Skip to content

feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.20.0 )#3137

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/rook-ceph-1.x
Open

feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.20.0 )#3137
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/rook-ceph-1.x

Conversation

@renovate

@renovate renovate Bot commented Jan 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
rook-ceph minor v1.18.8v1.20.0

Release Notes

rook/rook (rook-ceph)

v1.20.0

Compare Source

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes

  • The Ceph CSI operator is required for managing CSI driver settings.
    • Upgrades will continue working with the existing settings that had been applied by Rook previously. Further updates to CSI settings will need to be updated by the Rook admin. Clusters with default CSI settings do not require customizations.
    • CSI settings are removed from the Rook operator configmap rook-ceph-operator-config and the rook-ceph Helm chart.
    • New installs must configure the CSI settings with the Ceph-CSI OperatorConfig and Driver CRs. Default settings are included in operator.yaml. For custom CSI settings, see the CSI Configuration for more details and examples.
    • For helm users, the Ceph CSI operator settings are configured by the ceph-csi-drivers chart. Custom CSI images remain configured by the rook-ceph chart values.

Features

  • Supported Kubernetes versions are v1.31 through v1.36.
  • SSE-S3 with Vault Agent: Added support for server-side encryption with SSE-S3 using HashiCorp Vault Agent authentication. See the CephObjectStore Security Settings for more details.
  • Unused CRUSH rule cleanup: Rook now deletes unused CRUSH rules by default after the Ceph mgr starts. If unused CRUSH rules should not be deleted, set ROOK_DELETE_UNUSED_CRUSH_RULES to false in the operator config.
  • Concurrently reconciling multiple Ceph Clusters with the setting ROOK_RECONCILE_CONCURRENT_CLUSTERS is declared stable.
  • Containers within a pod are now consistently reconciled by name instead of relying on the order in which they are declared. This is a defensive measure against the declaration order changing due to manipulation by a mutating webhook.
  • OSD resize with encrypted host-based OSDs: For encrypted OSDs (with encryptedDevice: true) with host-based (non-PVC) clusters, resizing the underlying disk now automatically expands encrypted OSDs.
  • RGW Accounts (Experimental): The CephObjectStoreAccount CRD manages RGW accounts. The accountReffield is added inCephObjectStoreUser to associate users with accounts. This feature is currently only testable with the Ceph main branch image (quay.ceph.io/ceph-ci/ceph:main`). See the Object Store Accounts documentation for more details.
  • Two-node clusters (Experimental): Rook allows a "floating" mon to migrate between the two nodes in case one node is down.

v1.19.6

Compare Source

Improvements

Rook v1.19.6 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.5

Compare Source

Improvements

Rook v1.19.5 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.4

Compare Source

Improvements

Rook v1.19.4 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.3

Compare Source

Improvements

Rook v1.19.3 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.2

Compare Source

Improvements

Rook v1.19.2 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.19.1

Compare Source

Improvements

Rook v1.19.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

csi: Update to ceph csi operator to v0.5 (#​17029, @​subhamkrai)
security: Remove unnecessary nodes/proxy RBAC enablement (#​16979, @​ibotty)
helm: Set default ceph image pull policy (#​16954, @​travisn)
nfs: Add CephNFS.spec.server.{image,imagePullPolicy} fields (#​16982, @​jhoblitt)
osd: Assign correct osd container in case it is not index 0 (#​16969, @​kyrbrbik)
csi: Remove obsolete automated node fencing code (#​16922, @​subhamkrai)
osd: Enable proper cancellation during OSD reconcile (#​17022, @​sp98)
csi: Allow running the csi controller plugin on host network (#​16972, @​Madhu-1)
rgw: Update ca bundle mount perms to read-all (#​16968, @​BlaineEXE)
mon: Change do-not-reconcile to be more granular for individual mons (#​16939, @​travisn)
build(deps): Bump the k8s-dependencies group with 6 updates (#​16846, @​dependabot[bot])
doc: add csi-operator example in configuration doc (#​17001, @​subhamkrai)

v1.19.0

Compare Source

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes

  • The supported Kubernetes versions are v1.30 - v1.35
  • The minimum supported Ceph version is v19.2.0. Rook v1.18 clusters running Ceph v18 must upgrade
    to Ceph v19.2.0 or higher before upgrading Rook.
  • The behavior of the activeStandby property in the CephFilesystem CRD has changed. When set to false, the standby MDS daemon deployment will be scaled down and removed, rather than only disabling the standby cache while the daemon remains running.
  • Helm: The rook-ceph-cluster chart has changed where the Ceph image is defined, to allow separate settings for the repository and tag. For more details, see the Rook upgrade guide.
  • In external mode, when users provide a Ceph admin keyring to Rook, Rook will no longer create CSI Ceph clients automatically. This approach will provide more consistency to configure external mode clusters via the same external Python script.

