11368,6 @@
     verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11745,7 +11489,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11795,13 +11539,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -11809,7 +11555,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.12"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -11823,6 +11569,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@github-actions
Copy link

github-actions bot commented Nov 3, 2022

Path: cluster/core/storage/rook-ceph-old/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -1,85 +1,3 @@
-# Source: rook-ceph/templates/psp.yaml
-# We expect most Kubernetes teams to follow the Kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# PSPs are applied based on the first match alphabetically. `rook-ceph-operator` comes after
-# `restricted` alphabetically, so we name this `00-rook-privileged`, so it stays somewhere
-# close to the top and so `rook-system` gets the intended PSP. This may need to be renamed in
-# environments with other `00`-prefixed PSPs.
-#
-# More on PSP ordering: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: 00-rook-privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
-  privileged: true
-  allowedCapabilities:
-    # required by CSI
-    - SYS_ADMIN
-    - MKNOD
-  fsGroup:
-    rule: RunAsAny
-  # runAsUser, supplementalGroups - Rook needs to run some pods as root
-  # Ceph pods could be run as the Ceph user, but that user isn't always known ahead of time
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  # seLinux - seLinux context is unknown ahead of time; set if this is well-known
-  seLinux:
-    rule: RunAsAny
-  volumes:
-    # recommended minimum set
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - persistentVolumeClaim
-    - secret
-    - projected
-    # required for Rook
-    - hostPath
-  # allowedHostPaths can be set to Rook's known host volume mount points when they are fully-known
-  # allowedHostPaths:
-  #   - pathPrefix: "/run/udev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/dev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/var/lib/rook"  # or whatever the dataDirHostPath value is set to
-  #     readOnly: false
-  # Ceph requires host IPC for setting up encrypted devices
-  hostIPC: true
-  # Ceph OSDs need to share the same PID namespace
-  hostPID: true
-  # hostNetwork can be set to 'false' if host networking isn't used
-  hostNetwork: true
-  hostPorts:
-    # Ceph messenger protocol v1
-    - min: 6789
-      max: 6790 # <- support old default port
-    # Ceph messenger protocol v2
-    - min: 3300
-      max: 3300
-    # Ceph RADOS ports for OSDs, MDSes
-    - min: 6800
-      max: 7300
-    # # Ceph dashboard port HTTP (not recommended)
-    # - min: 7000
-    #   max: 7000
-    # Ceph dashboard port HTTPS
-    - min: 8443
-      max: 8443
-    # Ceph mgr Prometheus Metrics
-    - min: 9283
-      max: 9283
-    # port for CSIAddons
-    - min: 9070
-      max: 9070
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -91,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +88,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -269,7 +187,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -296,7 +214,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -332,7 +250,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -525,7 +443,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -586,7 +504,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -734,7 +652,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -758,6 +676,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -825,27 +746,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'psp:rook'
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-privileged
-    verbs:
-      - use
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
@@ -886,7 +789,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -907,7 +810,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -989,82 +892,6 @@
   name: rbd-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
 ---
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-ceph-system-psp
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-provisioner-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-provisioner-sa
-    namespace: default # namespace:operator
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1206,7 +1033,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -1288,102 +1115,6 @@
     verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1505,7 +1236,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1555,13 +1286,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -1569,7 +1302,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.12"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -1583,6 +1316,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

Signed-off-by: Danny Froberg <dfroberg@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/patch-rook-ceph-suite branch from 089ec9b to de8e923 Compare March 16, 2023 12:07
@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/cluster/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -9,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -26,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -43,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -71,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -310,102 +310,6 @@
       - update
 ---
 # Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph-cluster/templates/rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -598,7 +502,7 @@
     enabled: true
   cephVersion:
     allowUnsupported: false
-    image: quay.io/ceph/ceph:v16.2.9
+    image: quay.io/ceph/ceph:v16.2.10
   cleanupPolicy:
     allowUninstallWithVolumes: false
     confirmation: ""
@@ -717,9 +621,6 @@
         cpu: 1000m
         memory: 4Gi
     prepareosd:
-      limits:
-        cpu: 500m
-        memory: 200Mi
       requests:
         cpu: 500m
         memory: 50Mi

