Exikle/Artemis-Cluster
1
0
Fork 0
Code Issues 1 Pull requests Releases 7 Activity Actions

feat(container): update rook-ceph group (v1.19.6 ➔ v1.20.0) #215

Closed
dusk-bot wants to merge 1 commit from renovate-rook-ceph into main
pull from: renovate-rook-ceph
merge into: Exikle:main
Conversation 1 Commits 1 Files changed 2 +2 -2
dusk-bot commented 2026-06-04 03:04:57 +00:00
Collaborator
Copy link

This PR contains the following updates:

Package Update Change
ghcr.io/rook/rook-ceph minor v1.19.6v1.20.0
ghcr.io/rook/rook-ceph-cluster minor v1.19.6v1.20.0

Release Notes

rook/rook (ghcr.io/rook/rook-ceph)

v1.20.0

Compare Source

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes
  • The Ceph CSI operator is required for managing CSI driver settings.
    • Upgrades will continue working with the existing settings that had been applied by Rook previously. Further updates to CSI settings will need to be updated by the Rook admin. Clusters with default CSI settings do not require customizations.
    • CSI settings are removed from the Rook operator configmap rook-ceph-operator-config and the rook-ceph Helm chart.
    • New installs must configure the CSI settings with the Ceph-CSI OperatorConfig and Driver CRs. Default settings are included in operator.yaml. For custom CSI settings, see the CSI Configuration for more details and examples.
    • For helm users, the Ceph CSI operator settings are configured by the ceph-csi-drivers chart. Custom CSI images remain configured by the rook-ceph chart values.
Features
  • Supported Kubernetes versions are v1.31 through v1.36.
  • SSE-S3 with Vault Agent: Added support for server-side encryption with SSE-S3 using HashiCorp Vault Agent authentication. See the CephObjectStore Security Settings for more details.
  • Unused CRUSH rule cleanup: Rook now deletes unused CRUSH rules by default after the Ceph mgr starts. If unused CRUSH rules should not be deleted, set ROOK_DELETE_UNUSED_CRUSH_RULES to false in the operator config.
  • Concurrently reconciling multiple Ceph Clusters with the setting ROOK_RECONCILE_CONCURRENT_CLUSTERS is declared stable.
  • Containers within a pod are now consistently reconciled by name instead of relying on the order in which they are declared. This is a defensive measure against the declaration order changing due to manipulation by a mutating webhook.
  • OSD resize with encrypted host-based OSDs: For encrypted OSDs (with encryptedDevice: true) with host-based (non-PVC) clusters, resizing the underlying disk now automatically expands encrypted OSDs.
  • RGW Accounts (Experimental): The CephObjectStoreAccount CRD manages RGW accounts. The accountReffield is added inCephObjectStoreUser to associate users with accounts. This feature is currently only testable with the Ceph main branch image (quay.ceph.io/ceph-ci/ceph:main`). See the Object Store Accounts documentation for more details.
  • Two-node clusters (Experimental): Rook allows a "floating" mon to migrate between the two nodes in case one node is down.

Configuration

📅 Schedule: (in timezone America/Toronto)

  • Branch creation
    • "every weekday"
  • Automerge
    • "every weekday"