Features

  • Experimental: NVMe over Fabrics (NVMe-oF) allows RBD volumes to be exposed and accessed via the NVMe/TCP protocol. This enables both Kubernetes pods within the cluster and external clients outside the cluster to connect to Ceph block storage using standard NVMe-oF initiators, providing high-performance block storage access over the network. See the NVMe-oF Configuration Guide to get started.
  • CephCSI v3.16 Integration:
    • NVMe-oF CSI driver for provisioning and mounting volumes over the NVMe over Fabrics protocol
    • Improved fencing for RBD and CephFS volumes during node failure
    • Block volume usage statistics
    • Configurable block encryption cipher
  • Experimental: Allow concurrent reconciles of the CephCluster CR when there multiple clusters being managed by the same Rook operator. Concurrency is enabled by increasing the operator setting ROOK_RECONCILE_CONCURRENT_CLUSTERS to a value greater than 1.
  • Improved logging with namespaced names for the controllers for more consistency in troubleshooting the rook operator log.

v1.18.11

Compare Source

Improvements

Rook v1.18.11 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.10

Compare Source

Improvements

Rook v1.18.10 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

v1.18.9

Compare Source

Improvements

Rook v1.18.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from anthr76 as a code owner January 13, 2026 20:28
@github-actions

github-actions Bot commented Jan 13, 2026
edited
Loading

Copy link
Copy Markdown

qgr1-cluster-0 - kustomization

--- k8s/base/rook-ceph/operator Kustomization: flux-system/rook-ceph-operator HelmRelease: rook-ceph/rook-ceph

+++ k8s/base/rook-ceph/operator Kustomization: flux-system/rook-ceph-operator HelmRelease: rook-ceph/rook-ceph

@@ -13,13 +13,13 @@

     spec:
       chart: rook-ceph
       sourceRef:
         kind: HelmRepository
         name: rook-ceph-charts
         namespace: flux-system
-      version: v1.18.8
+      version: v1.20.0
   install:
     crds: CreateReplace
     createNamespace: true
     remediation:
       retries: 50
     timeout: 15m

@github-actions

github-actions Bot commented Jan 13, 2026
edited
Loading

Copy link
Copy Markdown

qgr1-cluster-0 - helmrelease

--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-cephfs-ctrlplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-cephfs-ctrlplugin-sa

@@ -1,10 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ceph-csi-cephfs-ctrlplugin-sa
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-cephfs-nodeplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-cephfs-nodeplugin-sa

@@ -1,10 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ceph-csi-cephfs-nodeplugin-sa
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-controller-manager

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-controller-manager

@@ -1,10 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ceph-csi-controller-manager
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-nfs-ctrlplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-nfs-ctrlplugin-sa

@@ -1,10 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ceph-csi-nfs-ctrlplugin-sa
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-nfs-nodeplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-nfs-nodeplugin-sa

@@ -1,10 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ceph-csi-nfs-nodeplugin-sa
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-rbd-ctrlplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-rbd-ctrlplugin-sa

@@ -1,10 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ceph-csi-rbd-ctrlplugin-sa
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-rbd-nodeplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-rbd-nodeplugin-sa

@@ -1,10 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ceph-csi-rbd-nodeplugin-sa
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-cephfs-plugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-cephfs-plugin-sa

@@ -1,15 +0,0 @@

----
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: rook-csi-cephfs-plugin-sa
-  namespace: rook-ceph
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-cephfs-provisioner-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-cephfs-provisioner-sa

@@ -1,15 +0,0 @@

----
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: rook-csi-cephfs-provisioner-sa
-  namespace: rook-ceph
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-rbd-plugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-rbd-plugin-sa

@@ -1,15 +0,0 @@

----
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: rook-csi-rbd-plugin-sa
-  namespace: rook-ceph
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-rbd-provisioner-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-rbd-provisioner-sa

@@ -1,15 +0,0 @@

----
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: rook-csi-rbd-provisioner-sa
-  namespace: rook-ceph
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-
--- HelmRelease: rook-ceph/rook-ceph ConfigMap: rook-ceph/rook-ceph-operator-config

+++ HelmRelease: rook-ceph/rook-ceph ConfigMap: rook-ceph/rook-ceph-operator-config

