Skip to search

CephNFS

ceph.rook.io / v1

apiVersion: ceph.rook.io/v1 kind: CephNFS metadata: name: example
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object required
spec object required
NFSGaneshaSpec represents the spec of an nfs ganesha server
rados object
RADOS is the Ganesha RADOS specification
namespace string
The namespace inside the Ceph pool (set by 'pool') where shared NFS-Ganesha config is stored. This setting is deprecated as it is internally set to the name of the CephNFS.
pool string
The Ceph pool used store the shared configuration for NFS-Ganesha daemons. This setting is deprecated, as it is internally required to be ".nfs".
security object
Security allows specifying security configurations for the NFS cluster
kerberos object
Kerberos configures NFS-Ganesha to secure NFS client connections with Kerberos.
configFiles object
ConfigFiles defines where the Kerberos configuration should be sourced from. Config files will be placed into the `/etc/krb5.conf.rook/` directory. If this is left empty, Rook will not add any files. This allows you to manage the files yourself however you wish. For example, you may build them into your custom Ceph container image or use the Vault agent injector to securely add the files via annotations on the CephNFS spec (passed to the NFS server pods). Rook configures Kerberos to log to stderr. We suggest removing logging sections from config files to avoid consuming unnecessary disk space from logging to files.
volumeSource object
configMap object
defaultMode integer
format: int32
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
emptyDir object
medium string
sizeLimit string | integer
string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
hostPath object
path string required
type string
persistentVolumeClaim object
claimName string required
readOnly boolean
projected object
defaultMode integer
format: int32
sources []object
clusterTrustBundle object
labelSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
name string
optional boolean
path string required
signerName string
configMap object
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
downwardAPI object
items []object
fieldRef object
apiVersion string
fieldPath string required
mode integer
format: int32
path string required
resourceFieldRef object
containerName string
divisor string | integer
string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
resource string required
podCertificate object
certificateChainPath string
credentialBundlePath string
keyPath string
keyType string required
maxExpirationSeconds integer
format: int32
signerName string required
userAnnotations object
secret object
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
serviceAccountToken object
audience string
expirationSeconds integer
format: int64
path string required
secret object
defaultMode integer
format: int32
items []object
key string required
mode integer
format: int32
path string required
optional boolean
secretName string
domainName string
DomainName should be set to the Kerberos Realm.
keytabFile object
KeytabFile defines where the Kerberos keytab should be sourced from. The keytab file will be placed into `/etc/krb5.keytab`. If this is left empty, Rook will not add the file. This allows you to manage the `krb5.keytab` file yourself however you wish. For example, you may build it into your custom Ceph container image or use the Vault agent injector to securely add the file via annotations on the CephNFS spec (passed to the NFS server pods).
volumeSource object
configMap object
defaultMode integer
format: int32
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
emptyDir object
medium string
sizeLimit string | integer
string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
hostPath object
path string required
type string
persistentVolumeClaim object
claimName string required
readOnly boolean
projected object
defaultMode integer
format: int32
sources []object
clusterTrustBundle object
labelSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
name string
optional boolean
path string required
signerName string
configMap object
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
downwardAPI object
items []object
fieldRef object
apiVersion string
fieldPath string required
mode integer
format: int32
path string required
resourceFieldRef object
containerName string
divisor string | integer
string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
resource string required
podCertificate object
certificateChainPath string
credentialBundlePath string
keyPath string
keyType string required
maxExpirationSeconds integer
format: int32
signerName string required
userAnnotations object
secret object
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
serviceAccountToken object
audience string
expirationSeconds integer
format: int64
path string required
secret object
defaultMode integer
format: int32
items []object
key string required
mode integer
format: int32
path string required
optional boolean
secretName string
principalName string
PrincipalName corresponds directly to NFS-Ganesha's NFS_KRB5:PrincipalName config. In practice, this is the service prefix of the principal name. The default is "nfs". This value is combined with (a) the namespace and name of the CephNFS (with a hyphen between) and (b) the Realm configured in the user-provided krb5.conf to determine the full principal name: <principalName>/<namespace>-<name>@<realm>. e.g., nfs/rook-ceph-my-nfs@example.net. See https://github.com/nfs-ganesha/nfs-ganesha/wiki/RPCSEC_GSS for more detail.
sssd object
SSSD enables integration with System Security Services Daemon (SSSD). SSSD can be used to provide user ID mapping from a number of sources. See https://sssd.io for more information about the SSSD project.
sidecar object
Sidecar tells Rook to run SSSD in a sidecar alongside the NFS-Ganesha server in each NFS pod.
additionalFiles []object
AdditionalFiles defines any number of additional files that should be mounted into the SSSD sidecar with a directory root of `/etc/sssd/rook-additional/`. These files may be referenced by the sssd.conf config file.
subPath string required
SubPath defines the sub-path (subdirectory) of the directory root where the volumeSource will be mounted. All files/keys in the volume source's volume will be mounted to the subdirectory. This is not the same as the Kubernetes `subPath` volume mount option. Each subPath definition must be unique and must not contain ':'.
pattern: ^[^:]+$
minLength: 1
volumeSource object required
configMap object
defaultMode integer
format: int32
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
emptyDir object
medium string
sizeLimit string | integer
string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
hostPath object
path string required
type string
persistentVolumeClaim object
claimName string required
readOnly boolean
projected object
defaultMode integer
format: int32
sources []object
clusterTrustBundle object
labelSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
name string
optional boolean
path string required
signerName string
configMap object
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
downwardAPI object
items []object
fieldRef object
apiVersion string
fieldPath string required
mode integer
format: int32
path string required
resourceFieldRef object
containerName string
divisor string | integer
string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
resource string required
podCertificate object
certificateChainPath string
credentialBundlePath string
keyPath string
keyType string required
maxExpirationSeconds integer
format: int32
signerName string required
userAnnotations object
secret object
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
serviceAccountToken object
audience string
expirationSeconds integer
format: int64
path string required
secret object
defaultMode integer
format: int32
items []object
key string required
mode integer
format: int32
path string required
optional boolean
secretName string
debugLevel integer
DebugLevel sets the debug level for SSSD. If unset or set to 0, Rook does nothing. Otherwise, this may be a value between 1 and 10. See SSSD docs for more info: https://sssd.io/troubleshooting/basics.html#sssd-debug-logs
minimum: 0
maximum: 10
image string required
Image defines the container image that should be used for the SSSD sidecar.
minLength: 1
resources object
Resources allow specifying resource requests/limits on the SSSD sidecar container.
claims []object
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
name string required
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
request string
Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
limits object
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
requests object
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
sssdConfigFile object
SSSDConfigFile defines where the SSSD configuration should be sourced from. The config file will be placed into `/etc/sssd/sssd.conf`. If this is left empty, Rook will not add the file. This allows you to manage the `sssd.conf` file yourself however you wish. For example, you may build it into your custom Ceph container image or use the Vault agent injector to securely add the file via annotations on the CephNFS spec (passed to the NFS server pods).
volumeSource object
configMap object
defaultMode integer
format: int32
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
emptyDir object
medium string
sizeLimit string | integer
string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
hostPath object
path string required
type string
persistentVolumeClaim object
claimName string required
readOnly boolean
projected object
defaultMode integer
format: int32
sources []object
clusterTrustBundle object
labelSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
name string
optional boolean
path string required
signerName string
configMap object
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
downwardAPI object
items []object
fieldRef object
apiVersion string
fieldPath string required
mode integer
format: int32
path string required
resourceFieldRef object
containerName string
divisor string | integer
string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
resource string required
podCertificate object
certificateChainPath string
credentialBundlePath string
keyPath string
keyType string required
maxExpirationSeconds integer
format: int32
signerName string required
userAnnotations object
secret object
items []object
key string required
mode integer
format: int32
path string required
name string
optional boolean
serviceAccountToken object
audience string
expirationSeconds integer
format: int64
path string required
secret object
defaultMode integer
format: int32
items []object
key string required
mode integer
format: int32
path string required
optional boolean
secretName string
server object required
Server is the Ganesha Server specification
active integer required
The number of active Ganesha servers
annotations object
The annotations-related configuration to add/set on each Pod related object.
hostNetwork boolean
Whether host networking is enabled for the Ganesha server. If not set, the network settings from the cluster CR will be applied.
image string
Image is the container image used to launch the Ceph NFS (Ganesha) daemon(s). The image must include the NFS Ganesha binaries, such as are included with the official Ceph releases. E.g.: quay.io/ceph/ceph:<tag> If not specified, the Ceph image defined in the CephCluster is used. Overriding the CephCluster defined image is not normally necessary when using the official Ceph images. The image must contain the NFS Ganesha and dbus packages. If the SSSD sidecar is enabled, the image must also contain the sssd-client package.
minLength: 1
maxLength: 1572864
imagePullPolicy string
ImagePullPolicy describes a policy for if/when to pull a container image One of Always, Never, IfNotPresent. This field only has effect if an image is specified.
enum: IfNotPresent, Always, Never,
labels object
The labels-related configuration to add/set on each Pod related object.
livenessProbe object
A liveness-probe to verify that Ganesha server has valid run-time state. If LivenessProbe.Disabled is false and LivenessProbe.Probe is nil uses default probe.
disabled boolean
Disabled determines whether probe is disable or not
probe object
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
exec object
Exec specifies a command to execute in the container.
command []string
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
failureThreshold integer
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
format: int32
grpc object
GRPC specifies a GRPC HealthCheckRequest.
port integer required
Port number of the gRPC service. Number must be in the range 1 to 65535.
format: int32
service string
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.
httpGet object
HTTPGet specifies an HTTP GET request to perform.
host string
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
httpHeaders []object
Custom headers to set in the request. HTTP allows repeated headers.
name string required
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
value string required
The header field value
path string
Path to access on the HTTP server.
port string | integer required
Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
scheme string
Scheme to use for connecting to the host. Defaults to HTTP.
initialDelaySeconds integer
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
periodSeconds integer
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
format: int32
successThreshold integer
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
format: int32
tcpSocket object
TCPSocket specifies a connection to a TCP port.
host string
Optional: Host name to connect to, defaults to the pod IP.
port string | integer required
Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
terminationGracePeriodSeconds integer
format: int64
timeoutSeconds integer
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
logLevel string
LogLevel set logging level
placement object
nodeAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
preference object required
matchExpressions []object
key string required
operator string required
values []string
matchFields []object
key string required
operator string required
values []string
weight integer required
format: int32
requiredDuringSchedulingIgnoredDuringExecution object
nodeSelectorTerms []object required
matchExpressions []object
key string required
operator string required
values []string
matchFields []object
key string required
operator string required
values []string
podAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
podAffinityTerm object required
labelSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
namespaces []string
topologyKey string required
weight integer required
format: int32
requiredDuringSchedulingIgnoredDuringExecution []object
labelSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
namespaces []string
topologyKey string required
podAntiAffinity object
preferredDuringSchedulingIgnoredDuringExecution []object
podAffinityTerm object required
labelSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
namespaces []string
topologyKey string required
weight integer required
format: int32
requiredDuringSchedulingIgnoredDuringExecution []object
labelSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
matchLabelKeys []string
mismatchLabelKeys []string
namespaceSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
namespaces []string
topologyKey string required
tolerations []object
effect string
key string
operator string
tolerationSeconds integer
format: int64
value string
topologySpreadConstraints []object
labelSelector object
matchExpressions []object
key string required
operator string required
values []string
matchLabels object
matchLabelKeys []string
maxSkew integer required
format: int32
minDomains integer
format: int32
nodeAffinityPolicy string
nodeTaintsPolicy string
topologyKey string required
whenUnsatisfiable string required
priorityClassName string
PriorityClassName sets the priority class on the pods
resources object
Resources set resource requests and limits
claims []object
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
name string required
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
request string
Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
limits object
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
requests object
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
status object
NFSStatus represents the status of Ceph NFS
cephx object
daemon object
Daemon shows the CephX key status for local Ceph daemons associated with this resources.
keyCephVersion string
KeyCephVersion reports the Ceph version that created the current generation's keys. This is same string format as reported by `CephCluster.status.version.version` to allow them to be compared. E.g., `20.2.0-0`. For all newly-created resources, this field set to the version of Ceph that created the key. The special value "Uninitialized" indicates that keys are being created for the first time. An empty string indicates that the version is unknown, as expected in brownfield deployments.
keyGeneration integer
KeyGeneration represents the CephX key generation for the last successful reconcile. For all newly-created resources, this field is set to `1`. When keys are rotated due to any rotation policy, the generation is incremented or updated to the configured policy generation. Generation `0` indicates that keys existed prior to the implementation of key tracking.
format: int32
conditions []object
lastHeartbeatTime string
format: date-time
lastTransitionTime string
format: date-time
message string
reason string
ConditionReason is a reason for a condition
status string
type string
ConditionType represent a resource's status
observedGeneration integer
ObservedGeneration is the latest generation observed by the controller.
format: int64
phase string

No matches. Try .spec.rados for an exact path