@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-old/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -1,85 +1,3 @@
-# Source: rook-ceph/templates/psp.yaml
-# We expect most Kubernetes teams to follow the Kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# PSPs are applied based on the first match alphabetically. `rook-ceph-operator` comes after
-# `restricted` alphabetically, so we name this `00-rook-privileged`, so it stays somewhere
-# close to the top and so `rook-system` gets the intended PSP. This may need to be renamed in
-# environments with other `00`-prefixed PSPs.
-#
-# More on PSP ordering: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: 00-rook-privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
-  privileged: true
-  allowedCapabilities:
-    # required by CSI
-    - SYS_ADMIN
-    - MKNOD
-  fsGroup:
-    rule: RunAsAny
-  # runAsUser, supplementalGroups - Rook needs to run some pods as root
-  # Ceph pods could be run as the Ceph user, but that user isn't always known ahead of time
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  # seLinux - seLinux context is unknown ahead of time; set if this is well-known
-  seLinux:
-    rule: RunAsAny
-  volumes:
-    # recommended minimum set
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - persistentVolumeClaim
-    - secret
-    - projected
-    # required for Rook
-    - hostPath
-  # allowedHostPaths can be set to Rook's known host volume mount points when they are fully-known
-  # allowedHostPaths:
-  #   - pathPrefix: "/run/udev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/dev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/var/lib/rook"  # or whatever the dataDirHostPath value is set to
-  #     readOnly: false
-  # Ceph requires host IPC for setting up encrypted devices
-  hostIPC: true
-  # Ceph OSDs need to share the same PID namespace
-  hostPID: true
-  # hostNetwork can be set to 'false' if host networking isn't used
-  hostNetwork: true
-  hostPorts:
-    # Ceph messenger protocol v1
-    - min: 6789
-      max: 6790 # <- support old default port
-    # Ceph messenger protocol v2
-    - min: 3300
-      max: 3300
-    # Ceph RADOS ports for OSDs, MDSes
-    - min: 6800
-      max: 7300
-    # # Ceph dashboard port HTTP (not recommended)
-    # - min: 7000
-    #   max: 7000
-    # Ceph dashboard port HTTPS
-    - min: 8443
-      max: 8443
-    # Ceph mgr Prometheus Metrics
-    - min: 9283
-      max: 9283
-    # port for CSIAddons
-    - min: 9070
-      max: 9070
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -91,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +88,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -269,7 +187,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -296,7 +214,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -332,7 +250,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -525,7 +443,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -586,7 +504,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -734,7 +652,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -758,6 +676,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -825,27 +746,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'psp:rook'
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-privileged
-    verbs:
-      - use
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
@@ -886,7 +789,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -907,7 +810,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -989,82 +892,6 @@
   name: rbd-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
 ---
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-ceph-system-psp
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-provisioner-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-provisioner-sa
-    namespace: default # namespace:operator
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1206,7 +1033,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -1288,102 +1115,6 @@
     verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1505,7 +1236,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -1555,13 +1286,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -1569,7 +1302,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.12"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -1583,6 +1316,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@github-actions
Copy link

Path: cluster/core/storage/rook-ceph-internal/operator/helm-release.yaml
Version: v1.9.4 -> v1.9.12