@@ -15,239 +15,10 @@

 data:
   ROOK_LOG_LEVEL: INFO
   ROOK_CEPH_COMMANDS_TIMEOUT_SECONDS: '15'
   ROOK_OBC_WATCH_OPERATOR_NAMESPACE: 'true'
   ROOK_OBC_ALLOW_ADDITIONAL_CONFIG_FIELDS: maxObjects,maxSize
   ROOK_CEPH_ALLOW_LOOP_DEVICES: 'false'
+  ROOK_CEPH_MON_RUN_AS_ROOT: 'false'
+  ROOK_DELETE_UNUSED_CRUSH_RULES: 'true'
   ROOK_ENABLE_DISCOVERY_DAEMON: 'false'
-  ROOK_USE_CSI_OPERATOR: 'true'
-  ROOK_CSI_ENABLE_RBD: 'true'
-  ROOK_CSI_ENABLE_CEPHFS: 'true'
-  ROOK_CSI_DISABLE_DRIVER: 'false'
-  CSI_ENABLE_CEPHFS_SNAPSHOTTER: 'true'
-  CSI_ENABLE_NFS_SNAPSHOTTER: 'true'
-  CSI_ENABLE_RBD_SNAPSHOTTER: 'true'
-  CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: 'false'
-  CSI_ENABLE_ENCRYPTION: 'false'
-  CSI_ENABLE_OMAP_GENERATOR: 'false'
-  CSI_ENABLE_HOST_NETWORK: 'true'
-  CSI_ENABLE_METADATA: 'false'
-  CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: 'true'
-  CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical
-  CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical
-  CSI_RBD_FSGROUPPOLICY: File
-  CSI_CEPHFS_FSGROUPPOLICY: File
-  CSI_NFS_FSGROUPPOLICY: File
-  ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.15.0
-  ROOK_CSI_REGISTRAR_IMAGE: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0
-  ROOK_CSI_PROVISIONER_IMAGE: registry.k8s.io/sig-storage/csi-provisioner:v5.2.0
-  ROOK_CSI_SNAPSHOTTER_IMAGE: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.1
-  ROOK_CSI_ATTACHER_IMAGE: registry.k8s.io/sig-storage/csi-attacher:v4.8.1
-  ROOK_CSI_RESIZER_IMAGE: registry.k8s.io/sig-storage/csi-resizer:v1.13.2
-  ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent
-  CSI_ENABLE_CSIADDONS: 'false'
-  ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.13.0
-  CSI_ENABLE_CROSS_NAMESPACE_VOLUME_DATA_SOURCE: 'false'
-  CSI_ENABLE_TOPOLOGY: 'false'
-  ROOK_CSI_ENABLE_NFS: 'false'
-  CSI_FORCE_CEPHFS_KERNEL_CLIENT: 'true'
-  CSI_GRPC_TIMEOUT_SECONDS: '150'
-  CSI_PROVISIONER_REPLICAS: '2'
-  CSI_RBD_PROVISIONER_RESOURCE: |
-    - name : csi-provisioner
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 100m
-        limits:
-          memory: 256Mi
-    - name : csi-resizer
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 100m
-        limits:
-          memory: 256Mi
-    - name : csi-attacher
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 100m
-        limits:
-          memory: 256Mi
-    - name : csi-snapshotter
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 100m
-        limits:
-          memory: 256Mi
-    - name : csi-rbdplugin
-      resource:
-        requests:
-          memory: 512Mi
-        limits:
-          memory: 1Gi
-    - name : csi-omap-generator
-      resource:
-        requests:
-          memory: 512Mi
-          cpu: 250m
-        limits:
-          memory: 1Gi
-    - name : liveness-prometheus
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 50m
-        limits:
-          memory: 256Mi
-  CSI_RBD_PLUGIN_RESOURCE: |
-    - name : driver-registrar
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 50m
-        limits:
-          memory: 256Mi
-    - name : csi-rbdplugin
-      resource:
-        requests:
-          memory: 512Mi
-          cpu: 250m
-        limits:
-          memory: 1Gi
-    - name : liveness-prometheus
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 50m
-        limits:
-          memory: 256Mi
-  CSI_CEPHFS_PROVISIONER_RESOURCE: |
-    - name : csi-provisioner
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 100m
-        limits:
-          memory: 256Mi
-    - name : csi-resizer
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 100m
-        limits:
-          memory: 256Mi
-    - name : csi-attacher
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 100m
-        limits:
-          memory: 256Mi
-    - name : csi-snapshotter
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 100m
-        limits:
-          memory: 256Mi
-    - name : csi-cephfsplugin
-      resource:
-        requests:
-          memory: 512Mi
-          cpu: 250m
-        limits:
-          memory: 1Gi
-    - name : liveness-prometheus
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 50m
-        limits:
-          memory: 256Mi
-  CSI_CEPHFS_PLUGIN_RESOURCE: |
-    - name : driver-registrar
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 50m
-        limits:
-          memory: 256Mi
-    - name : csi-cephfsplugin
-      resource:
-        requests:
-          memory: 512Mi
-          cpu: 250m
-        limits:
-          memory: 1Gi
-    - name : liveness-prometheus
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 50m
-        limits:
-          memory: 256Mi
-  CSI_NFS_PROVISIONER_RESOURCE: |
-    - name : csi-provisioner
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 100m
-        limits:
-          memory: 256Mi
-    - name : csi-nfsplugin
-      resource:
-        requests:
-          memory: 512Mi
-          cpu: 250m
-        limits:
-          memory: 1Gi
-    - name : csi-attacher
-      resource:
-        requests:
-          memory: 512Mi
-          cpu: 250m
-        limits:
-          memory: 1Gi
-  CSI_NFS_PLUGIN_RESOURCE: |
-    - name : driver-registrar
-      resource:
-        requests:
-          memory: 128Mi
-          cpu: 50m
-        limits:
-          memory: 256Mi
-    - name : csi-nfsplugin
-      resource:
-        requests:
-          memory: 512Mi
-          cpu: 250m
-        limits:
-          memory: 1Gi
-  CSI_RBD_PLUGIN_VOLUME: |-
-    - hostPath:
-        path: /run/booted-system/kernel-modules/lib/modules/
-      name: lib-modules
-    - hostPath:
-        path: /nix
-      name: host-nix
-  CSI_RBD_PLUGIN_VOLUME_MOUNT: |-
-    - mountPath: /nix
-      name: host-nix
-      readOnly: true
-  CSI_CEPHFS_PLUGIN_VOLUME: |-
-    - hostPath:
-        path: /run/booted-system/kernel-modules/lib/modules/
-      name: lib-modules
-    - hostPath:
-        path: /nix
-      name: host-nix
-  CSI_CEPHFS_PLUGIN_VOLUME_MOUNT: |-
-    - mountPath: /nix
-      name: host-nix
-      readOnly: true
-  CSI_CEPHFS_ATTACH_REQUIRED: 'true'
-  CSI_RBD_ATTACH_REQUIRED: 'true'
-  CSI_NFS_ATTACH_REQUIRED: 'true'
 
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephfs-ctrlplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephfs-ctrlplugin-cr

@@ -1,202 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: ceph-csi-cephfs-ctrlplugin-cr
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - csinodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumes
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - delete
-  - patch
-  - update
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-  - update
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - storageclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - events
-  verbs:
-  - list
-  - watch
-  - create
-  - update
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments/status
-  verbs:
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims/status
-  verbs:
-  - patch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshots
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-  - update
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.openshift.io
-  resources:
-  - volumegroupsnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - groupsnapshot.storage.openshift.io
-  resources:
-  - volumegroupsnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.openshift.io
-  resources:
-  - volumegroupsnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts/token
-  verbs:
-  - create
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephfs-nodeplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephfs-nodeplugin-cr

@@ -1,58 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: ceph-csi-cephfs-nodeplugin-cr
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts/token
-  verbs:
-  - create
-- apiGroups:
-  - ''
-  resources:
-  - events
-  verbs:
-  - list
-  - watch
-  - create
-  - update
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumes
-  - persistentvolumeclaims
-  verbs:
-  - get
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-nfs-ctrlplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-nfs-ctrlplugin-cr

@@ -1,138 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: ceph-csi-nfs-ctrlplugin-cr
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumes
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - delete
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-  - update
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - storageclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - events
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - csinodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshots
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims/status
-  verbs:
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments/status
-  verbs:
-  - patch
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-nfs-nodeplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-nfs-nodeplugin-cr

@@ -1,17 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: ceph-csi-nfs-nodeplugin-cr
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-rbd-ctrlplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-rbd-ctrlplugin-cr

@@ -1,231 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: ceph-csi-rbd-ctrlplugin-cr
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumes
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - delete
-  - patch
-  - update
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - storageclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - events
-  verbs:
-  - list
-  - watch
-  - create
-  - update
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments/status
-  verbs:
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - csinodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims/status
-  verbs:
-  - patch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshots
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-  - update
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts/token
-  verbs:
-  - create
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.openshift.io
-  resources:
-  - volumegroupsnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - groupsnapshot.storage.openshift.io
-  resources:
-  - volumegroupsnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.openshift.io
-  resources:
-  - volumegroupsnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - replication.storage.openshift.io
-  resources:
-  - volumegroupreplicationcontents
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - replication.storage.openshift.io
-  resources:
-  - volumegroupreplicationclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
-- apiGroups:
-  - cbt.storage.k8s.io
-  resources:
-  - snapshotmetadataservices
-  verbs:
-  - get
-  - list
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-rbd-nodeplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-rbd-nodeplugin-cr

@@ -1,78 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: ceph-csi-rbd-nodeplugin-cr
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumes
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts/token
-  verbs:
-  - create
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - ''
-  resources:
-  - events
-  verbs:
-  - list
-  - watch
-  - create
-  - update
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims
-  verbs:
-  - get
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-global

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-global

@@ -14,13 +14,12 @@

 rules:
 - apiGroups:
   - ''
   resources:
   - pods
   - nodes
-  - nodes/proxy
   - secrets
   - configmaps
   verbs:
   - get
   - list
   - watch
@@ -41,12 +40,20 @@

   - watch
   - patch
   - create
   - update
   - delete
 - apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
   - storage.k8s.io
   resources:
   - storageclasses
   verbs:
   - get
   - list
@@ -69,14 +76,16 @@

   resources:
   - cephclients
   - cephclusters
   - cephblockpools
   - cephfilesystems
   - cephnfses
+  - cephnvmeofgateways
   - cephobjectstores
   - cephobjectstoreusers
+  - cephobjectstoreaccounts
   - cephobjectrealms
   - cephobjectzonegroups
   - cephobjectzones
   - cephbuckettopics
   - cephbucketnotifications
   - cephrbdmirrors
@@ -94,14 +103,16 @@

   resources:
   - cephclients/status
   - cephclusters/status
   - cephblockpools/status
   - cephfilesystems/status
   - cephnfses/status
+  - cephnvmeofgateways/status
   - cephobjectstores/status
   - cephobjectstoreusers/status
+  - cephobjectstoreaccounts/status
   - cephobjectrealms/status
   - cephobjectzonegroups/status
   - cephobjectzones/status
   - cephbuckettopics/status
   - cephbucketnotifications/status
   - cephrbdmirrors/status
@@ -115,14 +126,16 @@

   resources:
   - cephclients/finalizers
   - cephclusters/finalizers
   - cephblockpools/finalizers
   - cephfilesystems/finalizers
   - cephnfses/finalizers
+  - cephnvmeofgateways/finalizers
   - cephobjectstores/finalizers
   - cephobjectstoreusers/finalizers
+  - cephobjectstoreaccounts/finalizers
   - cephobjectrealms/finalizers
   - cephobjectzonegroups/finalizers
   - cephobjectzones/finalizers
   - cephbuckettopics/finalizers
   - cephbucketnotifications/finalizers
   - cephrbdmirrors/finalizers
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-mgr-cluster

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-mgr-cluster

@@ -14,13 +14,12 @@

 rules:
 - apiGroups:
   - ''
   resources:
   - configmaps
   - nodes
-  - nodes/proxy
   - persistentvolumes
   verbs:
   - get
   - list
   - watch
 - apiGroups:
@@ -31,12 +30,20 @@

   - create
   - patch
   - list
   - get
   - watch
 - apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+- apiGroups:
   - storage.k8s.io
   resources:
   - storageclasses
   verbs:
   - get
   - list
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-csi-nodeplugin

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-csi-nodeplugin

@@ -1,45 +0,0 @@

----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cephfs-csi-nodeplugin
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts/token
-  verbs:
-  - create
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-external-provisioner-runner

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-external-provisioner-runner

@@ -1,181 +0,0 @@

----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cephfs-external-provisioner-runner
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - csinodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumes
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - delete
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-  - update
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - storageclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - events
-  verbs:
-  - list
-  - watch
-  - create
-  - update
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments/status
-  verbs:
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims/status
-  verbs:
-  - patch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshots
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-  - update
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts/token
-  verbs:
-  - create
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rbd-csi-nodeplugin

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rbd-csi-nodeplugin

@@ -1,66 +0,0 @@

----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rbd-csi-nodeplugin
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumes
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts/token
-  verbs:
-  - create
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rbd-external-provisioner-runner

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rbd-external-provisioner-runner

@@ -1,213 +0,0 @@

----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rbd-external-provisioner-runner
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumes
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - delete
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - storageclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - events
-  verbs:
-  - list
-  - watch
-  - create
-  - update
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - volumeattachments/status
-  verbs:
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - storage.k8s.io
-  resources:
-  - csinodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - persistentvolumeclaims/status
-  verbs:
-  - patch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshots
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - patch
-  - update
-- apiGroups:
-  - snapshot.storage.k8s.io
-  resources:
-  - volumesnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotcontents
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-- apiGroups:
-  - groupsnapshot.storage.k8s.io
-  resources:
-  - volumegroupsnapshotcontents/status
-  verbs:
-  - update
-  - patch
-- apiGroups:
-  - ''
-  resources:
-  - configmaps
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts/token
-  verbs:
-  - create
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - gateway.networking.k8s.io
-  resources:
-  - referencegrants
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - replication.storage.openshift.io
-  resources:
-  - volumegroupreplicationcontents
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - replication.storage.openshift.io
-  resources:
-  - volumegroupreplicationclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/objectstorage-provisioner-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/objectstorage-provisioner-role

@@ -44,7 +44,15 @@

   - events
   verbs:
   - get
   - delete
   - update
   - create
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
 
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-crb

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ceph-csi-cephfs-ctrlplugin-crb
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: ceph-csi-cephfs-ctrlplugin-cr
-subjects:
-- kind: ServiceAccount
-  name: ceph-csi-cephfs-ctrlplugin-sa
-  namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-crb

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ceph-csi-cephfs-nodeplugin-crb
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: ceph-csi-cephfs-nodeplugin-cr
-subjects:
-- kind: ServiceAccount
-  name: ceph-csi-cephfs-nodeplugin-sa
-  namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-manager-rolebinding

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-manager-rolebinding

@@ -10,9 +10,9 @@

 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: ceph-csi-manager-role
 subjects:
 - kind: ServiceAccount
-  name: ceph-csi-controller-manager
+  name: ceph-csi
   namespace: rook-ceph
 
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-metrics-auth-rolebinding

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-metrics-auth-rolebinding

@@ -10,9 +10,9 @@

 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: ceph-csi-metrics-auth-role
 subjects:
 - kind: ServiceAccount
-  name: ceph-csi-controller-manager
+  name: ceph-csi
   namespace: rook-ceph
 
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-nfs-ctrlplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-nfs-ctrlplugin-crb

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ceph-csi-nfs-ctrlplugin-crb
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: ceph-csi-nfs-ctrlplugin-cr
-subjects:
-- kind: ServiceAccount
-  name: ceph-csi-nfs-ctrlplugin-sa
-  namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-nfs-nodeplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-nfs-nodeplugin-crb

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ceph-csi-nfs-nodeplugin-crb
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: ceph-csi-nfs-nodeplugin-cr
-subjects:
-- kind: ServiceAccount
-  name: ceph-csi-nfs-nodeplugin-sa
-  namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-crb

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ceph-csi-rbd-ctrlplugin-crb
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: ceph-csi-rbd-ctrlplugin-cr
-subjects:
-- kind: ServiceAccount
-  name: ceph-csi-rbd-ctrlplugin-sa
-  namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-crb

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ceph-csi-rbd-nodeplugin-crb
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: ceph-csi-rbd-nodeplugin-cr
-subjects:
-- kind: ServiceAccount
-  name: ceph-csi-rbd-nodeplugin-sa
-  namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rbd-csi-nodeplugin

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rbd-csi-nodeplugin

@@ -1,22 +0,0 @@

----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rbd-csi-nodeplugin
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-subjects:
-- kind: ServiceAccount
-  name: rook-csi-rbd-plugin-sa
-  namespace: rook-ceph
-roleRef:
-  kind: ClusterRole
-  name: rbd-csi-nodeplugin
-  apiGroup: rbac.authorization.k8s.io
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/cephfs-csi-provisioner-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/cephfs-csi-provisioner-role

@@ -1,22 +0,0 @@

----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cephfs-csi-provisioner-role
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-subjects:
-- kind: ServiceAccount
-  name: rook-csi-cephfs-provisioner-sa
-  namespace: rook-ceph
-roleRef:
-  kind: ClusterRole
-  name: cephfs-external-provisioner-runner
-  apiGroup: rbac.authorization.k8s.io
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/cephfs-csi-nodeplugin-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/cephfs-csi-nodeplugin-role

@@ -1,22 +0,0 @@

----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cephfs-csi-nodeplugin-role
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-subjects:
-- kind: ServiceAccount
-  name: rook-csi-cephfs-plugin-sa
-  namespace: rook-ceph
-roleRef:
-  kind: ClusterRole
-  name: cephfs-csi-nodeplugin
-  apiGroup: rbac.authorization.k8s.io
-
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rbd-csi-provisioner-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rbd-csi-provisioner-role

@@ -1,22 +0,0 @@

----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rbd-csi-provisioner-role
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-subjects:
-- kind: ServiceAccount
-  name: rook-csi-rbd-provisioner-sa
-  namespace: rook-ceph
-roleRef:
-  kind: ClusterRole
-  name: rbd-external-provisioner-runner
-  apiGroup: rbac.authorization.k8s.io
-
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-cephfs-ctrlplugin-r

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-cephfs-ctrlplugin-r

@@ -1,52 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: ceph-csi-cephfs-ctrlplugin-r
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - watch
-  - list
-  - delete
-  - update
-  - create
-- apiGroups:
-  - csiaddons.openshift.io
-  resources:
-  - csiaddonsnodes
-  verbs:
-  - get
-  - watch
-  - list
-  - create
-  - update
-  - delete
-- apiGroups:
-  - ''
-  resources:
-  - pods
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resources:
-  - replicasets
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resources:
-  - deployments/finalizers
-  - daemonsets/finalizers
-  verbs:
-  - update
-
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-cephfs-nodeplugin-r

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-cephfs-nodeplugin-r

@@ -1,41 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: ceph-csi-cephfs-nodeplugin-r
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - csiaddons.openshift.io
-  resources:
-  - csiaddonsnodes
-  verbs:
-  - get
-  - watch
-  - list
-  - create
-  - update
-  - delete
-- apiGroups:
-  - ''
-  resources:
-  - pods
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resources:
-  - replicasets
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resources:
-  - deployments/finalizers
-  - daemonsets/finalizers
-  verbs:
-  - update
-
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-leader-election-role

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-leader-election-role

@@ -1,11 +1,12 @@

 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: ceph-csi-leader-election-role
+  namespace: rook-ceph
   labels:
     app.kubernetes.io/name: ceph-csi
     app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/managed-by: Helm
 rules:
 - apiGroups:
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-rbd-ctrlplugin-r

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-rbd-ctrlplugin-r

@@ -1,52 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: ceph-csi-rbd-ctrlplugin-r
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - watch
-  - list
-  - delete
-  - update
-  - create
-- apiGroups:
-  - csiaddons.openshift.io
-  resources:
-  - csiaddonsnodes
-  verbs:
-  - get
-  - watch
-  - list
-  - create
-  - update
-  - delete
-- apiGroups:
-  - ''
-  resources:
-  - pods
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resources:
-  - replicasets
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resources:
-  - deployments/finalizers
-  - daemonsets/finalizers
-  verbs:
-  - update
-
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-rbd-nodeplugin-r

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-rbd-nodeplugin-r

@@ -1,41 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: ceph-csi-rbd-nodeplugin-r
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - csiaddons.openshift.io
-  resources:
-  - csiaddonsnodes
-  verbs:
-  - get
-  - watch
-  - list
-  - create
-  - update
-  - delete
-- apiGroups:
-  - ''
-  resources:
-  - pods
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resources:
-  - replicasets
-  verbs:
-  - get
-- apiGroups:
-  - apps
-  resources:
-  - deployments/finalizers
-  - daemonsets/finalizers
-  verbs:
-  - update
-
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-mgr

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-mgr

@@ -39,15 +39,17 @@

   - delete
 - apiGroups:
   - ceph.rook.io
   resources:
   - cephclients
   - cephclusters
+  - cephclusters/finalizers
   - cephblockpools
   - cephfilesystems
   - cephnfses
+  - cephnvmeofgateways
   - cephobjectstores
   - cephobjectstoreusers
   - cephobjectrealms
   - cephobjectzonegroups
   - cephobjectzones
   - cephbuckettopics
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/cephfs-external-provisioner-cfg

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/cephfs-external-provisioner-cfg

@@ -1,27 +0,0 @@

----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cephfs-external-provisioner-cfg
-  namespace: rook-ceph
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-rules:
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - watch
-  - list
-  - delete
-  - update
-  - create
-
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rbd-external-provisioner-cfg

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rbd-external-provisioner-cfg

@@ -1,27 +0,0 @@

----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rbd-external-provisioner-cfg
-  namespace: rook-ceph
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-rules:
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - watch
-  - list
-  - delete
-  - update
-  - create
-
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-rb

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: ceph-csi-cephfs-ctrlplugin-rb
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: ceph-csi-cephfs-ctrlplugin-r
-subjects:
-- kind: ServiceAccount
-  name: ceph-csi-cephfs-ctrlplugin-sa
-  namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-rb

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: ceph-csi-cephfs-nodeplugin-rb
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: ceph-csi-cephfs-nodeplugin-r
-subjects:
-- kind: ServiceAccount
-  name: ceph-csi-cephfs-nodeplugin-sa
-  namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-leader-election-rolebinding

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-leader-election-rolebinding

@@ -1,18 +1,19 @@

 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: ceph-csi-leader-election-rolebinding
+  namespace: rook-ceph
   labels:
     app.kubernetes.io/name: ceph-csi
     app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: ceph-csi-leader-election-role
 subjects:
 - kind: ServiceAccount
-  name: ceph-csi-controller-manager
+  name: ceph-csi
   namespace: rook-ceph
 
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-rb

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: ceph-csi-rbd-ctrlplugin-rb
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: ceph-csi-rbd-ctrlplugin-r
-subjects:
-- kind: ServiceAccount
-  name: ceph-csi-rbd-ctrlplugin-sa
-  namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-rb

@@ -1,18 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: ceph-csi-rbd-nodeplugin-rb
-  labels:
-    app.kubernetes.io/name: ceph-csi
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: ceph-csi-rbd-nodeplugin-r
-subjects:
-- kind: ServiceAccount
-  name: ceph-csi-rbd-nodeplugin-sa
-  namespace: rook-ceph
-
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/cephfs-csi-provisioner-role-cfg

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/cephfs-csi-provisioner-role-cfg

@@ -1,23 +0,0 @@

----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: cephfs-csi-provisioner-role-cfg
-  namespace: rook-ceph
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-subjects:
-- kind: ServiceAccount
-  name: rook-csi-cephfs-provisioner-sa
-  namespace: rook-ceph
-roleRef:
-  kind: Role
-  name: cephfs-external-provisioner-cfg
-  apiGroup: rbac.authorization.k8s.io
-
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rbd-csi-provisioner-role-cfg

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rbd-csi-provisioner-role-cfg

@@ -1,23 +0,0 @@

----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rbd-csi-provisioner-role-cfg
-  namespace: rook-ceph
-  labels:
-    operator: rook
-    storage-backend: ceph
-    app.kubernetes.io/name: rook-ceph
-    app.kubernetes.io/instance: rook-ceph
-    app.kubernetes.io/part-of: rook-ceph-operator
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/created-by: helm
-subjects:
-- kind: ServiceAccount
-  name: rook-csi-rbd-provisioner-sa
-  namespace: rook-ceph
-roleRef:
-  kind: Role
-  name: rbd-external-provisioner-cfg
-  apiGroup: rbac.authorization.k8s.io
-
--- HelmRelease: rook-ceph/rook-ceph Deployment: rook-ceph/ceph-csi-controller-manager

+++ HelmRelease: rook-ceph/rook-ceph Deployment: rook-ceph/ceph-csi-controller-manager

@@ -1,11 +1,12 @@

 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: ceph-csi-controller-manager
+  namespace: rook-ceph
   labels:
     control-plane: controller-manager
     app.kubernetes.io/name: ceph-csi
     app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/managed-by: Helm
 spec:
@@ -32,18 +33,18 @@

         env:
         - name: OPERATOR_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         - name: CSI_SERVICE_ACCOUNT_PREFIX
-          value: ceph-csi-
+          value: ''
         - name: WATCH_NAMESPACE
           value: ''
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: cluster.local
-        image: quay.io/cephcsi/ceph-csi-operator:v0.4.1
+        image: quay.io/cephcsi/ceph-csi-operator:v1.0.1
         livenessProbe:
           httpGet:
             path: /healthz
             port: 8081
           initialDelaySeconds: 15
           periodSeconds: 20
@@ -65,11 +66,15 @@

           allowPrivilegeEscalation: false
           capabilities:
             drop:
             - ALL
           readOnlyRootFilesystem: true
       imagePullSecrets: []
+      nodeSelector: {}
+      priorityClassName: null
       securityContext:
         runAsNonRoot: true
-      serviceAccountName: ceph-csi-controller-manager
+      serviceAccountName: ceph-csi
       terminationGracePeriodSeconds: 10
+      tolerations: []
+      topologySpreadConstraints: []
 
