Configuring Helm ceph-csi-cephfs charts

Use this information to configure the values for Helm ceph-csi-cephfs charts.

Edit the values.yaml ceph-csi-cephfs chart in one of the following ways:
  • Use the helm upgrade command with the needed updates and then reapply the chart.
    helm upgrade HELM_VERSION CHART_NAME -f values.yaml
    For example,
    helm upgrade 3.17 ceph-csi-cephfs -f values.yaml
  • Use the helm install command with the --set parameter=value argument.
    helm install --namespace NAMESPACE ceph-csi NAME --set PARAMETER=VALUE 
    For example,
    helm install --namespace ceph-csi-cephfs ceph-csi ceph-csi/ceph-csi-cephfs --set nodeplugin.plugin.image.repository=cp.icr.io/cp/ibm-ceph/cephcsi --set nodeplugin.plugin.image.pullPolicy=IfNotPresent
    When updating multiple parameters, for each parameter add another --set parameter=value argument. For example:
    helm install --namespace ceph-csi-cephfs ceph-csi ceph-csi-cephfs --set nodeplugin.plugin.image.repository=cp.icr.io/cp/ibm-ceph/cephcsi --set nodeplugin.plugin.image.pullPolicy=IfNotPresent
Note: Editing and upgrading the chart is ideal for complex management and updating multiple configurations, over the helm install --set command.
Table 1 lists the configurable parameters for ceph-csi-cephfs, what they are used for and their default values.
Table 1. ceph-csi-cephfs configurable parameters
Parameter Description Default value
rbac.create Specifies whether RBAC resources should be created. true
rbac.leastPrivileges Specifies whether RBAC resources should be created with a restricted scope when supported.

Currently only supported with Secrets.

true
serviceAccounts.nodeplugin.create Specifies whether a nodeplugin ServiceAccount should be created. true
serviceAccounts.nodeplugin.name Specifies the name of the nodeplugin ServiceAccount to use. If not set and create is true, a name is generated by using the full name. ""
serviceAccounts.provisioner.create Specifies whether a provisioner ServiceAccount should be created. true
serviceAccounts.provisioner.name Specifies the name of the provisioner ServiceAccount to use. If not set and create is true, a name is generated by using the full name. ""
csiConfig Configuration for the CSI to connect to the cluster. []
encryptionKMSConfig Configuration for the encryption KMS. {}
commonLabels Labels to apply to all resources. {}
logLevel Set logging level for CSI containers.

Supported values are 0 – 5, where 0 is for general logs and 5 is for trace level verbosity.

5
sidecarLogLevel Set logging level for CSI sidecar containers.

Supported values are 0 – 5, where 0 is for general logs and 5 is for trace level verbosity.

1
logSlowOperationInterval Log slow operations at the specified rate. Operation is considered slow if it outlives its deadline. 30s
nodeplugin.name Specifies the nodeplugin name. nodeplugin
nodeplugin.updateStrategy Specifies the update strategy. Set this value to OnDelete when using the ceph-fuse client. RollingUpdate
nodeplugin.priorityClassName Set the user created priorityclassName for CSI driver pods.

Default: system-node-critical, which is the highest priority.

system-node-critical
nodeplugin.imagePullSecrets Specifies the imagePullSecrets for containers. []
nodeplugin.profiling.enabled Specifies whether profiling should be enabled. false
nodeplugin.registrar.image.repository Defines the node registrar image repository URL. registry.k8s.io/sig-storage/csi-node-driver-registrar
nodeplugin.registrar.image.tag Defines the node registrar image tag. v2.13.0
nodeplugin.registrar.image.pullPolicy Defines the node registrar image pull policy. IfNotPresent
nodeplugin.plugin.image.repository Defines the node plugin image repository URL. cp.icr.io/cp/ibm-ceph/cephcsi
nodeplugin.plugin.image.tag Defines the node plugin image tag. v4.16.0-33
nodeplugin.plugin.image.pullPolicy Defines the node plugin image pull policy. IfNotPresent
nodeplugin.podSecurityContext Specifies pod-level security context. {}
nodeplugin.annotations Specifies DaemonSet level annotations. {}
nodeplugin.podAnnotations Specifies pod-level annotations. {}
nodeplugin.nodeSelector Defines the Kubernetes nodeSelector to add to the DaemonSet. {}
nodeplugin.tolerations Defines the Kubernetes tolerations to add to the DaemonSet. {}
nodeplugin.forcecephkernelclient Set to true to enable Ceph Kernel clients on kernel < 4.17 which support quotas. true
nodeplugin.kernelmountoptions Comma separated string of mount options accepted by cephfs kernel mounter quotas. ""
nodeplugin.fusemountoptions Comma separated string of mount options accepted by ceph-fuse mounter quotas. ""
provisioner.name Specifies the provisioner name. provisioner
provisioner.replicaCount Specifies the replicaCount. 3
provisioner.timeout Sets the gRPC timeout for waiting for creation or deletion of a volume. 60s
provisioner.clustername Cluster name to set on the volume. ""
provisioner.setmetadata Enables setting metadata on the volume. true
provisioner.priorityClassName Sets the user created priorityclassName for CSI provisioner pods.

Default: system-cluster-critical, which is lower priority than system-node-critical.

system-cluster-critical
provisioner.enableHostNetwork Specifies whether hostNetwork is enabled for provisioner pod. false
provisioner.imagePullSecrets Specifies imagePullSecrets for containers. []
provisioner.profiling.enabled Specifies whether profiling should be enabled. false
provisioner.provisioner.image.repository Specifies the CSI provisioner image repository URL. registry.k8s.io/sig-storage/csi-provisioner
provisioner.provisioner.image.tag Specifies the CSI provisioner image tag. v5.1.0
provisioner.provisioner.image.pullPolicy Specifies the pull policy. IfNotPresent
provisioner.provisioner.args.httpEndpointPort Specifies HTTP server port for diagnostics, health checks, and metrics. ""
provisioner.provisioner.extraArgs Specifies extra arguments for the provisioner sidecar. []
provisioner.resizer.name Specifies the CSI resizer sidecar name. resizer
provisioner.resizer.enabled Enables or disables the CSI resizer sidecar. true
provisioner.resizer.image.repository Specifies the CSI resizer image repository URL. registry.k8s.io/sig-storage/csi-resizer
provisioner.resizer.image.tag Specifies the CSI resizer image tag. v1.13.1
provisioner.resizer.image.pullPolicy Specifies the CSI resizer pull policy. IfNotPresent
provisioner.resizer.image.extraArgs Specifies extra arguments for the CSI resizer sidecar. []
provisioner.snapshotter.image.repository Specifies the CSI snapshotter image repository URL. registry.k8s.io/sig-storage/csi-snapshotter
provisioner.snapshotter.image.tag Specifies the CSI snapshotter image tag. v8.2.0
provisioner.snapshotter.image.pullPolicy Specifies the CSI snapshotter pull policy. IfNotPresent
provisioner.snapshotter.args.enableVolumeGroupSnapshots Enables the creation of volume group snapshots. false
provisioner.snapshotter.args.httpEndpointPort Specifies HTTP server port for diagnostics, health checks, and metrics. ""
provisioner.snapshotter.extraArgs Specifies extra arguments for the snapshotter sidecar. []
provisioner.nodeSelector Specifies the node selector for provisioner deployment. {}
provisioner.tolerations Specifies the tolerations for provisioner deployment. {}
provisioner.affinity Specifies the affinity for provisioner deployment. {}
provisioner.podSecurityContext Specifies pod-level security context. {}
provisioner.annotations Specifies deployment level annotations. {}
provisioner.podAnnotations Specifies pod-level annotations. {}
provisionerSocketFile Defines the filename of the CSI provisioner socket. csi-provisioner.sock
pluginSocketFile Defines the filename of the CSI plugin socket. csi.sock
readAffinity.enabled Enables read affinity for Ceph File System (CephFS) volumes.

It is recommended to set to true when running kernel 5.8 or later.

false
readAffinity.crushLocationLabels Defines which node labels to use as CRUSH location. Set with corresponding values, as set in the CRUSH map.

For more information about viewing CRUSH map information, see Viewing the CRUSH map of the Ceph cluster in the IBM Storage Ceph documentation.

For more information about CRUSH, see CRUSH admin overview in the IBM Storage Ceph documentation.

[]
kubeletDir Defines the kubelet working directory. /var/lib/kubelet
driverName Defines the name of the CSI driver. cephfs.csi.ceph.com
configMapName Defines the name of the configuration map that contains cluster configuration. ceph-csi-config
externallyManagedConfigmap Specifies the use of an externally provided configuration map. false
cephConfConfigMapName Defines the name of the configuration map that contains the ceph.conf configuration. ceph-config
storageClass.create Specifies whether the StorageClass should be created. false
storageClass.name Specifies the CephFS StorageClass name. csi-cephfs-sc
storageClass.annotations Specifies the annotations for the CephFS StorageClass. []
storageClass.clusterID String representing a Ceph cluster to provision storage from. <cluster-ID>
storageClass.encrypted Defines if the volume should be encrypted. Set it to true if you want to enable encryption. ""
storageClass.encryptionKMSID Specifies the encryption KMS ID. ""
storageClass.fsName CephFS name into which the volume shall be created. myfs
storageClass.pool Ceph pool into which the CephFS volume shall be created. ""
storageClass.fuseMountOptions Comma separated string of Ceph-FUSE mount options. ""
storageclass.kernelMountOptions Comma separated string of CephFS kernel mount options. ""
storageClass.mounter Specifies the CephFS mounter.

The driver can use either Ceph-FUSE (FUSE) or ceph kernelclient (kernel).

""
storageClass.volumeNamePrefix Prefix to use for naming subvolumes. ""
storageClass.provisionerSecret The secrets have to contain user and/or Ceph admin credentials. csi-cephfs-secret
storageClass.provisionerSecretNamespace Specifies the provisioner secret namespace. ""
storageClass.controllerExpandSecret Specifies the controller expand secret name. csi-cephfs-secret
storageClass.controllerExpandSecretNamespace Specifies the controller expand secret namespace. ""
storageClass.nodeStageSecret Specifies the node stage secret name. csi-cephfs-secret
storageClass.nodeStageSecretNamespace Specifies the node stage secret namespace. ""
storageClass.reclaimPolicy Specifies the reclaim policy of the StorageClass. Delete
storageClass.allowVolumeExpansion Specifies whether volume expansion should be allowed. true
storageClass.mountOptions Specifies the mount options for storageClass. []
secret.create Specifies whether the secret should be created. false
secret.name Specifies the CephFS secret name. csi-cephfs-secret
secret.userID Specifies the user ID of the CephFS secret. <plaintext ID>
secret.userKey Specifies the key that corresponds to the user ID. <Ceph auth key corresponding to ID above>
selinuxMount Mounts the host /etc/selinux inside pods to support SELinux-enabled filesystems. true
CSIDriver.fsGroupPolicy Specifies the fsGroupPolicy for the CSI driver object. File
CSIDriver.seLinuxMount Specify for efficient SELinux volume relabeling. true
instanceID Unique ID distinguishing this instance of Ceph CSI among other instances, when sharing Ceph clusters across CSI instances for provisioning.
radosNamespaceCephFS CephFS RadosNamespace used to store CSI specific objects and keys.