455 lines
18 KiB
YAML
455 lines
18 KiB
YAML
## K8S/DRIVER ATTRIBUTES
|
|
########################
|
|
# version: version of this values file
|
|
# Note: Do not change this value
|
|
version: "v2.9.1"
|
|
|
|
images:
|
|
# "driver" defines the container image, used for the driver container.
|
|
driver: dellemc/csi-isilon:v2.9.1
|
|
# CSI sidecars
|
|
attacher: registry.k8s.io/sig-storage/csi-attacher:v4.4.2
|
|
provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2
|
|
snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2
|
|
resizer: registry.k8s.io/sig-storage/csi-resizer:v1.9.2
|
|
registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1
|
|
healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0
|
|
|
|
# CSM sidecars
|
|
replication: dellemc/dell-csi-replicator:v1.7.1
|
|
podmon: dellemc/podmon:v1.8.1
|
|
authorization: dellemc/csm-authorization-sidecar:v1.9.1
|
|
metadataretriever: dellemc/csi-metadata-retriever:v1.6.1
|
|
encryption: dellemc/csm-encryption:v0.3.0
|
|
|
|
# CSI driver log level
|
|
# Allowed values: "error", "warn"/"warning", "info", "debug"
|
|
# Default value: "debug"
|
|
logLevel: "debug"
|
|
|
|
# certSecretCount: Represents number of certificate secrets, which user is going to create for
|
|
# ssl authentication. (isilon-cert-0..isilon-cert-n)
|
|
# Allowed values: n, where n > 0
|
|
# Default value: None
|
|
certSecretCount: 1
|
|
|
|
# allowedNetworks: Custom networks for PowerScale export
|
|
# Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used.
|
|
# Allowed values: list of one or more networks
|
|
# Default value: None
|
|
# Examples: [192.168.1.0/24, 192.168.100.0/22]
|
|
allowedNetworks: []
|
|
|
|
# maxIsilonVolumesPerNode: Specify default value for maximum number of volumes that controller can publish to the node.
|
|
# If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node.
|
|
# This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set.
|
|
# Allowed values: n, where n >= 0
|
|
# Default value: 0
|
|
maxIsilonVolumesPerNode: 0
|
|
|
|
# imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container.
|
|
# Allowed values:
|
|
# Always: Always pull the image.
|
|
# IfNotPresent: Only pull the image if it does not already exist on the node.
|
|
# Never: Never pull the image.
|
|
# Default value: None
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
# verbose: Indicates what content of the OneFS REST API message should be logged in debug level logs
|
|
# Allowed Values:
|
|
# 0: log full content of the HTTP request and response
|
|
# 1: log without the HTTP response body
|
|
# 2: log only 1st line of the HTTP request and response
|
|
# Default value: 0
|
|
verbose: 1
|
|
|
|
# Specify kubelet config dir path.
|
|
# Ensure that the config.yaml file is present at this path.
|
|
# Default value: None
|
|
kubeletConfigDir: /var/lib/kubelet
|
|
|
|
# enableCustomTopology: Specify if custom topology label <provisionerName>.dellemc.com/<powerscalefqdnorip>:<provisionerName>
|
|
# has to be used for making connection to backend PowerScale Array.
|
|
# If enableCustomTopology is set to true, then do not specify allowedTopologies in storage class.
|
|
# Allowed values:
|
|
# true : enable custom topology
|
|
# false: disable custom topology
|
|
# Default value: false
|
|
enableCustomTopology: false
|
|
|
|
# fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted.
|
|
# Allowed values:
|
|
# ReadWriteOnceWithFSType: supports volume ownership and permissions change only if the fsType is defined
|
|
# and the volume's accessModes contains ReadWriteOnce.
|
|
# File: kubernetes may use fsGroup to change permissions and ownership of the volume
|
|
# to match user requested fsGroup in the pod's security policy regardless of fstype or access mode.
|
|
# None: volumes will be mounted with no modifications.
|
|
# Default value: ReadWriteOnceWithFSType
|
|
fsGroupPolicy: ReadWriteOnceWithFSType
|
|
|
|
# podmonAPIPort: Defines the port to be used within the kubernetes cluster
|
|
# Allowed values:
|
|
# Any valid and free port.
|
|
# Default value: 8083
|
|
podmonAPIPort: 8083
|
|
|
|
# maxPathLen: this parameter is used for setting the maximum Path length for the given volume.
|
|
# Default value: 192
|
|
# Examples: 192, 256
|
|
maxPathLen: 192
|
|
|
|
# controller: configure controller pod specific parameters
|
|
controller:
|
|
# controllerCount: defines the number of csi-powerscale controller pods to deploy to
|
|
# the Kubernetes release.
|
|
# Allowed values: n, where n > 0
|
|
# Default value: None
|
|
controllerCount: 2
|
|
|
|
# volumeNamePrefix: Prefix of PersistentVolume names created
|
|
# Allowed values: string
|
|
# Default value: None
|
|
volumeNamePrefix: k8s
|
|
|
|
# leaderElection: configure leader election parameters
|
|
leaderElection:
|
|
# Duration, that non-leader candidates will wait to force acquire leadership
|
|
# Allowed values: Duration, in seconds. Must be greater than leaderElectionRenewDeadline
|
|
# Default value: 15s
|
|
leaderElectionLeaseDuration: 15s
|
|
|
|
# Duration, that the acting leader will retry refreshing leadership before giving up
|
|
# Allowed values: Duration, in seconds. Must be greater than leaderElectionRetryPeriod
|
|
# Default value: 10s
|
|
leaderElectionRenewDeadline: 10s
|
|
|
|
# Duration, the LeaderElector clients should wait between tries of actions.
|
|
# Allowed values: Duration, in seconds
|
|
# Default value: 5s
|
|
leaderElectionRetryPeriod: 5s
|
|
|
|
# replication: allows to configure replication
|
|
# Replication CRDs must be installed before installing driver
|
|
replication:
|
|
# enabled: Enable/Disable replication feature
|
|
# Allowed values:
|
|
# true: enable replication feature(install dell-csi-replicator sidecar)
|
|
# false: disable replication feature(do not install dell-csi-replicator sidecar)
|
|
# Default value: false
|
|
enabled: false
|
|
|
|
# replicationContextPrefix: prefix to use for naming of resources created by replication feature
|
|
# Allowed values: string
|
|
# Default value: powerscale
|
|
replicationContextPrefix: "powerscale"
|
|
|
|
# replicationPrefix: prefix to prepend to storage classes parameters
|
|
# Allowed values: string
|
|
# Default value: replication.storage.dell.com
|
|
replicationPrefix: "replication.storage.dell.com"
|
|
|
|
snapshot:
|
|
# enabled: Enable/Disable volume snapshot feature
|
|
# Allowed values:
|
|
# true: enable volume snapshot feature(install snapshotter sidecar)
|
|
# false: disable volume snapshot feature(do not install snapshotter sidecar)
|
|
# Default value: None
|
|
enabled: true
|
|
|
|
# snapNamePrefix: Prefix to apply to the names of a created snapshots
|
|
# Allowed values: string
|
|
# Default value: None
|
|
snapNamePrefix: snapshot
|
|
|
|
resizer:
|
|
# enabled: Enable/Disable volume expansion feature
|
|
# Allowed values:
|
|
# true: enable volume expansion feature(install resizer sidecar)
|
|
# false: disable volume snapshot feature(do not install resizer sidecar)
|
|
# Default value: None
|
|
enabled: true
|
|
|
|
healthMonitor:
|
|
# enabled: Enable/Disable health monitor of CSI volumes- volume status, volume condition
|
|
# Allowed values:
|
|
# true: enable checking of health condition of CSI volumes
|
|
# false: disable checking of health condition of CSI volumes
|
|
# Default value: None
|
|
enabled: false
|
|
|
|
# interval: Interval of monitoring volume health condition
|
|
# Allowed values: Number followed by unit of time (s,m,h)
|
|
# Default value: 60s
|
|
interval: 60s
|
|
|
|
# nodeSelector: Define node selection constraints for pods of controller deployment.
|
|
# For the pod to be eligible to run on a node, the node must have each
|
|
# of the indicated key-value pairs as labels.
|
|
# Leave as blank to consider all nodes
|
|
# Allowed values: map of key-value pairs
|
|
# Default value: None
|
|
nodeSelector:
|
|
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
|
|
# node-role.kubernetes.io/master: ""
|
|
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
|
|
# node-role.kubernetes.io/control-plane: ""
|
|
|
|
# tolerations: Define tolerations for the controller deployment, if required.
|
|
# Default value: None
|
|
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
|
|
tolerations:
|
|
# - key: "node-role.kubernetes.io/master"
|
|
# operator: "Exists"
|
|
# effect: "NoSchedule"
|
|
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
|
|
# tolerations:
|
|
# - key: "node-role.kubernetes.io/control-plane"
|
|
# operator: "Exists"
|
|
# effect: "NoSchedule"
|
|
|
|
# node: configure node pod specific parameters
|
|
node:
|
|
# nodeSelector: Define node selection constraints for pods of node daemonset
|
|
# For the pod to be eligible to run on a node, the node must have each
|
|
# of the indicated key-value pairs as labels.
|
|
# Leave as blank to consider all nodes
|
|
# Allowed values: map of key-value pairs
|
|
# Default value: None
|
|
nodeSelector:
|
|
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
|
|
# node-role.kubernetes.io/master: ""
|
|
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
|
|
# node-role.kubernetes.io/control-plane: ""
|
|
|
|
# tolerations: Define tolerations for the node daemonset, if required.
|
|
# Default value: None
|
|
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
|
|
tolerations:
|
|
# - key: "node.kubernetes.io/memory-pressure"
|
|
# operator: "Exists"
|
|
# effect: "NoExecute"
|
|
# - key: "node.kubernetes.io/disk-pressure"
|
|
# operator: "Exists"
|
|
# effect: "NoExecute"
|
|
# - key: "node.kubernetes.io/network-unavailable"
|
|
# operator: "Exists"
|
|
# effect: "NoExecute"
|
|
# - key: "node-role.kubernetes.io/master"
|
|
# operator: "Exists"
|
|
# effect: "NoSchedule"
|
|
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
|
|
# tolerations:
|
|
# - key: "node-role.kubernetes.io/control-plane"
|
|
# operator: "Exists"
|
|
# effect: "NoSchedule"
|
|
|
|
# Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled
|
|
#tolerations:
|
|
# - key: "offline.vxflexos.storage.dell.com"
|
|
# operator: "Exists"
|
|
# effect: "NoSchedule"
|
|
# - key: "vxflexos.podmon.storage.dell.com"
|
|
# operator: "Exists"
|
|
# effect: "NoSchedule"
|
|
# - key: "offline.unity.storage.dell.com"
|
|
# operator: "Exists"
|
|
# effect: "NoSchedule"
|
|
# - key: "unity.podmon.storage.dell.com"
|
|
# operator: "Exists"
|
|
# effect: "NoSchedule"
|
|
# - key: "offline.isilon.storage.dell.com"
|
|
# operator: "Exists"
|
|
# effect: "NoSchedule"
|
|
# - key: "isilon.podmon.storage.dell.com"
|
|
# operator: "Exists"
|
|
# effect: "NoSchedule"
|
|
|
|
# dnsPolicy: Determines the DNS Policy of the Node service.
|
|
# Allowed values:
|
|
# Default: The Pod inherits the name resolution configuration from the node that the pods run on.
|
|
# ClusterFirst: Any DNS query that does not match the configured cluster domain suffix, such as "www.kubernetes.io",
|
|
# is forwarded to the upstream nameserver inherited from the node.
|
|
# ClusterFirstWithHostNet: For Pods running with hostNetwork, you should explicitly set this DNS policy.
|
|
# None: It allows a Pod to ignore DNS settings from the Kubernetes environment.
|
|
# All DNS settings are supposed to be provided using the dnsConfig field in the Pod Spec.
|
|
# Default value: ClusterFirst
|
|
# ClusterFirstWithHostNet is the recommended DNS policy.
|
|
# Prior to v1.5 of the driver, the default DNS policy was ClusterFirst.
|
|
# In certain scenarios, users might need to change the default dnsPolicy.
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
|
|
healthMonitor:
|
|
# enabled: Enable/Disable health monitor of CSI volumes- volume usage, volume condition
|
|
# Allowed values:
|
|
# true: enable checking of health condition of CSI volumes
|
|
# false: disable checking of health condition of CSI volumes
|
|
# Default value: None
|
|
enabled: false
|
|
|
|
## PLATFORM ATTRIBUTES
|
|
######################
|
|
# endpointPort: Specify the HTTPs port number of the PowerScale OneFS API server
|
|
# Formerly this attribute was named as "isiPort"
|
|
# This value acts as a default value for endpointPort, if not specified for a cluster config in secret
|
|
# If authorization is enabled, endpointPort must match the port specified in the endpoint parameter of the karavi-authorization-config secret
|
|
# Allowed value: valid port number
|
|
# Default value: 8080
|
|
endpointPort: 8080
|
|
|
|
# skipCertificateValidation: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified.
|
|
# Formerly this attribute was named as "isiInsecure"
|
|
# This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret
|
|
# Allowed values:
|
|
# true: skip OneFS API server's certificate verification
|
|
# false: verify OneFS API server's certificates
|
|
# Default value: false
|
|
skipCertificateValidation: true
|
|
|
|
# isiAuthType: Indicates whether the authentication will be session-based or basic.
|
|
# Allowed values:
|
|
# 0: enables basic Authentication
|
|
# 1: enables session-based Authentication
|
|
# Default value: 0
|
|
isiAuthType: 0
|
|
|
|
# isiAccessZone: The name of the access zone a volume can be created in.
|
|
# If storageclass is missing with AccessZone parameter, then value of isiAccessZone is used for the same.
|
|
# Default value: System
|
|
# Examples: System, zone1
|
|
isiAccessZone: System
|
|
|
|
# enableQuota: Indicates whether the provisioner should attempt to set (later unset) quota
|
|
# on a newly provisioned volume.
|
|
# This requires SmartQuotas to be enabled on PowerScale cluster.
|
|
# Allowed values:
|
|
# true: set quota for volume
|
|
# false: do not set quota for volume
|
|
enableQuota: true
|
|
|
|
# isiPath: The base path for the volumes to be created on PowerScale cluster.
|
|
# This value acts as a default value for isiPath, if not specified for a cluster config in secret
|
|
# Ensure that this path exists on PowerScale cluster.
|
|
# Allowed values: unix absolute path
|
|
# Default value: /ifs
|
|
# Examples: /ifs/data/csi, /ifs/engineering
|
|
isiPath: /ifs/data/csi
|
|
|
|
# isiVolumePathPermissions: The permissions for isi volume directory path
|
|
# This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret
|
|
# Allowed values: valid octal mode number
|
|
# Default value: "0777"
|
|
# Examples: "0777", "777", "0755"
|
|
isiVolumePathPermissions: "0777"
|
|
|
|
# ignoreUnresolvableHosts: Ignore unresolvable hosts on the OneFS
|
|
# When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the
|
|
# same exports are unresolvable/doesn't exist anymore.
|
|
# Allowed values:
|
|
# true: ignore existing unresolvable hosts and append new host to the existing export
|
|
# false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails
|
|
# Default value: false
|
|
ignoreUnresolvableHosts: false
|
|
|
|
# noProbeOnStart: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization
|
|
# When set to true, the driver will not set node labels, please manually add
|
|
# the label <provisionerName>.dellemc.com/<powerscalefqdnorip>:<provisionerName> on the nodes for each of the clusters reachable from the node.
|
|
# Allowed values:
|
|
# true : do not probe all PowerScale clusters during driver initialization
|
|
# false: probe all PowerScale clusters during driver initialization
|
|
# Default value: false
|
|
noProbeOnStart: false
|
|
|
|
# autoProbe: automatically probe the PowerScale cluster if not done already during CSI calls.
|
|
# Allowed values:
|
|
# true : enable auto probe.
|
|
# false: disable auto probe.
|
|
# Default value: false
|
|
autoProbe: true
|
|
|
|
authorization:
|
|
enabled: false
|
|
# proxyHost: hostname of the csm-authorization server
|
|
# Default value: None
|
|
proxyHost:
|
|
# skipCertificateValidation: certificate validation of the csm-authorization server
|
|
# Allowed Values:
|
|
# "true" - TLS certificate verification will be skipped
|
|
# "false" - TLS certificate will be verified
|
|
# Default value: "true"
|
|
skipCertificateValidation: true
|
|
|
|
# Storage Capacity Tracking
|
|
# Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions.
|
|
storageCapacity:
|
|
# enabled : Enable/Disable storage capacity tracking
|
|
# Allowed values:
|
|
# true: enable storage capacity tracking
|
|
# false: disable storage capacity tracking
|
|
# Default value: true
|
|
enabled: true
|
|
# pollInterval : Configure how often external-provisioner polls the driver to detect changed capacity
|
|
# Allowed values: 1m,2m,3m,...,10m,...,60m etc
|
|
# Default value: 5m
|
|
pollInterval: 5m
|
|
|
|
# Enable this feature only after contact support for additional information
|
|
podmon:
|
|
enabled: false
|
|
controller:
|
|
args:
|
|
- "--csisock=unix:/var/run/csi/csi.sock"
|
|
- "--labelvalue=csi-isilon"
|
|
- "--arrayConnectivityPollRate=60"
|
|
- "--driverPath=csi-isilon.dellemc.com"
|
|
- "--mode=controller"
|
|
- "--skipArrayConnectionValidation=false"
|
|
- "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml"
|
|
- "--driverPodLabelValue=dell-storage"
|
|
- "--ignoreVolumelessPods=false"
|
|
|
|
node:
|
|
args:
|
|
- "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock"
|
|
- "--labelvalue=csi-isilon"
|
|
- "--arrayConnectivityPollRate=60"
|
|
- "--driverPath=csi-isilon.dellemc.com"
|
|
- "--mode=node"
|
|
- "--leaderelection=false"
|
|
- "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml"
|
|
- "--driverPodLabelValue=dell-storage"
|
|
- "--ignoreVolumelessPods=false"
|
|
|
|
encryption:
|
|
# enabled: Enable/disable volume encryption feature.
|
|
enabled: false
|
|
|
|
# pluginName: The name of the provisioner to use for encrypted volumes.
|
|
pluginName: "sec-isilon.dellemc.com"
|
|
|
|
# apiPort: TCP port number used by the REST API server.
|
|
apiPort: 3838
|
|
|
|
# logLevel: Log level of the encryption driver.
|
|
# Allowed values: "error", "warning", "info", "debug", "trace".
|
|
logLevel: "error"
|
|
|
|
# livenessPort: HTTP liveness probe port number.
|
|
# Leave empty to disable the liveness probe.
|
|
# Example: 8080
|
|
livenessPort:
|
|
|
|
# ocp: Enable when running on OpenShift Container Platform with CoreOS worker nodes.
|
|
ocp: false
|
|
|
|
# ocpCoreID: User ID and group ID of user core on CoreOS worker nodes.
|
|
# Ignored when ocp is set to false.
|
|
ocpCoreID: "1000:1000"
|
|
|
|
# extraArgs: Extra command line parameters to pass to the encryption driver.
|
|
# Allowed values:
|
|
# --sharedStorage - may be required by some applications to work properly.
|
|
# When set, performance is reduced and hard links cannot be created.
|
|
# See the gocryptfs documentation for more details.
|
|
extraArgs: []
|
|
|