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/rook/rook-ceph](https://github.com/rook/rook) | minor | `v1.19.6` → `v1.20.0` | | [ghcr.io/rook/rook-ceph-cluster](https://github.com/rook/rook) | minor | `v1.19.6` → `v1.20.0` | --- ### Release Notes <details> <summary>rook/rook (ghcr.io/rook/rook-ceph)</summary> ### [`v1.20.0`](https://github.com/rook/rook/releases/tag/v1.20.0) [Compare Source](https://github.com/rook/rook/compare/v1.19.6...v1.20.0) ##### Upgrade Guide To upgrade from previous versions of Rook, see the [Rook upgrade guide](https://rook.github.io/docs/rook/v1.20/Upgrade/rook-upgrade/). ##### Breaking Changes - The Ceph CSI operator is required for managing CSI driver settings. - Upgrades will continue working with the existing settings that had been applied by Rook previously. Further updates to CSI settings will need to be updated by the Rook admin. Clusters with default CSI settings do not require customizations. - CSI settings are removed from the Rook operator configmap [rook-ceph-operator-config](https://github.com/rook/rook/blob/release-1.20/deploy/examples/operator.yaml#L18) and the [rook-ceph](https://rook.io/docs/rook/v1.20/Helm-Charts/operator-chart/) Helm chart. - New installs must configure the CSI settings with the Ceph-CSI `OperatorConfig` and `Driver` CRs. Default settings are included in [operator.yaml](https://github.com/rook/rook/blob/release-1.20/deploy/examples/operator.yaml#L97-L170). For custom CSI settings, see the [CSI Configuration](https://rook.io/docs/rook/v1.20/Storage-Configuration/Ceph-CSI/csi-configuration/) for more details and examples. - For helm users, the Ceph CSI operator settings are configured by the [ceph-csi-drivers chart](https://rook.io/docs/rook/v1.20/Helm-Charts/csi-drivers-chart/). Custom CSI images remain configured by the [rook-ceph chart values](https://github.com/rook/rook/blob/release-1.20/deploy/charts/rook-ceph/values.yaml#L97-L137). ##### Features - Supported Kubernetes versions are v1.31 through v1.36. - SSE-S3 with Vault Agent: Added support for server-side encryption with SSE-S3 using HashiCorp Vault Agent authentication. See the [CephObjectStore Security Settings](Documentation/CRDs/Object-Storage/ceph-object-store-crd.md#sse-s3-with-vault-agent) for more details. - Unused CRUSH rule cleanup: Rook now deletes unused CRUSH rules by default after the Ceph mgr starts. If unused CRUSH rules should not be deleted, set `ROOK_DELETE_UNUSED_CRUSH_RULES` to `false` in the operator config. - Concurrently reconciling multiple Ceph Clusters with the setting `ROOK_RECONCILE_CONCURRENT_CLUSTERS` is declared stable. - Containers within a pod are now consistently reconciled by name instead of relying on the order in which they are declared. This is a defensive measure against the declaration order changing due to manipulation by a mutating webhook. - OSD resize with encrypted host-based OSDs: For encrypted OSDs (with `encryptedDevice: true`) with host-based (non-PVC) clusters, resizing the underlying disk now automatically expands encrypted OSDs. - RGW Accounts (Experimental): The `CephObjectStoreAccount` CRD manages RGW accounts. The accountRef`field is added in`CephObjectStoreUser` to associate users with accounts. This feature is currently only testable with the Ceph main branch image (`quay.ceph.io/ceph-ci/ceph:main\`). See the [Object Store Accounts](Documentation/Storage-Configuration/Object-Storage-RGW/ceph-object-accounts.md) documentation for more details. - Two-node clusters (Experimental): Rook allows a "floating" mon to migrate between the two nodes in case one node is down. </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Toronto) - Branch creation - "every weekday" - Automerge - "every weekday" 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIxMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJwcmlvcml0eS9tZWRpdW0iLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL21pbm9yIl19-->
feat(container): update rook-ceph group (v1.19.6 ➔ v1.20.0)
All checks were successful
Flate / Flate - Filter (pull_request) Successful in 22s
Details
Labeler / Labeler (pull_request_target) Successful in 42s
Details
Flate / Flate (helmrelease) (pull_request) Successful in 1m46s
Details
Flate / Flate (kustomization) (pull_request) Successful in 1m45s
Details
Flate / Flate - Comment (pull_request) Successful in 42s
Details
Flate - Success Flate checks success
Flate / Flate - Success (pull_request) Successful in 56s
Details
868a8cdad8
dusk-bot scheduled this pull request to auto merge when all checks succeed 2026-06-04 03:05:01 +00:00
Exikle canceled auto merging this pull request when all checks succeed 2026-06-04 03:15:52 +00:00
dusk-bot commented 2026-06-04 03:19:40 +00:00
Author
Collaborator
Copy link
Kustomization diff 

@@ spec.ref.tag @@
# source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph-cluster
! ± value change
- v1.19.6
+ v1.20.0

@@ spec.ref.tag @@
# source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph
! ± value change
- v1.19.6
+ v1.20.0
HelmRelease diff 

@@ data @@
# v1/ConfigMap/rook-ceph/rook-ceph-operator-config
! - 45 map entries removed:
- CSI_CEPHFS_ATTACH_REQUIRED: "true"
- CSI_CEPHFS_FSGROUPPOLICY: File
- CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: ms_mode=prefer-crc
- CSI_CEPHFS_PLUGIN_RESOURCE: |
-   - name : driver-registrar
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   - name : csi-cephfsplugin
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   - name : liveness-prometheus
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   
- CSI_CEPHFS_PROVISIONER_RESOURCE: |
-   - name : csi-provisioner
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-resizer
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-attacher
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-snapshotter
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-cephfsplugin
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   - name : liveness-prometheus
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   
- CSI_ENABLE_CEPHFS_SNAPSHOTTER: "true"
- CSI_ENABLE_CROSS_NAMESPACE_VOLUME_DATA_SOURCE: "false"
- CSI_ENABLE_CSIADDONS: "false"
- CSI_ENABLE_ENCRYPTION: "false"
- CSI_ENABLE_HOST_NETWORK: "true"
- CSI_ENABLE_LIVENESS: "true"
- CSI_ENABLE_METADATA: "false"
- CSI_ENABLE_NFS_SNAPSHOTTER: "true"
- CSI_ENABLE_OMAP_GENERATOR: "false"
- CSI_ENABLE_RBD_SNAPSHOTTER: "true"
- CSI_ENABLE_TOPOLOGY: "false"
- CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: "true"
- CSI_FORCE_CEPHFS_KERNEL_CLIENT: "true"
- CSI_GRPC_TIMEOUT_SECONDS: "150"
- CSI_NFS_ATTACH_REQUIRED: "true"
- CSI_NFS_FSGROUPPOLICY: File
- CSI_NFS_PLUGIN_RESOURCE: |
-   - name : driver-registrar
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   - name : csi-nfsplugin
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   
- CSI_NFS_PROVISIONER_RESOURCE: |
-   - name : csi-provisioner
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-nfsplugin
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   - name : csi-attacher
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   
- CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: "false"
- CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical
- CSI_PROVISIONER_NODE_AFFINITY: "kubernetes.io/hostname=talos-w-01,talos-w-02,talos-gpu-01"
- CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical
- CSI_PROVISIONER_REPLICAS: "2"
- CSI_RBD_ATTACH_REQUIRED: "true"
- CSI_RBD_FSGROUPPOLICY: File
- CSI_RBD_PLUGIN_RESOURCE: |
-   - name : driver-registrar
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   - name : csi-rbdplugin
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   - name : liveness-prometheus
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   
- CSI_RBD_PROVISIONER_RESOURCE: |
-   - name : csi-provisioner
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-resizer
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-attacher
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-snapshotter
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-rbdplugin
-     resource:
-       requests:
-         memory: 512Mi
-       limits:
-         memory: 1Gi
-   - name : csi-omap-generator
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   - name : liveness-prometheus
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   
- ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.11.0"
- ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.16.2"
- ROOK_CSI_DISABLE_DRIVER: "false"
- ROOK_CSI_ENABLE_CEPHFS: "true"
- ROOK_CSI_ENABLE_NFS: "false"
- ROOK_CSI_ENABLE_RBD: "true"
- ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent
- ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v6.1.1"
- ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.16.0"
- ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0"
- ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0"
- ROOK_CSIADDONS_IMAGE: "quay.io/csiaddons/k8s-sidecar:v0.14.0"
- ROOK_USE_CSI_OPERATOR: "true"
! + two map entries added:
+ ROOK_CEPH_MON_RUN_AS_ROOT: "false"
+ ROOK_DELETE_UNUSED_CRUSH_RULES: "true"

