Exikle/Artemis-Cluster
1
0
Fork 0
Code Issues 1 Pull requests Releases 7 Activity Actions

feat(rook-ceph): upgrade to v1.20.0 #218

Merged
Exikle merged 1 commit from feat/rook-ceph-v1.20 into main 2026-06-04 04:04:12 +00:00
Conversation 1 Commits 1 Files changed 9 +87 -16
Exikle commented 2026-06-04 03:43:15 +00:00
Owner
Copy link

Summary

Upgrades rook-ceph from v1.19.6 to v1.20.0.

Breaking change in v1.20

Rook no longer deploys CSI drivers directly. A new ceph-csi-operator (bundled as subchart of the operator) takes over, and a new ceph-csi-drivers chart must be deployed to configure it.

Changes

  • Bump operator + cluster OCIRepository tags v1.19.6 → v1.20.0
  • Add csi-drivers/ kustomization with HelmRepository + HelmRelease for ceph-csi-drivers v1.0.1
  • Migrate CSI settings to ceph-csi-drivers: kernelMountOptions (ms_mode=prefer-crc) + controllerPlugin.affinity (provisioner nodes)
  • Remove operator HelmRelease values that no longer exist in v1.20: cephFSKernelMountOptions, enableLiveness, provisionerNodeAffinity
  • Replace standalone ConfigMap with configMapGenerator; drop ROOK_CSI_PROVISIONER_IMAGE (CSI images now managed by ceph-csi-operator)
  • Dependency chain: rook-ceph-operatorrook-ceph-csi-driversrook-ceph-cluster

Closes

Supersedes Renovate PR #215 (close that one after this merges).

## Summary Upgrades rook-ceph from v1.19.6 to v1.20.0. ### Breaking change in v1.20 Rook no longer deploys CSI drivers directly. A new `ceph-csi-operator` (bundled as subchart of the operator) takes over, and a new `ceph-csi-drivers` chart must be deployed to configure it. ### Changes - Bump operator + cluster OCIRepository tags v1.19.6 → v1.20.0 - Add `csi-drivers/` kustomization with HelmRepository + HelmRelease for `ceph-csi-drivers` v1.0.1 - Migrate CSI settings to ceph-csi-drivers: `kernelMountOptions` (ms_mode=prefer-crc) + `controllerPlugin.affinity` (provisioner nodes) - Remove operator HelmRelease values that no longer exist in v1.20: `cephFSKernelMountOptions`, `enableLiveness`, `provisionerNodeAffinity` - Replace standalone ConfigMap with `configMapGenerator`; drop `ROOK_CSI_PROVISIONER_IMAGE` (CSI images now managed by ceph-csi-operator) - Dependency chain: `rook-ceph-operator` → `rook-ceph-csi-drivers` → `rook-ceph-cluster` ### Closes Supersedes Renovate PR #215 (close that one after this merges).
feat(rook-ceph): upgrade to v1.20.0
All checks were successful
Flate / Flate - Filter (pull_request) Successful in 16s
Details
Labeler / Labeler (pull_request_target) Successful in 40s
Details
Flate / Flate (kustomization) (pull_request) Successful in 2m33s
Details
Flate / Flate (helmrelease) (pull_request) Successful in 2m59s
Details
Flate / Flate - Comment (pull_request) Successful in 41s
Details
Flate - Success Flate checks success
Flate / Flate - Success (pull_request) Successful in 26s
Details
b1db5a043c
 
- Bump operator and cluster charts v1.19.6 → v1.20.0
- Add ceph-csi-drivers kustomization (new required chart in v1.20)
- Migrate CSI settings to ceph-csi-drivers: kernelMountOptions + controllerPlugin affinity
- Drop cephFSKernelMountOptions/enableLiveness/provisionerNodeAffinity from operator (removed in v1.20)
- Replace standalone ConfigMap with configMapGenerator; remove ROOK_CSI_PROVISIONER_IMAGE (CSI now managed by ceph-csi-operator subchart)
- Dependency chain: rook-ceph-operator → rook-ceph-csi-drivers → rook-ceph-cluster
dusk-bot commented 2026-06-04 03:47:17 +00:00
Collaborator
Copy link
Kustomization diff 

@@ spec.dependsOn @@
# kustomize.toolkit.fluxcd.io/v1/Kustomization/rook-ceph/rook-ceph-cluster
! + one list entry added:
+ - name: rook-ceph-csi-drivers

@@ spec.values.controllers.app.containers.app.image.tag @@
# helm.toolkit.fluxcd.io/v2/HelmRelease/media/seerr
! ± value change
- v3.3.0@sha256:c92d2dc117f62185e7bcb88cd56efd374ea79210eaf433275449e8d5988eb5a8
+ v3.2.0@sha256:c4cbd5121236ac2f70a843a0b920b68a27976be57917555f1c45b08a1e6b2aad

@@ spec.ref.tag @@
# source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph-cluster
! ± value change
- v1.19.6
+ v1.20.0

@@ spec.values.csi @@
# helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/rook-ceph
! - three map entries removed:
- cephFSKernelMountOptions: ms_mode=prefer-crc
- enableLiveness: true
- provisionerNodeAffinity: "kubernetes.io/hostname=talos-w-01,talos-w-02,talos-gpu-01"

@@ spec.ref.tag @@
# source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph
! ± value change
- v1.19.6
+ v1.20.0

@@ data @@
# v1/ConfigMap/rook-ceph/rook-ceph-operator-config
! - one map entry removed:
- ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v6.2.0"

@@ (root level) @@
# kustomize.toolkit.fluxcd.io/v1/Kustomization/rook-ceph/rook-ceph-csi-drivers
! + one document added:
+ apiVersion: kustomize.toolkit.fluxcd.io/v1
+ kind: Kustomization
+ metadata:
+   name: rook-ceph-csi-drivers
+   namespace: rook-ceph
+   labels:
+     kustomize.toolkit.fluxcd.io/name: artemis-cluster
+     kustomize.toolkit.fluxcd.io/namespace: flux-system
+ spec:
+   commonMetadata:
+     labels:
+       app.kubernetes.io/name: rook-ceph-csi-drivers
+   deletionPolicy: WaitForTermination
+   dependsOn:
+   - name: rook-ceph-operator
+   interval: 1h
+   patches:
+   - patch: |
+       apiVersion: helm.toolkit.fluxcd.io/v2
+       kind: HelmRelease
+       metadata:
+         name: _
+       spec:
+         install:
+           crds: CreateReplace
+           strategy:
+             name: RetryOnFailure
+         rollback:
+           cleanupOnFail: true
+           recreate: true
+         upgrade:
+           cleanupOnFail: true
+           crds: CreateReplace
+           strategy:
+             name: RemediateOnFailure
+           remediation:
+             remediateLastFailure: true
+             retries: 2
+     target:
+       kind: HelmRelease
+       group: helm.toolkit.fluxcd.io
+   path: ./kubernetes/apps/rook-ceph/rook-ceph/csi-drivers
+   prune: true
+   retryInterval: 1m
+   sourceRef:
+     name: flux-system
+     kind: GitRepository
+     namespace: flux-system
+   targetNamespace: rook-ceph
+   timeout: 10m
+   wait: true

@@ (root level) @@
# source.toolkit.fluxcd.io/v1/HelmRepository/rook-ceph/ceph-csi-operator
! + one document added:
+ apiVersion: source.toolkit.fluxcd.io/v1
+ kind: HelmRepository
+ metadata:
+   name: ceph-csi-operator
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/name: rook-ceph-csi-drivers
+     kustomize.toolkit.fluxcd.io/name: rook-ceph-csi-drivers
+     kustomize.toolkit.fluxcd.io/namespace: rook-ceph
+ spec:
+   url: "https://ceph.github.io/ceph-csi-operator"
+   interval: 1h

@@ (root level) @@
# helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/ceph-csi-drivers
! + one document added:
+ apiVersion: helm.toolkit.fluxcd.io/v2
+ kind: HelmRelease
+ metadata:
+   name: ceph-csi-drivers
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/name: rook-ceph-csi-drivers
+     kustomize.toolkit.fluxcd.io/name: rook-ceph-csi-drivers
+     kustomize.toolkit.fluxcd.io/namespace: rook-ceph
+ spec:
+   chart:
+     spec:
+       version: "1.0.1"
+       chart: ceph-csi-drivers
+       sourceRef:
+         name: ceph-csi-operator
+         kind: HelmRepository
+         namespace: rook-ceph
+   install:
+     crds: CreateReplace
+     strategy:
+       name: RetryOnFailure
+   interval: 1h
+   rollback:
+     cleanupOnFail: true
+     recreate: true
+   upgrade:
+     cleanupOnFail: true
+     crds: CreateReplace
+     remediation:
+       remediateLastFailure: true
+       retries: 2
+     strategy:
+       name: RemediateOnFailure
+   values:
+     cephConnections: []
+     clientProfiles: []
+     operatorConfig:
+       driverSpecDefaults:
+         controllerPlugin:
+           affinity:
+             nodeAffinity:
+               requiredDuringSchedulingIgnoredDuringExecution:
+                 nodeSelectorTerms:
+                 - matchExpressions:
+                   - key: kubernetes.io/hostname
+                     operator: In
+                     values:
+                     - talos-w-01
+                     - talos-w-02
+                     - talos-gpu-01
+         kernelMountOptions:
+           ms_mode: prefer-crc
HelmRelease diff 

@@ spec.template.spec.containers.app.image @@
# apps/v1/Deployment/media/seerr
! ± value change
- ghcr.io/seerr-team/seerr:v3.3.0@sha256:c92d2dc117f62185e7bcb88cd56efd374ea79210eaf433275449e8d5988eb5a8
+ ghcr.io/seerr-team/seerr:v3.2.0@sha256:c4cbd5121236ac2f70a843a0b920b68a27976be57917555f1c45b08a1e6b2aad

@@ data @@
# v1/ConfigMap/rook-ceph/rook-ceph-operator-config
! - 45 map entries removed:
- CSI_CEPHFS_ATTACH_REQUIRED: "true"
- CSI_CEPHFS_FSGROUPPOLICY: File
- CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: ms_mode=prefer-crc
- CSI_CEPHFS_PLUGIN_RESOURCE: |
-   - name : driver-registrar
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   - name : csi-cephfsplugin
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   - name : liveness-prometheus
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   
- CSI_CEPHFS_PROVISIONER_RESOURCE: |
-   - name : csi-provisioner
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-resizer
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-attacher
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-snapshotter
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-cephfsplugin
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   - name : liveness-prometheus
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   
- CSI_ENABLE_CEPHFS_SNAPSHOTTER: "true"
- CSI_ENABLE_CROSS_NAMESPACE_VOLUME_DATA_SOURCE: "false"
- CSI_ENABLE_CSIADDONS: "false"
- CSI_ENABLE_ENCRYPTION: "false"
- CSI_ENABLE_HOST_NETWORK: "true"
- CSI_ENABLE_LIVENESS: "true"
- CSI_ENABLE_METADATA: "false"
- CSI_ENABLE_NFS_SNAPSHOTTER: "true"
- CSI_ENABLE_OMAP_GENERATOR: "false"
- CSI_ENABLE_RBD_SNAPSHOTTER: "true"
- CSI_ENABLE_TOPOLOGY: "false"
- CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: "true"
- CSI_FORCE_CEPHFS_KERNEL_CLIENT: "true"
- CSI_GRPC_TIMEOUT_SECONDS: "150"
- CSI_NFS_ATTACH_REQUIRED: "true"
- CSI_NFS_FSGROUPPOLICY: File
- CSI_NFS_PLUGIN_RESOURCE: |
-   - name : driver-registrar
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   - name : csi-nfsplugin
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   
- CSI_NFS_PROVISIONER_RESOURCE: |
-   - name : csi-provisioner
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-nfsplugin
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   - name : csi-attacher
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   
- CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: "false"
- CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical
- CSI_PROVISIONER_NODE_AFFINITY: "kubernetes.io/hostname=talos-w-01,talos-w-02,talos-gpu-01"
- CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical
- CSI_PROVISIONER_REPLICAS: "2"
- CSI_RBD_ATTACH_REQUIRED: "true"
- CSI_RBD_FSGROUPPOLICY: File
- CSI_RBD_PLUGIN_RESOURCE: |
-   - name : driver-registrar
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   - name : csi-rbdplugin
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   - name : liveness-prometheus
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   
- CSI_RBD_PROVISIONER_RESOURCE: |
-   - name : csi-provisioner
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-resizer
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-attacher
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-snapshotter
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 100m
-       limits:
-         memory: 256Mi
-   - name : csi-rbdplugin
-     resource:
-       requests:
-         memory: 512Mi
-       limits:
-         memory: 1Gi
-   - name : csi-omap-generator
-     resource:
-       requests:
-         memory: 512Mi
-         cpu: 250m
-       limits:
-         memory: 1Gi
-   - name : liveness-prometheus
-     resource:
-       requests:
-         memory: 128Mi
-         cpu: 50m
-       limits:
-         memory: 256Mi
-   
- ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.11.0"
- ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.16.2"
- ROOK_CSI_DISABLE_DRIVER: "false"
- ROOK_CSI_ENABLE_CEPHFS: "true"
- ROOK_CSI_ENABLE_NFS: "false"
- ROOK_CSI_ENABLE_RBD: "true"
- ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent
- ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v6.1.1"
- ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.16.0"
- ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0"
- ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0"
- ROOK_CSIADDONS_IMAGE: "quay.io/csiaddons/k8s-sidecar:v0.14.0"
- ROOK_USE_CSI_OPERATOR: "true"
! + two map entries added:
+ ROOK_CEPH_MON_RUN_AS_ROOT: "false"
+ ROOK_DELETE_UNUSED_CRUSH_RULES: "true"

@@ rules @@
# rbac.authorization.k8s.io/v1/ClusterRole/rook-ceph-global
! - three list entries removed:
- - resources:
-   - cephclients
-   - cephclusters
-   - cephblockpools
-   - cephfilesystems
-   - cephnfses
-   - cephnvmeofgateways
-   - cephobjectstores
-   - cephobjectstoreusers
-   - cephobjectrealms
-   - cephobjectzonegroups
-   - cephobjectzones
-   - cephbuckettopics
-   - cephbucketnotifications
-   - cephrbdmirrors
-   - cephfilesystemmirrors
-   - cephfilesystemsubvolumegroups
-   - cephblockpoolradosnamespaces
-   - cephcosidrivers
-   apiGroups:
-   - ceph.rook.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - cephclients/status
-   - cephclusters/status
-   - cephblockpools/status
-   - cephfilesystems/status
-   - cephnfses/status
-   - cephnvmeofgateways/status
-   - cephobjectstores/status
-   - cephobjectstoreusers/status
-   - cephobjectrealms/status
-   - cephobjectzonegroups/status
-   - cephobjectzones/status
-   - cephbuckettopics/status
-   - cephbucketnotifications/status
-   - cephrbdmirrors/status
-   - cephfilesystemmirrors/status
-   - cephfilesystemsubvolumegroups/status
-   - cephblockpoolradosnamespaces/status
-   apiGroups:
-   - ceph.rook.io
-   verbs:
-   - update
- - resources:
-   - cephclients/finalizers
-   - cephclusters/finalizers
-   - cephblockpools/finalizers
-   - cephfilesystems/finalizers
-   - cephnfses/finalizers
-   - cephnvmeofgateways/finalizers
-   - cephobjectstores/finalizers
-   - cephobjectstoreusers/finalizers
-   - cephobjectrealms/finalizers
-   - cephobjectzonegroups/finalizers
-   - cephobjectzones/finalizers
-   - cephbuckettopics/finalizers
-   - cephbucketnotifications/finalizers
-   - cephrbdmirrors/finalizers
-   - cephfilesystemmirrors/finalizers
-   - cephfilesystemsubvolumegroups/finalizers
-   - cephblockpoolradosnamespaces/finalizers
-   apiGroups:
-   - ceph.rook.io
-   verbs:
-   - update
! + three list entries added:
+ - resources:
+   - cephclients
+   - cephclusters
+   - cephblockpools
+   - cephfilesystems
+   - cephnfses
+   - cephnvmeofgateways
+   - cephobjectstores
+   - cephobjectstoreusers
+   - cephobjectstoreaccounts
+   - cephobjectrealms
+   - cephobjectzonegroups
+   - cephobjectzones
+   - cephbuckettopics
+   - cephbucketnotifications
+   - cephrbdmirrors
+   - cephfilesystemmirrors
+   - cephfilesystemsubvolumegroups
+   - cephblockpoolradosnamespaces
+   - cephcosidrivers
+   apiGroups:
+   - ceph.rook.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+ - resources:
+   - cephclients/status
+   - cephclusters/status
+   - cephblockpools/status
+   - cephfilesystems/status
+   - cephnfses/status
+   - cephnvmeofgateways/status
+   - cephobjectstores/status
+   - cephobjectstoreusers/status
+   - cephobjectstoreaccounts/status
+   - cephobjectrealms/status
+   - cephobjectzonegroups/status
+   - cephobjectzones/status
+   - cephbuckettopics/status
+   - cephbucketnotifications/status
+   - cephrbdmirrors/status
+   - cephfilesystemmirrors/status
+   - cephfilesystemsubvolumegroups/status
+   - cephblockpoolradosnamespaces/status
+   apiGroups:
+   - ceph.rook.io
+   verbs:
+   - update
+ - resources:
+   - cephclients/finalizers
+   - cephclusters/finalizers
+   - cephblockpools/finalizers
+   - cephfilesystems/finalizers
+   - cephnfses/finalizers
+   - cephnvmeofgateways/finalizers
+   - cephobjectstores/finalizers
+   - cephobjectstoreusers/finalizers
+   - cephobjectstoreaccounts/finalizers
+   - cephobjectrealms/finalizers
+   - cephobjectzonegroups/finalizers
+   - cephobjectzones/finalizers
+   - cephbuckettopics/finalizers
+   - cephbucketnotifications/finalizers
+   - cephrbdmirrors/finalizers
+   - cephfilesystemmirrors/finalizers
+   - cephfilesystemsubvolumegroups/finalizers
+   - cephblockpoolradosnamespaces/finalizers
+   apiGroups:
+   - ceph.rook.io
+   verbs:
+   - update

@@ subjects @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-manager-rolebinding
! - one list entry removed:
- - name: ceph-csi-controller-manager
-   kind: ServiceAccount
-   namespace: rook-ceph
! + one list entry added:
+ - name: ceph-csi
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ subjects @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-metrics-auth-rolebinding
! - one list entry removed:
- - name: ceph-csi-controller-manager
-   kind: ServiceAccount
-   namespace: rook-ceph
! + one list entry added:
+ - name: ceph-csi
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ subjects @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-leader-election-rolebinding
! - one list entry removed:
- - name: ceph-csi-controller-manager
-   kind: ServiceAccount
-   namespace: rook-ceph
! + one list entry added:
+ - name: ceph-csi
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ spec.template.spec @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! + four map entries added:
+ nodeSelector: {}
+ priorityClassName: null
+ tolerations: []
+ topologySpreadConstraints: []

@@ spec.template.spec.containers.manager.env.CSI_SERVICE_ACCOUNT_PREFIX.value @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! ± value change
- ceph-csi-
+

@@ spec.template.spec.containers.manager.image @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! ± value change
- quay.io/cephcsi/ceph-csi-operator:v0.6.0
+ quay.io/cephcsi/ceph-csi-operator:v1.0.1

@@ spec.template.spec.serviceAccountName @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! ± value change
- ceph-csi-controller-manager
+ ceph-csi

@@ spec.template.spec.containers.rook-ceph-operator.image @@
# apps/v1/Deployment/rook-ceph/rook-ceph-operator
! ± value change
- ghcr.io/rook/ceph:v1.19.6
+ ghcr.io/rook/ceph:v1.20.0

@@ spec.template.spec.containers.rook-ceph-tools.image @@
# apps/v1/Deployment/rook-ceph/rook-ceph-tools
! ± value change
- quay.io/ceph/ceph:v19.2.3
+ quay.io/ceph/ceph:v20.2.1

@@ spec.cephVersion.image @@
# ceph.rook.io/v1/CephCluster/rook-ceph/rook-ceph
! ± value change
- quay.io/ceph/ceph:v19.2.3
+ quay.io/ceph/ceph:v20.2.1

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-cephfs-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-cephfs-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-controller-manager
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-controller-manager
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nfs-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-nfs-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nfs-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-nfs-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-nvmeof-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-nvmeof-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-rbd-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-rbd-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-rbd-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi-rbd-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-cephfs-plugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: rook-csi-cephfs-plugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-cephfs-provisioner-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: rook-csi-cephfs-provisioner-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-rbd-plugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: rook-csi-rbd-plugin-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-rbd-provisioner-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: rook-csi-rbd-provisioner-sa
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-cephfs-ctrlplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - delete
-   - patch
-   - update
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - volumeattributesclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-cephfs-nodeplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - persistentvolumes
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-nfs-ctrlplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - delete
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - volumeattributesclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-nfs-nodeplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-nvmeof-ctrlplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - delete
-   - patch
-   - update
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - subjectaccessreviews
-   apiGroups:
-   - authorization.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-nvmeof-nodeplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-rbd-ctrlplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - delete
-   - patch
-   - update
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupreplicationcontents
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupreplicationclasses
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - subjectaccessreviews
-   apiGroups:
-   - authorization.k8s.io
-   verbs:
-   - create
- - resources:
-   - snapshotmetadataservices
-   apiGroups:
-   - cbt.storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - volumeattributesclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: ceph-csi-rbd-nodeplugin-cr
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-nodeplugin
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: cephfs-csi-nodeplugin
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/cephfs-external-provisioner-runner
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: cephfs-external-provisioner-runner
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - delete
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - events
-   apiGroups:
-   - events.k8s.io
-   verbs:
-   - create
-   - patch
-   - update
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-nodeplugin
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: rbd-csi-nodeplugin
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/rbd-external-provisioner-runner
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: rbd-external-provisioner-runner
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - delete
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - events
-   apiGroups:
-   - events.k8s.io
-   verbs:
-   - create
-   - patch
-   - update
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - referencegrants
-   apiGroups:
-   - gateway.networking.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupreplicationcontents
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupreplicationclasses
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-cephfs-ctrlplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-cephfs-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-cephfs-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-cephfs-nodeplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-cephfs-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-cephfs-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-nfs-ctrlplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nfs-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-nfs-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-nfs-nodeplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nfs-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-nfs-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-nvmeof-ctrlplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nvmeof-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-nvmeof-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-nvmeof-nodeplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nvmeof-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-nvmeof-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-rbd-ctrlplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-rbd-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-rbd-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: ceph-csi-rbd-nodeplugin-crb
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-rbd-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: ceph-csi-rbd-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-nodeplugin
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: rbd-csi-nodeplugin
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: rbd-csi-nodeplugin
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: rook-csi-rbd-plugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-provisioner-role
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: cephfs-csi-provisioner-role
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: cephfs-external-provisioner-runner
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: rook-csi-cephfs-provisioner-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-nodeplugin-role
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: cephfs-csi-nodeplugin-role
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: cephfs-csi-nodeplugin
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: rook-csi-cephfs-plugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-provisioner-role
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: rbd-csi-provisioner-role
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: rbd-external-provisioner-runner
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: rook-csi-rbd-provisioner-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-ctrlplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-cephfs-ctrlplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-nodeplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-cephfs-nodeplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-ctrlplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-nvmeof-ctrlplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-nodeplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-nvmeof-nodeplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-ctrlplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-rbd-ctrlplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-nodeplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: ceph-csi-rbd-nodeplugin-r
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/cephfs-external-provisioner-cfg
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: cephfs-external-provisioner-cfg
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/rbd-external-provisioner-cfg
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: rbd-external-provisioner-cfg
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-ctrlplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-cephfs-ctrlplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-cephfs-ctrlplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-cephfs-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-nodeplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-cephfs-nodeplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-cephfs-nodeplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-cephfs-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-ctrlplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-nvmeof-ctrlplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nvmeof-ctrlplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-nvmeof-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-nodeplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-nvmeof-nodeplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-nvmeof-nodeplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-nvmeof-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-ctrlplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-rbd-ctrlplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-rbd-ctrlplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-rbd-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-nodeplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: ceph-csi-rbd-nodeplugin-rb
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: ceph-csi-rbd-nodeplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: ceph-csi-rbd-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/cephfs-csi-provisioner-role-cfg
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: cephfs-csi-provisioner-role-cfg
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: cephfs-external-provisioner-cfg
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: rook-csi-cephfs-provisioner-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/rbd-csi-provisioner-role-cfg
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: rbd-csi-provisioner-role-cfg
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- roleRef:
-   name: rbd-external-provisioner-cfg
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: rook-csi-rbd-provisioner-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/cephfs-csi-ceph-com-ctrlplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: cephfs-csi-ceph-com-ctrlplugin-sa
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/cephfs-csi-ceph-com-nodeplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: cephfs-csi-ceph-com-nodeplugin-sa
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/nfs-csi-ceph-com-ctrlplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: nfs-csi-ceph-com-ctrlplugin-sa
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/nfs-csi-ceph-com-nodeplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: nfs-csi-ceph-com-nodeplugin-sa
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/nvmeof-csi-ceph-com-ctrlplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: nvmeof-csi-ceph-com-ctrlplugin-sa
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/nvmeof-csi-ceph-com-nodeplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: nvmeof-csi-ceph-com-nodeplugin-sa
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rbd-csi-ceph-com-ctrlplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: rbd-csi-ceph-com-ctrlplugin-sa
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rbd-csi-ceph-com-nodeplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: rbd-csi-ceph-com-nodeplugin-sa
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-ceph-com-ctrlplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: cephfs-csi-ceph-com-ctrlplugin-cr
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - csinodes
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - delete
+   - patch
+   - update
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - storageclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+ - resources:
+   - volumeattachments/status
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - patch
+ - resources:
+   - persistentvolumeclaims/status
+   apiGroups:
+   - 
+   verbs:
+   - patch
+ - resources:
+   - volumesnapshots
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+ - resources:
+   - volumesnapshotclasses
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotcontents
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - volumesnapshotcontents/status
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupreplicationcontents
+   apiGroups:
+   - replication.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupreplicationclasses
+   apiGroups:
+   - replication.storage.openshift.io
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-ceph-com-nodeplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: cephfs-csi-ceph-com-nodeplugin-cr
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - persistentvolumes
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/nfs-csi-ceph-com-ctrlplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: nfs-csi-ceph-com-ctrlplugin-cr
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - update
+   - delete
+   - patch
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - storageclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - csinodes
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - leases
+   apiGroups:
+   - coordination.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - volumesnapshotclasses
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotcontents
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumesnapshotcontents/status
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumesnapshots
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+ - resources:
+   - persistentvolumeclaims/status
+   apiGroups:
+   - 
+   verbs:
+   - patch
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+ - resources:
+   - volumeattachments/status
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - patch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/nfs-csi-ceph-com-nodeplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: nfs-csi-ceph-com-nodeplugin-cr
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/nvmeof-csi-ceph-com-ctrlplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: nvmeof-csi-ceph-com-ctrlplugin-cr
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - delete
+   - patch
+   - update
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+ - resources:
+   - storageclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+ - resources:
+   - volumeattachments/status
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - patch
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - csinodes
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumeclaims/status
+   apiGroups:
+   - 
+   verbs:
+   - patch
+ - resources:
+   - volumesnapshots
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotclasses
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotcontents
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - volumesnapshotcontents/status
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupreplicationcontents
+   apiGroups:
+   - replication.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupreplicationclasses
+   apiGroups:
+   - replication.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create
+ - resources:
+   - subjectaccessreviews
+   apiGroups:
+   - authorization.k8s.io
+   verbs:
+   - create
+ - resources:
+   - snapshotmetadataservices
+   apiGroups:
+   - cbt.storage.k8s.io
+   verbs:
+   - get
+   - list

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/nvmeof-csi-ceph-com-nodeplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: nvmeof-csi-ceph-com-nodeplugin-cr
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-ceph-com-ctrlplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: rbd-csi-ceph-com-ctrlplugin-cr
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - delete
+   - patch
+   - update
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+ - resources:
+   - storageclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+ - resources:
+   - volumeattachments/status
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - patch
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - csinodes
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumeclaims/status
+   apiGroups:
+   - 
+   verbs:
+   - patch
+ - resources:
+   - volumesnapshots
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotclasses
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotcontents
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - volumesnapshotcontents/status
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupreplicationcontents
+   apiGroups:
+   - replication.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupreplicationclasses
+   apiGroups:
+   - replication.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create
+ - resources:
+   - subjectaccessreviews
+   apiGroups:
+   - authorization.k8s.io
+   verbs:
+   - create
+ - resources:
+   - snapshotmetadataservices
+   apiGroups:
+   - cbt.storage.k8s.io
+   verbs:
+   - get
+   - list

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-ceph-com-nodeplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: rbd-csi-ceph-com-nodeplugin-cr
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-ceph-com-ctrlplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: cephfs-csi-ceph-com-ctrlplugin-crb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: cephfs-csi-ceph-com-ctrlplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: cephfs-csi-ceph-com-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-ceph-com-nodeplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: cephfs-csi-ceph-com-nodeplugin-crb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: cephfs-csi-ceph-com-nodeplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: cephfs-csi-ceph-com-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/nfs-csi-ceph-com-ctrlplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: nfs-csi-ceph-com-ctrlplugin-crb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: nfs-csi-ceph-com-ctrlplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: nfs-csi-ceph-com-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/nfs-csi-ceph-com-nodeplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: nfs-csi-ceph-com-nodeplugin-crb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: nfs-csi-ceph-com-nodeplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: nfs-csi-ceph-com-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/nvmeof-csi-ceph-com-ctrlplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: nvmeof-csi-ceph-com-ctrlplugin-crb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: nvmeof-csi-ceph-com-ctrlplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: nvmeof-csi-ceph-com-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/nvmeof-csi-ceph-com-nodeplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: nvmeof-csi-ceph-com-nodeplugin-crb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: nvmeof-csi-ceph-com-nodeplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: nvmeof-csi-ceph-com-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-ceph-com-ctrlplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: rbd-csi-ceph-com-ctrlplugin-crb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: rbd-csi-ceph-com-ctrlplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: rbd-csi-ceph-com-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-ceph-com-nodeplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: rbd-csi-ceph-com-nodeplugin-crb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: rbd-csi-ceph-com-nodeplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: rbd-csi-ceph-com-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/cephfs-csi-ceph-com-ctrlplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: cephfs-csi-ceph-com-ctrlplugin-r
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - leases
+   apiGroups:
+   - coordination.k8s.io
+   verbs:
+   - get
+   - watch
+   - list
+   - delete
+   - update
+   - create
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/cephfs-csi-ceph-com-nodeplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: cephfs-csi-ceph-com-nodeplugin-r
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/nvmeof-csi-ceph-com-ctrlplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: nvmeof-csi-ceph-com-ctrlplugin-r
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - leases
+   apiGroups:
+   - coordination.k8s.io
+   verbs:
+   - get
+   - watch
+   - list
+   - delete
+   - update
+   - create
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/nvmeof-csi-ceph-com-nodeplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: nvmeof-csi-ceph-com-nodeplugin-r
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rbd-csi-ceph-com-ctrlplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: rbd-csi-ceph-com-ctrlplugin-r
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - leases
+   apiGroups:
+   - coordination.k8s.io
+   verbs:
+   - get
+   - watch
+   - list
+   - delete
+   - update
+   - create
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rbd-csi-ceph-com-nodeplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: rbd-csi-ceph-com-nodeplugin-r
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/cephfs-csi-ceph-com-ctrlplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: cephfs-csi-ceph-com-ctrlplugin-rb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: cephfs-csi-ceph-com-ctrlplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: cephfs-csi-ceph-com-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/cephfs-csi-ceph-com-nodeplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: cephfs-csi-ceph-com-nodeplugin-rb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: cephfs-csi-ceph-com-nodeplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: cephfs-csi-ceph-com-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/nvmeof-csi-ceph-com-ctrlplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: nvmeof-csi-ceph-com-ctrlplugin-rb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: nvmeof-csi-ceph-com-ctrlplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: nvmeof-csi-ceph-com-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/nvmeof-csi-ceph-com-nodeplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: nvmeof-csi-ceph-com-nodeplugin-rb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: nvmeof-csi-ceph-com-nodeplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: nvmeof-csi-ceph-com-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rbd-csi-ceph-com-ctrlplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: rbd-csi-ceph-com-ctrlplugin-rb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: rbd-csi-ceph-com-ctrlplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: rbd-csi-ceph-com-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rbd-csi-ceph-com-nodeplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: rbd-csi-ceph-com-nodeplugin-rb
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: rbd-csi-ceph-com-nodeplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: rbd-csi-ceph-com-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# csi.ceph.io/v1/Driver/rook-ceph/cephfs.csi.ceph.com
! + one document added:
+ apiVersion: csi.ceph.io/v1
+ kind: Driver
+ metadata:
+   name: cephfs.csi.ceph.com
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ spec:
+   attachRequired: true
+   cephFsClientType: kernel
+   controllerPlugin:
+     hostNetwork: false
+     privileged: false
+     replicas: 1
+     serviceAccountName: cephfs-csi-ceph-com-ctrlplugin-sa
+     tolerations: []
+     volumes: []
+   deployCsiAddons: false
+   enableFencing: false
+   fsGroupPolicy: None
+   fuseMountOptions: {}
+   generateOMapInfo: false
+   grpcTimeout: 30
+   kernelMountOptions: {}
+   log:
+     rotation:
+       maxFiles: 7
+       maxLogSize: 10Gi
+       periodicity: daily
+     verbosity: 0
+   nodePlugin:
+     imagePullPolicy: IfNotPresent
+     serviceAccountName: cephfs-csi-ceph-com-nodeplugin-sa
+     tolerations: []
+     volumes: []
+   snapshotPolicy: volumeSnapshot

@@ (root level) @@
# csi.ceph.io/v1/Driver/rook-ceph/nfs.csi.ceph.com
! + one document added:
+ apiVersion: csi.ceph.io/v1
+ kind: Driver
+ metadata:
+   name: nfs.csi.ceph.com
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ spec:
+   attachRequired: true
+   cephFsClientType: kernel
+   controllerPlugin:
+     hostNetwork: false
+     privileged: false
+     replicas: 1
+     serviceAccountName: nfs-csi-ceph-com-ctrlplugin-sa
+     tolerations: []
+     volumes: []
+   deployCsiAddons: false
+   enableFencing: false
+   fsGroupPolicy: None
+   fuseMountOptions: {}
+   generateOMapInfo: false
+   grpcTimeout: 30
+   kernelMountOptions: {}
+   log:
+     rotation:
+       maxFiles: 7
+       maxLogSize: 10Gi
+       periodicity: daily
+     verbosity: 0
+   nodePlugin:
+     imagePullPolicy: IfNotPresent
+     serviceAccountName: nfs-csi-ceph-com-nodeplugin-sa
+     tolerations: []
+     volumes: []
+   snapshotPolicy: volumeSnapshot

@@ (root level) @@
# csi.ceph.io/v1/Driver/rook-ceph/nvmeof.csi.ceph.com
! + one document added:
+ apiVersion: csi.ceph.io/v1
+ kind: Driver
+ metadata:
+   name: nvmeof.csi.ceph.com
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ spec:
+   attachRequired: true
+   cephFsClientType: kernel
+   controllerPlugin:
+     hostNetwork: false
+     privileged: false
+     replicas: 1
+     serviceAccountName: nvmeof-csi-ceph-com-ctrlplugin-sa
+     tolerations: []
+     volumes: []
+   deployCsiAddons: false
+   enableFencing: false
+   fsGroupPolicy: File
+   fuseMountOptions: {}
+   generateOMapInfo: false
+   grpcTimeout: 30
+   kernelMountOptions: {}
+   log:
+     rotation:
+       maxFiles: 7
+       maxLogSize: 10Gi
+       periodicity: daily
+     verbosity: 0
+   nodePlugin:
+     imagePullPolicy: IfNotPresent
+     serviceAccountName: nvmeof-csi-ceph-com-nodeplugin-sa
+     tolerations: []
+     volumes: []
+   snapshotPolicy: none

@@ (root level) @@
# csi.ceph.io/v1/Driver/rook-ceph/rbd.csi.ceph.com
! + one document added:
+ apiVersion: csi.ceph.io/v1
+ kind: Driver
+ metadata:
+   name: rbd.csi.ceph.com
+   namespace: rook-ceph
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ spec:
+   attachRequired: true
+   cephFsClientType: kernel
+   controllerPlugin:
+     hostNetwork: false
+     privileged: false
+     replicas: 1
+     serviceAccountName: rbd-csi-ceph-com-ctrlplugin-sa
+     tolerations: []
+     volumes: []
+   deployCsiAddons: false
+   enableFencing: false
+   fsGroupPolicy: File
+   fuseMountOptions: {}
+   generateOMapInfo: false
+   grpcTimeout: 30
+   kernelMountOptions: {}
+   log:
+     rotation:
+       maxFiles: 7
+       maxLogSize: 10Gi
+       periodicity: daily
+     verbosity: 0
+   nodePlugin:
+     imagePullPolicy: IfNotPresent
+     serviceAccountName: rbd-csi-ceph-com-nodeplugin-sa
+     tolerations: []
+     volumes: []
+   snapshotPolicy: none

@@ (root level) @@
# csi.ceph.io/v1/OperatorConfig/null/ceph-csi-operator-config
! + one document added:
+ apiVersion: csi.ceph.io/v1
+ kind: OperatorConfig
+ metadata:
+   name: ceph-csi-operator-config
+   namespace: null
+   labels:
+     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ spec:
+   driverSpecDefaults:
+     attachRequired: true
+     cephFsClientType: kernel
+     controllerPlugin:
+       affinity:
+         nodeAffinity:
+           requiredDuringSchedulingIgnoredDuringExecution:
+             nodeSelectorTerms:
+             - matchExpressions:
+               - key: kubernetes.io/hostname
+                 operator: In
+                 values:
+                 - talos-w-01
+                 - talos-w-02
+                 - talos-gpu-01
+       hostNetwork: false
+       imagePullPolicy: IfNotPresent
+       privileged: false
+       replicas: 1
+       tolerations: []
+       volumes: []
+     deployCsiAddons: false
+     enableFencing: false
+     fsGroupPolicy: File
+     fuseMountOptions: {}
+     generateOMapInfo: false
+     grpcTimeout: 30
+     kernelMountOptions:
+       ms_mode: prefer-crc
+     log:
+       rotation:
+         maxFiles: 7
+         maxLogSize: 10Gi
+         periodicity: daily
+       verbosity: 0
+     nodePlugin:
+       imagePullPolicy: IfNotPresent
+       kubeletDirPath: /var/lib/kubelet
+       tolerations: []
+       volumes: []
+     snapshotPolicy: none

@@ (root level) @@
# v1/ServiceAccount/ceph-csi
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ automountServiceAccountToken: true

@@ (root level) @@
# v1/ConfigMap/rook-ceph/rook-csi-operator-image-set-configmap
! + one document added:
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+   name: rook-csi-operator-image-set-configmap
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ data:
+   addons: "quay.io/csiaddons/k8s-sidecar:v0.14.0"
+   attacher: "registry.k8s.io/sig-storage/csi-attacher:v4.12.0"
+   plugin: "quay.io/cephcsi/cephcsi:v3.17.0"
+   provisioner: "registry.k8s.io/sig-storage/csi-provisioner:v6.2.0"
+   registrar: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.17.0"
+   resizer: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0"
+   snapshotter: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0"

Diff created by flateWorkflow run

<!-- flate --> <details open><summary>Kustomization diff</summary> ```diff @@ spec.dependsOn @@ # kustomize.toolkit.fluxcd.io/v1/Kustomization/rook-ceph/rook-ceph-cluster ! + one list entry added: + - name: rook-ceph-csi-drivers @@ spec.values.controllers.app.containers.app.image.tag @@ # helm.toolkit.fluxcd.io/v2/HelmRelease/media/seerr ! ± value change - v3.3.0@sha256:c92d2dc117f62185e7bcb88cd56efd374ea79210eaf433275449e8d5988eb5a8 + v3.2.0@sha256:c4cbd5121236ac2f70a843a0b920b68a27976be57917555f1c45b08a1e6b2aad @@ spec.ref.tag @@ # source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph-cluster ! ± value change - v1.19.6 + v1.20.0 @@ spec.values.csi @@ # helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/rook-ceph ! - three map entries removed: - cephFSKernelMountOptions: ms_mode=prefer-crc - enableLiveness: true - provisionerNodeAffinity: "kubernetes.io/hostname=talos-w-01,talos-w-02,talos-gpu-01" @@ spec.ref.tag @@ # source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph ! ± value change - v1.19.6 + v1.20.0 @@ data @@ # v1/ConfigMap/rook-ceph/rook-ceph-operator-config ! - one map entry removed: - ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v6.2.0" @@ (root level) @@ # kustomize.toolkit.fluxcd.io/v1/Kustomization/rook-ceph/rook-ceph-csi-drivers ! + one document added: + apiVersion: kustomize.toolkit.fluxcd.io/v1 + kind: Kustomization + metadata: + name: rook-ceph-csi-drivers + namespace: rook-ceph + labels: + kustomize.toolkit.fluxcd.io/name: artemis-cluster + kustomize.toolkit.fluxcd.io/namespace: flux-system + spec: + commonMetadata: + labels: + app.kubernetes.io/name: rook-ceph-csi-drivers + deletionPolicy: WaitForTermination + dependsOn: + - name: rook-ceph-operator + interval: 1h + patches: + - patch: | + apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + metadata: + name: _ + spec: + install: + crds: CreateReplace + strategy: + name: RetryOnFailure + rollback: + cleanupOnFail: true + recreate: true + upgrade: + cleanupOnFail: true + crds: CreateReplace + strategy: + name: RemediateOnFailure + remediation: + remediateLastFailure: true + retries: 2 + target: + kind: HelmRelease + group: helm.toolkit.fluxcd.io + path: ./kubernetes/apps/rook-ceph/rook-ceph/csi-drivers + prune: true + retryInterval: 1m + sourceRef: + name: flux-system + kind: GitRepository + namespace: flux-system + targetNamespace: rook-ceph + timeout: 10m + wait: true @@ (root level) @@ # source.toolkit.fluxcd.io/v1/HelmRepository/rook-ceph/ceph-csi-operator ! + one document added: + apiVersion: source.toolkit.fluxcd.io/v1 + kind: HelmRepository + metadata: + name: ceph-csi-operator + namespace: rook-ceph + labels: + app.kubernetes.io/name: rook-ceph-csi-drivers + kustomize.toolkit.fluxcd.io/name: rook-ceph-csi-drivers + kustomize.toolkit.fluxcd.io/namespace: rook-ceph + spec: + url: "https://ceph.github.io/ceph-csi-operator" + interval: 1h @@ (root level) @@ # helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/ceph-csi-drivers ! + one document added: + apiVersion: helm.toolkit.fluxcd.io/v2 + kind: HelmRelease + metadata: + name: ceph-csi-drivers + namespace: rook-ceph + labels: + app.kubernetes.io/name: rook-ceph-csi-drivers + kustomize.toolkit.fluxcd.io/name: rook-ceph-csi-drivers + kustomize.toolkit.fluxcd.io/namespace: rook-ceph + spec: + chart: + spec: + version: "1.0.1" + chart: ceph-csi-drivers + sourceRef: + name: ceph-csi-operator + kind: HelmRepository + namespace: rook-ceph + install: + crds: CreateReplace + strategy: + name: RetryOnFailure + interval: 1h + rollback: + cleanupOnFail: true + recreate: true + upgrade: + cleanupOnFail: true + crds: CreateReplace + remediation: + remediateLastFailure: true + retries: 2 + strategy: + name: RemediateOnFailure + values: + cephConnections: [] + clientProfiles: [] + operatorConfig: + driverSpecDefaults: + controllerPlugin: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - talos-w-01 + - talos-w-02 + - talos-gpu-01 + kernelMountOptions: + ms_mode: prefer-crc ``` </details> <details open><summary>HelmRelease diff</summary> ```diff @@ spec.template.spec.containers.app.image @@ # apps/v1/Deployment/media/seerr ! ± value change - ghcr.io/seerr-team/seerr:v3.3.0@sha256:c92d2dc117f62185e7bcb88cd56efd374ea79210eaf433275449e8d5988eb5a8 + ghcr.io/seerr-team/seerr:v3.2.0@sha256:c4cbd5121236ac2f70a843a0b920b68a27976be57917555f1c45b08a1e6b2aad @@ data @@ # v1/ConfigMap/rook-ceph/rook-ceph-operator-config ! - 45 map entries removed: - CSI_CEPHFS_ATTACH_REQUIRED: "true" - CSI_CEPHFS_FSGROUPPOLICY: File - CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: ms_mode=prefer-crc - CSI_CEPHFS_PLUGIN_RESOURCE: | - - name : driver-registrar - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - name : csi-cephfsplugin - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - name : liveness-prometheus - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - CSI_CEPHFS_PROVISIONER_RESOURCE: | - - name : csi-provisioner - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-resizer - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-attacher - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-snapshotter - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-cephfsplugin - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - name : liveness-prometheus - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - CSI_ENABLE_CEPHFS_SNAPSHOTTER: "true" - CSI_ENABLE_CROSS_NAMESPACE_VOLUME_DATA_SOURCE: "false" - CSI_ENABLE_CSIADDONS: "false" - CSI_ENABLE_ENCRYPTION: "false" - CSI_ENABLE_HOST_NETWORK: "true" - CSI_ENABLE_LIVENESS: "true" - CSI_ENABLE_METADATA: "false" - CSI_ENABLE_NFS_SNAPSHOTTER: "true" - CSI_ENABLE_OMAP_GENERATOR: "false" - CSI_ENABLE_RBD_SNAPSHOTTER: "true" - CSI_ENABLE_TOPOLOGY: "false" - CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: "true" - CSI_FORCE_CEPHFS_KERNEL_CLIENT: "true" - CSI_GRPC_TIMEOUT_SECONDS: "150" - CSI_NFS_ATTACH_REQUIRED: "true" - CSI_NFS_FSGROUPPOLICY: File - CSI_NFS_PLUGIN_RESOURCE: | - - name : driver-registrar - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - name : csi-nfsplugin - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - CSI_NFS_PROVISIONER_RESOURCE: | - - name : csi-provisioner - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-nfsplugin - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - name : csi-attacher - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: "false" - CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical - CSI_PROVISIONER_NODE_AFFINITY: "kubernetes.io/hostname=talos-w-01,talos-w-02,talos-gpu-01" - CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical - CSI_PROVISIONER_REPLICAS: "2" - CSI_RBD_ATTACH_REQUIRED: "true" - CSI_RBD_FSGROUPPOLICY: File - CSI_RBD_PLUGIN_RESOURCE: | - - name : driver-registrar - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - name : csi-rbdplugin - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - name : liveness-prometheus - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - CSI_RBD_PROVISIONER_RESOURCE: | - - name : csi-provisioner - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-resizer - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-attacher - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-snapshotter - resource: - requests: - memory: 128Mi - cpu: 100m - limits: - memory: 256Mi - - name : csi-rbdplugin - resource: - requests: - memory: 512Mi - limits: - memory: 1Gi - - name : csi-omap-generator - resource: - requests: - memory: 512Mi - cpu: 250m - limits: - memory: 1Gi - - name : liveness-prometheus - resource: - requests: - memory: 128Mi - cpu: 50m - limits: - memory: 256Mi - - ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.11.0" - ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.16.2" - ROOK_CSI_DISABLE_DRIVER: "false" - ROOK_CSI_ENABLE_CEPHFS: "true" - ROOK_CSI_ENABLE_NFS: "false" - ROOK_CSI_ENABLE_RBD: "true" - ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent - ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v6.1.1" - ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.16.0" - ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0" - ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0" - ROOK_CSIADDONS_IMAGE: "quay.io/csiaddons/k8s-sidecar:v0.14.0" - ROOK_USE_CSI_OPERATOR: "true" ! + two map entries added: + ROOK_CEPH_MON_RUN_AS_ROOT: "false" + ROOK_DELETE_UNUSED_CRUSH_RULES: "true" @@ rules @@ # rbac.authorization.k8s.io/v1/ClusterRole/rook-ceph-global ! - three list entries removed: - - resources: - - cephclients - - cephclusters - - cephblockpools - - cephfilesystems - - cephnfses - - cephnvmeofgateways - - cephobjectstores - - cephobjectstoreusers - - cephobjectrealms - - cephobjectzonegroups - - cephobjectzones - - cephbuckettopics - - cephbucketnotifications - - cephrbdmirrors - - cephfilesystemmirrors - - cephfilesystemsubvolumegroups - - cephblockpoolradosnamespaces - - cephcosidrivers - apiGroups: - - ceph.rook.io - verbs: - - get - - list - - watch - - update - - resources: - - cephclients/status - - cephclusters/status - - cephblockpools/status - - cephfilesystems/status - - cephnfses/status - - cephnvmeofgateways/status - - cephobjectstores/status - - cephobjectstoreusers/status - - cephobjectrealms/status - - cephobjectzonegroups/status - - cephobjectzones/status - - cephbuckettopics/status - - cephbucketnotifications/status - - cephrbdmirrors/status - - cephfilesystemmirrors/status - - cephfilesystemsubvolumegroups/status - - cephblockpoolradosnamespaces/status - apiGroups: - - ceph.rook.io - verbs: - - update - - resources: - - cephclients/finalizers - - cephclusters/finalizers - - cephblockpools/finalizers - - cephfilesystems/finalizers - - cephnfses/finalizers - - cephnvmeofgateways/finalizers - - cephobjectstores/finalizers - - cephobjectstoreusers/finalizers - - cephobjectrealms/finalizers - - cephobjectzonegroups/finalizers - - cephobjectzones/finalizers - - cephbuckettopics/finalizers - - cephbucketnotifications/finalizers - - cephrbdmirrors/finalizers - - cephfilesystemmirrors/finalizers - - cephfilesystemsubvolumegroups/finalizers - - cephblockpoolradosnamespaces/finalizers - apiGroups: - - ceph.rook.io - verbs: - - update ! + three list entries added: + - resources: + - cephclients + - cephclusters + - cephblockpools + - cephfilesystems + - cephnfses + - cephnvmeofgateways + - cephobjectstores + - cephobjectstoreusers + - cephobjectstoreaccounts + - cephobjectrealms + - cephobjectzonegroups + - cephobjectzones + - cephbuckettopics + - cephbucketnotifications + - cephrbdmirrors + - cephfilesystemmirrors + - cephfilesystemsubvolumegroups + - cephblockpoolradosnamespaces + - cephcosidrivers + apiGroups: + - ceph.rook.io + verbs: + - get + - list + - watch + - update + - resources: + - cephclients/status + - cephclusters/status + - cephblockpools/status + - cephfilesystems/status + - cephnfses/status + - cephnvmeofgateways/status + - cephobjectstores/status + - cephobjectstoreusers/status + - cephobjectstoreaccounts/status + - cephobjectrealms/status + - cephobjectzonegroups/status + - cephobjectzones/status + - cephbuckettopics/status + - cephbucketnotifications/status + - cephrbdmirrors/status + - cephfilesystemmirrors/status + - cephfilesystemsubvolumegroups/status + - cephblockpoolradosnamespaces/status + apiGroups: + - ceph.rook.io + verbs: + - update + - resources: + - cephclients/finalizers + - cephclusters/finalizers + - cephblockpools/finalizers + - cephfilesystems/finalizers + - cephnfses/finalizers + - cephnvmeofgateways/finalizers + - cephobjectstores/finalizers + - cephobjectstoreusers/finalizers + - cephobjectstoreaccounts/finalizers + - cephobjectrealms/finalizers + - cephobjectzonegroups/finalizers + - cephobjectzones/finalizers + - cephbuckettopics/finalizers + - cephbucketnotifications/finalizers + - cephrbdmirrors/finalizers + - cephfilesystemmirrors/finalizers + - cephfilesystemsubvolumegroups/finalizers + - cephblockpoolradosnamespaces/finalizers + apiGroups: + - ceph.rook.io + verbs: + - update @@ subjects @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-manager-rolebinding ! - one list entry removed: - - name: ceph-csi-controller-manager - kind: ServiceAccount - namespace: rook-ceph ! + one list entry added: + - name: ceph-csi + kind: ServiceAccount + namespace: rook-ceph @@ subjects @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-metrics-auth-rolebinding ! - one list entry removed: - - name: ceph-csi-controller-manager - kind: ServiceAccount - namespace: rook-ceph ! + one list entry added: + - name: ceph-csi + kind: ServiceAccount + namespace: rook-ceph @@ subjects @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-leader-election-rolebinding ! - one list entry removed: - - name: ceph-csi-controller-manager - kind: ServiceAccount - namespace: rook-ceph ! + one list entry added: + - name: ceph-csi + kind: ServiceAccount + namespace: rook-ceph @@ spec.template.spec @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! + four map entries added: + nodeSelector: {} + priorityClassName: null + tolerations: [] + topologySpreadConstraints: [] @@ spec.template.spec.containers.manager.env.CSI_SERVICE_ACCOUNT_PREFIX.value @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! ± value change - ceph-csi- + @@ spec.template.spec.containers.manager.image @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! ± value change - quay.io/cephcsi/ceph-csi-operator:v0.6.0 + quay.io/cephcsi/ceph-csi-operator:v1.0.1 @@ spec.template.spec.serviceAccountName @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! ± value change - ceph-csi-controller-manager + ceph-csi @@ spec.template.spec.containers.rook-ceph-operator.image @@ # apps/v1/Deployment/rook-ceph/rook-ceph-operator ! ± value change - ghcr.io/rook/ceph:v1.19.6 + ghcr.io/rook/ceph:v1.20.0 @@ spec.template.spec.containers.rook-ceph-tools.image @@ # apps/v1/Deployment/rook-ceph/rook-ceph-tools ! ± value change - quay.io/ceph/ceph:v19.2.3 + quay.io/ceph/ceph:v20.2.1 @@ spec.cephVersion.image @@ # ceph.rook.io/v1/CephCluster/rook-ceph/rook-ceph ! ± value change - quay.io/ceph/ceph:v19.2.3 + quay.io/ceph/ceph:v20.2.1 @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-cephfs-ctrlplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-cephfs-nodeplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-controller-manager ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-controller-manager - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nfs-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-nfs-ctrlplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nfs-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-nfs-nodeplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-nvmeof-ctrlplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-nvmeof-nodeplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-rbd-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-rbd-ctrlplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-rbd-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi-rbd-nodeplugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-cephfs-plugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rook-csi-cephfs-plugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-cephfs-provisioner-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rook-csi-cephfs-provisioner-sa - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-rbd-plugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rook-csi-rbd-plugin-sa - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-rbd-provisioner-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rook-csi-rbd-provisioner-sa - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-cephfs-ctrlplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - patch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - update - - patch - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - volumeattributesclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-cephfs-nodeplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - persistentvolumes - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-nfs-ctrlplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - update - - delete - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - patch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - get - - list - - watch - - create - - update - - patch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - list - - watch - - create - - update - - patch - - resources: - - secrets - apiGroups: - - - verbs: - - get - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - volumeattributesclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-nfs-nodeplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - nodes - apiGroups: - - - verbs: - - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-nvmeof-ctrlplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - subjectaccessreviews - apiGroups: - - authorization.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-nvmeof-nodeplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-rbd-ctrlplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - update - - patch - - resources: - - volumegroupreplicationcontents - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupreplicationclasses - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - subjectaccessreviews - apiGroups: - - authorization.k8s.io - verbs: - - create - - resources: - - snapshotmetadataservices - apiGroups: - - cbt.storage.k8s.io - verbs: - - get - - list - - resources: - - volumeattributesclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: ceph-csi-rbd-nodeplugin-cr - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-nodeplugin ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: cephfs-csi-nodeplugin - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - secrets - apiGroups: - - - verbs: - - get - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/cephfs-external-provisioner-runner ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: cephfs-external-provisioner-runner - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - update - - delete - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - patch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - events - apiGroups: - - events.k8s.io - verbs: - - create - - patch - - update - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-nodeplugin ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rbd-csi-nodeplugin - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/rbd-external-provisioner-runner ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rbd-external-provisioner-runner - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - update - - delete - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - events - apiGroups: - - events.k8s.io - verbs: - - create - - patch - - update - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - referencegrants - apiGroups: - - gateway.networking.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupreplicationcontents - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupreplicationclasses - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-cephfs-ctrlplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-cephfs-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-cephfs-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-cephfs-nodeplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-cephfs-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-cephfs-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-nfs-ctrlplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nfs-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-nfs-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-nfs-nodeplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nfs-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-nfs-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-nvmeof-ctrlplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nvmeof-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-nvmeof-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-nvmeof-nodeplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nvmeof-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-nvmeof-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-rbd-ctrlplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-rbd-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-rbd-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: ceph-csi-rbd-nodeplugin-crb - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-rbd-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: ceph-csi-rbd-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-nodeplugin ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: rbd-csi-nodeplugin - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: rbd-csi-nodeplugin - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: rook-csi-rbd-plugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-provisioner-role ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: cephfs-csi-provisioner-role - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: cephfs-external-provisioner-runner - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: rook-csi-cephfs-provisioner-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-nodeplugin-role ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: cephfs-csi-nodeplugin-role - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: cephfs-csi-nodeplugin - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: rook-csi-cephfs-plugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-provisioner-role ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: rbd-csi-provisioner-role - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: rbd-external-provisioner-runner - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: rook-csi-rbd-provisioner-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-ctrlplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-cephfs-ctrlplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-nodeplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-cephfs-nodeplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-ctrlplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-nvmeof-ctrlplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-nodeplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-nvmeof-nodeplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-ctrlplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-rbd-ctrlplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-nodeplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: ceph-csi-rbd-nodeplugin-r - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/cephfs-external-provisioner-cfg ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: cephfs-external-provisioner-cfg - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/rbd-external-provisioner-cfg ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: rbd-external-provisioner-cfg - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-ctrlplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-cephfs-ctrlplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-cephfs-ctrlplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-cephfs-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-nodeplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-cephfs-nodeplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-cephfs-nodeplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-cephfs-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-ctrlplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-nvmeof-ctrlplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nvmeof-ctrlplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-nvmeof-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-nodeplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-nvmeof-nodeplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-nvmeof-nodeplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-nvmeof-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-ctrlplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-rbd-ctrlplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-rbd-ctrlplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-rbd-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-nodeplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: ceph-csi-rbd-nodeplugin-rb - namespace: rook-ceph - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: ceph-csi-rbd-nodeplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: ceph-csi-rbd-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/cephfs-csi-provisioner-role-cfg ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: cephfs-csi-provisioner-role-cfg - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: cephfs-external-provisioner-cfg - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: rook-csi-cephfs-provisioner-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/rbd-csi-provisioner-role-cfg ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: rbd-csi-provisioner-role-cfg - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - roleRef: - name: rbd-external-provisioner-cfg - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: rook-csi-rbd-provisioner-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/cephfs-csi-ceph-com-ctrlplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cephfs-csi-ceph-com-ctrlplugin-sa + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/cephfs-csi-ceph-com-nodeplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: cephfs-csi-ceph-com-nodeplugin-sa + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/nfs-csi-ceph-com-ctrlplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: nfs-csi-ceph-com-ctrlplugin-sa + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/nfs-csi-ceph-com-nodeplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: nfs-csi-ceph-com-nodeplugin-sa + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/nvmeof-csi-ceph-com-ctrlplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: nvmeof-csi-ceph-com-ctrlplugin-sa + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/nvmeof-csi-ceph-com-nodeplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: nvmeof-csi-ceph-com-nodeplugin-sa + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rbd-csi-ceph-com-ctrlplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: rbd-csi-ceph-com-ctrlplugin-sa + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rbd-csi-ceph-com-nodeplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: rbd-csi-ceph-com-nodeplugin-sa + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-ceph-com-ctrlplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: cephfs-csi-ceph-com-ctrlplugin-cr + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - csinodes + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - list + - watch + - patch + - update + - resources: + - storageclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - patch + - resources: + - volumeattachments/status + apiGroups: + - storage.k8s.io + verbs: + - patch + - resources: + - persistentvolumeclaims/status + apiGroups: + - + verbs: + - patch + - resources: + - volumesnapshots + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - resources: + - volumesnapshotclasses + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotcontents + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - patch + - update + - resources: + - volumesnapshotcontents/status + apiGroups: + - snapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - update + - patch + - resources: + - volumegroupreplicationcontents + apiGroups: + - replication.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - volumegroupreplicationclasses + apiGroups: + - replication.storage.openshift.io + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-ceph-com-nodeplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: cephfs-csi-ceph-com-nodeplugin-cr + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - nodes + apiGroups: + - + verbs: + - get + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - persistentvolumes + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/nfs-csi-ceph-com-ctrlplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: nfs-csi-ceph-com-ctrlplugin-cr + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - list + - watch + - patch + - update + - resources: + - storageclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - events + apiGroups: + - + verbs: + - get + - list + - watch + - create + - update + - patch + - resources: + - csinodes + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - leases + apiGroups: + - coordination.k8s.io + verbs: + - get + - list + - watch + - create + - update + - patch + - resources: + - secrets + apiGroups: + - + verbs: + - get + - resources: + - volumesnapshotclasses + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotcontents + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumesnapshotcontents/status + apiGroups: + - snapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumesnapshots + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - resources: + - persistentvolumeclaims/status + apiGroups: + - + verbs: + - patch + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - patch + - resources: + - volumeattachments/status + apiGroups: + - storage.k8s.io + verbs: + - patch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/nfs-csi-ceph-com-nodeplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: nfs-csi-ceph-com-nodeplugin-cr + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - nodes + apiGroups: + - + verbs: + - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/nvmeof-csi-ceph-com-ctrlplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: nvmeof-csi-ceph-com-ctrlplugin-cr + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - list + - watch + - update + - resources: + - storageclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - patch + - resources: + - volumeattachments/status + apiGroups: + - storage.k8s.io + verbs: + - patch + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - csinodes + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - persistentvolumeclaims/status + apiGroups: + - + verbs: + - patch + - resources: + - volumesnapshots + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotclasses + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotcontents + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - patch + - update + - resources: + - volumesnapshotcontents/status + apiGroups: + - snapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - update + - patch + - resources: + - volumegroupreplicationcontents + apiGroups: + - replication.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - volumegroupreplicationclasses + apiGroups: + - replication.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create + - resources: + - subjectaccessreviews + apiGroups: + - authorization.k8s.io + verbs: + - create + - resources: + - snapshotmetadataservices + apiGroups: + - cbt.storage.k8s.io + verbs: + - get + - list @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/nvmeof-csi-ceph-com-nodeplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: nvmeof-csi-ceph-com-nodeplugin-cr + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - nodes + apiGroups: + - + verbs: + - get + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-ceph-com-ctrlplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: rbd-csi-ceph-com-ctrlplugin-cr + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - list + - watch + - update + - resources: + - storageclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - patch + - resources: + - volumeattachments/status + apiGroups: + - storage.k8s.io + verbs: + - patch + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - csinodes + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - persistentvolumeclaims/status + apiGroups: + - + verbs: + - patch + - resources: + - volumesnapshots + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotclasses + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotcontents + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - patch + - update + - resources: + - volumesnapshotcontents/status + apiGroups: + - snapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - update + - patch + - resources: + - volumegroupreplicationcontents + apiGroups: + - replication.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - volumegroupreplicationclasses + apiGroups: + - replication.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create + - resources: + - subjectaccessreviews + apiGroups: + - authorization.k8s.io + verbs: + - create + - resources: + - snapshotmetadataservices + apiGroups: + - cbt.storage.k8s.io + verbs: + - get + - list @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-ceph-com-nodeplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: rbd-csi-ceph-com-nodeplugin-cr + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - nodes + apiGroups: + - + verbs: + - get + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-ceph-com-ctrlplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: cephfs-csi-ceph-com-ctrlplugin-crb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: cephfs-csi-ceph-com-ctrlplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: cephfs-csi-ceph-com-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-ceph-com-nodeplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: cephfs-csi-ceph-com-nodeplugin-crb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: cephfs-csi-ceph-com-nodeplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: cephfs-csi-ceph-com-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/nfs-csi-ceph-com-ctrlplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: nfs-csi-ceph-com-ctrlplugin-crb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: nfs-csi-ceph-com-ctrlplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: nfs-csi-ceph-com-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/nfs-csi-ceph-com-nodeplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: nfs-csi-ceph-com-nodeplugin-crb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: nfs-csi-ceph-com-nodeplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: nfs-csi-ceph-com-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/nvmeof-csi-ceph-com-ctrlplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: nvmeof-csi-ceph-com-ctrlplugin-crb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: nvmeof-csi-ceph-com-ctrlplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: nvmeof-csi-ceph-com-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/nvmeof-csi-ceph-com-nodeplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: nvmeof-csi-ceph-com-nodeplugin-crb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: nvmeof-csi-ceph-com-nodeplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: nvmeof-csi-ceph-com-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-ceph-com-ctrlplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: rbd-csi-ceph-com-ctrlplugin-crb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: rbd-csi-ceph-com-ctrlplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: rbd-csi-ceph-com-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-ceph-com-nodeplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: rbd-csi-ceph-com-nodeplugin-crb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: rbd-csi-ceph-com-nodeplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: rbd-csi-ceph-com-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/cephfs-csi-ceph-com-ctrlplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: cephfs-csi-ceph-com-ctrlplugin-r + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - leases + apiGroups: + - coordination.k8s.io + verbs: + - get + - watch + - list + - delete + - update + - create + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/cephfs-csi-ceph-com-nodeplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: cephfs-csi-ceph-com-nodeplugin-r + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/nvmeof-csi-ceph-com-ctrlplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: nvmeof-csi-ceph-com-ctrlplugin-r + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - leases + apiGroups: + - coordination.k8s.io + verbs: + - get + - watch + - list + - delete + - update + - create + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/nvmeof-csi-ceph-com-nodeplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: nvmeof-csi-ceph-com-nodeplugin-r + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rbd-csi-ceph-com-ctrlplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: rbd-csi-ceph-com-ctrlplugin-r + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - leases + apiGroups: + - coordination.k8s.io + verbs: + - get + - watch + - list + - delete + - update + - create + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rbd-csi-ceph-com-nodeplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: rbd-csi-ceph-com-nodeplugin-r + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/cephfs-csi-ceph-com-ctrlplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: cephfs-csi-ceph-com-ctrlplugin-rb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: cephfs-csi-ceph-com-ctrlplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: cephfs-csi-ceph-com-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/cephfs-csi-ceph-com-nodeplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: cephfs-csi-ceph-com-nodeplugin-rb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: cephfs-csi-ceph-com-nodeplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: cephfs-csi-ceph-com-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/nvmeof-csi-ceph-com-ctrlplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: nvmeof-csi-ceph-com-ctrlplugin-rb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: nvmeof-csi-ceph-com-ctrlplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: nvmeof-csi-ceph-com-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/nvmeof-csi-ceph-com-nodeplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: nvmeof-csi-ceph-com-nodeplugin-rb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: nvmeof-csi-ceph-com-nodeplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: nvmeof-csi-ceph-com-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rbd-csi-ceph-com-ctrlplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: rbd-csi-ceph-com-ctrlplugin-rb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: rbd-csi-ceph-com-ctrlplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: rbd-csi-ceph-com-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rbd-csi-ceph-com-nodeplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: rbd-csi-ceph-com-nodeplugin-rb + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: rbd-csi-ceph-com-nodeplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: rbd-csi-ceph-com-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # csi.ceph.io/v1/Driver/rook-ceph/cephfs.csi.ceph.com ! + one document added: + apiVersion: csi.ceph.io/v1 + kind: Driver + metadata: + name: cephfs.csi.ceph.com + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + spec: + attachRequired: true + cephFsClientType: kernel + controllerPlugin: + hostNetwork: false + privileged: false + replicas: 1 + serviceAccountName: cephfs-csi-ceph-com-ctrlplugin-sa + tolerations: [] + volumes: [] + deployCsiAddons: false + enableFencing: false + fsGroupPolicy: None + fuseMountOptions: {} + generateOMapInfo: false + grpcTimeout: 30 + kernelMountOptions: {} + log: + rotation: + maxFiles: 7 + maxLogSize: 10Gi + periodicity: daily + verbosity: 0 + nodePlugin: + imagePullPolicy: IfNotPresent + serviceAccountName: cephfs-csi-ceph-com-nodeplugin-sa + tolerations: [] + volumes: [] + snapshotPolicy: volumeSnapshot @@ (root level) @@ # csi.ceph.io/v1/Driver/rook-ceph/nfs.csi.ceph.com ! + one document added: + apiVersion: csi.ceph.io/v1 + kind: Driver + metadata: + name: nfs.csi.ceph.com + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + spec: + attachRequired: true + cephFsClientType: kernel + controllerPlugin: + hostNetwork: false + privileged: false + replicas: 1 + serviceAccountName: nfs-csi-ceph-com-ctrlplugin-sa + tolerations: [] + volumes: [] + deployCsiAddons: false + enableFencing: false + fsGroupPolicy: None + fuseMountOptions: {} + generateOMapInfo: false + grpcTimeout: 30 + kernelMountOptions: {} + log: + rotation: + maxFiles: 7 + maxLogSize: 10Gi + periodicity: daily + verbosity: 0 + nodePlugin: + imagePullPolicy: IfNotPresent + serviceAccountName: nfs-csi-ceph-com-nodeplugin-sa + tolerations: [] + volumes: [] + snapshotPolicy: volumeSnapshot @@ (root level) @@ # csi.ceph.io/v1/Driver/rook-ceph/nvmeof.csi.ceph.com ! + one document added: + apiVersion: csi.ceph.io/v1 + kind: Driver + metadata: + name: nvmeof.csi.ceph.com + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + spec: + attachRequired: true + cephFsClientType: kernel + controllerPlugin: + hostNetwork: false + privileged: false + replicas: 1 + serviceAccountName: nvmeof-csi-ceph-com-ctrlplugin-sa + tolerations: [] + volumes: [] + deployCsiAddons: false + enableFencing: false + fsGroupPolicy: File + fuseMountOptions: {} + generateOMapInfo: false + grpcTimeout: 30 + kernelMountOptions: {} + log: + rotation: + maxFiles: 7 + maxLogSize: 10Gi + periodicity: daily + verbosity: 0 + nodePlugin: + imagePullPolicy: IfNotPresent + serviceAccountName: nvmeof-csi-ceph-com-nodeplugin-sa + tolerations: [] + volumes: [] + snapshotPolicy: none @@ (root level) @@ # csi.ceph.io/v1/Driver/rook-ceph/rbd.csi.ceph.com ! + one document added: + apiVersion: csi.ceph.io/v1 + kind: Driver + metadata: + name: rbd.csi.ceph.com + namespace: rook-ceph + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + spec: + attachRequired: true + cephFsClientType: kernel + controllerPlugin: + hostNetwork: false + privileged: false + replicas: 1 + serviceAccountName: rbd-csi-ceph-com-ctrlplugin-sa + tolerations: [] + volumes: [] + deployCsiAddons: false + enableFencing: false + fsGroupPolicy: File + fuseMountOptions: {} + generateOMapInfo: false + grpcTimeout: 30 + kernelMountOptions: {} + log: + rotation: + maxFiles: 7 + maxLogSize: 10Gi + periodicity: daily + verbosity: 0 + nodePlugin: + imagePullPolicy: IfNotPresent + serviceAccountName: rbd-csi-ceph-com-nodeplugin-sa + tolerations: [] + volumes: [] + snapshotPolicy: none @@ (root level) @@ # csi.ceph.io/v1/OperatorConfig/null/ceph-csi-operator-config ! + one document added: + apiVersion: csi.ceph.io/v1 + kind: OperatorConfig + metadata: + name: ceph-csi-operator-config + namespace: null + labels: + helm.toolkit.fluxcd.io/name: ceph-csi-drivers + helm.toolkit.fluxcd.io/namespace: rook-ceph + spec: + driverSpecDefaults: + attachRequired: true + cephFsClientType: kernel + controllerPlugin: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - talos-w-01 + - talos-w-02 + - talos-gpu-01 + hostNetwork: false + imagePullPolicy: IfNotPresent + privileged: false + replicas: 1 + tolerations: [] + volumes: [] + deployCsiAddons: false + enableFencing: false + fsGroupPolicy: File + fuseMountOptions: {} + generateOMapInfo: false + grpcTimeout: 30 + kernelMountOptions: + ms_mode: prefer-crc + log: + rotation: + maxFiles: 7 + maxLogSize: 10Gi + periodicity: daily + verbosity: 0 + nodePlugin: + imagePullPolicy: IfNotPresent + kubeletDirPath: /var/lib/kubelet + tolerations: [] + volumes: [] + snapshotPolicy: none @@ (root level) @@ # v1/ServiceAccount/ceph-csi ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + automountServiceAccountToken: true @@ (root level) @@ # v1/ConfigMap/rook-ceph/rook-csi-operator-image-set-configmap ! + one document added: + apiVersion: v1 + kind: ConfigMap + metadata: + name: rook-csi-operator-image-set-configmap + namespace: rook-ceph + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + data: + addons: "quay.io/csiaddons/k8s-sidecar:v0.14.0" + attacher: "registry.k8s.io/sig-storage/csi-attacher:v4.12.0" + plugin: "quay.io/cephcsi/cephcsi:v3.17.0" + provisioner: "registry.k8s.io/sig-storage/csi-provisioner:v6.2.0" + registrar: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.17.0" + resizer: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0" + snapshotter: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0" ``` </details> <sub>Diff created by [flate](https://github.com/home-operations/flate) — [Workflow run](https://git.dcunha.io/Exikle/Artemis-Cluster/actions/runs/796)</sub>
Exikle merged commit 5c359eb9f6 into main 2026-06-04 04:04:12 +00:00
Exikle deleted branch feat/rook-ceph-v1.20 2026-06-04 04:04:12 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
area/bootstrap
Issues related to cluster bootstrapping

  
area/ci
Issues related to Forgejo workflows and automation

  
area/flux
Issues related to Flux CD configuration

  
area/kubernetes
Issues related to Kubernetes configuration

  
area/media
Issues related to media stack configuration

  
area/observability
Issues related to observability configuration

  
area/renovate
Issues related to Renovate configuration and automation

  
area/talos
Issues related to TalosOS configuration and operations

  
community
Community contributions and discussions

  
hold
Do not merge - work in progress or blocked

  
hold/upstream
Blocked waiting for upstream fix or update

  
priority/high
High priority issues

  
priority/low
Low priority issues

  
priority/medium
Medium priority issues

  
renovate/container
Container image updates from Renovate

  
renovate/forgejo-action
Forgejo Action updates from Renovate

  
renovate/github-release
GitHub Release updates from Renovate

  
renovate/grafana-dashboard
Grafana dashboard updates from Renovate

  
renovate/helm
Helm chart updates from Renovate

  
type/digest
Container digest updates (same version, new build)

  
type/major
Major version updates (breaking changes)

  
type/minor
Minor version updates (new features, backward compatible)

  
type/patch
Patch version updates (bug fixes)

No labels
area/bootstrap
area/ci
area/flux
area/kubernetes
area/media
area/observability
area/renovate
area/talos
community
hold
hold/upstream
priority/high
priority/low
priority/medium
renovate/container
renovate/forgejo-action
renovate/github-release
renovate/grafana-dashboard
renovate/helm
type/digest
type/major
type/minor
type/patch
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Exikle/Artemis-Cluster!218
No description provided.