--- HelmRelease: rook-ceph/rook-ceph Deployment: rook-ceph/rook-ceph-operator

+++ HelmRelease: rook-ceph/rook-ceph Deployment: rook-ceph/rook-ceph-operator

@@ -28,13 +28,13 @@

       - effect: NoExecute
         key: node.kubernetes.io/unreachable
         operator: Exists
         tolerationSeconds: 5
       containers:
       - name: rook-ceph-operator
-        image: docker.io/rook/ceph:v1.18.8
+        image: docker.io/rook/ceph:v1.20.0
         imagePullPolicy: IfNotPresent
         args:
         - ceph
         - operator
         securityContext:
           capabilities:
@@ -48,18 +48,22 @@

           name: rook-config
         - mountPath: /etc/ceph
           name: default-config-dir
         env:
         - name: ROOK_CURRENT_NAMESPACE_ONLY
           value: 'false'
+        - name: ROOK_RECONCILE_CONCURRENT_CLUSTERS
+          value: '1'
         - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED
           value: 'false'
         - name: ROOK_DISABLE_DEVICE_HOTPLUG
           value: 'false'
         - name: ROOK_DISCOVER_DEVICES_INTERVAL
           value: 60m
+        - name: ROOK_UNREACHABLE_NODE_TOLERATION_SECONDS
+          value: '5'
         - name: NODE_NAME
           valueFrom:
             fieldRef:
               fieldPath: spec.nodeName
         - name: POD_NAME
           valueFrom:
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi

@@ -0,0 +1,11 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+automountServiceAccountToken: true
+
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-nvmeof

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-nvmeof

@@ -0,0 +1,15 @@

+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: rook-ceph-nvmeof
+  namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
+
--- HelmRelease: rook-ceph/rook-ceph ConfigMap: rook-ceph/rook-csi-operator-image-set-configmap

+++ HelmRelease: rook-ceph/rook-ceph ConfigMap: rook-ceph/rook-csi-operator-image-set-configmap

@@ -0,0 +1,23 @@

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: rook-csi-operator-image-set-configmap
+  namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
+data:
+  provisioner: registry.k8s.io/sig-storage/csi-provisioner:v6.2.0
+  attacher: registry.k8s.io/sig-storage/csi-attacher:v4.12.0
+  resizer: registry.k8s.io/sig-storage/csi-resizer:v2.1.0
+  snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0
+  registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.17.0
+  plugin: quay.io/cephcsi/cephcsi:v3.17.0
+  addons: quay.io/csiaddons/k8s-sidecar:v0.14.0
+

@renovate renovate Bot changed the title fix(helm): update chart rook-ceph ( v1.18.8 ➔ v1.18.9 ) feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.0 ) Jan 20, 2026
@renovate renovate Bot force-pushed the renovate/rook-ceph-1.x branch 2 times, most recently from 5d4a6ea to 2417618 Compare January 23, 2026 20:36
@renovate renovate Bot force-pushed the renovate/rook-ceph-1.x branch from 2417618 to d8c473d Compare February 2, 2026 20:12
@renovate renovate Bot changed the title feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.0 ) feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.1 ) Feb 6, 2026
@renovate renovate Bot force-pushed the renovate/rook-ceph-1.x branch from d8c473d to ece0196 Compare February 6, 2026 02:37
@renovate renovate Bot changed the title feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.1 ) feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.2 ) Feb 24, 2026
@renovate renovate Bot force-pushed the renovate/rook-ceph-1.x branch from ece0196 to 61c600e Compare February 24, 2026 23:12
@renovate renovate Bot force-pushed the renovate/rook-ceph-1.x branch from 61c600e to 4258bf8 Compare March 9, 2026 17:03
@renovate renovate Bot changed the title feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.2 ) feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.3 ) Mar 25, 2026
@renovate renovate Bot force-pushed the renovate/rook-ceph-1.x branch from 4258bf8 to 51a7102 Compare March 25, 2026 00:58
@renovate renovate Bot changed the title feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.3 ) feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.4 ) Apr 15, 2026
@renovate renovate Bot force-pushed the renovate/rook-ceph-1.x branch from 51a7102 to 31504bd Compare April 15, 2026 16:47
@renovate renovate Bot changed the title feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.4 ) feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.5 ) Apr 28, 2026
@renovate renovate Bot force-pushed the renovate/rook-ceph-1.x branch from 31504bd to 58b6c30 Compare April 28, 2026 23:03
@renovate renovate Bot changed the title feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.5 ) feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.6 ) May 27, 2026
@renovate renovate Bot force-pushed the renovate/rook-ceph-1.x branch from 58b6c30 to dd17c30 Compare May 27, 2026 22:50
@renovate renovate Bot force-pushed the renovate/rook-ceph-1.x branch from dd17c30 to cb52ad9 Compare June 2, 2026 23:01
@renovate renovate Bot changed the title feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.19.6 ) feat(helm): update chart rook-ceph ( v1.18.8 ➔ v1.20.0 ) Jun 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anthr76 anthr76 Awaiting requested review from anthr76 anthr76 is a code owner

Assignees

No one assigned

Labels

renovate/helm size/XS type/patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants