Exikle/Artemis-Cluster

Fork 0

chore(container): update image itzg/minecraft-server (aedec59 ➔ 90c8f84) #219

Merged

Exikle merged 1 commit from renovate-itzg-minecraft-server-java25 into main

2026-06-04 04:53:43 +00:00

dusk-bot commented

2026-06-04 04:46:43 +00:00

Collaborator

This PR contains the following updates:

Package	Update	Change
itzg/minecraft-server	digest	`aedec59` → `90c8f84`

Configuration

📅 Schedule: (in timezone America/Toronto)

Branch creation
- "every weekday"
Automerge
- "every weekday"

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | itzg/minecraft-server | digest | `aedec59` → `90c8f84` | --- ### Configuration 📅 **Schedule**: (in timezone America/Toronto) - Branch creation - "every weekday" - Automerge - "every weekday" 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

dusk-bot added the

renovate/container

type/digest

labels

2026-06-04 04:46:43 +00:00

dusk-bot added 1 commit

2026-06-04 04:46:43 +00:00

chore(container): update image itzg/minecraft-server (aedec59 ➔ 90c8f84)

Flate / Flate - Filter (pull_request) Successful in 21s

Details

Labeler / Labeler (pull_request_target) Successful in 56s

Details

Flate / Flate (helmrelease) (pull_request) Successful in 2m41s

Details

Flate / Flate (kustomization) (pull_request) Successful in 2m36s

Details

Flate / Flate - Comment (pull_request) Successful in 50s

Details

Flate - Success Flate checks success

Flate / Flate - Success (pull_request) Successful in 25s

Details

2c87a4e215

dusk-bot requested review from Exikle

2026-06-04 04:46:43 +00:00

Exikle added the

area/kubernetes

label

2026-06-04 04:47:36 +00:00

dusk-bot commented

2026-06-04 04:51:42 +00:00

Author

Collaborator

Kustomization diff


@@ spec.values.controllers.minecraft.containers.app.image.tag @@
# helm.toolkit.fluxcd.io/v2/HelmRelease/arcade/minecraft
! ± value change
- java25@sha256:aedec598f54914646016736da9336d20b0a90f7647436111d0ab3c5f8deb482f
+ java25@sha256:90c8f84b0182536804a323ef2f2c16a06b529c1d8e3469fd7e22a09e05b9e4cd

@@ spec.dependsOn @@
# kustomize.toolkit.fluxcd.io/v1/Kustomization/rook-ceph/rook-ceph-cluster
! - one list entry removed:
- - name: rook-ceph-csi-drivers

@@ spec.ref.tag @@
# source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph-cluster
! ± value change
- v1.20.0
+ v1.19.6

@@ spec.upgrade @@
# helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/rook-ceph-cluster
! - one map entry removed:
- timeout: 30m

@@ spec.values @@
# helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/rook-ceph-cluster
! - one map entry removed:
- cephImage:
-   repository: quay.io/ceph/ceph
-   tag: v20.2.1

@@ spec.values.csi @@
# helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/rook-ceph
! + three map entries added:
+ cephFSKernelMountOptions: ms_mode=prefer-crc
+ enableLiveness: true
+ provisionerNodeAffinity: "kubernetes.io/hostname=talos-w-01,talos-w-02,talos-gpu-01"

@@ spec.ref.tag @@
# source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph
! ± value change
- v1.20.0
+ v1.19.6

@@ data @@
# v1/ConfigMap/rook-ceph/rook-ceph-operator-config
! + one map entry added:
+ ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v6.2.0"

@@ (root level) @@
# kustomize.toolkit.fluxcd.io/v1/Kustomization/rook-ceph/rook-ceph-csi-drivers
! - one document removed:
- apiVersion: kustomize.toolkit.fluxcd.io/v1
- kind: Kustomization
- metadata:
-   name: rook-ceph-csi-drivers
-   namespace: rook-ceph
-   labels:
-     kustomize.toolkit.fluxcd.io/name: artemis-cluster
-     kustomize.toolkit.fluxcd.io/namespace: flux-system
- spec:
-   commonMetadata:
-     labels:
-       app.kubernetes.io/name: rook-ceph-csi-drivers
-   deletionPolicy: WaitForTermination
-   dependsOn:
-   - name: rook-ceph-operator
-   interval: 1h
-   patches:
-   - patch: |
-       apiVersion: helm.toolkit.fluxcd.io/v2
-       kind: HelmRelease
-       metadata:
-         name: _
-       spec:
-         install:
-           crds: CreateReplace
-           strategy:
-             name: RetryOnFailure
-         rollback:
-           cleanupOnFail: true
-           recreate: true
-         upgrade:
-           cleanupOnFail: true
-           crds: CreateReplace
-           strategy:
-             name: RemediateOnFailure
-           remediation:
-             remediateLastFailure: true
-             retries: 2
-     target:
-       kind: HelmRelease
-       group: helm.toolkit.fluxcd.io
-   path: ./kubernetes/apps/rook-ceph/rook-ceph/csi-drivers
-   prune: true
-   retryInterval: 1m
-   sourceRef:
-     name: flux-system
-     kind: GitRepository
-     namespace: flux-system
-   targetNamespace: rook-ceph
-   timeout: 10m
-   wait: true

@@ (root level) @@
# source.toolkit.fluxcd.io/v1/HelmRepository/rook-ceph/ceph-csi-operator
! - one document removed:
- apiVersion: source.toolkit.fluxcd.io/v1
- kind: HelmRepository
- metadata:
-   name: ceph-csi-operator
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/name: rook-ceph-csi-drivers
-     kustomize.toolkit.fluxcd.io/name: rook-ceph-csi-drivers
-     kustomize.toolkit.fluxcd.io/namespace: rook-ceph
- spec:
-   url: "https://ceph.github.io/ceph-csi-operator"
-   interval: 1h

@@ (root level) @@
# helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/ceph-csi-drivers
! - one document removed:
- apiVersion: helm.toolkit.fluxcd.io/v2
- kind: HelmRelease
- metadata:
-   name: ceph-csi-drivers
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/name: rook-ceph-csi-drivers
-     kustomize.toolkit.fluxcd.io/name: rook-ceph-csi-drivers
-     kustomize.toolkit.fluxcd.io/namespace: rook-ceph
- spec:
-   chart:
-     spec:
-       version: "1.0.1"
-       chart: ceph-csi-drivers
-       sourceRef:
-         name: ceph-csi-operator
-         kind: HelmRepository
-         namespace: rook-ceph
-   install:
-     crds: CreateReplace
-     strategy:
-       name: RetryOnFailure
-   interval: 1h
-   rollback:
-     cleanupOnFail: true
-     recreate: true
-   upgrade:
-     cleanupOnFail: true
-     crds: CreateReplace
-     remediation:
-       remediateLastFailure: true
-       retries: 2
-     strategy:
-       name: RemediateOnFailure
-   values:
-     cephConnections: []
-     clientProfiles: []
-     operatorConfig:
-       driverSpecDefaults:
-         controllerPlugin:
-           affinity:
-             nodeAffinity:
-               requiredDuringSchedulingIgnoredDuringExecution:
-                 nodeSelectorTerms:
-                 - matchExpressions:
-                   - key: kubernetes.io/hostname
-                     operator: In
-                     values:
-                     - talos-w-01
-                     - talos-w-02
-                     - talos-gpu-01
-         kernelMountOptions:
-           ms_mode: prefer-crc

HelmRelease diff


@@ spec.template.spec.containers.app.image @@
# apps/v1/Deployment/arcade/minecraft
! ± value change
- itzg/minecraft-server:java25@sha256:aedec598f54914646016736da9336d20b0a90f7647436111d0ab3c5f8deb482f
+ itzg/minecraft-server:java25@sha256:90c8f84b0182536804a323ef2f2c16a06b529c1d8e3469fd7e22a09e05b9e4cd

@@ data @@
# v1/ConfigMap/rook-ceph/rook-ceph-operator-config
! - two map entries removed:
- ROOK_CEPH_MON_RUN_AS_ROOT: "false"
- ROOK_DELETE_UNUSED_CRUSH_RULES: "true"
! + 45 map entries added:
+ CSI_CEPHFS_ATTACH_REQUIRED: "true"
+ CSI_CEPHFS_FSGROUPPOLICY: File
+ CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: ms_mode=prefer-crc
+ CSI_CEPHFS_PLUGIN_RESOURCE: |
+   - name : driver-registrar
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 50m
+       limits:
+         memory: 256Mi
+   - name : csi-cephfsplugin
+     resource:
+       requests:
+         memory: 512Mi
+         cpu: 250m
+       limits:
+         memory: 1Gi
+   - name : liveness-prometheus
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 50m
+       limits:
+         memory: 256Mi
+   
+ CSI_CEPHFS_PROVISIONER_RESOURCE: |
+   - name : csi-provisioner
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 100m
+       limits:
+         memory: 256Mi
+   - name : csi-resizer
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 100m
+       limits:
+         memory: 256Mi
+   - name : csi-attacher
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 100m
+       limits:
+         memory: 256Mi
+   - name : csi-snapshotter
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 100m
+       limits:
+         memory: 256Mi
+   - name : csi-cephfsplugin
+     resource:
+       requests:
+         memory: 512Mi
+         cpu: 250m
+       limits:
+         memory: 1Gi
+   - name : liveness-prometheus
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 50m
+       limits:
+         memory: 256Mi
+   
+ CSI_ENABLE_CEPHFS_SNAPSHOTTER: "true"
+ CSI_ENABLE_CROSS_NAMESPACE_VOLUME_DATA_SOURCE: "false"
+ CSI_ENABLE_CSIADDONS: "false"
+ CSI_ENABLE_ENCRYPTION: "false"
+ CSI_ENABLE_HOST_NETWORK: "true"
+ CSI_ENABLE_LIVENESS: "true"
+ CSI_ENABLE_METADATA: "false"
+ CSI_ENABLE_NFS_SNAPSHOTTER: "true"
+ CSI_ENABLE_OMAP_GENERATOR: "false"
+ CSI_ENABLE_RBD_SNAPSHOTTER: "true"
+ CSI_ENABLE_TOPOLOGY: "false"
+ CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: "true"
+ CSI_FORCE_CEPHFS_KERNEL_CLIENT: "true"
+ CSI_GRPC_TIMEOUT_SECONDS: "150"
+ CSI_NFS_ATTACH_REQUIRED: "true"
+ CSI_NFS_FSGROUPPOLICY: File
+ CSI_NFS_PLUGIN_RESOURCE: |
+   - name : driver-registrar
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 50m
+       limits:
+         memory: 256Mi
+   - name : csi-nfsplugin
+     resource:
+       requests:
+         memory: 512Mi
+         cpu: 250m
+       limits:
+         memory: 1Gi
+   
+ CSI_NFS_PROVISIONER_RESOURCE: |
+   - name : csi-provisioner
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 100m
+       limits:
+         memory: 256Mi
+   - name : csi-nfsplugin
+     resource:
+       requests:
+         memory: 512Mi
+         cpu: 250m
+       limits:
+         memory: 1Gi
+   - name : csi-attacher
+     resource:
+       requests:
+         memory: 512Mi
+         cpu: 250m
+       limits:
+         memory: 1Gi
+   
+ CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: "false"
+ CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical
+ CSI_PROVISIONER_NODE_AFFINITY: "kubernetes.io/hostname=talos-w-01,talos-w-02,talos-gpu-01"
+ CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical
+ CSI_PROVISIONER_REPLICAS: "2"
+ CSI_RBD_ATTACH_REQUIRED: "true"
+ CSI_RBD_FSGROUPPOLICY: File
+ CSI_RBD_PLUGIN_RESOURCE: |
+   - name : driver-registrar
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 50m
+       limits:
+         memory: 256Mi
+   - name : csi-rbdplugin
+     resource:
+       requests:
+         memory: 512Mi
+         cpu: 250m
+       limits:
+         memory: 1Gi
+   - name : liveness-prometheus
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 50m
+       limits:
+         memory: 256Mi
+   
+ CSI_RBD_PROVISIONER_RESOURCE: |
+   - name : csi-provisioner
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 100m
+       limits:
+         memory: 256Mi
+   - name : csi-resizer
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 100m
+       limits:
+         memory: 256Mi
+   - name : csi-attacher
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 100m
+       limits:
+         memory: 256Mi
+   - name : csi-snapshotter
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 100m
+       limits:
+         memory: 256Mi
+   - name : csi-rbdplugin
+     resource:
+       requests:
+         memory: 512Mi
+       limits:
+         memory: 1Gi
+   - name : csi-omap-generator
+     resource:
+       requests:
+         memory: 512Mi
+         cpu: 250m
+       limits:
+         memory: 1Gi
+   - name : liveness-prometheus
+     resource:
+       requests:
+         memory: 128Mi
+         cpu: 50m
+       limits:
+         memory: 256Mi
+   
+ ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.11.0"
+ ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.16.2"
+ ROOK_CSI_DISABLE_DRIVER: "false"
+ ROOK_CSI_ENABLE_CEPHFS: "true"
+ ROOK_CSI_ENABLE_NFS: "false"
+ ROOK_CSI_ENABLE_RBD: "true"
+ ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent
+ ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v6.1.1"
+ ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.16.0"
+ ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0"
+ ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0"
+ ROOK_CSIADDONS_IMAGE: "quay.io/csiaddons/k8s-sidecar:v0.14.0"
+ ROOK_USE_CSI_OPERATOR: "true"

@@ rules @@
# rbac.authorization.k8s.io/v1/ClusterRole/rook-ceph-global
! - three list entries removed:
- - resources:
-   - cephclients
-   - cephclusters
-   - cephblockpools
-   - cephfilesystems
-   - cephnfses
-   - cephnvmeofgateways
-   - cephobjectstores
-   - cephobjectstoreusers
-   - cephobjectstoreaccounts
-   - cephobjectrealms
-   - cephobjectzonegroups
-   - cephobjectzones
-   - cephbuckettopics
-   - cephbucketnotifications
-   - cephrbdmirrors
-   - cephfilesystemmirrors
-   - cephfilesystemsubvolumegroups
-   - cephblockpoolradosnamespaces
-   - cephcosidrivers
-   apiGroups:
-   - ceph.rook.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - cephclients/status
-   - cephclusters/status
-   - cephblockpools/status
-   - cephfilesystems/status
-   - cephnfses/status
-   - cephnvmeofgateways/status
-   - cephobjectstores/status
-   - cephobjectstoreusers/status
-   - cephobjectstoreaccounts/status
-   - cephobjectrealms/status
-   - cephobjectzonegroups/status
-   - cephobjectzones/status
-   - cephbuckettopics/status
-   - cephbucketnotifications/status
-   - cephrbdmirrors/status
-   - cephfilesystemmirrors/status
-   - cephfilesystemsubvolumegroups/status
-   - cephblockpoolradosnamespaces/status
-   apiGroups:
-   - ceph.rook.io
-   verbs:
-   - update
- - resources:
-   - cephclients/finalizers
-   - cephclusters/finalizers
-   - cephblockpools/finalizers
-   - cephfilesystems/finalizers
-   - cephnfses/finalizers
-   - cephnvmeofgateways/finalizers
-   - cephobjectstores/finalizers
-   - cephobjectstoreusers/finalizers
-   - cephobjectstoreaccounts/finalizers
-   - cephobjectrealms/finalizers
-   - cephobjectzonegroups/finalizers
-   - cephobjectzones/finalizers
-   - cephbuckettopics/finalizers
-   - cephbucketnotifications/finalizers
-   - cephrbdmirrors/finalizers
-   - cephfilesystemmirrors/finalizers
-   - cephfilesystemsubvolumegroups/finalizers
-   - cephblockpoolradosnamespaces/finalizers
-   apiGroups:
-   - ceph.rook.io
-   verbs:
-   - update
! + three list entries added:
+ - resources:
+   - cephclients
+   - cephclusters
+   - cephblockpools
+   - cephfilesystems
+   - cephnfses
+   - cephnvmeofgateways
+   - cephobjectstores
+   - cephobjectstoreusers
+   - cephobjectrealms
+   - cephobjectzonegroups
+   - cephobjectzones
+   - cephbuckettopics
+   - cephbucketnotifications
+   - cephrbdmirrors
+   - cephfilesystemmirrors
+   - cephfilesystemsubvolumegroups
+   - cephblockpoolradosnamespaces
+   - cephcosidrivers
+   apiGroups:
+   - ceph.rook.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+ - resources:
+   - cephclients/status
+   - cephclusters/status
+   - cephblockpools/status
+   - cephfilesystems/status
+   - cephnfses/status
+   - cephnvmeofgateways/status
+   - cephobjectstores/status
+   - cephobjectstoreusers/status
+   - cephobjectrealms/status
+   - cephobjectzonegroups/status
+   - cephobjectzones/status
+   - cephbuckettopics/status
+   - cephbucketnotifications/status
+   - cephrbdmirrors/status
+   - cephfilesystemmirrors/status
+   - cephfilesystemsubvolumegroups/status
+   - cephblockpoolradosnamespaces/status
+   apiGroups:
+   - ceph.rook.io
+   verbs:
+   - update
+ - resources:
+   - cephclients/finalizers
+   - cephclusters/finalizers
+   - cephblockpools/finalizers
+   - cephfilesystems/finalizers
+   - cephnfses/finalizers
+   - cephnvmeofgateways/finalizers
+   - cephobjectstores/finalizers
+   - cephobjectstoreusers/finalizers
+   - cephobjectrealms/finalizers
+   - cephobjectzonegroups/finalizers
+   - cephobjectzones/finalizers
+   - cephbuckettopics/finalizers
+   - cephbucketnotifications/finalizers
+   - cephrbdmirrors/finalizers
+   - cephfilesystemmirrors/finalizers
+   - cephfilesystemsubvolumegroups/finalizers
+   - cephblockpoolradosnamespaces/finalizers
+   apiGroups:
+   - ceph.rook.io
+   verbs:
+   - update

@@ subjects @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-manager-rolebinding
! - one list entry removed:
- - name: ceph-csi
-   kind: ServiceAccount
-   namespace: rook-ceph
! + one list entry added:
+ - name: ceph-csi-controller-manager
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ subjects @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-metrics-auth-rolebinding
! - one list entry removed:
- - name: ceph-csi
-   kind: ServiceAccount
-   namespace: rook-ceph
! + one list entry added:
+ - name: ceph-csi-controller-manager
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ subjects @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-leader-election-rolebinding
! - one list entry removed:
- - name: ceph-csi
-   kind: ServiceAccount
-   namespace: rook-ceph
! + one list entry added:
+ - name: ceph-csi-controller-manager
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ spec.template.spec @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! - four map entries removed:
- nodeSelector: {}
- priorityClassName: null
- tolerations: []
- topologySpreadConstraints: []

@@ spec.template.spec.containers.manager.env.CSI_SERVICE_ACCOUNT_PREFIX.value @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! ± value change
- 
+ ceph-csi-

@@ spec.template.spec.containers.manager.image @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! ± value change
- quay.io/cephcsi/ceph-csi-operator:v1.0.1
+ quay.io/cephcsi/ceph-csi-operator:v0.6.0

@@ spec.template.spec.serviceAccountName @@
# apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager
! ± value change
- ceph-csi
+ ceph-csi-controller-manager

@@ spec.template.spec.containers.rook-ceph-operator.image @@
# apps/v1/Deployment/rook-ceph/rook-ceph-operator
! ± value change
- ghcr.io/rook/ceph:v1.20.0
+ ghcr.io/rook/ceph:v1.19.6

@@ spec.template.spec.containers.rook-ceph-tools.image @@
# apps/v1/Deployment/rook-ceph/rook-ceph-tools
! ± value change
- quay.io/ceph/ceph:v20.2.1
+ quay.io/ceph/ceph:v19.2.3

@@ spec.cephVersion.image @@
# ceph.rook.io/v1/CephCluster/rook-ceph/rook-ceph
! ± value change
- quay.io/ceph/ceph:v20.2.1
+ quay.io/ceph/ceph:v19.2.3

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/cephfs-csi-ceph-com-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: cephfs-csi-ceph-com-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/cephfs-csi-ceph-com-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: cephfs-csi-ceph-com-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/nfs-csi-ceph-com-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: nfs-csi-ceph-com-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/nfs-csi-ceph-com-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: nfs-csi-ceph-com-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/nvmeof-csi-ceph-com-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: nvmeof-csi-ceph-com-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/nvmeof-csi-ceph-com-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: nvmeof-csi-ceph-com-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rbd-csi-ceph-com-ctrlplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: rbd-csi-ceph-com-ctrlplugin-sa
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rbd-csi-ceph-com-nodeplugin-sa
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: rbd-csi-ceph-com-nodeplugin-sa
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-ceph-com-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: cephfs-csi-ceph-com-ctrlplugin-cr
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - delete
-   - patch
-   - update
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupreplicationcontents
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupreplicationclasses
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-ceph-com-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: cephfs-csi-ceph-com-nodeplugin-cr
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - persistentvolumes
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/nfs-csi-ceph-com-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: nfs-csi-ceph-com-ctrlplugin-cr
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - delete
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/nfs-csi-ceph-com-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: nfs-csi-ceph-com-nodeplugin-cr
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/nvmeof-csi-ceph-com-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: nvmeof-csi-ceph-com-ctrlplugin-cr
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - delete
-   - patch
-   - update
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupreplicationcontents
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupreplicationclasses
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - subjectaccessreviews
-   apiGroups:
-   - authorization.k8s.io
-   verbs:
-   - create
- - resources:
-   - snapshotmetadataservices
-   apiGroups:
-   - cbt.storage.k8s.io
-   verbs:
-   - get
-   - list

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/nvmeof-csi-ceph-com-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: nvmeof-csi-ceph-com-nodeplugin-cr
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-ceph-com-ctrlplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: rbd-csi-ceph-com-ctrlplugin-cr
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - create
-   - delete
-   - patch
-   - update
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
-   - update
- - resources:
-   - storageclasses
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
- - resources:
-   - volumeattachments/status
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - patch
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - csinodes
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumeclaims/status
-   apiGroups:
-   - 
-   verbs:
-   - patch
- - resources:
-   - volumesnapshots
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotclasses
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumesnapshotcontents
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - patch
-   - update
- - resources:
-   - volumesnapshotcontents/status
-   apiGroups:
-   - snapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.k8s.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotclasses
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupsnapshotcontents
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
-   - update
-   - patch
- - resources:
-   - volumegroupsnapshotcontents/status
-   apiGroups:
-   - groupsnapshot.storage.openshift.io
-   verbs:
-   - update
-   - patch
- - resources:
-   - volumegroupreplicationcontents
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - volumegroupreplicationclasses
-   apiGroups:
-   - replication.storage.openshift.io
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - subjectaccessreviews
-   apiGroups:
-   - authorization.k8s.io
-   verbs:
-   - create
- - resources:
-   - snapshotmetadataservices
-   apiGroups:
-   - cbt.storage.k8s.io
-   verbs:
-   - get
-   - list

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-ceph-com-nodeplugin-cr
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
-   name: rbd-csi-ceph-com-nodeplugin-cr
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - secrets
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
-   - watch
- - resources:
-   - persistentvolumes
-   apiGroups:
-   - 
-   verbs:
-   - get
-   - list
- - resources:
-   - volumeattachments
-   apiGroups:
-   - storage.k8s.io
-   verbs:
-   - get
-   - list
- - resources:
-   - configmaps
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - serviceaccounts/token
-   apiGroups:
-   - 
-   verbs:
-   - create
- - resources:
-   - nodes
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - tokenreviews
-   apiGroups:
-   - authentication.k8s.io
-   verbs:
-   - create
- - resources:
-   - events
-   apiGroups:
-   - 
-   verbs:
-   - list
-   - watch
-   - create
-   - update
-   - patch
- - resources:
-   - persistentvolumeclaims
-   apiGroups:
-   - 
-   verbs:
-   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-ceph-com-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: cephfs-csi-ceph-com-ctrlplugin-crb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: cephfs-csi-ceph-com-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: cephfs-csi-ceph-com-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-ceph-com-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: cephfs-csi-ceph-com-nodeplugin-crb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: cephfs-csi-ceph-com-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: cephfs-csi-ceph-com-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/nfs-csi-ceph-com-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: nfs-csi-ceph-com-ctrlplugin-crb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: nfs-csi-ceph-com-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: nfs-csi-ceph-com-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/nfs-csi-ceph-com-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: nfs-csi-ceph-com-nodeplugin-crb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: nfs-csi-ceph-com-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: nfs-csi-ceph-com-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/nvmeof-csi-ceph-com-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: nvmeof-csi-ceph-com-ctrlplugin-crb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: nvmeof-csi-ceph-com-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: nvmeof-csi-ceph-com-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/nvmeof-csi-ceph-com-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: nvmeof-csi-ceph-com-nodeplugin-crb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: nvmeof-csi-ceph-com-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: nvmeof-csi-ceph-com-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-ceph-com-ctrlplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: rbd-csi-ceph-com-ctrlplugin-crb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: rbd-csi-ceph-com-ctrlplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: rbd-csi-ceph-com-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-ceph-com-nodeplugin-crb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
-   name: rbd-csi-ceph-com-nodeplugin-crb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: rbd-csi-ceph-com-nodeplugin-cr
-   apiGroup: rbac.authorization.k8s.io
-   kind: ClusterRole
- subjects:
- - name: rbd-csi-ceph-com-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/cephfs-csi-ceph-com-ctrlplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: cephfs-csi-ceph-com-ctrlplugin-r
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/cephfs-csi-ceph-com-nodeplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: cephfs-csi-ceph-com-nodeplugin-r
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/nvmeof-csi-ceph-com-ctrlplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: nvmeof-csi-ceph-com-ctrlplugin-r
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/nvmeof-csi-ceph-com-nodeplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: nvmeof-csi-ceph-com-nodeplugin-r
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rbd-csi-ceph-com-ctrlplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: rbd-csi-ceph-com-ctrlplugin-r
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - leases
-   apiGroups:
-   - coordination.k8s.io
-   verbs:
-   - get
-   - watch
-   - list
-   - delete
-   - update
-   - create
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rbd-csi-ceph-com-nodeplugin-r
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
-   name: rbd-csi-ceph-com-nodeplugin-r
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- rules:
- - resources:
-   - csiaddonsnodes
-   apiGroups:
-   - csiaddons.openshift.io
-   verbs:
-   - get
-   - watch
-   - list
-   - create
-   - update
-   - delete
- - resources:
-   - pods
-   apiGroups:
-   - 
-   verbs:
-   - get
- - resources:
-   - replicasets
-   apiGroups:
-   - apps
-   verbs:
-   - get
- - resources:
-   - deployments/finalizers
-   - daemonsets/finalizers
-   apiGroups:
-   - apps
-   verbs:
-   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/cephfs-csi-ceph-com-ctrlplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: cephfs-csi-ceph-com-ctrlplugin-rb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: cephfs-csi-ceph-com-ctrlplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: cephfs-csi-ceph-com-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/cephfs-csi-ceph-com-nodeplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: cephfs-csi-ceph-com-nodeplugin-rb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: cephfs-csi-ceph-com-nodeplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: cephfs-csi-ceph-com-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/nvmeof-csi-ceph-com-ctrlplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: nvmeof-csi-ceph-com-ctrlplugin-rb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: nvmeof-csi-ceph-com-ctrlplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: nvmeof-csi-ceph-com-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/nvmeof-csi-ceph-com-nodeplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: nvmeof-csi-ceph-com-nodeplugin-rb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: nvmeof-csi-ceph-com-nodeplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: nvmeof-csi-ceph-com-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rbd-csi-ceph-com-ctrlplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: rbd-csi-ceph-com-ctrlplugin-rb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: rbd-csi-ceph-com-ctrlplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: rbd-csi-ceph-com-ctrlplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rbd-csi-ceph-com-nodeplugin-rb
! - one document removed:
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
-   name: rbd-csi-ceph-com-nodeplugin-rb
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- roleRef:
-   name: rbd-csi-ceph-com-nodeplugin-r
-   apiGroup: rbac.authorization.k8s.io
-   kind: Role
- subjects:
- - name: rbd-csi-ceph-com-nodeplugin-sa
-   kind: ServiceAccount
-   namespace: rook-ceph

@@ (root level) @@
# csi.ceph.io/v1/Driver/rook-ceph/cephfs.csi.ceph.com
! - one document removed:
- apiVersion: csi.ceph.io/v1
- kind: Driver
- metadata:
-   name: cephfs.csi.ceph.com
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- spec:
-   attachRequired: true
-   cephFsClientType: kernel
-   controllerPlugin:
-     hostNetwork: false
-     privileged: false
-     replicas: 1
-     serviceAccountName: cephfs-csi-ceph-com-ctrlplugin-sa
-     tolerations: []
-     volumes: []
-   deployCsiAddons: false
-   enableFencing: false
-   fsGroupPolicy: None
-   fuseMountOptions: {}
-   generateOMapInfo: false
-   grpcTimeout: 30
-   kernelMountOptions: {}
-   log:
-     rotation:
-       maxFiles: 7
-       maxLogSize: 10Gi
-       periodicity: daily
-     verbosity: 0
-   nodePlugin:
-     imagePullPolicy: IfNotPresent
-     serviceAccountName: cephfs-csi-ceph-com-nodeplugin-sa
-     tolerations: []
-     volumes: []
-   snapshotPolicy: volumeSnapshot

@@ (root level) @@
# csi.ceph.io/v1/Driver/rook-ceph/nfs.csi.ceph.com
! - one document removed:
- apiVersion: csi.ceph.io/v1
- kind: Driver
- metadata:
-   name: nfs.csi.ceph.com
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- spec:
-   attachRequired: true
-   cephFsClientType: kernel
-   controllerPlugin:
-     hostNetwork: false
-     privileged: false
-     replicas: 1
-     serviceAccountName: nfs-csi-ceph-com-ctrlplugin-sa
-     tolerations: []
-     volumes: []
-   deployCsiAddons: false
-   enableFencing: false
-   fsGroupPolicy: None
-   fuseMountOptions: {}
-   generateOMapInfo: false
-   grpcTimeout: 30
-   kernelMountOptions: {}
-   log:
-     rotation:
-       maxFiles: 7
-       maxLogSize: 10Gi
-       periodicity: daily
-     verbosity: 0
-   nodePlugin:
-     imagePullPolicy: IfNotPresent
-     serviceAccountName: nfs-csi-ceph-com-nodeplugin-sa
-     tolerations: []
-     volumes: []
-   snapshotPolicy: volumeSnapshot

@@ (root level) @@
# csi.ceph.io/v1/Driver/rook-ceph/nvmeof.csi.ceph.com
! - one document removed:
- apiVersion: csi.ceph.io/v1
- kind: Driver
- metadata:
-   name: nvmeof.csi.ceph.com
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- spec:
-   attachRequired: true
-   cephFsClientType: kernel
-   controllerPlugin:
-     hostNetwork: false
-     privileged: false
-     replicas: 1
-     serviceAccountName: nvmeof-csi-ceph-com-ctrlplugin-sa
-     tolerations: []
-     volumes: []
-   deployCsiAddons: false
-   enableFencing: false
-   fsGroupPolicy: File
-   fuseMountOptions: {}
-   generateOMapInfo: false
-   grpcTimeout: 30
-   kernelMountOptions: {}
-   log:
-     rotation:
-       maxFiles: 7
-       maxLogSize: 10Gi
-       periodicity: daily
-     verbosity: 0
-   nodePlugin:
-     imagePullPolicy: IfNotPresent
-     serviceAccountName: nvmeof-csi-ceph-com-nodeplugin-sa
-     tolerations: []
-     volumes: []
-   snapshotPolicy: none

@@ (root level) @@
# csi.ceph.io/v1/Driver/rook-ceph/rbd.csi.ceph.com
! - one document removed:
- apiVersion: csi.ceph.io/v1
- kind: Driver
- metadata:
-   name: rbd.csi.ceph.com
-   namespace: rook-ceph
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- spec:
-   attachRequired: true
-   cephFsClientType: kernel
-   controllerPlugin:
-     hostNetwork: false
-     privileged: false
-     replicas: 1
-     serviceAccountName: rbd-csi-ceph-com-ctrlplugin-sa
-     tolerations: []
-     volumes: []
-   deployCsiAddons: false
-   enableFencing: false
-   fsGroupPolicy: File
-   fuseMountOptions: {}
-   generateOMapInfo: false
-   grpcTimeout: 30
-   kernelMountOptions: {}
-   log:
-     rotation:
-       maxFiles: 7
-       maxLogSize: 10Gi
-       periodicity: daily
-     verbosity: 0
-   nodePlugin:
-     imagePullPolicy: IfNotPresent
-     serviceAccountName: rbd-csi-ceph-com-nodeplugin-sa
-     tolerations: []
-     volumes: []
-   snapshotPolicy: none

@@ (root level) @@
# csi.ceph.io/v1/OperatorConfig/null/ceph-csi-operator-config
! - one document removed:
- apiVersion: csi.ceph.io/v1
- kind: OperatorConfig
- metadata:
-   name: ceph-csi-operator-config
-   namespace: null
-   labels:
-     helm.toolkit.fluxcd.io/name: ceph-csi-drivers
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- spec:
-   driverSpecDefaults:
-     attachRequired: true
-     cephFsClientType: kernel
-     controllerPlugin:
-       affinity:
-         nodeAffinity:
-           requiredDuringSchedulingIgnoredDuringExecution:
-             nodeSelectorTerms:
-             - matchExpressions:
-               - key: kubernetes.io/hostname
-                 operator: In
-                 values:
-                 - talos-w-01
-                 - talos-w-02
-                 - talos-gpu-01
-       hostNetwork: false
-       imagePullPolicy: IfNotPresent
-       privileged: false
-       replicas: 1
-       tolerations: []
-       volumes: []
-     deployCsiAddons: false
-     enableFencing: false
-     fsGroupPolicy: File
-     fuseMountOptions: {}
-     generateOMapInfo: false
-     grpcTimeout: 30
-     kernelMountOptions:
-       ms_mode: prefer-crc
-     log:
-       rotation:
-         maxFiles: 7
-         maxLogSize: 10Gi
-         periodicity: daily
-       verbosity: 0
-     nodePlugin:
-       imagePullPolicy: IfNotPresent
-       kubeletDirPath: /var/lib/kubelet
-       tolerations: []
-       volumes: []
-     snapshotPolicy: none

@@ (root level) @@
# v1/ServiceAccount/ceph-csi
! - one document removed:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
-   name: ceph-csi
-   labels:
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: ceph-csi
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
- automountServiceAccountToken: true

@@ (root level) @@
# v1/ConfigMap/rook-ceph/rook-csi-operator-image-set-configmap
! - one document removed:
- apiVersion: v1
- kind: ConfigMap
- metadata:
-   name: rook-csi-operator-image-set-configmap
-   namespace: rook-ceph
-   labels:
-     app.kubernetes.io/created-by: helm
-     app.kubernetes.io/instance: rook-ceph
-     app.kubernetes.io/managed-by: Helm
-     app.kubernetes.io/name: rook-ceph
-     app.kubernetes.io/part-of: rook-ceph-operator
-     helm.toolkit.fluxcd.io/name: rook-ceph
-     helm.toolkit.fluxcd.io/namespace: rook-ceph
-     operator: rook
-     storage-backend: ceph
- data:
-   addons: "quay.io/csiaddons/k8s-sidecar:v0.14.0"
-   attacher: "registry.k8s.io/sig-storage/csi-attacher:v4.12.0"
-   plugin: "quay.io/cephcsi/cephcsi:v3.17.0"
-   provisioner: "registry.k8s.io/sig-storage/csi-provisioner:v6.2.0"
-   registrar: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.17.0"
-   resizer: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0"
-   snapshotter: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0"

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-ctrlplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi-cephfs-ctrlplugin-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-nodeplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi-cephfs-nodeplugin-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-controller-manager
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi-controller-manager
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nfs-ctrlplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi-nfs-ctrlplugin-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nfs-nodeplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi-nfs-nodeplugin-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-ctrlplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi-nvmeof-ctrlplugin-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-nodeplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi-nvmeof-nodeplugin-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-rbd-ctrlplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi-rbd-ctrlplugin-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/ceph-csi-rbd-nodeplugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ceph-csi-rbd-nodeplugin-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-cephfs-plugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: rook-csi-cephfs-plugin-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-cephfs-provisioner-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: rook-csi-cephfs-provisioner-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-rbd-plugin-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: rook-csi-rbd-plugin-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph

@@ (root level) @@
# v1/ServiceAccount/rook-ceph/rook-csi-rbd-provisioner-sa
! + one document added:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: rook-csi-rbd-provisioner-sa
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-ctrlplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: ceph-csi-cephfs-ctrlplugin-cr
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - csinodes
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - delete
+   - patch
+   - update
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - storageclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+ - resources:
+   - volumeattachments/status
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - patch
+ - resources:
+   - persistentvolumeclaims/status
+   apiGroups:
+   - 
+   verbs:
+   - patch
+ - resources:
+   - volumesnapshots
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+ - resources:
+   - volumesnapshotclasses
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotcontents
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - volumesnapshotcontents/status
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create
+ - resources:
+   - volumeattributesclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-nodeplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: ceph-csi-cephfs-nodeplugin-cr
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - persistentvolumes
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-ctrlplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: ceph-csi-nfs-ctrlplugin-cr
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - update
+   - delete
+   - patch
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - storageclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - csinodes
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - leases
+   apiGroups:
+   - coordination.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - volumesnapshotclasses
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotcontents
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumesnapshotcontents/status
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumesnapshots
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+ - resources:
+   - persistentvolumeclaims/status
+   apiGroups:
+   - 
+   verbs:
+   - patch
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+ - resources:
+   - volumeattachments/status
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - patch
+ - resources:
+   - volumeattributesclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-nodeplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: ceph-csi-nfs-nodeplugin-cr
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-ctrlplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: ceph-csi-nvmeof-ctrlplugin-cr
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - delete
+   - patch
+   - update
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+ - resources:
+   - storageclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+ - resources:
+   - volumeattachments/status
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - patch
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - csinodes
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumeclaims/status
+   apiGroups:
+   - 
+   verbs:
+   - patch
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create
+ - resources:
+   - subjectaccessreviews
+   apiGroups:
+   - authorization.k8s.io
+   verbs:
+   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-nodeplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: ceph-csi-nvmeof-nodeplugin-cr
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-ctrlplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: ceph-csi-rbd-ctrlplugin-cr
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - delete
+   - patch
+   - update
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+ - resources:
+   - storageclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+ - resources:
+   - volumeattachments/status
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - patch
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - csinodes
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumeclaims/status
+   apiGroups:
+   - 
+   verbs:
+   - patch
+ - resources:
+   - volumesnapshots
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotclasses
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotcontents
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - volumesnapshotcontents/status
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.openshift.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupreplicationcontents
+   apiGroups:
+   - replication.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupreplicationclasses
+   apiGroups:
+   - replication.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create
+ - resources:
+   - subjectaccessreviews
+   apiGroups:
+   - authorization.k8s.io
+   verbs:
+   - create
+ - resources:
+   - snapshotmetadataservices
+   apiGroups:
+   - cbt.storage.k8s.io
+   verbs:
+   - get
+   - list
+ - resources:
+   - volumeattributesclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-nodeplugin-cr
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: ceph-csi-rbd-nodeplugin-cr
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-nodeplugin
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: cephfs-csi-nodeplugin
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ rules:
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/cephfs-external-provisioner-runner
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: cephfs-external-provisioner-runner
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - csinodes
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - update
+   - delete
+   - patch
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - storageclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - events
+   apiGroups:
+   - events.k8s.io
+   verbs:
+   - create
+   - patch
+   - update
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+ - resources:
+   - volumeattachments/status
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - patch
+ - resources:
+   - persistentvolumeclaims/status
+   apiGroups:
+   - 
+   verbs:
+   - patch
+ - resources:
+   - volumesnapshots
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotclasses
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotcontents
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - volumesnapshotcontents/status
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-nodeplugin
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: rbd-csi-nodeplugin
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRole/rbd-external-provisioner-runner
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: rbd-external-provisioner-runner
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ rules:
+ - resources:
+   - secrets
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - create
+   - update
+   - delete
+   - patch
+ - resources:
+   - persistentvolumeclaims
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+ - resources:
+   - storageclasses
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - events
+   apiGroups:
+   - 
+   verbs:
+   - list
+   - watch
+   - create
+   - update
+   - patch
+ - resources:
+   - events
+   apiGroups:
+   - events.k8s.io
+   verbs:
+   - create
+   - patch
+   - update
+ - resources:
+   - volumeattachments
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+ - resources:
+   - volumeattachments/status
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - patch
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - csinodes
+   apiGroups:
+   - storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - persistentvolumeclaims/status
+   apiGroups:
+   - 
+   verbs:
+   - patch
+ - resources:
+   - volumesnapshots
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotclasses
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumesnapshotcontents
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - patch
+   - update
+ - resources:
+   - volumesnapshotcontents/status
+   apiGroups:
+   - snapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotclasses
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupsnapshotcontents
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+   - update
+   - patch
+ - resources:
+   - volumegroupsnapshotcontents/status
+   apiGroups:
+   - groupsnapshot.storage.k8s.io
+   verbs:
+   - update
+   - patch
+ - resources:
+   - configmaps
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - serviceaccounts/token
+   apiGroups:
+   - 
+   verbs:
+   - create
+ - resources:
+   - nodes
+   apiGroups:
+   - 
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - referencegrants
+   apiGroups:
+   - gateway.networking.k8s.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupreplicationcontents
+   apiGroups:
+   - replication.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - volumegroupreplicationclasses
+   apiGroups:
+   - replication.storage.openshift.io
+   verbs:
+   - get
+   - list
+   - watch
+ - resources:
+   - tokenreviews
+   apiGroups:
+   - authentication.k8s.io
+   verbs:
+   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-ctrlplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: ceph-csi-cephfs-ctrlplugin-crb
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-cephfs-ctrlplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: ceph-csi-cephfs-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-nodeplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: ceph-csi-cephfs-nodeplugin-crb
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-cephfs-nodeplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: ceph-csi-cephfs-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-ctrlplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: ceph-csi-nfs-ctrlplugin-crb
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-nfs-ctrlplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: ceph-csi-nfs-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-nodeplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: ceph-csi-nfs-nodeplugin-crb
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-nfs-nodeplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: ceph-csi-nfs-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-ctrlplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: ceph-csi-nvmeof-ctrlplugin-crb
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-nvmeof-ctrlplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: ceph-csi-nvmeof-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-nodeplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: ceph-csi-nvmeof-nodeplugin-crb
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-nvmeof-nodeplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: ceph-csi-nvmeof-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-ctrlplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: ceph-csi-rbd-ctrlplugin-crb
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-rbd-ctrlplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: ceph-csi-rbd-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-nodeplugin-crb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: ceph-csi-rbd-nodeplugin-crb
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-rbd-nodeplugin-cr
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: ceph-csi-rbd-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-nodeplugin
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: rbd-csi-nodeplugin
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ roleRef:
+   name: rbd-csi-nodeplugin
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: rook-csi-rbd-plugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-provisioner-role
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: cephfs-csi-provisioner-role
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ roleRef:
+   name: cephfs-external-provisioner-runner
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: rook-csi-cephfs-provisioner-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-nodeplugin-role
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: cephfs-csi-nodeplugin-role
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ roleRef:
+   name: cephfs-csi-nodeplugin
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: rook-csi-cephfs-plugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-provisioner-role
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: rbd-csi-provisioner-role
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ roleRef:
+   name: rbd-external-provisioner-runner
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+ subjects:
+ - name: rook-csi-rbd-provisioner-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-ctrlplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: ceph-csi-cephfs-ctrlplugin-r
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - leases
+   apiGroups:
+   - coordination.k8s.io
+   verbs:
+   - get
+   - watch
+   - list
+   - delete
+   - update
+   - create
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-nodeplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: ceph-csi-cephfs-nodeplugin-r
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-ctrlplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: ceph-csi-nvmeof-ctrlplugin-r
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - leases
+   apiGroups:
+   - coordination.k8s.io
+   verbs:
+   - get
+   - watch
+   - list
+   - delete
+   - update
+   - create
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-nodeplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: ceph-csi-nvmeof-nodeplugin-r
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-ctrlplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: ceph-csi-rbd-ctrlplugin-r
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - leases
+   apiGroups:
+   - coordination.k8s.io
+   verbs:
+   - get
+   - watch
+   - list
+   - delete
+   - update
+   - create
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-nodeplugin-r
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: ceph-csi-rbd-nodeplugin-r
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ rules:
+ - resources:
+   - csiaddonsnodes
+   apiGroups:
+   - csiaddons.openshift.io
+   verbs:
+   - get
+   - watch
+   - list
+   - create
+   - update
+   - delete
+ - resources:
+   - pods
+   apiGroups:
+   - 
+   verbs:
+   - get
+ - resources:
+   - replicasets
+   apiGroups:
+   - apps
+   verbs:
+   - get
+ - resources:
+   - deployments/finalizers
+   - daemonsets/finalizers
+   apiGroups:
+   - apps
+   verbs:
+   - update

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/cephfs-external-provisioner-cfg
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: cephfs-external-provisioner-cfg
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ rules:
+ - resources:
+   - leases
+   apiGroups:
+   - coordination.k8s.io
+   verbs:
+   - get
+   - watch
+   - list
+   - delete
+   - update
+   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/Role/rook-ceph/rbd-external-provisioner-cfg
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: rbd-external-provisioner-cfg
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ rules:
+ - resources:
+   - leases
+   apiGroups:
+   - coordination.k8s.io
+   verbs:
+   - get
+   - watch
+   - list
+   - delete
+   - update
+   - create

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-ctrlplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: ceph-csi-cephfs-ctrlplugin-rb
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-cephfs-ctrlplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: ceph-csi-cephfs-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-nodeplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: ceph-csi-cephfs-nodeplugin-rb
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-cephfs-nodeplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: ceph-csi-cephfs-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-ctrlplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: ceph-csi-nvmeof-ctrlplugin-rb
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-nvmeof-ctrlplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: ceph-csi-nvmeof-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-nodeplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: ceph-csi-nvmeof-nodeplugin-rb
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-nvmeof-nodeplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: ceph-csi-nvmeof-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-ctrlplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: ceph-csi-rbd-ctrlplugin-rb
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-rbd-ctrlplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: ceph-csi-rbd-ctrlplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-nodeplugin-rb
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: ceph-csi-rbd-nodeplugin-rb
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: ceph-csi
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+ roleRef:
+   name: ceph-csi-rbd-nodeplugin-r
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: ceph-csi-rbd-nodeplugin-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/cephfs-csi-provisioner-role-cfg
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: cephfs-csi-provisioner-role-cfg
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ roleRef:
+   name: cephfs-external-provisioner-cfg
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: rook-csi-cephfs-provisioner-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

@@ (root level) @@
# rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/rbd-csi-provisioner-role-cfg
! + one document added:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: rbd-csi-provisioner-role-cfg
+   namespace: rook-ceph
+   labels:
+     app.kubernetes.io/created-by: helm
+     app.kubernetes.io/instance: rook-ceph
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/name: rook-ceph
+     app.kubernetes.io/part-of: rook-ceph-operator
+     helm.toolkit.fluxcd.io/name: rook-ceph
+     helm.toolkit.fluxcd.io/namespace: rook-ceph
+     operator: rook
+     storage-backend: ceph
+ roleRef:
+   name: rbd-external-provisioner-cfg
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+ subjects:
+ - name: rook-csi-rbd-provisioner-sa
+   kind: ServiceAccount
+   namespace: rook-ceph

_{Diff created by flate — Workflow run}

<details open><summary>Kustomization diff</summary> ```diff @@ spec.values.controllers.minecraft.containers.app.image.tag @@ # helm.toolkit.fluxcd.io/v2/HelmRelease/arcade/minecraft ! ± value change - java25@sha256:aedec598f54914646016736da9336d20b0a90f7647436111d0ab3c5f8deb482f + java25@sha256:90c8f84b0182536804a323ef2f2c16a06b529c1d8e3469fd7e22a09e05b9e4cd @@ spec.dependsOn @@ # kustomize.toolkit.fluxcd.io/v1/Kustomization/rook-ceph/rook-ceph-cluster ! - one list entry removed: - - name: rook-ceph-csi-drivers @@ spec.ref.tag @@ # source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph-cluster ! ± value change - v1.20.0 + v1.19.6 @@ spec.upgrade @@ # helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/rook-ceph-cluster ! - one map entry removed: - timeout: 30m @@ spec.values @@ # helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/rook-ceph-cluster ! - one map entry removed: - cephImage: - repository: quay.io/ceph/ceph - tag: v20.2.1 @@ spec.values.csi @@ # helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/rook-ceph ! + three map entries added: + cephFSKernelMountOptions: ms_mode=prefer-crc + enableLiveness: true + provisionerNodeAffinity: "kubernetes.io/hostname=talos-w-01,talos-w-02,talos-gpu-01" @@ spec.ref.tag @@ # source.toolkit.fluxcd.io/v1/OCIRepository/rook-ceph/rook-ceph ! ± value change - v1.20.0 + v1.19.6 @@ data @@ # v1/ConfigMap/rook-ceph/rook-ceph-operator-config ! + one map entry added: + ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v6.2.0" @@ (root level) @@ # kustomize.toolkit.fluxcd.io/v1/Kustomization/rook-ceph/rook-ceph-csi-drivers ! - one document removed: - apiVersion: kustomize.toolkit.fluxcd.io/v1 - kind: Kustomization - metadata: - name: rook-ceph-csi-drivers - namespace: rook-ceph - labels: - kustomize.toolkit.fluxcd.io/name: artemis-cluster - kustomize.toolkit.fluxcd.io/namespace: flux-system - spec: - commonMetadata: - labels: - app.kubernetes.io/name: rook-ceph-csi-drivers - deletionPolicy: WaitForTermination - dependsOn: - - name: rook-ceph-operator - interval: 1h - patches: - - patch: | - apiVersion: helm.toolkit.fluxcd.io/v2 - kind: HelmRelease - metadata: - name: _ - spec: - install: - crds: CreateReplace - strategy: - name: RetryOnFailure - rollback: - cleanupOnFail: true - recreate: true - upgrade: - cleanupOnFail: true - crds: CreateReplace - strategy: - name: RemediateOnFailure - remediation: - remediateLastFailure: true - retries: 2 - target: - kind: HelmRelease - group: helm.toolkit.fluxcd.io - path: ./kubernetes/apps/rook-ceph/rook-ceph/csi-drivers - prune: true - retryInterval: 1m - sourceRef: - name: flux-system - kind: GitRepository - namespace: flux-system - targetNamespace: rook-ceph - timeout: 10m - wait: true @@ (root level) @@ # source.toolkit.fluxcd.io/v1/HelmRepository/rook-ceph/ceph-csi-operator ! - one document removed: - apiVersion: source.toolkit.fluxcd.io/v1 - kind: HelmRepository - metadata: - name: ceph-csi-operator - namespace: rook-ceph - labels: - app.kubernetes.io/name: rook-ceph-csi-drivers - kustomize.toolkit.fluxcd.io/name: rook-ceph-csi-drivers - kustomize.toolkit.fluxcd.io/namespace: rook-ceph - spec: - url: "https://ceph.github.io/ceph-csi-operator" - interval: 1h @@ (root level) @@ # helm.toolkit.fluxcd.io/v2/HelmRelease/rook-ceph/ceph-csi-drivers ! - one document removed: - apiVersion: helm.toolkit.fluxcd.io/v2 - kind: HelmRelease - metadata: - name: ceph-csi-drivers - namespace: rook-ceph - labels: - app.kubernetes.io/name: rook-ceph-csi-drivers - kustomize.toolkit.fluxcd.io/name: rook-ceph-csi-drivers - kustomize.toolkit.fluxcd.io/namespace: rook-ceph - spec: - chart: - spec: - version: "1.0.1" - chart: ceph-csi-drivers - sourceRef: - name: ceph-csi-operator - kind: HelmRepository - namespace: rook-ceph - install: - crds: CreateReplace - strategy: - name: RetryOnFailure - interval: 1h - rollback: - cleanupOnFail: true - recreate: true - upgrade: - cleanupOnFail: true - crds: CreateReplace - remediation: - remediateLastFailure: true - retries: 2 - strategy: - name: RemediateOnFailure - values: - cephConnections: [] - clientProfiles: [] - operatorConfig: - driverSpecDefaults: - controllerPlugin: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - talos-w-01 - - talos-w-02 - - talos-gpu-01 - kernelMountOptions: - ms_mode: prefer-crc ``` </details> <details open><summary>HelmRelease diff</summary> ```diff @@ spec.template.spec.containers.app.image @@ # apps/v1/Deployment/arcade/minecraft ! ± value change - itzg/minecraft-server:java25@sha256:aedec598f54914646016736da9336d20b0a90f7647436111d0ab3c5f8deb482f + itzg/minecraft-server:java25@sha256:90c8f84b0182536804a323ef2f2c16a06b529c1d8e3469fd7e22a09e05b9e4cd @@ data @@ # v1/ConfigMap/rook-ceph/rook-ceph-operator-config ! - two map entries removed: - ROOK_CEPH_MON_RUN_AS_ROOT: "false" - ROOK_DELETE_UNUSED_CRUSH_RULES: "true" ! + 45 map entries added: + CSI_CEPHFS_ATTACH_REQUIRED: "true" + CSI_CEPHFS_FSGROUPPOLICY: File + CSI_CEPHFS_KERNEL_MOUNT_OPTIONS: ms_mode=prefer-crc + CSI_CEPHFS_PLUGIN_RESOURCE: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + - name : csi-cephfsplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + + CSI_CEPHFS_PROVISIONER_RESOURCE: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + - name : csi-resizer + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + - name : csi-attacher + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + - name : csi-snapshotter + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + - name : csi-cephfsplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + + CSI_ENABLE_CEPHFS_SNAPSHOTTER: "true" + CSI_ENABLE_CROSS_NAMESPACE_VOLUME_DATA_SOURCE: "false" + CSI_ENABLE_CSIADDONS: "false" + CSI_ENABLE_ENCRYPTION: "false" + CSI_ENABLE_HOST_NETWORK: "true" + CSI_ENABLE_LIVENESS: "true" + CSI_ENABLE_METADATA: "false" + CSI_ENABLE_NFS_SNAPSHOTTER: "true" + CSI_ENABLE_OMAP_GENERATOR: "false" + CSI_ENABLE_RBD_SNAPSHOTTER: "true" + CSI_ENABLE_TOPOLOGY: "false" + CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: "true" + CSI_FORCE_CEPHFS_KERNEL_CLIENT: "true" + CSI_GRPC_TIMEOUT_SECONDS: "150" + CSI_NFS_ATTACH_REQUIRED: "true" + CSI_NFS_FSGROUPPOLICY: File + CSI_NFS_PLUGIN_RESOURCE: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + - name : csi-nfsplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + + CSI_NFS_PROVISIONER_RESOURCE: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + - name : csi-nfsplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + - name : csi-attacher + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + + CSI_PLUGIN_ENABLE_SELINUX_HOST_MOUNT: "false" + CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical + CSI_PROVISIONER_NODE_AFFINITY: "kubernetes.io/hostname=talos-w-01,talos-w-02,talos-gpu-01" + CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical + CSI_PROVISIONER_REPLICAS: "2" + CSI_RBD_ATTACH_REQUIRED: "true" + CSI_RBD_FSGROUPPOLICY: File + CSI_RBD_PLUGIN_RESOURCE: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + - name : csi-rbdplugin + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + + CSI_RBD_PROVISIONER_RESOURCE: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + - name : csi-resizer + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + - name : csi-attacher + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + - name : csi-snapshotter + resource: + requests: + memory: 128Mi + cpu: 100m + limits: + memory: 256Mi + - name : csi-rbdplugin + resource: + requests: + memory: 512Mi + limits: + memory: 1Gi + - name : csi-omap-generator + resource: + requests: + memory: 512Mi + cpu: 250m + limits: + memory: 1Gi + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + + ROOK_CSI_ATTACHER_IMAGE: "registry.k8s.io/sig-storage/csi-attacher:v4.11.0" + ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.16.2" + ROOK_CSI_DISABLE_DRIVER: "false" + ROOK_CSI_ENABLE_CEPHFS: "true" + ROOK_CSI_ENABLE_NFS: "false" + ROOK_CSI_ENABLE_RBD: "true" + ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent + ROOK_CSI_PROVISIONER_IMAGE: "registry.k8s.io/sig-storage/csi-provisioner:v6.1.1" + ROOK_CSI_REGISTRAR_IMAGE: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.16.0" + ROOK_CSI_RESIZER_IMAGE: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0" + ROOK_CSI_SNAPSHOTTER_IMAGE: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0" + ROOK_CSIADDONS_IMAGE: "quay.io/csiaddons/k8s-sidecar:v0.14.0" + ROOK_USE_CSI_OPERATOR: "true" @@ rules @@ # rbac.authorization.k8s.io/v1/ClusterRole/rook-ceph-global ! - three list entries removed: - - resources: - - cephclients - - cephclusters - - cephblockpools - - cephfilesystems - - cephnfses - - cephnvmeofgateways - - cephobjectstores - - cephobjectstoreusers - - cephobjectstoreaccounts - - cephobjectrealms - - cephobjectzonegroups - - cephobjectzones - - cephbuckettopics - - cephbucketnotifications - - cephrbdmirrors - - cephfilesystemmirrors - - cephfilesystemsubvolumegroups - - cephblockpoolradosnamespaces - - cephcosidrivers - apiGroups: - - ceph.rook.io - verbs: - - get - - list - - watch - - update - - resources: - - cephclients/status - - cephclusters/status - - cephblockpools/status - - cephfilesystems/status - - cephnfses/status - - cephnvmeofgateways/status - - cephobjectstores/status - - cephobjectstoreusers/status - - cephobjectstoreaccounts/status - - cephobjectrealms/status - - cephobjectzonegroups/status - - cephobjectzones/status - - cephbuckettopics/status - - cephbucketnotifications/status - - cephrbdmirrors/status - - cephfilesystemmirrors/status - - cephfilesystemsubvolumegroups/status - - cephblockpoolradosnamespaces/status - apiGroups: - - ceph.rook.io - verbs: - - update - - resources: - - cephclients/finalizers - - cephclusters/finalizers - - cephblockpools/finalizers - - cephfilesystems/finalizers - - cephnfses/finalizers - - cephnvmeofgateways/finalizers - - cephobjectstores/finalizers - - cephobjectstoreusers/finalizers - - cephobjectstoreaccounts/finalizers - - cephobjectrealms/finalizers - - cephobjectzonegroups/finalizers - - cephobjectzones/finalizers - - cephbuckettopics/finalizers - - cephbucketnotifications/finalizers - - cephrbdmirrors/finalizers - - cephfilesystemmirrors/finalizers - - cephfilesystemsubvolumegroups/finalizers - - cephblockpoolradosnamespaces/finalizers - apiGroups: - - ceph.rook.io - verbs: - - update ! + three list entries added: + - resources: + - cephclients + - cephclusters + - cephblockpools + - cephfilesystems + - cephnfses + - cephnvmeofgateways + - cephobjectstores + - cephobjectstoreusers + - cephobjectrealms + - cephobjectzonegroups + - cephobjectzones + - cephbuckettopics + - cephbucketnotifications + - cephrbdmirrors + - cephfilesystemmirrors + - cephfilesystemsubvolumegroups + - cephblockpoolradosnamespaces + - cephcosidrivers + apiGroups: + - ceph.rook.io + verbs: + - get + - list + - watch + - update + - resources: + - cephclients/status + - cephclusters/status + - cephblockpools/status + - cephfilesystems/status + - cephnfses/status + - cephnvmeofgateways/status + - cephobjectstores/status + - cephobjectstoreusers/status + - cephobjectrealms/status + - cephobjectzonegroups/status + - cephobjectzones/status + - cephbuckettopics/status + - cephbucketnotifications/status + - cephrbdmirrors/status + - cephfilesystemmirrors/status + - cephfilesystemsubvolumegroups/status + - cephblockpoolradosnamespaces/status + apiGroups: + - ceph.rook.io + verbs: + - update + - resources: + - cephclients/finalizers + - cephclusters/finalizers + - cephblockpools/finalizers + - cephfilesystems/finalizers + - cephnfses/finalizers + - cephnvmeofgateways/finalizers + - cephobjectstores/finalizers + - cephobjectstoreusers/finalizers + - cephobjectrealms/finalizers + - cephobjectzonegroups/finalizers + - cephobjectzones/finalizers + - cephbuckettopics/finalizers + - cephbucketnotifications/finalizers + - cephrbdmirrors/finalizers + - cephfilesystemmirrors/finalizers + - cephfilesystemsubvolumegroups/finalizers + - cephblockpoolradosnamespaces/finalizers + apiGroups: + - ceph.rook.io + verbs: + - update @@ subjects @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-manager-rolebinding ! - one list entry removed: - - name: ceph-csi - kind: ServiceAccount - namespace: rook-ceph ! + one list entry added: + - name: ceph-csi-controller-manager + kind: ServiceAccount + namespace: rook-ceph @@ subjects @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-metrics-auth-rolebinding ! - one list entry removed: - - name: ceph-csi - kind: ServiceAccount - namespace: rook-ceph ! + one list entry added: + - name: ceph-csi-controller-manager + kind: ServiceAccount + namespace: rook-ceph @@ subjects @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-leader-election-rolebinding ! - one list entry removed: - - name: ceph-csi - kind: ServiceAccount - namespace: rook-ceph ! + one list entry added: + - name: ceph-csi-controller-manager + kind: ServiceAccount + namespace: rook-ceph @@ spec.template.spec @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! - four map entries removed: - nodeSelector: {} - priorityClassName: null - tolerations: [] - topologySpreadConstraints: [] @@ spec.template.spec.containers.manager.env.CSI_SERVICE_ACCOUNT_PREFIX.value @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! ± value change - + ceph-csi- @@ spec.template.spec.containers.manager.image @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! ± value change - quay.io/cephcsi/ceph-csi-operator:v1.0.1 + quay.io/cephcsi/ceph-csi-operator:v0.6.0 @@ spec.template.spec.serviceAccountName @@ # apps/v1/Deployment/rook-ceph/ceph-csi-controller-manager ! ± value change - ceph-csi + ceph-csi-controller-manager @@ spec.template.spec.containers.rook-ceph-operator.image @@ # apps/v1/Deployment/rook-ceph/rook-ceph-operator ! ± value change - ghcr.io/rook/ceph:v1.20.0 + ghcr.io/rook/ceph:v1.19.6 @@ spec.template.spec.containers.rook-ceph-tools.image @@ # apps/v1/Deployment/rook-ceph/rook-ceph-tools ! ± value change - quay.io/ceph/ceph:v20.2.1 + quay.io/ceph/ceph:v19.2.3 @@ spec.cephVersion.image @@ # ceph.rook.io/v1/CephCluster/rook-ceph/rook-ceph ! ± value change - quay.io/ceph/ceph:v20.2.1 + quay.io/ceph/ceph:v19.2.3 @@ (root level) @@ # v1/ServiceAccount/rook-ceph/cephfs-csi-ceph-com-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: cephfs-csi-ceph-com-ctrlplugin-sa - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/cephfs-csi-ceph-com-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: cephfs-csi-ceph-com-nodeplugin-sa - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/nfs-csi-ceph-com-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: nfs-csi-ceph-com-ctrlplugin-sa - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/nfs-csi-ceph-com-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: nfs-csi-ceph-com-nodeplugin-sa - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/nvmeof-csi-ceph-com-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: nvmeof-csi-ceph-com-ctrlplugin-sa - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/nvmeof-csi-ceph-com-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: nvmeof-csi-ceph-com-nodeplugin-sa - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rbd-csi-ceph-com-ctrlplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rbd-csi-ceph-com-ctrlplugin-sa - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rbd-csi-ceph-com-nodeplugin-sa ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rbd-csi-ceph-com-nodeplugin-sa - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-ceph-com-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: cephfs-csi-ceph-com-ctrlplugin-cr - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - patch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - update - - patch - - resources: - - volumegroupreplicationcontents - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupreplicationclasses - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-ceph-com-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: cephfs-csi-ceph-com-nodeplugin-cr - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - persistentvolumes - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/nfs-csi-ceph-com-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: nfs-csi-ceph-com-ctrlplugin-cr - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - update - - delete - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - patch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - get - - list - - watch - - create - - update - - patch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - list - - watch - - create - - update - - patch - - resources: - - secrets - apiGroups: - - - verbs: - - get - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/nfs-csi-ceph-com-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: nfs-csi-ceph-com-nodeplugin-cr - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - nodes - apiGroups: - - - verbs: - - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/nvmeof-csi-ceph-com-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: nvmeof-csi-ceph-com-ctrlplugin-cr - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - update - - patch - - resources: - - volumegroupreplicationcontents - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupreplicationclasses - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - subjectaccessreviews - apiGroups: - - authorization.k8s.io - verbs: - - create - - resources: - - snapshotmetadataservices - apiGroups: - - cbt.storage.k8s.io - verbs: - - get - - list @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/nvmeof-csi-ceph-com-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: nvmeof-csi-ceph-com-nodeplugin-cr - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-ceph-com-ctrlplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rbd-csi-ceph-com-ctrlplugin-cr - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get - - list - - watch - - update - - resources: - - storageclasses - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - patch - - resources: - - volumeattachments/status - apiGroups: - - storage.k8s.io - verbs: - - patch - - resources: - - nodes - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - csinodes - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - persistentvolumeclaims/status - apiGroups: - - - verbs: - - patch - - resources: - - volumesnapshots - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotclasses - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumesnapshotcontents - apiGroups: - - snapshot.storage.k8s.io - verbs: - - get - - list - - watch - - patch - - update - - resources: - - volumesnapshotcontents/status - apiGroups: - - snapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.k8s.io - verbs: - - update - - patch - - resources: - - volumegroupsnapshotclasses - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupsnapshotcontents - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - get - - list - - watch - - update - - patch - - resources: - - volumegroupsnapshotcontents/status - apiGroups: - - groupsnapshot.storage.openshift.io - verbs: - - update - - patch - - resources: - - volumegroupreplicationcontents - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - volumegroupreplicationclasses - apiGroups: - - replication.storage.openshift.io - verbs: - - get - - list - - watch - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - subjectaccessreviews - apiGroups: - - authorization.k8s.io - verbs: - - create - - resources: - - snapshotmetadataservices - apiGroups: - - cbt.storage.k8s.io - verbs: - - get - - list @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-ceph-com-nodeplugin-cr ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rbd-csi-ceph-com-nodeplugin-cr - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - secrets - apiGroups: - - - verbs: - - get - - list - - watch - - resources: - - persistentvolumes - apiGroups: - - - verbs: - - get - - list - - resources: - - volumeattachments - apiGroups: - - storage.k8s.io - verbs: - - get - - list - - resources: - - configmaps - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts - apiGroups: - - - verbs: - - get - - resources: - - serviceaccounts/token - apiGroups: - - - verbs: - - create - - resources: - - nodes - apiGroups: - - - verbs: - - get - - resources: - - tokenreviews - apiGroups: - - authentication.k8s.io - verbs: - - create - - resources: - - events - apiGroups: - - - verbs: - - list - - watch - - create - - update - - patch - - resources: - - persistentvolumeclaims - apiGroups: - - - verbs: - - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-ceph-com-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: cephfs-csi-ceph-com-ctrlplugin-crb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: cephfs-csi-ceph-com-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: cephfs-csi-ceph-com-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-ceph-com-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: cephfs-csi-ceph-com-nodeplugin-crb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: cephfs-csi-ceph-com-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: cephfs-csi-ceph-com-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/nfs-csi-ceph-com-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: nfs-csi-ceph-com-ctrlplugin-crb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: nfs-csi-ceph-com-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: nfs-csi-ceph-com-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/nfs-csi-ceph-com-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: nfs-csi-ceph-com-nodeplugin-crb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: nfs-csi-ceph-com-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: nfs-csi-ceph-com-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/nvmeof-csi-ceph-com-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: nvmeof-csi-ceph-com-ctrlplugin-crb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: nvmeof-csi-ceph-com-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: nvmeof-csi-ceph-com-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/nvmeof-csi-ceph-com-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: nvmeof-csi-ceph-com-nodeplugin-crb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: nvmeof-csi-ceph-com-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: nvmeof-csi-ceph-com-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-ceph-com-ctrlplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: rbd-csi-ceph-com-ctrlplugin-crb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: rbd-csi-ceph-com-ctrlplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: rbd-csi-ceph-com-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-ceph-com-nodeplugin-crb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: rbd-csi-ceph-com-nodeplugin-crb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: rbd-csi-ceph-com-nodeplugin-cr - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - subjects: - - name: rbd-csi-ceph-com-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/cephfs-csi-ceph-com-ctrlplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: cephfs-csi-ceph-com-ctrlplugin-r - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/cephfs-csi-ceph-com-nodeplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: cephfs-csi-ceph-com-nodeplugin-r - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/nvmeof-csi-ceph-com-ctrlplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: nvmeof-csi-ceph-com-ctrlplugin-r - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/nvmeof-csi-ceph-com-nodeplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: nvmeof-csi-ceph-com-nodeplugin-r - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rbd-csi-ceph-com-ctrlplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: rbd-csi-ceph-com-ctrlplugin-r - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - leases - apiGroups: - - coordination.k8s.io - verbs: - - get - - watch - - list - - delete - - update - - create - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rbd-csi-ceph-com-nodeplugin-r ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: rbd-csi-ceph-com-nodeplugin-r - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - rules: - - resources: - - csiaddonsnodes - apiGroups: - - csiaddons.openshift.io - verbs: - - get - - watch - - list - - create - - update - - delete - - resources: - - pods - apiGroups: - - - verbs: - - get - - resources: - - replicasets - apiGroups: - - apps - verbs: - - get - - resources: - - deployments/finalizers - - daemonsets/finalizers - apiGroups: - - apps - verbs: - - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/cephfs-csi-ceph-com-ctrlplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: cephfs-csi-ceph-com-ctrlplugin-rb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: cephfs-csi-ceph-com-ctrlplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: cephfs-csi-ceph-com-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/cephfs-csi-ceph-com-nodeplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: cephfs-csi-ceph-com-nodeplugin-rb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: cephfs-csi-ceph-com-nodeplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: cephfs-csi-ceph-com-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/nvmeof-csi-ceph-com-ctrlplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: nvmeof-csi-ceph-com-ctrlplugin-rb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: nvmeof-csi-ceph-com-ctrlplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: nvmeof-csi-ceph-com-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/nvmeof-csi-ceph-com-nodeplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: nvmeof-csi-ceph-com-nodeplugin-rb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: nvmeof-csi-ceph-com-nodeplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: nvmeof-csi-ceph-com-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rbd-csi-ceph-com-ctrlplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: rbd-csi-ceph-com-ctrlplugin-rb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: rbd-csi-ceph-com-ctrlplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: rbd-csi-ceph-com-ctrlplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rbd-csi-ceph-com-nodeplugin-rb ! - one document removed: - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: rbd-csi-ceph-com-nodeplugin-rb - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - roleRef: - name: rbd-csi-ceph-com-nodeplugin-r - apiGroup: rbac.authorization.k8s.io - kind: Role - subjects: - - name: rbd-csi-ceph-com-nodeplugin-sa - kind: ServiceAccount - namespace: rook-ceph @@ (root level) @@ # csi.ceph.io/v1/Driver/rook-ceph/cephfs.csi.ceph.com ! - one document removed: - apiVersion: csi.ceph.io/v1 - kind: Driver - metadata: - name: cephfs.csi.ceph.com - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - spec: - attachRequired: true - cephFsClientType: kernel - controllerPlugin: - hostNetwork: false - privileged: false - replicas: 1 - serviceAccountName: cephfs-csi-ceph-com-ctrlplugin-sa - tolerations: [] - volumes: [] - deployCsiAddons: false - enableFencing: false - fsGroupPolicy: None - fuseMountOptions: {} - generateOMapInfo: false - grpcTimeout: 30 - kernelMountOptions: {} - log: - rotation: - maxFiles: 7 - maxLogSize: 10Gi - periodicity: daily - verbosity: 0 - nodePlugin: - imagePullPolicy: IfNotPresent - serviceAccountName: cephfs-csi-ceph-com-nodeplugin-sa - tolerations: [] - volumes: [] - snapshotPolicy: volumeSnapshot @@ (root level) @@ # csi.ceph.io/v1/Driver/rook-ceph/nfs.csi.ceph.com ! - one document removed: - apiVersion: csi.ceph.io/v1 - kind: Driver - metadata: - name: nfs.csi.ceph.com - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - spec: - attachRequired: true - cephFsClientType: kernel - controllerPlugin: - hostNetwork: false - privileged: false - replicas: 1 - serviceAccountName: nfs-csi-ceph-com-ctrlplugin-sa - tolerations: [] - volumes: [] - deployCsiAddons: false - enableFencing: false - fsGroupPolicy: None - fuseMountOptions: {} - generateOMapInfo: false - grpcTimeout: 30 - kernelMountOptions: {} - log: - rotation: - maxFiles: 7 - maxLogSize: 10Gi - periodicity: daily - verbosity: 0 - nodePlugin: - imagePullPolicy: IfNotPresent - serviceAccountName: nfs-csi-ceph-com-nodeplugin-sa - tolerations: [] - volumes: [] - snapshotPolicy: volumeSnapshot @@ (root level) @@ # csi.ceph.io/v1/Driver/rook-ceph/nvmeof.csi.ceph.com ! - one document removed: - apiVersion: csi.ceph.io/v1 - kind: Driver - metadata: - name: nvmeof.csi.ceph.com - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - spec: - attachRequired: true - cephFsClientType: kernel - controllerPlugin: - hostNetwork: false - privileged: false - replicas: 1 - serviceAccountName: nvmeof-csi-ceph-com-ctrlplugin-sa - tolerations: [] - volumes: [] - deployCsiAddons: false - enableFencing: false - fsGroupPolicy: File - fuseMountOptions: {} - generateOMapInfo: false - grpcTimeout: 30 - kernelMountOptions: {} - log: - rotation: - maxFiles: 7 - maxLogSize: 10Gi - periodicity: daily - verbosity: 0 - nodePlugin: - imagePullPolicy: IfNotPresent - serviceAccountName: nvmeof-csi-ceph-com-nodeplugin-sa - tolerations: [] - volumes: [] - snapshotPolicy: none @@ (root level) @@ # csi.ceph.io/v1/Driver/rook-ceph/rbd.csi.ceph.com ! - one document removed: - apiVersion: csi.ceph.io/v1 - kind: Driver - metadata: - name: rbd.csi.ceph.com - namespace: rook-ceph - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - spec: - attachRequired: true - cephFsClientType: kernel - controllerPlugin: - hostNetwork: false - privileged: false - replicas: 1 - serviceAccountName: rbd-csi-ceph-com-ctrlplugin-sa - tolerations: [] - volumes: [] - deployCsiAddons: false - enableFencing: false - fsGroupPolicy: File - fuseMountOptions: {} - generateOMapInfo: false - grpcTimeout: 30 - kernelMountOptions: {} - log: - rotation: - maxFiles: 7 - maxLogSize: 10Gi - periodicity: daily - verbosity: 0 - nodePlugin: - imagePullPolicy: IfNotPresent - serviceAccountName: rbd-csi-ceph-com-nodeplugin-sa - tolerations: [] - volumes: [] - snapshotPolicy: none @@ (root level) @@ # csi.ceph.io/v1/OperatorConfig/null/ceph-csi-operator-config ! - one document removed: - apiVersion: csi.ceph.io/v1 - kind: OperatorConfig - metadata: - name: ceph-csi-operator-config - namespace: null - labels: - helm.toolkit.fluxcd.io/name: ceph-csi-drivers - helm.toolkit.fluxcd.io/namespace: rook-ceph - spec: - driverSpecDefaults: - attachRequired: true - cephFsClientType: kernel - controllerPlugin: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - talos-w-01 - - talos-w-02 - - talos-gpu-01 - hostNetwork: false - imagePullPolicy: IfNotPresent - privileged: false - replicas: 1 - tolerations: [] - volumes: [] - deployCsiAddons: false - enableFencing: false - fsGroupPolicy: File - fuseMountOptions: {} - generateOMapInfo: false - grpcTimeout: 30 - kernelMountOptions: - ms_mode: prefer-crc - log: - rotation: - maxFiles: 7 - maxLogSize: 10Gi - periodicity: daily - verbosity: 0 - nodePlugin: - imagePullPolicy: IfNotPresent - kubeletDirPath: /var/lib/kubelet - tolerations: [] - volumes: [] - snapshotPolicy: none @@ (root level) @@ # v1/ServiceAccount/ceph-csi ! - one document removed: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: ceph-csi - labels: - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ceph-csi - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - automountServiceAccountToken: true @@ (root level) @@ # v1/ConfigMap/rook-ceph/rook-csi-operator-image-set-configmap ! - one document removed: - apiVersion: v1 - kind: ConfigMap - metadata: - name: rook-csi-operator-image-set-configmap - namespace: rook-ceph - labels: - app.kubernetes.io/created-by: helm - app.kubernetes.io/instance: rook-ceph - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: rook-ceph - app.kubernetes.io/part-of: rook-ceph-operator - helm.toolkit.fluxcd.io/name: rook-ceph - helm.toolkit.fluxcd.io/namespace: rook-ceph - operator: rook - storage-backend: ceph - data: - addons: "quay.io/csiaddons/k8s-sidecar:v0.14.0" - attacher: "registry.k8s.io/sig-storage/csi-attacher:v4.12.0" - plugin: "quay.io/cephcsi/cephcsi:v3.17.0" - provisioner: "registry.k8s.io/sig-storage/csi-provisioner:v6.2.0" - registrar: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.17.0" - resizer: "registry.k8s.io/sig-storage/csi-resizer:v2.1.0" - snapshotter: "registry.k8s.io/sig-storage/csi-snapshotter:v8.5.0" @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-ctrlplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi-cephfs-ctrlplugin-sa + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-cephfs-nodeplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi-cephfs-nodeplugin-sa + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-controller-manager ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi-controller-manager + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nfs-ctrlplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi-nfs-ctrlplugin-sa + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nfs-nodeplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi-nfs-nodeplugin-sa + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-ctrlplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi-nvmeof-ctrlplugin-sa + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-nvmeof-nodeplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi-nvmeof-nodeplugin-sa + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-rbd-ctrlplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi-rbd-ctrlplugin-sa + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/ceph-csi-rbd-nodeplugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ceph-csi-rbd-nodeplugin-sa + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-cephfs-plugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: rook-csi-cephfs-plugin-sa + namespace: rook-ceph + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-cephfs-provisioner-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: rook-csi-cephfs-provisioner-sa + namespace: rook-ceph + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-rbd-plugin-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: rook-csi-rbd-plugin-sa + namespace: rook-ceph + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph @@ (root level) @@ # v1/ServiceAccount/rook-ceph/rook-csi-rbd-provisioner-sa ! + one document added: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: rook-csi-rbd-provisioner-sa + namespace: rook-ceph + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-ctrlplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: ceph-csi-cephfs-ctrlplugin-cr + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - csinodes + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - list + - watch + - patch + - update + - resources: + - storageclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - patch + - resources: + - volumeattachments/status + apiGroups: + - storage.k8s.io + verbs: + - patch + - resources: + - persistentvolumeclaims/status + apiGroups: + - + verbs: + - patch + - resources: + - volumesnapshots + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - resources: + - volumesnapshotclasses + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotcontents + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - patch + - update + - resources: + - volumesnapshotcontents/status + apiGroups: + - snapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - update + - patch + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create + - resources: + - volumeattributesclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-cephfs-nodeplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: ceph-csi-cephfs-nodeplugin-cr + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - nodes + apiGroups: + - + verbs: + - get + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - persistentvolumes + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-ctrlplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: ceph-csi-nfs-ctrlplugin-cr + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - list + - watch + - patch + - update + - resources: + - storageclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - events + apiGroups: + - + verbs: + - get + - list + - watch + - create + - update + - patch + - resources: + - csinodes + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - leases + apiGroups: + - coordination.k8s.io + verbs: + - get + - list + - watch + - create + - update + - patch + - resources: + - secrets + apiGroups: + - + verbs: + - get + - resources: + - volumesnapshotclasses + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotcontents + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumesnapshotcontents/status + apiGroups: + - snapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumesnapshots + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - resources: + - persistentvolumeclaims/status + apiGroups: + - + verbs: + - patch + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - patch + - resources: + - volumeattachments/status + apiGroups: + - storage.k8s.io + verbs: + - patch + - resources: + - volumeattributesclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nfs-nodeplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: ceph-csi-nfs-nodeplugin-cr + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - nodes + apiGroups: + - + verbs: + - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-ctrlplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: ceph-csi-nvmeof-ctrlplugin-cr + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - list + - watch + - update + - resources: + - storageclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - patch + - resources: + - volumeattachments/status + apiGroups: + - storage.k8s.io + verbs: + - patch + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - csinodes + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - persistentvolumeclaims/status + apiGroups: + - + verbs: + - patch + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create + - resources: + - subjectaccessreviews + apiGroups: + - authorization.k8s.io + verbs: + - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-nvmeof-nodeplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: ceph-csi-nvmeof-nodeplugin-cr + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - nodes + apiGroups: + - + verbs: + - get + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-ctrlplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: ceph-csi-rbd-ctrlplugin-cr + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - list + - watch + - update + - resources: + - storageclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - patch + - resources: + - volumeattachments/status + apiGroups: + - storage.k8s.io + verbs: + - patch + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - csinodes + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - persistentvolumeclaims/status + apiGroups: + - + verbs: + - patch + - resources: + - volumesnapshots + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotclasses + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotcontents + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - patch + - update + - resources: + - volumesnapshotcontents/status + apiGroups: + - snapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.openshift.io + verbs: + - update + - patch + - resources: + - volumegroupreplicationcontents + apiGroups: + - replication.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - volumegroupreplicationclasses + apiGroups: + - replication.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create + - resources: + - subjectaccessreviews + apiGroups: + - authorization.k8s.io + verbs: + - create + - resources: + - snapshotmetadataservices + apiGroups: + - cbt.storage.k8s.io + verbs: + - get + - list + - resources: + - volumeattributesclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/ceph-csi-rbd-nodeplugin-cr ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: ceph-csi-rbd-nodeplugin-cr + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - nodes + apiGroups: + - + verbs: + - get + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/cephfs-csi-nodeplugin ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: cephfs-csi-nodeplugin + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + rules: + - resources: + - nodes + apiGroups: + - + verbs: + - get + - resources: + - secrets + apiGroups: + - + verbs: + - get + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/cephfs-external-provisioner-runner ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: cephfs-external-provisioner-runner + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - csinodes + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - list + - watch + - patch + - update + - resources: + - storageclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - events + apiGroups: + - events.k8s.io + verbs: + - create + - patch + - update + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - patch + - resources: + - volumeattachments/status + apiGroups: + - storage.k8s.io + verbs: + - patch + - resources: + - persistentvolumeclaims/status + apiGroups: + - + verbs: + - patch + - resources: + - volumesnapshots + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotclasses + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotcontents + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - patch + - update + - resources: + - volumesnapshotcontents/status + apiGroups: + - snapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/rbd-csi-nodeplugin ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: rbd-csi-nodeplugin + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - nodes + apiGroups: + - + verbs: + - get + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRole/rbd-external-provisioner-runner ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: rbd-external-provisioner-runner + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + rules: + - resources: + - secrets + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - persistentvolumes + apiGroups: + - + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - resources: + - persistentvolumeclaims + apiGroups: + - + verbs: + - get + - list + - watch + - update + - resources: + - storageclasses + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - events + apiGroups: + - + verbs: + - list + - watch + - create + - update + - patch + - resources: + - events + apiGroups: + - events.k8s.io + verbs: + - create + - patch + - update + - resources: + - volumeattachments + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - patch + - resources: + - volumeattachments/status + apiGroups: + - storage.k8s.io + verbs: + - patch + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - csinodes + apiGroups: + - storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - persistentvolumeclaims/status + apiGroups: + - + verbs: + - patch + - resources: + - volumesnapshots + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotclasses + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumesnapshotcontents + apiGroups: + - snapshot.storage.k8s.io + verbs: + - get + - list + - watch + - patch + - update + - resources: + - volumesnapshotcontents/status + apiGroups: + - snapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - volumegroupsnapshotclasses + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumegroupsnapshotcontents + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - get + - list + - watch + - update + - patch + - resources: + - volumegroupsnapshotcontents/status + apiGroups: + - groupsnapshot.storage.k8s.io + verbs: + - update + - patch + - resources: + - configmaps + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts + apiGroups: + - + verbs: + - get + - resources: + - serviceaccounts/token + apiGroups: + - + verbs: + - create + - resources: + - nodes + apiGroups: + - + verbs: + - get + - list + - watch + - resources: + - referencegrants + apiGroups: + - gateway.networking.k8s.io + verbs: + - get + - list + - watch + - resources: + - volumegroupreplicationcontents + apiGroups: + - replication.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - volumegroupreplicationclasses + apiGroups: + - replication.storage.openshift.io + verbs: + - get + - list + - watch + - resources: + - tokenreviews + apiGroups: + - authentication.k8s.io + verbs: + - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-ctrlplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: ceph-csi-cephfs-ctrlplugin-crb + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-cephfs-ctrlplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: ceph-csi-cephfs-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-cephfs-nodeplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: ceph-csi-cephfs-nodeplugin-crb + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-cephfs-nodeplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: ceph-csi-cephfs-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-ctrlplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: ceph-csi-nfs-ctrlplugin-crb + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-nfs-ctrlplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: ceph-csi-nfs-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nfs-nodeplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: ceph-csi-nfs-nodeplugin-crb + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-nfs-nodeplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: ceph-csi-nfs-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-ctrlplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: ceph-csi-nvmeof-ctrlplugin-crb + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-nvmeof-ctrlplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: ceph-csi-nvmeof-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-nvmeof-nodeplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: ceph-csi-nvmeof-nodeplugin-crb + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-nvmeof-nodeplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: ceph-csi-nvmeof-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-ctrlplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: ceph-csi-rbd-ctrlplugin-crb + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-rbd-ctrlplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: ceph-csi-rbd-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/ceph-csi-rbd-nodeplugin-crb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: ceph-csi-rbd-nodeplugin-crb + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-rbd-nodeplugin-cr + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: ceph-csi-rbd-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-nodeplugin ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: rbd-csi-nodeplugin + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + roleRef: + name: rbd-csi-nodeplugin + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: rook-csi-rbd-plugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-provisioner-role ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: cephfs-csi-provisioner-role + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + roleRef: + name: cephfs-external-provisioner-runner + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: rook-csi-cephfs-provisioner-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/cephfs-csi-nodeplugin-role ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: cephfs-csi-nodeplugin-role + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + roleRef: + name: cephfs-csi-nodeplugin + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: rook-csi-cephfs-plugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/ClusterRoleBinding/rbd-csi-provisioner-role ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: rbd-csi-provisioner-role + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + roleRef: + name: rbd-external-provisioner-runner + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + subjects: + - name: rook-csi-rbd-provisioner-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-ctrlplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: ceph-csi-cephfs-ctrlplugin-r + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - leases + apiGroups: + - coordination.k8s.io + verbs: + - get + - watch + - list + - delete + - update + - create + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-cephfs-nodeplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: ceph-csi-cephfs-nodeplugin-r + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-ctrlplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: ceph-csi-nvmeof-ctrlplugin-r + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - leases + apiGroups: + - coordination.k8s.io + verbs: + - get + - watch + - list + - delete + - update + - create + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-nvmeof-nodeplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: ceph-csi-nvmeof-nodeplugin-r + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-ctrlplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: ceph-csi-rbd-ctrlplugin-r + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - leases + apiGroups: + - coordination.k8s.io + verbs: + - get + - watch + - list + - delete + - update + - create + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/ceph-csi-rbd-nodeplugin-r ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: ceph-csi-rbd-nodeplugin-r + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + rules: + - resources: + - csiaddonsnodes + apiGroups: + - csiaddons.openshift.io + verbs: + - get + - watch + - list + - create + - update + - delete + - resources: + - pods + apiGroups: + - + verbs: + - get + - resources: + - replicasets + apiGroups: + - apps + verbs: + - get + - resources: + - deployments/finalizers + - daemonsets/finalizers + apiGroups: + - apps + verbs: + - update @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/cephfs-external-provisioner-cfg ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: cephfs-external-provisioner-cfg + namespace: rook-ceph + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + rules: + - resources: + - leases + apiGroups: + - coordination.k8s.io + verbs: + - get + - watch + - list + - delete + - update + - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/Role/rook-ceph/rbd-external-provisioner-cfg ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: rbd-external-provisioner-cfg + namespace: rook-ceph + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + rules: + - resources: + - leases + apiGroups: + - coordination.k8s.io + verbs: + - get + - watch + - list + - delete + - update + - create @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-ctrlplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: ceph-csi-cephfs-ctrlplugin-rb + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-cephfs-ctrlplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: ceph-csi-cephfs-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-cephfs-nodeplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: ceph-csi-cephfs-nodeplugin-rb + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-cephfs-nodeplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: ceph-csi-cephfs-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-ctrlplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: ceph-csi-nvmeof-ctrlplugin-rb + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-nvmeof-ctrlplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: ceph-csi-nvmeof-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-nvmeof-nodeplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: ceph-csi-nvmeof-nodeplugin-rb + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-nvmeof-nodeplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: ceph-csi-nvmeof-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-ctrlplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: ceph-csi-rbd-ctrlplugin-rb + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-rbd-ctrlplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: ceph-csi-rbd-ctrlplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/ceph-csi-rbd-nodeplugin-rb ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: ceph-csi-rbd-nodeplugin-rb + namespace: rook-ceph + labels: + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ceph-csi + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + roleRef: + name: ceph-csi-rbd-nodeplugin-r + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: ceph-csi-rbd-nodeplugin-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/cephfs-csi-provisioner-role-cfg ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: cephfs-csi-provisioner-role-cfg + namespace: rook-ceph + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + roleRef: + name: cephfs-external-provisioner-cfg + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: rook-csi-cephfs-provisioner-sa + kind: ServiceAccount + namespace: rook-ceph @@ (root level) @@ # rbac.authorization.k8s.io/v1/RoleBinding/rook-ceph/rbd-csi-provisioner-role-cfg ! + one document added: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: rbd-csi-provisioner-role-cfg + namespace: rook-ceph + labels: + app.kubernetes.io/created-by: helm + app.kubernetes.io/instance: rook-ceph + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rook-ceph + app.kubernetes.io/part-of: rook-ceph-operator + helm.toolkit.fluxcd.io/name: rook-ceph + helm.toolkit.fluxcd.io/namespace: rook-ceph + operator: rook + storage-backend: ceph + roleRef: + name: rbd-external-provisioner-cfg + apiGroup: rbac.authorization.k8s.io + kind: Role + subjects: + - name: rook-csi-rbd-provisioner-sa + kind: ServiceAccount + namespace: rook-ceph ``` </details> <sub>Diff created by [flate](https://github.com/home-operations/flate) — [Workflow run](https://git.dcunha.io/Exikle/Artemis-Cluster/actions/runs/798)</sub>

Exikle merged commit 7fe89a3c5e into main

2026-06-04 04:53:43 +00:00

Exikle deleted branch renovate-itzg-minecraft-server-java25

2026-06-04 04:53:43 +00:00

Exikle referenced this pull request from a commit

2026-06-04 04:53:44 +00:00

Merge pull request 'chore(container): update image itzg/minecraft-server (aedec59 ➔ 90c8f84)' (#219) from renovate-itzg-minecraft-server-java25 into main