## K8S/DRIVER ATTRIBUTES ######################## # version: version of this values file # Note: Do not change this value version: "v2.9.1" images: # "driver" defines the container image, used for the driver container. driver: dellemc/csi-isilon:v2.9.1 # CSI sidecars attacher: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 resizer: registry.k8s.io/sig-storage/csi-resizer:v1.9.2 registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 # CSM sidecars replication: dellemc/dell-csi-replicator:v1.7.1 podmon: dellemc/podmon:v1.8.1 authorization: dellemc/csm-authorization-sidecar:v1.9.1 metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 encryption: dellemc/csm-encryption:v0.3.0 # CSI driver log level # Allowed values: "error", "warn"/"warning", "info", "debug" # Default value: "debug" logLevel: "debug" # certSecretCount: Represents number of certificate secrets, which user is going to create for # ssl authentication. (isilon-cert-0..isilon-cert-n) # Allowed values: n, where n > 0 # Default value: None certSecretCount: 1 # allowedNetworks: Custom networks for PowerScale export # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. # Allowed values: list of one or more networks # Default value: None # Examples: [192.168.1.0/24, 192.168.100.0/22] allowedNetworks: [] # maxIsilonVolumesPerNode: Specify default value for maximum number of volumes that controller can publish to the node. # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. # Allowed values: n, where n >= 0 # Default value: 0 maxIsilonVolumesPerNode: 0 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. # IfNotPresent: Only pull the image if it does not already exist on the node. # Never: Never pull the image. # Default value: None imagePullPolicy: IfNotPresent # verbose: Indicates what content of the OneFS REST API message should be logged in debug level logs # Allowed Values: # 0: log full content of the HTTP request and response # 1: log without the HTTP response body # 2: log only 1st line of the HTTP request and response # Default value: 0 verbose: 1 # Specify kubelet config dir path. # Ensure that the config.yaml file is present at this path. # Default value: None kubeletConfigDir: /var/lib/kubelet # enableCustomTopology: Specify if custom topology label .dellemc.com/: # has to be used for making connection to backend PowerScale Array. # If enableCustomTopology is set to true, then do not specify allowedTopologies in storage class. # Allowed values: # true : enable custom topology # false: disable custom topology # Default value: false enableCustomTopology: false # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. # Allowed values: # ReadWriteOnceWithFSType: supports volume ownership and permissions change only if the fsType is defined # and the volume's accessModes contains ReadWriteOnce. # File: kubernetes may use fsGroup to change permissions and ownership of the volume # to match user requested fsGroup in the pod's security policy regardless of fstype or access mode. # None: volumes will be mounted with no modifications. # Default value: ReadWriteOnceWithFSType fsGroupPolicy: ReadWriteOnceWithFSType # podmonAPIPort: Defines the port to be used within the kubernetes cluster # Allowed values: # Any valid and free port. # Default value: 8083 podmonAPIPort: 8083 # maxPathLen: this parameter is used for setting the maximum Path length for the given volume. # Default value: 192 # Examples: 192, 256 maxPathLen: 192 # controller: configure controller pod specific parameters controller: # controllerCount: defines the number of csi-powerscale controller pods to deploy to # the Kubernetes release. # Allowed values: n, where n > 0 # Default value: None controllerCount: 2 # volumeNamePrefix: Prefix of PersistentVolume names created # Allowed values: string # Default value: None volumeNamePrefix: k8s # leaderElection: configure leader election parameters leaderElection: # Duration, that non-leader candidates will wait to force acquire leadership # Allowed values: Duration, in seconds. Must be greater than leaderElectionRenewDeadline # Default value: 15s leaderElectionLeaseDuration: 15s # Duration, that the acting leader will retry refreshing leadership before giving up # Allowed values: Duration, in seconds. Must be greater than leaderElectionRetryPeriod # Default value: 10s leaderElectionRenewDeadline: 10s # Duration, the LeaderElector clients should wait between tries of actions. # Allowed values: Duration, in seconds # Default value: 5s leaderElectionRetryPeriod: 5s # replication: allows to configure replication # Replication CRDs must be installed before installing driver replication: # enabled: Enable/Disable replication feature # Allowed values: # true: enable replication feature(install dell-csi-replicator sidecar) # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string # Default value: powerscale replicationContextPrefix: "powerscale" # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string # Default value: replication.storage.dell.com replicationPrefix: "replication.storage.dell.com" snapshot: # enabled: Enable/Disable volume snapshot feature # Allowed values: # true: enable volume snapshot feature(install snapshotter sidecar) # false: disable volume snapshot feature(do not install snapshotter sidecar) # Default value: None enabled: true # snapNamePrefix: Prefix to apply to the names of a created snapshots # Allowed values: string # Default value: None snapNamePrefix: snapshot resizer: # enabled: Enable/Disable volume expansion feature # Allowed values: # true: enable volume expansion feature(install resizer sidecar) # false: disable volume snapshot feature(do not install resizer sidecar) # Default value: None enabled: true healthMonitor: # enabled: Enable/Disable health monitor of CSI volumes- volume status, volume condition # Allowed values: # true: enable checking of health condition of CSI volumes # false: disable checking of health condition of CSI volumes # Default value: None enabled: false # interval: Interval of monitoring volume health condition # Allowed values: Number followed by unit of time (s,m,h) # Default value: 60s interval: 60s # nodeSelector: Define node selection constraints for pods of controller deployment. # For the pod to be eligible to run on a node, the node must have each # of the indicated key-value pairs as labels. # Leave as blank to consider all nodes # Allowed values: map of key-value pairs # Default value: None nodeSelector: # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint # node-role.kubernetes.io/master: "" # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint # node-role.kubernetes.io/control-plane: "" # tolerations: Define tolerations for the controller deployment, if required. # Default value: None # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint tolerations: # - key: "node-role.kubernetes.io/master" # operator: "Exists" # effect: "NoSchedule" # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint # tolerations: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" # node: configure node pod specific parameters node: # nodeSelector: Define node selection constraints for pods of node daemonset # For the pod to be eligible to run on a node, the node must have each # of the indicated key-value pairs as labels. # Leave as blank to consider all nodes # Allowed values: map of key-value pairs # Default value: None nodeSelector: # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint # node-role.kubernetes.io/master: "" # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint # node-role.kubernetes.io/control-plane: "" # tolerations: Define tolerations for the node daemonset, if required. # Default value: None # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint tolerations: # - key: "node.kubernetes.io/memory-pressure" # operator: "Exists" # effect: "NoExecute" # - key: "node.kubernetes.io/disk-pressure" # operator: "Exists" # effect: "NoExecute" # - key: "node.kubernetes.io/network-unavailable" # operator: "Exists" # effect: "NoExecute" # - key: "node-role.kubernetes.io/master" # operator: "Exists" # effect: "NoSchedule" # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint # tolerations: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" # Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled #tolerations: # - key: "offline.vxflexos.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" # - key: "vxflexos.podmon.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" # - key: "offline.unity.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" # - key: "unity.podmon.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" # - key: "offline.isilon.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" # - key: "isilon.podmon.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" # dnsPolicy: Determines the DNS Policy of the Node service. # Allowed values: # Default: The Pod inherits the name resolution configuration from the node that the pods run on. # ClusterFirst: Any DNS query that does not match the configured cluster domain suffix, such as "www.kubernetes.io", # is forwarded to the upstream nameserver inherited from the node. # ClusterFirstWithHostNet: For Pods running with hostNetwork, you should explicitly set this DNS policy. # None: It allows a Pod to ignore DNS settings from the Kubernetes environment. # All DNS settings are supposed to be provided using the dnsConfig field in the Pod Spec. # Default value: ClusterFirst # ClusterFirstWithHostNet is the recommended DNS policy. # Prior to v1.5 of the driver, the default DNS policy was ClusterFirst. # In certain scenarios, users might need to change the default dnsPolicy. dnsPolicy: ClusterFirstWithHostNet healthMonitor: # enabled: Enable/Disable health monitor of CSI volumes- volume usage, volume condition # Allowed values: # true: enable checking of health condition of CSI volumes # false: disable checking of health condition of CSI volumes # Default value: None enabled: false ## PLATFORM ATTRIBUTES ###################### # endpointPort: Specify the HTTPs port number of the PowerScale OneFS API server # Formerly this attribute was named as "isiPort" # This value acts as a default value for endpointPort, if not specified for a cluster config in secret # If authorization is enabled, endpointPort must match the port specified in the endpoint parameter of the karavi-authorization-config secret # Allowed value: valid port number # Default value: 8080 endpointPort: 8080 # skipCertificateValidation: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. # Formerly this attribute was named as "isiInsecure" # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret # Allowed values: # true: skip OneFS API server's certificate verification # false: verify OneFS API server's certificates # Default value: false skipCertificateValidation: true # isiAuthType: Indicates whether the authentication will be session-based or basic. # Allowed values: # 0: enables basic Authentication # 1: enables session-based Authentication # Default value: 0 isiAuthType: 0 # isiAccessZone: The name of the access zone a volume can be created in. # If storageclass is missing with AccessZone parameter, then value of isiAccessZone is used for the same. # Default value: System # Examples: System, zone1 isiAccessZone: System # enableQuota: Indicates whether the provisioner should attempt to set (later unset) quota # on a newly provisioned volume. # This requires SmartQuotas to be enabled on PowerScale cluster. # Allowed values: # true: set quota for volume # false: do not set quota for volume enableQuota: true # isiPath: The base path for the volumes to be created on PowerScale cluster. # This value acts as a default value for isiPath, if not specified for a cluster config in secret # Ensure that this path exists on PowerScale cluster. # Allowed values: unix absolute path # Default value: /ifs # Examples: /ifs/data/csi, /ifs/engineering isiPath: /ifs/data/csi # isiVolumePathPermissions: The permissions for isi volume directory path # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret # Allowed values: valid octal mode number # Default value: "0777" # Examples: "0777", "777", "0755" isiVolumePathPermissions: "0777" # ignoreUnresolvableHosts: Ignore unresolvable hosts on the OneFS # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the # same exports are unresolvable/doesn't exist anymore. # Allowed values: # true: ignore existing unresolvable hosts and append new host to the existing export # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails # Default value: false ignoreUnresolvableHosts: false # noProbeOnStart: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization # When set to true, the driver will not set node labels, please manually add # the label .dellemc.com/: on the nodes for each of the clusters reachable from the node. # Allowed values: # true : do not probe all PowerScale clusters during driver initialization # false: probe all PowerScale clusters during driver initialization # Default value: false noProbeOnStart: false # autoProbe: automatically probe the PowerScale cluster if not done already during CSI calls. # Allowed values: # true : enable auto probe. # false: disable auto probe. # Default value: false autoProbe: true authorization: enabled: false # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: # skipCertificateValidation: certificate validation of the csm-authorization server # Allowed Values: # "true" - TLS certificate verification will be skipped # "false" - TLS certificate will be verified # Default value: "true" skipCertificateValidation: true # Storage Capacity Tracking # Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions. storageCapacity: # enabled : Enable/Disable storage capacity tracking # Allowed values: # true: enable storage capacity tracking # false: disable storage capacity tracking # Default value: true enabled: true # pollInterval : Configure how often external-provisioner polls the driver to detect changed capacity # Allowed values: 1m,2m,3m,...,10m,...,60m etc # Default value: 5m pollInterval: 5m # Enable this feature only after contact support for additional information podmon: enabled: false controller: args: - "--csisock=unix:/var/run/csi/csi.sock" - "--labelvalue=csi-isilon" - "--arrayConnectivityPollRate=60" - "--driverPath=csi-isilon.dellemc.com" - "--mode=controller" - "--skipArrayConnectionValidation=false" - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - "--driverPodLabelValue=dell-storage" - "--ignoreVolumelessPods=false" node: args: - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" - "--labelvalue=csi-isilon" - "--arrayConnectivityPollRate=60" - "--driverPath=csi-isilon.dellemc.com" - "--mode=node" - "--leaderelection=false" - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - "--driverPodLabelValue=dell-storage" - "--ignoreVolumelessPods=false" encryption: # enabled: Enable/disable volume encryption feature. enabled: false # pluginName: The name of the provisioner to use for encrypted volumes. pluginName: "sec-isilon.dellemc.com" # apiPort: TCP port number used by the REST API server. apiPort: 3838 # logLevel: Log level of the encryption driver. # Allowed values: "error", "warning", "info", "debug", "trace". logLevel: "error" # livenessPort: HTTP liveness probe port number. # Leave empty to disable the liveness probe. # Example: 8080 livenessPort: # ocp: Enable when running on OpenShift Container Platform with CoreOS worker nodes. ocp: false # ocpCoreID: User ID and group ID of user core on CoreOS worker nodes. # Ignored when ocp is set to false. ocpCoreID: "1000:1000" # extraArgs: Extra command line parameters to pass to the encryption driver. # Allowed values: # --sharedStorage - may be required by some applications to work properly. # When set, performance is reduced and hard links cannot be created. # See the gocryptfs documentation for more details. extraArgs: []