@@ rules @@
# rbac.authorization.k8s.io/v1/ClusterRole/rook-ceph-global
! - three list entries removed:
- - resources:
-   - cephclients
-   - cephclusters
-   - cephblockpools
-   - cephfilesystems
-   - cephnfses
-   - cephnvmeofgateways
-   - cephobjectstores
-   - cephobjectstoreusers
-   - cephobjectrealms
-   - cephobjectzonegroups
-   - cephobjectzones
-   - cephbuckettopics
-   - cephbucketnotifications
-   - cephrbdmirrors
-   - cephfilesystemmirrors
-   - cephfilesystemsubvolumegroups
-   - cephblockpoolradosnamespaces
-   - cephcosidrivers
-   apiGroups:
-   - ceph.rook.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - cephclients/status
-   - cephclusters/status
-   - cephblockpools/status
-   - cephfilesystems/status
-   - cephnfses/status
-   - cephnvmeofgateways/status
-   - cephobjectstores/status
-   - cephobjectstoreusers/status
-   - cephobjectrealms/status
-   - cephobjectzonegroups/status
-   - cephobjectzones/status
-   - cephbuckettopics/status
-   - cephbucketnotifications/status
-   - cephrbdmirrors/status
-   - cephfilesystemmirrors/status
-   - cephfilesystemsubvolumegroups/status
-   - cephblockpoolradosnamespaces/status
-   apiGroups:
-   - ceph.rook.io
-   verbs:
-   - update
- - resources:
-   - cephclients/finalizers
-   - cephclusters/finalizers
-   - cephblockpools/finalizers
-   - cephfilesystems/finalizers
-   - cephnfses/finalizers
-   - cephnvmeofgateways/finalizers
-   - cephobjectstores/finalizers
-   - cephobjectstoreusers/finalizers
-   - cephobjectrealms/finalizers
-   - cephobjectzonegroups/finalizers
-   - cephobjectzones/finalizers
-   - cephbuckettopics/finalizers
-   - cephbucketnotifications/finalizers
-   - cephrbdmirrors/finalizers
-   - cephfilesystemmirrors/finalizers
-   - cephfilesystemsubvolumegroups/finalizers
-   - cephblockpoolradosnamespaces/finalizers
-   apiGroups:
-   - ceph.rook.io
-   verbs:
-   - update
! + three list entries added:
+ - resources:
+   - cephclients
+   - cephclusters
+   - cephblockpools
+   - cephfilesystems
+   - cephnfses
+   - cephnvmeofgateways
+   - cephobjectstores
+   - cephobjectstoreusers
+   - cephobjectstoreaccounts
+   - cephobjectrealms
+   - cephobjectzonegroups
+   - cephobjectzones
+   - cephbuckettopics
+   - cephbucketnotifications
+   - cephrbdmirrors
+   - cephfilesystemmirrors
+   - cephfilesystemsubvolumegroups
+   - cephblockpoolradosnamespaces
+   - cephcosidrivers
+   apiGroups:
+   - ceph.rook.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+ - resources:
+   - cephclients/status
+   - cephclusters/status
+   - cephblockpools/status
+   - cephfilesystems/status
+   - cephnfses/status
+   - cephnvmeofgateways/status
+   - cephobjectstores/status
+   - cephobjectstoreusers/status
+   - cephobjectstoreaccounts/status
+   - cephobjectrealms/status
+   - cephobjectzonegroups/status
+   - cephobjectzones/status
+   - cephbuckettopics/status
+   - cephbucketnotifications/status
+   - cephrbdmirrors/status
+   - cephfilesystemmirrors/status
+   - cephfilesystemsubvolumegroups/status
+   - cephblockpoolradosnamespaces/status
+   apiGroups:
+   - ceph.rook.io
+   verbs:
+   - update
+ - resources:
+   - cephclients/finalizers
+   - cephclusters/finalizers
+   - cephblockpools/finalizers
+   - cephfilesystems/finalizers
+   - cephnfses/finalizers
+   - cephnvmeofgateways/finalizers
+   - cephobjectstores/finalizers
+   - cephobjectstoreusers/finalizers
+   - cephobjectstoreaccounts/finalizers
+   - cephobjectrealms/finalizers
+   - cephobjectzonegroups/finalizers
+   - cephobjectzones/finalizers
+   - cephbuckettopics/finalizers
+   - cephbucketnotifications/finalizers
+   - cephrbdmirrors/finalizers
+   - cephfilesystemmirrors/finalizers
+   - cephfilesystemsubvolumegroups/finalizers
+   - cephblockpoolradosnamespaces/finalizers
+   apiGroups:
+   - ceph.rook.io
+   verbs:
+   - update

@@ subjects @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-manager-rolebinding
! - one list entry removed:
- - name: ceph-csi-controller-manager
-   kind: ServiceAccount
-   namespace: rook-ceph
! + one list entry added:
+ - name: ceph-csi
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ subjects @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-metrics-auth-rolebinding
! - one list entry removed:
- - name: ceph-csi-controller-manager
-   kind: ServiceAccount
-   namespace: rook-ceph
! + one list entry added:
+ - name: ceph-csi
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ subjects @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-leader-election-rolebinding
! - one list entry removed:
- - name: ceph-csi-controller-manager
-   kind: ServiceAccount
-   namespace: rook-ceph
! + one list entry added:
+ - name: ceph-csi
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ spec.template.spec @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! + four map entries added:
+ nodeSelector: {}
+ priorityClassName: null
+ tolerations: []
+ topologySpreadConstraints: []

@@ spec.template.spec.containers.manager.env.CSI_SERVICE_ACCOUNT_PREFIX.value @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! ± value change
- ceph-csi-
+

@@ spec.template.spec.containers.manager.image @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! ± value change
- quay.io/cephcsi/ceph-csi-operator:v0.6.0
+ quay.io/cephcsi/ceph-csi-operator:v1.0.1

@@ spec.template.spec.serviceAccountName @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! ± value change
- ceph-csi-controller-manager
+ ceph-csi

@@ spec.template.spec.containers.rook-ceph-operator.image @@
# apps/v1/Deployment/rook-ceph/rook-ceph-operator
! ± value change
- ghcr.io/rook/ceph:v1.19.6
+ ghcr.io/rook/ceph:v1.20.0

@@ spec.template.spec.containers.rook-ceph-tools.image @@
# apps/v1/Deployment/rook-ceph/rook-ceph-tools
! ± value change
- quay.io/ceph/ceph:v19.2.3
+ quay.io/ceph/ceph:v20.2.1

@@ spec.cephVersion.image @@
# ceph.rook.io/v1/CephCluster/rook-ceph/rook-ceph
! ± value change
- quay.io/ceph/ceph:v19.2.3
+ quay.io/ceph/ceph:v20.2.1

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-cephfs-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-cephfs-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-controller-manager
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-controller-manager
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nfs-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-nfs-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nfs-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-nfs-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-nvmeof-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-nvmeof-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-rbd-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-rbd-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-rbd-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-rbd-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-cephfs-plugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: rook-csi-cephfs-plugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-cephfs-provisioner-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: rook-csi-cephfs-provisioner-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-rbd-plugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: rook-csi-rbd-plugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-rbd-provisioner-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: rook-csi-rbd-provisioner-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-cephfs-ctrlplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - delete
-   - patch
-   - update
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - volumeattributesclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-cephfs-nodeplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - persistentvolumes
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-nfs-ctrlplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - delete
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - volumeattributesclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-nfs-nodeplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-nvmeof-ctrlplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - delete
-   - patch
-   - update
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - subjectaccessreviews
-   apiGroups:
-   - authorization.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-nvmeof-nodeplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-rbd-ctrlplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - delete
-   - patch
-   - update
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupreplicationcontents
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupreplicationclasses
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - subjectaccessreviews
-   apiGroups:
-   - authorization.k8s.io
-   verbs:
-   - create
- - resources:
-   - snapshotmetadataservices
-   apiGroups:
-   - cbt.storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - volumeattributesclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-rbd-nodeplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-nodeplugin
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: cephfs-csi-nodeplugin
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/cephfs-external-provisioner-runner
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: cephfs-external-provisioner-runner
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - delete
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - events
-   apiGroups:
-   - events.k8s.io
-   verbs:
-   - create
-   - patch
-   - update
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-nodeplugin
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: rbd-csi-nodeplugin
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/rbd-external-provisioner-runner
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: rbd-external-provisioner-runner
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - delete
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - events
-   apiGroups:
-   - events.k8s.io
-   verbs:
-   - create
-   - patch
-   - update
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - referencegrants
-   apiGroups:
-   - gateway.networking.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupreplicationcontents
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupreplicationclasses
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-cephfs-ctrlplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-cephfs-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-cephfs-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-cephfs-nodeplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-cephfs-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-cephfs-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-nfs-ctrlplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nfs-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-nfs-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-nfs-nodeplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nfs-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-nfs-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-nvmeof-ctrlplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nvmeof-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-nvmeof-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-nvmeof-nodeplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nvmeof-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-nvmeof-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-rbd-ctrlplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-rbd-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-rbd-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-rbd-nodeplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-rbd-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-rbd-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-nodeplugin
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: rbd-csi-nodeplugin
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: rbd-csi-nodeplugin
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: rook-csi-rbd-plugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-provisioner-role
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: cephfs-csi-provisioner-role
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: cephfs-external-provisioner-runner
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: rook-csi-cephfs-provisioner-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-nodeplugin-role
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: cephfs-csi-nodeplugin-role
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: cephfs-csi-nodeplugin
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: rook-csi-cephfs-plugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-provisioner-role
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: rbd-csi-provisioner-role
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: rbd-external-provisioner-runner
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: rook-csi-rbd-provisioner-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-ctrlplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-cephfs-ctrlplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-nodeplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-cephfs-nodeplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-ctrlplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-nvmeof-ctrlplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-nodeplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-nvmeof-nodeplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-ctrlplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-rbd-ctrlplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-nodeplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-rbd-nodeplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/cephfs-external-provisioner-cfg
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: cephfs-external-provisioner-cfg
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/rbd-external-provisioner-cfg
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: rbd-external-provisioner-cfg
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-ctrlplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-cephfs-ctrlplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-cephfs-ctrlplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-cephfs-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-nodeplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-cephfs-nodeplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-cephfs-nodeplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-cephfs-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-ctrlplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-nvmeof-ctrlplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nvmeof-ctrlplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-nvmeof-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-nodeplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-nvmeof-nodeplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nvmeof-nodeplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-nvmeof-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-ctrlplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-rbd-ctrlplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-rbd-ctrlplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-rbd-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-nodeplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-rbd-nodeplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-rbd-nodeplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-rbd-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/cephfs-csi-provisioner-role-cfg
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: cephfs-csi-provisioner-role-cfg
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: cephfs-external-provisioner-cfg
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: rook-csi-cephfs-provisioner-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/rbd-csi-provisioner-role-cfg
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: rbd-csi-provisioner-role-cfg
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: rbd-external-provisioner-cfg
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: rook-csi-rbd-provisioner-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/ceph-csi
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ automountServiceAccountToken: true

@@ (root level) @@
# v1/ConfigMap/rook-ceph/rook-csi-operator-image-set-configmap
! + one document added:
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+   name: rook-csi-operator-image-set-configmap
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ data:
+   addons: "quay.io/csiaddons/k8s-sidecar:v0.14.0"
+   attacher: "registry.k8s.io/sig-storage/csi-attacher:v4.12.0"
+   plugin: "quay.io/cephcsi/cephcsi:v3.17.0"
+   provisioner: "registry.k8s.io/sig-storage/csi-provisioner:v6.2.0"
+   registrar: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.17.0"
+   resizer: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0"
+   snapshotter: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0"

Diff created by flateWorkflow run

<!-- flate --> <details open><summary>Kustomization diff</summary> ```diff @@ spec.ref.tag @@ # source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph-cluster ! ± value change - v1.19.6 + v1.20.0 @@ spec.ref.tag @@ # source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph ! ± value change - v1.19.6 + v1.20.0 ``` </details> <details open><summary>HelmRelease diff</summary> ```diff @@ data @@ # v1/ConfigMap/rook-ceph/rook-ceph-operator-config ! - 45 map entries removed: - CSI_CEPHFS_ATTACH_REQUIRED: "true" - CSI_CEPHFS_FSGROUPPOLICY: File - CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: ms_mode=prefer-crc - CSI_CEPHFS_PLUGIN_RESOURCE: | - - name : driver-registrar - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - name : csi-cephfsplugin - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - name : liveness-prometheus - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - CSI_CEPHFS_PROVISIONER_RESOURCE: | - - name : csi-provisioner - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-resizer - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-attacher - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-snapshotter - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-cephfsplugin - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - name : liveness-prometheus - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - CSI_ENABLE_CEPHFS_SNAPSHOTTER: "true" - CSI_ENABLE_CROSS_NAMESPACE_VOLUME_DATA_SOURCE: "false" - CSI_ENABLE_CSIADDONS: "false" - CSI_ENABLE_ENCRYPTION: "false" - CSI_ENABLE_HOST_NETWORK: "true" - CSI_ENABLE_LIVENESS: "true" - CSI_ENABLE_METADATA: "false" - CSI_ENABLE_NFS_SNAPSHOTTER: "true" - CSI_ENABLE_OMAP_GENERATOR: "false" - CSI_ENABLE_RBD_SNAPSHOTTER: "true" - CSI_ENABLE_TOPOLOGY: "false" - CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: "true" - CSI_FORCE_CEPHFS_KERNEL_CLIENT: "true" - CSI_GRPC_TIMEOUT_SECONDS: "150" - CSI_NFS_ATTACH_REQUIRED: "true" - CSI_NFS_FSGROUPPOLICY: File - CSI_NFS_PLUGIN_RESOURCE: | - - name : driver-registrar - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - name : csi-nfsplugin - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - CSI_NFS_PROVISIONER_RESOURCE: | - - name : csi-provisioner - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-nfsplugin - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - name : csi-attacher - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: "false" - CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical - CSI_PROVISIONER_NODE_AFFINITY: "kubernetes.io/hostname=talos-w-01,talos-w-02,talos-gpu-01" - CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical - CSI_PROVISIONER_REPLICAS: "2" - CSI_RBD_ATTACH_REQUIRED: "true" - CSI_RBD_FSGROUPPOLICY: File - CSI_RBD_PLUGIN_RESOURCE: | - - name : driver-registrar - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - name : csi-rbdplugin - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - name : liveness-prometheus - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - CSI_RBD_PROVISIONER_RESOURCE: | - - name : csi-provisioner - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-resizer - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-attacher - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-snapshotter - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-rbdplugin - resource: - requests: - memory: 512Mi - limits: - memory: 1Gi - - name : csi-omap-generator - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - name : liveness-prometheus - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.11.0" - ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.16.2" - ROOK_CSI_DISABLE_DRIVER: "false" - ROOK_CSI_ENABLE_CEPHFS: "true" - ROOK_CSI_ENABLE_NFS: "false" - ROOK_CSI_ENABLE_RBD: "true" - ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent - ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v6.1.1" - ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.16.0" - ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0" - ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0" - ROOK_CSIADDONS_IMAGE: "quay.io/csiaddons/k8s-sidecar:v0.14.0" - ROOK_USE_CSI_OPERATOR: "true" ! + two map entries added: + ROOK_CEPH_MON_RUN_AS_ROOT: "false" + ROOK_DELETE_UNUSED_CRUSH_RULES: "true" @@ rules @@ # rbac.authorization.k8s.io/v1/ClusterRole/rook-ceph-global ! - three list entries removed: - - resources: - - cephclients - - cephclusters - - cephblockpools - - cephfilesystems - - cephnfses - - cephnvmeofgateways - - cephobjectstores - - cephobjectstoreusers - - cephobjectrealms - - cephobjectzonegroups - - cephobjectzones - - cephbuckettopics - - cephbucketnotifications - - cephrbdmirrors - - cephfilesystemmirrors - - cephfilesystemsubvolumegroups - - cephblockpoolradosnamespaces - - cephcosidrivers - apiGroups: - - ceph.rook.io - verbs: - - get - - list - - watch - - update - - resources: - - cephclients/status - - cephclusters/status - - cephblockpools/status - - cephfilesystems/status - - cephnfses/status - - cephnvmeofgateways/status - - cephobjectstores/status - - cephobjectstoreusers/status - - cephobjectrealms/status - - cephobjectzonegroups/status - - cephobjectzones/status - - cephbuckettopics/status - - cephbucketnotifications/status - - cephrbdmirrors/status - - cephfilesystemmirrors/status - - cephfilesystemsubvolumegroups/status - - cephblockpoolradosnamespaces/status - apiGroups: - - ceph.rook.io - verbs: - - update - - resources: - - cephclients/finalizers - - cephclusters/finalizers - - cephblockpools/finalizers - - cephfilesystems/finalizers - - cephnfses/finalizers - - cephnvmeofgateways/finalizers - - cephobjectstores/finalizers - - cephobjectstoreusers/finalizers - - cephobjectrealms/finalizers - - cephobjectzonegroups/finalizers - - cephobjectzones/finalizers - - cephbuckettopics/finalizers - - cephbucketnotifications/finalizers - - cephrbdmirrors/finalizers - - cephfilesystemmirrors/finalizers - - cephfilesystemsubvolumegroups/finalizers - - cephblockpoolradosnamespaces/finalizers - apiGroups: - - ceph.rook.io - verbs: - - update ! + three list entries added: + - resources: + - cephclients + - cephclusters + - cephblockpools + - cephfilesystems + - cephnfses + - cephnvmeofgateways + - cephobjectstores + - cephobjectstoreusers + - cephobjectstoreaccounts + - cephobjectrealms + - cephobjectzonegroups + - cephobjectzones + - cephbuckettopics + - cephbucketnotifications + - cephrbdmirrors + - cephfilesystemmirrors + - cephfilesystemsubvolumegroups + - cephblockpoolradosnamespaces + - cephcosidrivers + apiGroups: + - ceph.rook.io + verbs: + - get + - list + - watch + - update + - resources: + - cephclients/status + - cephclusters/status + - cephblockpools/status + - cephfilesystems/status + - cephnfses/status + - cephnvmeofgateways/status + - cephobjectstores/status + - cephobjectstoreusers/status + - cephobjectstoreaccounts/status + - cephobjectrealms/status + - cephobjectzonegroups/status + - cephobjectzones/status + - cephbuckettopics/status + - cephbucketnotifications/status + - cephrbdmirrors/status + - cephfilesystemmirrors/status + - cephfilesystemsubvolumegroups/status + - cephblockpoolradosnamespaces/status + apiGroups: + - ceph.rook.io + verbs: + - update + - resources: + - cephclients/finalizers + - cephclusters/finalizers + - cephblockpools/finalizers + - cephfilesystems/finalizers + - cephnfses/finalizers + - cephnvmeofgateways/finalizers + - cephobjectstores/finalizers + - cephobjectstoreusers/finalizers + - cephobjectstoreaccounts/finalizers + - cephobjectrealms/finalizers + - cephobjectzonegroups/finalizers + - cephobjectzones/finalizers + - cephbuckettopics/finalizers + - cephbucketnotifications/finalizers + - cephrbdmirrors/finalizers + - cephfilesystemmirrors/finalizers + - cephfilesystemsubvolumegroups/finalizers + - cephblockpoolradosnamespaces/finalizers + apiGroups: + - ceph.rook.io + verbs: + - update @@ subjects @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-manager-rolebinding ! - one list entry removed: - - name: ceph-csi-controller-manager - kind: ServiceAccount - namespace: rook-ceph ! + one list entry added: + - name: ceph-csi + kind: ServiceAccount + namespace: rook-ceph @@ subjects @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-metrics-auth-rolebinding ! - one list entry removed: - - name: ceph-csi-controller-manager - kind: ServiceAccount - namespace: rook-ceph ! + one list entry added: + - name: ceph-csi + kind: ServiceAccount + namespace: rook-ceph @@ subjects @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-leader-election-rolebinding ! - one list entry removed: - - name: ceph-csi-controller-manager - kind: ServiceAccount - namespace: rook-ceph ! + one list entry added: + - name: ceph-csi + kind: ServiceAccount + namespace: rook-ceph @@ spec.template.spec @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! + four map entries added: + nodeSelector: {} + priorityClassName: null + tolerations: [] + topologySpreadConstraints: [] @@ spec.template.spec.containers.manager.env.CSI_SERVICE_ACCOUNT_PREFIX.value @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! ± value change - ceph-csi- + @@ spec.template.spec.containers.manager.image @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! ± value change - quay.io/cephcsi/ceph-csi-operator:v0.6.0 + quay.io/cephcsi/ceph-csi-operator:v1.0.1 @@ spec.template.spec.serviceAccountName @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! ± value change - ceph-csi-controller-manager + ceph-csi @@ spec.template.spec.containers.rook-ceph-operator.image @@ # apps/v1/Deployment/rook-ceph/rook-ceph-operator ! ± value change - ghcr.io/rook/ceph:v1.19.6 + ghcr.io/rook/ceph:v1.20.0 @@ spec.template.spec.containers.rook-ceph-tools.image @@ # apps/v1/Deployment/rook-ceph/rook-ceph-tools ! ± value change - quay.io/ceph/ceph:v19.2.3 + quay.io/ceph/ceph:v20.2.1 @@ spec.cephVersion.image @@ # ceph.rook.io/v1/CephCluster/rook-ceph/rook-ceph ! ± value change - quay.io/ceph/ceph:v19.2.3 + quay.io/ceph/ceph:v20.2.1 @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-cephfs-ctrlplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-cephfs-nodeplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-controller-manager ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-controller-manager - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nfs-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-nfs-ctrlplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nfs-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-nfs-nodeplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-nvmeof-ctrlplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-nvmeof-nodeplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-rbd-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-rbd-ctrlplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-rbd-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-rbd-nodeplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-cephfs-plugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rook-csi-cephfs-plugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-cephfs-provisioner-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rook-csi-cephfs-provisioner-sa - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-rbd-plugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rook-csi-rbd-plugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-rbd-provisioner-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rook-csi-rbd-provisioner-sa - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-cephfs-ctrlplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - patch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - update - - patch - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - volumeattributesclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-cephfs-nodeplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - persistentvolumes - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-nfs-ctrlplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - update - - delete - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - patch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - get - - list - - watch - - create - - update - - patch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - list - - watch - - create - - update - - patch - - resources: - - secrets - apiGroups: - - - verbs: - - get - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - volumeattributesclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-nfs-nodeplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - nodes - apiGroups: - - - verbs: - - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-nvmeof-ctrlplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - subjectaccessreviews - apiGroups: - - authorization.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-nvmeof-nodeplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-rbd-ctrlplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - update - - patch - - resources: - - volumegroupreplicationcontents - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupreplicationclasses - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - subjectaccessreviews - apiGroups: - - authorization.k8s.io - verbs: - - create - - resources: - - snapshotmetadataservices - apiGroups: - - cbt.storage.k8s.io - verbs: - - get - - list - - resources: - - volumeattributesclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-rbd-nodeplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-nodeplugin ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: cephfs-csi-nodeplugin - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - secrets - apiGroups: - - - verbs: - - get - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/cephfs-external-provisioner-runner ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: cephfs-external-provisioner-runner - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - update - - delete - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - patch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - events - apiGroups: - - events.k8s.io - verbs: - - create - - patch - - update - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-nodeplugin ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rbd-csi-nodeplugin - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/rbd-external-provisioner-runner ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rbd-external-provisioner-runner - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - update - - delete - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - events - apiGroups: - - events.k8s.io - verbs: - - create - - patch - - update - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - referencegrants - apiGroups: - - gateway.networking.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupreplicationcontents - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupreplicationclasses - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-cephfs-ctrlplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-cephfs-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-cephfs-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-cephfs-nodeplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-cephfs-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-cephfs-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-nfs-ctrlplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nfs-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-nfs-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-nfs-nodeplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nfs-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-nfs-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-nvmeof-ctrlplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nvmeof-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-nvmeof-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-nvmeof-nodeplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nvmeof-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-nvmeof-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-rbd-ctrlplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-rbd-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-rbd-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-rbd-nodeplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-rbd-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-rbd-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-nodeplugin ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: rbd-csi-nodeplugin - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: rbd-csi-nodeplugin - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: rook-csi-rbd-plugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-provisioner-role ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: cephfs-csi-provisioner-role - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: cephfs-external-provisioner-runner - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: rook-csi-cephfs-provisioner-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-nodeplugin-role ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: cephfs-csi-nodeplugin-role - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: cephfs-csi-nodeplugin - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: rook-csi-cephfs-plugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-provisioner-role ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: rbd-csi-provisioner-role - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: rbd-external-provisioner-runner - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: rook-csi-rbd-provisioner-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-ctrlplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-cephfs-ctrlplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-nodeplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-cephfs-nodeplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-ctrlplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-nvmeof-ctrlplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-nodeplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-nvmeof-nodeplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-ctrlplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-rbd-ctrlplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-nodeplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-rbd-nodeplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/cephfs-external-provisioner-cfg ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: cephfs-external-provisioner-cfg - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/rbd-external-provisioner-cfg ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: rbd-external-provisioner-cfg - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-ctrlplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-cephfs-ctrlplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-cephfs-ctrlplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-cephfs-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-nodeplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-cephfs-nodeplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-cephfs-nodeplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-cephfs-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-ctrlplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-nvmeof-ctrlplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nvmeof-ctrlplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-nvmeof-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-nodeplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-nvmeof-nodeplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nvmeof-nodeplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-nvmeof-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-ctrlplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-rbd-ctrlplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-rbd-ctrlplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-rbd-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-nodeplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-rbd-nodeplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-rbd-nodeplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-rbd-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/cephfs-csi-provisioner-role-cfg ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: cephfs-csi-provisioner-role-cfg - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: cephfs-external-provisioner-cfg - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: rook-csi-cephfs-provisioner-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/rbd-csi-provisioner-role-cfg ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: rbd-csi-provisioner-role-cfg - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: rbd-external-provisioner-cfg - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: rook-csi-rbd-provisioner-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/ceph-csi ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + automountServiceAccountToken: true @@ (root level) @@ # v1/ConfigMap/rook-ceph/rook-csi-operator-image-set-configmap ! + one document added: + apiVersion: v1 + kind: ConfigMap + metadata: + name: rook-csi-operator-image-set-configmap + namespace: rook-ceph + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + data: + addons: "quay.io/csiaddons/k8s-sidecar:v0.14.0" + attacher: "registry.k8s.io/sig-storage/csi-attacher:v4.12.0" + plugin: "quay.io/cephcsi/cephcsi:v3.17.0" + provisioner: "registry.k8s.io/sig-storage/csi-provisioner:v6.2.0" + registrar: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.17.0" + resizer: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0" + snapshotter: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0" ``` </details> <sub>Diff created by [flate](https://github.com/home-operations/flate) — [Workflow run](https://git.dcunha.io/Exikle/Artemis-Cluster/actions/runs/788)</sub>
Exikle closed this pull request 2026-06-04 04:03:37 +00:00
All checks were successful
Flate / Flate - Filter (pull_request) Successful in 22s
Details
Labeler / Labeler (pull_request_target) Successful in 42s
Details
Flate / Flate (helmrelease) (pull_request) Successful in 1m46s
Details
Flate / Flate (kustomization) (pull_request) Successful in 1m45s
Details
Flate / Flate - Comment (pull_request) Successful in 42s
Details
Flate - Success Flate checks success
Required
Flate / Flate - Success (pull_request) Successful in 56s
Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Exikle
Labels
Clear labels   
area/bootstrap
Issues related to cluster bootstrapping

  
area/ci
Issues related to Forgejo workflows and automation

  
area/flux
Issues related to Flux CD configuration

  
area/kubernetes
Issues related to Kubernetes configuration

  
area/media
Issues related to media stack configuration

  
area/observability
Issues related to observability configuration

  
area/renovate
Issues related to Renovate configuration and automation

  
area/talos
Issues related to TalosOS configuration and operations

  
community
Community contributions and discussions

  
hold
Do not merge - work in progress or blocked

  
hold/upstream
Blocked waiting for upstream fix or update

  
priority/high
High priority issues

  
priority/low
Low priority issues

  
priority/medium
Medium priority issues

  
renovate/container
Container image updates from Renovate

  
renovate/forgejo-action
Forgejo Action updates from Renovate

  
renovate/github-release
GitHub Release updates from Renovate

  
renovate/grafana-dashboard
Grafana dashboard updates from Renovate

  
renovate/helm
Helm chart updates from Renovate

  
type/digest
Container digest updates (same version, new build)

  
type/major
Major version updates (breaking changes)

  
type/minor
Minor version updates (new features, backward compatible)

  
type/patch
Patch version updates (bug fixes)

No labels
area/bootstrap
area/ci
area/flux
area/kubernetes
area/media
area/observability
area/renovate
area/talos
community
hold
hold/upstream
priority/high
priority/low
priority/medium
renovate/container
renovate/forgejo-action
renovate/github-release
renovate/grafana-dashboard
renovate/helm
type/digest
type/major
type/minor
type/patch
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Exikle/Artemis-Cluster!215
No description provided.