@@ -1,85 +1,3 @@
-# Source: rook-ceph/templates/psp.yaml
-# We expect most Kubernetes teams to follow the Kubernetes docs and have these PSPs.
-# * privileged (for kube-system namespace)
-# * restricted (for all logged in users)
-#
-# PSPs are applied based on the first match alphabetically. `rook-ceph-operator` comes after
-# `restricted` alphabetically, so we name this `00-rook-privileged`, so it stays somewhere
-# close to the top and so `rook-system` gets the intended PSP. This may need to be renamed in
-# environments with other `00`-prefixed PSPs.
-#
-# More on PSP ordering: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-order
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: 00-rook-privileged
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
-spec:
-  privileged: true
-  allowedCapabilities:
-    # required by CSI
-    - SYS_ADMIN
-    - MKNOD
-  fsGroup:
-    rule: RunAsAny
-  # runAsUser, supplementalGroups - Rook needs to run some pods as root
-  # Ceph pods could be run as the Ceph user, but that user isn't always known ahead of time
-  runAsUser:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  # seLinux - seLinux context is unknown ahead of time; set if this is well-known
-  seLinux:
-    rule: RunAsAny
-  volumes:
-    # recommended minimum set
-    - configMap
-    - downwardAPI
-    - emptyDir
-    - persistentVolumeClaim
-    - secret
-    - projected
-    # required for Rook
-    - hostPath
-  # allowedHostPaths can be set to Rook's known host volume mount points when they are fully-known
-  # allowedHostPaths:
-  #   - pathPrefix: "/run/udev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/dev"  # for OSD prep
-  #     readOnly: false
-  #   - pathPrefix: "/var/lib/rook"  # or whatever the dataDirHostPath value is set to
-  #     readOnly: false
-  # Ceph requires host IPC for setting up encrypted devices
-  hostIPC: true
-  # Ceph OSDs need to share the same PID namespace
-  hostPID: true
-  # hostNetwork can be set to 'false' if host networking isn't used
-  hostNetwork: true
-  hostPorts:
-    # Ceph messenger protocol v1
-    - min: 6789
-      max: 6790 # <- support old default port
-    # Ceph messenger protocol v2
-    - min: 3300
-      max: 3300
-    # Ceph RADOS ports for OSDs, MDSes
-    - min: 6800
-      max: 7300
-    # # Ceph dashboard port HTTP (not recommended)
-    # - min: 7000
-    #   max: 7000
-    # Ceph dashboard port HTTPS
-    - min: 8443
-      max: 8443
-    # Ceph mgr Prometheus Metrics
-    - min: 9283
-      max: 9283
-    # port for CSIAddons
-    - min: 9070
-      max: 9070
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Service account for Ceph OSDs
 apiVersion: v1
@@ -91,7 +9,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -108,7 +26,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -125,7 +43,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -153,7 +71,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -170,7 +88,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
 # imagePullSecrets:
@@ -1565,8 +1483,16 @@
                     enabled:
                       description: Enabled represents whether the log collector is enabled
                       type: boolean
+                    maxLogSize:
+                      anyOf:
+                        - type: integer
+                        - type: string
+                      description: MaxLogSize is the maximum size of the log per ceph daemons. Must be at least 1M.
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
                     periodicity:
-                      description: Periodicity is the periodicity of the log rotation
+                      description: Periodicity is the periodicity of the log rotation.
+                      pattern: ^$|^(hourly|daily|weekly|monthly|1h|24h|1d)$
                       type: string
                   type: object
                 mgr:
@@ -7897,6 +7823,11 @@
                         type: object
                       nullable: true
                       type: array
+                    hostNetwork:
+                      description: Whether host networking is enabled for the rgw daemon. If not set, the network settings from the cluster CR will be applied.
+                      nullable: true
+                      type: boolean
+                      x-kubernetes-preserve-unknown-fields: true
                     instances:
                       description: The number of pods in the rgw replicaset.
                       format: int32
@@ -10509,7 +10440,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   # Most resources are represented by a string representation of their name, such as "pods", just as it appears in the URL for the relevant API endpoint.
@@ -10536,7 +10467,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10572,7 +10503,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10765,7 +10696,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -10826,7 +10757,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10974,7 +10905,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups: [""]
@@ -10998,6 +10929,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/clusterrole.yaml
 kind: ClusterRole
@@ -11065,27 +10999,9 @@
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'psp:rook'
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-privileged
-    verbs:
-      - use
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
@@ -11126,7 +11042,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11147,7 +11063,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11229,82 +11145,6 @@
   name: rbd-external-provisioner-runner
   apiGroup: rbac.authorization.k8s.io
 ---
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-ceph-system-psp
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-provisioner-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-cephfs-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-cephfs-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-plugin-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-plugin-sa
-    namespace: default # namespace:operator
----
-# Source: rook-ceph/templates/psp.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rook-csi-rbd-provisioner-sa-psp
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'psp:rook'
-subjects:
-  - kind: ServiceAccount
-    name: rook-csi-rbd-provisioner-sa
-    namespace: default # namespace:operator
----
 # Source: rook-ceph/templates/cluster-rbac.yaml
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11446,7 +11286,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
   - apiGroups:
@@ -11528,102 +11368,6 @@
     verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 # Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-default-psp
-  namespace: default # namespace:cluster
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
-    app.kubernetes.io/created-by: helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-rgw-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-rgw
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-mgr-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-cmd-reporter-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-cmd-reporter
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: rook-ceph-purge-osd-psp
-  namespace: default # namespace:cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: psp:rook
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-purge-osd
-    namespace: default # namespace:cluster
----
-# Source: rook-ceph/templates/cluster-rbac.yaml
 # Allow the operator to create resources in this cluster's namespace
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11745,7 +11489,7 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -11795,13 +11539,15 @@
     operator: rook
     storage-backend: ceph
     app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: helm
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: rook-ceph-operator
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -11809,7 +11555,7 @@
     spec:
       containers:
         - name: rook-ceph-operator
-          image: "rook/ceph:v1.9.4"
+          image: "rook/ceph:v1.9.12"
           imagePullPolicy: IfNotPresent
           args: ["ceph", "operator"]
           securityContext:
@@ -11823,6 +11569,10 @@
               name: default-config-dir
             - mountPath: /etc/webhook
               name: webhook-cert
+          ports:
+            - containerPort: 9443
+              name: https-webhook
+              protocol: TCP
           env:
             - name: ROOK_CURRENT_NAMESPACE_ONLY
               value: "false"

@renovate renovate bot changed the title fix(deps): update rook-ceph-suite (patch) fix(deps): update rook-ceph-suite to v1.9.12 (patch) Mar 26, 2023
@renovate renovate bot changed the title fix(deps): update rook-ceph-suite to v1.9.12 (patch) fix(deps): update rook-ceph-suite (patch) Mar 26, 2023
@renovate renovate bot changed the title fix(deps): update rook-ceph-suite (patch) fix(deps): update rook-ceph-suite to v1.9.12 (patch) Dec 19, 2024
@renovate renovate bot changed the title fix(deps): update rook-ceph-suite to v1.9.12 (patch) fix(deps): update rook-ceph-suite (patch) Dec 19, 2024
@renovate renovate bot changed the title fix(deps): update rook-ceph-suite (patch) fix(deps): update rook-ceph-suite to v1.9.12 (patch) Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants