diff --git a/cluster/config/ceph/ceph-configmap.yml b/cluster/config/ceph/ceph-configmap.yml new file mode 100644 index 0000000..3cce844 --- /dev/null +++ b/cluster/config/ceph/ceph-configmap.yml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: ConfigMap +data: + ceph.conf: | + [global] + auth_cluster_required = cephx + auth_service_required = cephx + auth_client_required = cephx + # keyring is a required key and its value should be empty + keyring: | +metadata: + name: ceph-config + namespace: ceph diff --git a/cluster/config/ceph/csi-configmap.yml b/cluster/config/ceph/csi-configmap.yml new file mode 100644 index 0000000..8f52f3d --- /dev/null +++ b/cluster/config/ceph/csi-configmap.yml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +data: + config.json: |- + [ + { + "clusterID": "54ca2103-a505-46a7-a13e-0f72d6e3574a", + "monitors": [ + "10.1.0.1:6789", + "10.1.0.2:6789", + "10.1.0.3:6789" + ] + } + ] +metadata: + name: ceph-csi-config + namespace: ceph diff --git a/cluster/config/ceph/csi-kms-configmap.yml b/cluster/config/ceph/csi-kms-configmap.yml new file mode 100644 index 0000000..60ef661 --- /dev/null +++ b/cluster/config/ceph/csi-kms-configmap.yml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +data: + config.json: |- + {} +metadata: + name: ceph-csi-encryption-kms-config + namespace: ceph diff --git a/cluster/config/ceph/csi-nodeplugin-rbac.yml b/cluster/config/ceph/csi-nodeplugin-rbac.yml new file mode 100644 index 0000000..c82130c --- /dev/null +++ b/cluster/config/ceph/csi-nodeplugin-rbac.yml @@ -0,0 +1,50 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rbd-csi-nodeplugin + # replace with non-default namespace name + namespace: ceph +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rbd-csi-nodeplugin +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get"] + # allow to read Vault Token and connection options from the Tenants namespace + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["list", "get"] + - apiGroups: [""] + resources: ["serviceaccounts/token"] + verbs: ["create"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rbd-csi-nodeplugin +subjects: + - kind: ServiceAccount + name: rbd-csi-nodeplugin + # replace with non-default namespace name + namespace: ceph +roleRef: + kind: ClusterRole + name: rbd-csi-nodeplugin + apiGroup: rbac.authorization.k8s.io + diff --git a/cluster/config/ceph/csi-provisioner-rbac.yml b/cluster/config/ceph/csi-provisioner-rbac.yml new file mode 100644 index 0000000..72dc931 --- /dev/null +++ b/cluster/config/ceph/csi-provisioner-rbac.yml @@ -0,0 +1,129 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rbd-csi-provisioner + # replace with non-default namespace name + namespace: ceph + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rbd-external-provisioner-runner +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "update", "delete", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "patch", "create"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["get", "list", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get"] + - apiGroups: [""] + resources: ["serviceaccounts/token"] + verbs: ["create"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["replication.storage.openshift.io"] + resources: ["volumegroupreplicationcontents"] + verbs: ["get", "list", "watch"] + - apiGroups: ["replication.storage.openshift.io"] + resources: ["volumegroupreplicationclasses"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rbd-csi-provisioner-role +subjects: + - kind: ServiceAccount + name: rbd-csi-provisioner + # replace with non-default namespace name + namespace: ceph +roleRef: + kind: ClusterRole + name: rbd-external-provisioner-runner + apiGroup: rbac.authorization.k8s.io + +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # replace with non-default namespace name + namespace: ceph + name: rbd-external-provisioner-cfg +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rbd-csi-provisioner-role-cfg + # replace with non-default namespace name + namespace: ceph +subjects: + - kind: ServiceAccount + name: rbd-csi-provisioner + # replace with non-default namespace name + namespace: ceph +roleRef: + kind: Role + name: rbd-external-provisioner-cfg + apiGroup: rbac.authorization.k8s.io diff --git a/cluster/config/ceph/csi-rbd-sc.yml b/cluster/config/ceph/csi-rbd-sc.yml new file mode 100644 index 0000000..6b9fe97 --- /dev/null +++ b/cluster/config/ceph/csi-rbd-sc.yml @@ -0,0 +1,20 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: csi-rbd-sc +provisioner: rbd.csi.ceph.com +parameters: + clusterID: 54ca2103-a505-46a7-a13e-0f72d6e3574a + pool: ceph-vm + imageFeatures: layering + csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret + csi.storage.k8s.io/provisioner-secret-namespace: default + csi.storage.k8s.io/controller-expand-secret-name: csi-rbd-secret + csi.storage.k8s.io/controller-expand-secret-namespace: default + csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret + csi.storage.k8s.io/node-stage-secret-namespace: default +reclaimPolicy: Retain +allowVolumeExpansion: true +mountOptions: + - discard diff --git a/cluster/config/ceph/csi-rbd-secret.yml b/cluster/config/ceph/csi-rbd-secret.yml new file mode 100644 index 0000000..d80a546 --- /dev/null +++ b/cluster/config/ceph/csi-rbd-secret.yml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: csi-rbd-secret + namespace: default +stringData: + userID: ceph-vm + userKey: AQA00Y1olRhKFxAA2zejDLWbph/eeHz33XvCxA== diff --git a/cluster/config/ceph/csi-rbdplugin-provisioner.yml b/cluster/config/ceph/csi-rbdplugin-provisioner.yml new file mode 100644 index 0000000..717672d --- /dev/null +++ b/cluster/config/ceph/csi-rbdplugin-provisioner.yml @@ -0,0 +1,290 @@ +--- +kind: Service +apiVersion: v1 +metadata: + name: csi-rbdplugin-provisioner + # replace with non-default namespace name + namespace: ceph + labels: + app: csi-metrics +spec: + selector: + app: csi-rbdplugin-provisioner + ports: + - name: http-metrics + port: 8080 + protocol: TCP + targetPort: 8680 + +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: csi-rbdplugin-provisioner + # replace with non-default namespace name + namespace: ceph +spec: + replicas: 3 + selector: + matchLabels: + app: csi-rbdplugin-provisioner + template: + metadata: + labels: + app: csi-rbdplugin-provisioner + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - csi-rbdplugin-provisioner + topologyKey: "kubernetes.io/hostname" + serviceAccountName: rbd-csi-provisioner + priorityClassName: system-cluster-critical + containers: + - name: csi-rbdplugin + # for stable functionality replace canary with latest release version + image: quay.io/cephcsi/cephcsi:canary + args: + - "--nodeid=$(NODE_ID)" + - "--type=rbd" + - "--controllerserver=true" + - "--endpoint=$(CSI_ENDPOINT)" + - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)" + - "--v=5" + - "--drivername=rbd.csi.ceph.com" + - "--pidlimit=-1" + - "--rbdhardmaxclonedepth=8" + - "--rbdsoftmaxclonedepth=4" + - "--enableprofiling=false" + - "--setmetadata=true" + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # - name: KMS_CONFIGMAP_NAME + # value: encryptionConfig + - name: CSI_ENDPOINT + value: unix:///csi/csi-provisioner.sock + - name: CSI_ADDONS_ENDPOINT + value: unix:///csi/csi-addons.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - mountPath: /dev + name: host-dev + - mountPath: /sys + name: host-sys + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - name: ceph-csi-config + mountPath: /etc/ceph-csi-config/ + - name: ceph-csi-encryption-kms-config + mountPath: /etc/ceph-csi-encryption-kms-config/ + - name: keys-tmp-dir + mountPath: /tmp/csi/keys + - name: ceph-config + mountPath: /etc/ceph/ + - name: oidc-token + mountPath: /run/secrets/tokens + readOnly: true + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 + args: + - "--csi-address=$(ADDRESS)" + - "--v=1" + - "--timeout=150s" + - "--retry-interval-start=500ms" + - "--leader-election=true" + - "--feature-gates=HonorPVReclaimPolicy=true" + - "--prevent-volume-mode-conversion=true" + # if fstype is not specified in storageclass, ext4 is default + - "--default-fstype=ext4" + - "--extra-create-metadata=true" + - "--immediate-topology=false" + - "--http-endpoint=$(POD_IP):8090" + env: + - name: ADDRESS + value: unix:///csi/csi-provisioner.sock + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 8090 + name: provisioner + protocol: TCP + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: csi-snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0 + args: + - "--csi-address=$(ADDRESS)" + - "--v=1" + - "--timeout=150s" + - "--leader-election=true" + - "--extra-create-metadata=true" + - "--feature-gates=CSIVolumeGroupSnapshot=true" + - "--http-endpoint=$(POD_IP):8092" + env: + - name: ADDRESS + value: unix:///csi/csi-provisioner.sock + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 8092 + name: snapshotter + protocol: TCP + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.8.0 + args: + - "--v=1" + - "--csi-address=$(ADDRESS)" + - "--leader-election=true" + - "--retry-interval-start=500ms" + - "--default-fstype=ext4" + - "--http-endpoint=$(POD_IP):8093" + env: + - name: ADDRESS + value: /csi/csi-provisioner.sock + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 8093 + name: attacher + protocol: TCP + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.13.1 + args: + - "--csi-address=$(ADDRESS)" + - "--v=1" + - "--timeout=150s" + - "--leader-election" + - "--retry-interval-start=500ms" + - "--handle-volume-inuse-error=false" + - "--feature-gates=RecoverVolumeExpansionFailure=true" + - "--http-endpoint=$(POD_IP):8091" + env: + - name: ADDRESS + value: unix:///csi/csi-provisioner.sock + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 8091 + name: resizer + protocol: TCP + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: csi-rbdplugin-controller + # for stable functionality replace canary with latest release version + image: quay.io/cephcsi/cephcsi:canary + args: + - "--type=controller" + - "--v=5" + - "--drivername=rbd.csi.ceph.com" + - "--drivernamespace=$(DRIVER_NAMESPACE)" + - "--setmetadata=true" + env: + - name: DRIVER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: ceph-csi-config + mountPath: /etc/ceph-csi-config/ + - name: keys-tmp-dir + mountPath: /tmp/csi/keys + - name: ceph-config + mountPath: /etc/ceph/ + - name: liveness-prometheus + image: quay.io/cephcsi/cephcsi:canary + args: + - "--type=liveness" + - "--endpoint=$(CSI_ENDPOINT)" + - "--metricsport=8680" + - "--metricspath=/metrics" + - "--polltime=60s" + - "--timeout=3s" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi-provisioner.sock + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + ports: + - containerPort: 8680 + name: http-metrics + protocol: TCP + volumeMounts: + - name: socket-dir + mountPath: /csi + imagePullPolicy: "IfNotPresent" + volumes: + - name: host-dev + hostPath: + path: /dev + - name: host-sys + hostPath: + path: /sys + - name: lib-modules + hostPath: + path: /lib/modules + - name: socket-dir + emptyDir: { + medium: "Memory" + } + - name: ceph-config + configMap: + name: ceph-config + - name: ceph-csi-config + configMap: + name: ceph-csi-config + - name: ceph-csi-encryption-kms-config + configMap: + name: ceph-csi-encryption-kms-config + - name: keys-tmp-dir + emptyDir: { + medium: "Memory" + } + - name: oidc-token + projected: + sources: + - serviceAccountToken: + path: oidc-token + expirationSeconds: 3600 + audience: ceph-csi-kms diff --git a/cluster/config/ceph/csi-rbdplugin.yml b/cluster/config/ceph/csi-rbdplugin.yml new file mode 100644 index 0000000..18e4f22 --- /dev/null +++ b/cluster/config/ceph/csi-rbdplugin.yml @@ -0,0 +1,230 @@ +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-rbdplugin + # replace with non-default namespace name + namespace: ceph +spec: + selector: + matchLabels: + app: csi-rbdplugin + template: + metadata: + labels: + app: csi-rbdplugin + spec: + serviceAccountName: rbd-csi-nodeplugin + hostNetwork: true + hostPID: true + priorityClassName: system-node-critical + # to use e.g. Rook orchestrated cluster, and mons' FQDN is + # resolved through k8s service, set dns policy to cluster first + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: csi-rbdplugin + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + # for stable functionality replace canary with latest release version + image: quay.io/cephcsi/cephcsi:canary + args: + - "--nodeid=$(NODE_ID)" + - "--pluginpath=/var/lib/kubelet/plugins" + - "--stagingpath=/var/lib/kubelet/plugins/kubernetes.io/csi/" + - "--type=rbd" + - "--nodeserver=true" + - "--endpoint=$(CSI_ENDPOINT)" + - "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)" + - "--v=5" + - "--drivername=rbd.csi.ceph.com" + - "--enableprofiling=false" + # If topology based provisioning is desired, configure required + # node labels representing the nodes topology domain + # and pass the label names below, for CSI to consume and advertise + # its equivalent topology domain + # - "--domainlabels=failure-domain/region,failure-domain/zone" + # + # Options to enable read affinity. + # If enabled Ceph CSI will fetch labels from kubernetes node and + # pass `read_from_replica=localize,crush_location=type:value` during + # rbd map command. refer: + # https://docs.ceph.com/en/latest/man/8/rbd/#kernel-rbd-krbd-options + # for more details. + # - "--enable-read-affinity=true" + # - "--crush-location-labels=topology.io/zone,topology.io/rack" + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # - name: KMS_CONFIGMAP_NAME + # value: encryptionConfig + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: CSI_ADDONS_ENDPOINT + value: unix:///csi/csi-addons.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - mountPath: /dev + name: host-dev + - mountPath: /sys + name: host-sys + - mountPath: /run/mount + name: host-mount + - mountPath: /etc/selinux + name: etc-selinux + readOnly: true + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - name: ceph-csi-config + mountPath: /etc/ceph-csi-config/ + - name: ceph-csi-encryption-kms-config + mountPath: /etc/ceph-csi-encryption-kms-config/ + - name: plugin-dir + mountPath: /var/lib/kubelet/plugins + mountPropagation: "Bidirectional" + - name: mountpoint-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - name: keys-tmp-dir + mountPath: /tmp/csi/keys + - name: ceph-logdir + mountPath: /var/log/ceph + - name: ceph-config + mountPath: /etc/ceph/ + - name: oidc-token + mountPath: /run/secrets/tokens + readOnly: true + - name: driver-registrar + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0 + args: + - "--v=1" + - "--csi-address=/csi/csi.sock" + - "--kubelet-registration-path=/var/lib/kubelet/plugins/rbd.csi.ceph.com/csi.sock" + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: liveness-prometheus + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: quay.io/cephcsi/cephcsi:canary + args: + - "--type=liveness" + - "--endpoint=$(CSI_ENDPOINT)" + - "--metricsport=8680" + - "--metricspath=/metrics" + - "--polltime=60s" + - "--timeout=3s" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - name: socket-dir + mountPath: /csi + imagePullPolicy: "IfNotPresent" + volumes: + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/rbd.csi.ceph.com + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins + type: Directory + - name: mountpoint-dir + hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + - name: ceph-logdir + hostPath: + path: /var/log/ceph + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: host-dev + hostPath: + path: /dev + - name: host-sys + hostPath: + path: /sys + - name: etc-selinux + hostPath: + path: /etc/selinux + - name: host-mount + hostPath: + path: /run/mount + - name: lib-modules + hostPath: + path: /lib/modules + - name: ceph-config + configMap: + name: ceph-config + - name: ceph-csi-config + configMap: + name: ceph-csi-config + - name: ceph-csi-encryption-kms-config + configMap: + name: ceph-csi-encryption-kms-config + - name: keys-tmp-dir + emptyDir: { + medium: "Memory" + } + - name: oidc-token + projected: + sources: + - serviceAccountToken: + path: oidc-token + expirationSeconds: 3600 + audience: ceph-csi-kms +--- +# This is a service to expose the liveness metrics +apiVersion: v1 +kind: Service +metadata: + name: csi-metrics-rbdplugin + # replace with non-default namespace name + namespace: ceph + labels: + app: csi-metrics +spec: + ports: + - name: http-metrics + port: 8080 + protocol: TCP + targetPort: 8680 + selector: + app: csi-rbdplugin