chore(deps): update helm release rook-ceph to v1.18.7 #778

timtor-bot · 2025-08-21T00:15:22Z

This PR contains the following updates:

Package	Update	Change
rook-ceph	minor	`v1.16.7` -> `v1.18.7`

Release Notes

rook/rook (rook-ceph)

`v1.18.7`

Compare Source

Improvements

Rook v1.18.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

pool: Retry pool status updates in the radosnamespace controller (#16700, @parth-gr)
osd: Add device class label to the osd prepare pods (#16675, @parth-gr)
external: Fix quote parsing and message in import-external-cluster.sh (#16646, @GanghyeonSeo)
object: Fix user quotas being overwritten when obc bucketOwner is set (#16672, @jhoblitt)
docs: Example of application migration between clusters (#16659, @travisn)
mgr: Add hostNetwork field to Ceph Mgr spec (#16617, @Sunnatillo)
osd: Add CephCluster OSDMaxUpdatesInParallel to tune OSD updates (#16655, @jhoblitt)

`v1.18.6`

Compare Source

Improvements

Rook v1.18.6 is a patch release with changes only in the rook-ceph helm chart. If not affected by #16636 in v1.18.5, no need to update to this release.

helm: Remove duplicate YAML map entries (#16637, @hxtmdev)
ci: Check for duplicates in the helm linter (#16640, @hxtmdev)

`v1.18.5`

Compare Source

Improvements

Rook v1.18.5 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

mon: Wait for the canary pods to be terminated before starting mon daemons (#16619, @sp98)
mon: Trap the sigterm to respond quickly to the mon canary pod deletion (#16629, @travisn)
osd: Set osd resources for specific device class (#16614, @travisn)
mgr: Add required k8s label for endpointSlice (#16618, @subhamkrai)
pool: Skip setting the target size ratio to 0 by default (#16609, @travisn)
core: Fix ceph health check up status check (#16595, @parth-gr)
osd: Allow OSD init keyring update to be best-effort instead of fail osd start (#16603, @BlaineEXE)
osd: Add a timeout for osd create and update process (#16594, @parth-gr)
core: Add missing labels to RBAC resources to prevent ArgoCD drift (#16507, @fullstackjam)
mon: Update the clusterinfo with v2 port (#16540, @parth-gr)
file: Allow overriding MDS cache memory limit. (#16556, @timbuchwaldt)
osd: More detailed logging to check node topology conflicts (#16573, @OdedViner)

`v1.18.4`

Compare Source

Improvements

Rook v1.18.4 is a patch release with changes only in the rook-ceph-cluster helm chart. If not affected by #16567 in v1.18.3, no need to update to this release.

helm: Revert ceph image tag change (#16567, @travisn)

`v1.18.3`

Compare Source

Improvements

Rook v1.18.3 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

helm: Allow specifying the image tag and repository separately (#16512, @travisn)
csi: Allow overriding volume settings in csi operator for nixos (#16395, @travisn)
osd: Exclude down OSDs from main PDB when cluster is clean (#16112, @elias-dbx)
build: Add csi operator image to images.txt (#16563, @travisn)
csi: Update csi-operator version to v0.4.1 (#16560, @Madhu-1)
rbdmirror: Fix mirroring monitoring settings for rados namespaces (#16520, @parth-gr)
namespace: Blocklist ip:nonce in cleanup job (#16532, @Madhu-1)
osd: Clean encrypted disks from other clusters (#16488, @sp98)
csi: Avoid port conflict by removing liveness probe from the csi-operator (#16516, @Madhu-1)
csi: Add labels to the csi-operator driver pod (#16514, @subhamkrai)
helm: Refactoring to modernize templates (#16494, @consideRatio)
osd: Updated blocking pdbs when drained node comes back online (#16506, @sp98)
core: Use latest operator context to avoid reference to canceled context (#16493, @sp98)
ci: Update latest k8s version to v1.34 (#16418, @obnoxxx)
external: Fix ipv6 monitoring endpoint reconcile (#16468, @parth-gr)
pool: Allow enableCrushUpdates to be nil (#16478, @travisn)
mon: Fix mon health nil pointer exception with mons on PVC (#16484, @sp98)
helm: Refactoring of rook-ceph's configmap to be easier to read and maintain (#16457, @consideRatio)
nfs: Rotate nfs cephx key (#16456, @subhamkrai)
external: Fixing rbd provisioner secret in import-external-cluster script (#16474, @rubentsirunyan)
core: Add CRD Phase column to cephor, cephnfs, cephbn (#16541 #16542 #16543, @jhoblitt)
object: Add status.{phase,observedGeneration} to cephbn (#16499, @jhoblitt)
core: fix ObjectZoneSpec.ZoneGroup and ObjectZoneGroupSpec.Realm field descriptions (#16496, @jhoblitt)

`v1.18.2`

Compare Source

Improvements

Rook v1.18.2 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

helm: Upgrade requires either deletion of storage classes or removal of new storage class properties, see the Upgrade Guide (#16454, @parth-gr)
csi: Set host networking on the csi controller pod if host networking is enforced (#16462, @travisn)
csi: Fix cephx key deletion logic (#16452, @BlaineEXE)
csi: Add multus network annotation to csi-operator (#16448, @subhamkrai)
external: Fix secret values in import-external-cluster script (#16433, @rubentsirunyan)
osd: Remove the osd bootstrap keyring that is not needed after creation (#16421, @parth-gr)
core: Delete bootstrap keys not necessary for ceph daemons (#16372, @sp98)
core: Allow rotation of the client.admin cephx key (#16271, @BlaineEXE)
osd: Rotate lockbox keys for encrypted OSDs (#16409, @sp98)

`v1.18.1`

Compare Source

Improvements

Rook v1.18.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

csi: Set the cephfs kernel mount options when network encryption is enabled (#16399, @travisn)
csi: Generate default crush topology labels for the csi operator settings (#16376, @travisn)
csi: Create csi operator resources when operator settings configmap is updated (#16382, @subhamkrai)
csi: Delete csi operator CR's when disabled (#16381, @subhamkrai)
csi: Set csi operator as default if no settings found (#16405, @travisn)
csi: Fix wrong use of daemon config for cephx status (#16396, @BlaineEXE)
helm: Recreate storage classes with helm upgrades to add keep policy and new properties (#16373, @parth-gr)
ci: Always initialize CSI driver names (#16393, @travisn)

`v1.18.0`

Compare Source

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes

Kubernetes v1.29 is now the minimum version supported by Rook through the soon-to-be K8s release v1.34.
Helm versions 3.13 and newer are supported. Previously, only the latest version of helm was tested and the docs stated only version 3.x of helm as a prerequisite. Now rook supports the six most recent minor versions of helm along with their their patch updates.
Rook now validates node topology during CephCluster creation to prevent misconfigured CRUSH hierarchies for OSDs. If child labels like topology.rook.io/rack are duplicated across zones, cluster creation will fail. The check applies only to new clusters without OSDs. Clusters with existing OSDs will only log a warning and continue. If the checks are invalid in your topology, they can be suppressed by setting ROOK_SKIP_OSD_TOPOLOGY_CHECK=true in the rook-ceph-operator-config configmap.

Features

The Ceph CSI operator is now the default and recommended component for configuring CSI drivers for RBD, CephFS, and NFS volumes. The CSI operator has been factored out of Rook to run independently to manage the Ceph-CSI driver.
- During the upgrade and throughout the v1.18.x releases, Rook will automatically convert any Rook CSI settings to the new CSI operator CRs. This transition is expected to be completely transparent. In the future v1.19 release, Rook will relinquish direct control of these settings so advanced users can have more flexibility when configuring the CSI drivers. At that time, we will have a guide on configuring these new Ceph CSI operator CRs directly.
- During install, as mentioned in the Quickstart Guide, there is a new manifest to be created: csi-operator.yaml
- If installing with the helm chart, the Ceph CSI operator will automatically be installed by default with the new helm setting csi.rookUseCsiOperator in the rook-ceph chart.
- If a blocking issue is found, the previous CSI driver can be re-enabled by setting ROOK_USE_CSI_OPERATOR: false in operator.yaml or by applying the helm setting csi.rookUseCsiOperator: false.
Ceph CSI v3.15 has a range of features and improvements for the RBD, CephFS, and NFS drivers. This release is supported both by the Ceph CSI operator and Rook's direct mode of configuration. Starting in the next release (at the end of the year), the Ceph CSI operator will be required to configure the CSI driver.
CephX key rotation is now available as an experimental feature for the CephX authentication keys used by Ceph daemons and clients. Users will begin to see new cephx status items on some Rook resources in newly-deployed Rook clusters. Users can also find spec.security.cephx settings that allow initiating CephX key rotation for various Ceph components. Full documentation for key rotation can be found here.
- Ceph version v19.2.3+ is required for key rotation.
- The Ceph admin and mon keys cannot yet be rotated. Implementation is still in progress while in experimental mode.
Add support for specifying the clusterID in the CephBlockPoolRadosNamespace and the CephFilesystemSubVolumeGroup CR.
When a mon is being failed over, if the assigned node no longer exists, the mon is failed over immediately instead of waiting for a
20 minute timeout.
Support for Ceph Tentacle v20 will be available as soon as it is released.

`v1.17.9`

Compare Source

Improvements

Rook v1.17.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

pool: Retry pool status updates in the radosnamespace controller (#16700, @parth-gr)
object: Fix user quotas being overwritten when OBC bucketOwner is set (#16672, @jhoblitt)
mon: Wait for the canary pods to be terminated (#16619, @sp98)
mon: Respond quickly to the mon canary pod deletion (#16629, @travisn)
namespace: Blocklist ip:nonce in cleanup job (#16532, @Madhu-1)
core: Fix typos in ObjectZoneSpec.ZoneGroup and ObjectZoneGroupSpec.Realm field descriptions (#16496, @jhoblitt)

`v1.17.8`

Compare Source

Improvements

Rook v1.17.8 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

helm: Enable host network for OpenShift if needed (#16343, @travisn)
pool: Allow CephBlockPool CR removal when underlying Ceph pool is already removed (#16329, @degorenko)
core: Set erasure-code-profile plugin based on pool algorithm (#16104, @BenoitKnecht)
csi: Add CrossNamespaceVolumeDataSource feature gate (#16244, @CL0Pinette)
object: Mark realm as default to avoid zone creation (#16069, @OdedViner)
object: Simplify CephObjectStoreUser deletion logic (#16052, @jhoblitt)
object: Fix bucket policy in sync detection (#16220, @jhoblitt)
cleanup: Mount udev to cleanup job and disable udev sync (#16293, @degorenko)
cleanup: Improve cleanup of /var/lib/rook during cluster teardown (#16201, @OdedViner)
cleanup: Cleanup csi folders from /var/lib/rook during uninstall (#16260, @OdedViner)

`v1.17.7`

Compare Source

Improvements

Rook v1.17.7 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

Important: There is a known issue in Ceph v19.2.3 where object store bucket lifecycle deletion does not take effect. See #16188 for more details.

core: Update ceph version to v19.2.3 (#16186, @travisn)
csi: Update ceph-csi to 3.14.2 (#16157, @Madhu-1)
osd: Exclude labels with a value of null from the topology string (#16109, @hit1943)
rgw: Increase timeout for admin user creation (#16203, @travisn)
core: Log panics that were previously hidden during controller reconcile (#16150, @OdedViner)
mds: Use bash for executing liveness probe script (#16146, @xose)
helm: Correct example discover daemon resources (#16123, @swills)
helm Update SecurityContextConstraints for rook-ceph helm chart (#16153, @masonwb)
multus: Support copy file to cmd-proxy container for rgw zone set (#16133, @arttor)
mds: Fix nil pointer panic when startupProbe is set in cephfilesystem (#16144, @OdedViner)
core: Update go modules to latest except for go 1.24 (#16140, @travisn)
helm: Add HTTPRoute for dashboard and objectstore (#16135, @synthe102)
osd: Treat non existing OSD nodes as drained (#16087, @elias-dbx)
test: Add pathType with ingress dashboard host (#16129, @subhamkrai)
docs: Document how a storage class can consume a SubVolumeGroup (#16079, @raaizik)

`v1.17.6`

Compare Source

Improvements

Rook v1.17.6 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

mon: Failover with host network must use different node (#16056, @travisn)
osd: Wipe new Ceph metadata in cleanup job disk shredding (#15666, @puskunalis)
operator: Add missing udev env to discover pod (#16105, @subhamkrai)
mon: Allow running mon pods as root (#15846, @patrostkowski)
core: CephObjectRealm controller generated generated AccessKey invalid chars (#16078, @raaizik)
csi: Provide a flag to skip csi user creation (#16061, @Madhu-1)
ceph: Provide an option to specify the secretName in the cephClient CR (#16059, @Madhu-1)
csi: Update csi version to 3.14.1 (#16050, @Madhu-1)
exporter: Add Hostnetwork bool to ceph-exporter (#16025, @adilGhaffarDev)
object: Allow deletion of CephObjectStoreUser even if secret is missing (#16038, @OdedViner)
helm: Merge helm indexes instead of recreating for every release (#16041, @obnoxxx)

`v1.17.5`

Compare Source

Improvements

Rook v1.17.5 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

build: merge helm indexes instead of recreating for every release (#16033, @obnoxxx)
rbd: Blocklist rados namespace image watchers during removal (#16009, @sp98)
namespace: Report empty condition for rados namespace (#16013, @travisn)
osd: Update the table of allowed configurations (#16005, @satoru-takeuchi)
pool: Support targetSizeRatio=0 and default compressionMode (#15951, @OdedViner)
core: Correct rados namespace log message (#15996, @OdedViner)
rbdmirror: Fix the nil point error check during status updates (#15989, @parth-gr)
helm: Use nested if clauses in prometheusrule template (#15979, @hedgieinsocks)
helm: allow prometheusrule edits (#15928, @hedgieinsocks)
ci: Use latest helm version v3.18 for helm builds (#15952, @obnoxxx)
osd: Allow wiping encrypted osd disk from another cluster (#15972, @sp98)
osd: Clean osd disks before reinstalling cluster (#15796, @sp98)
csi: Replace hardcoded imagePullPolicy with dynamic Go template (#15962, @praveen21b)

`v1.17.4`

Compare Source

Improvements

Rook v1.17.4 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

nfs: Remove duplicate short NFS CRD name (#15926, @parth-gr)
core: ensure consistent LeastUptodateDaemonVersion (#15931, @BlaineEXE)
nfs: Use tabs instead of spaces in nfs rgw config (#15934, @parth-gr)
helm: Add custom labels for toolbox deployment in rook-ceph-cluster chart (#15914, @jurim76)
osd: Debug log for long image names in label (#15887, @travisn)

`v1.17.3`

Compare Source

Improvements

Rook v1.17.3 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

core: Add short names to rook CRDs (#15888, @patrostkowski)
csi: Update Kubernetes CSI sidecar images to current versions (#15878, @nixpanic)
mgr: Continue cluster reconcile even if prometheus not installed causing service monitor to fail creation (#15862, @travisn)
core: Allow deletion of subvolumegroups or rados namespaces if another CR references the same resource (#15853, @subhamkrai)
helm: quote object store ingress host (#15908, @synthe102)
osd: Don't set dmcrypt environment variable in prepare pod job spec (#15907, @subhamkrai)
nfs: Fix the skip reconcile for nfs daemons (#15909, @parth-gr)
nfs: Skip NFS daemon reconciliation when labeled with skip-reconcile (#15889, @patrostkowski)
core: Improve reporting for reconcile requeue cases (#15884, @OdedViner)
csi: Enable CSI metadata injection setting by default (#15867, @OdedViner)
core: Fix golangci-lint check ST1005 (#15875, @cbarria)
osd: During PVC resize wait for a short time to restart OSDs (#15824, @parth-gr)
rbdmirror: Update mirroring status on pools and rados namespaces for latest ceph changes (#15858, @parth-gr)
crd: Allow network provider to be set to blank (#15842, @yifeng-cerebras)

`v1.17.2`

Compare Source

Improvements

Rook v1.17.2 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

block: Add more deletion conditions to blockpool and radosnamespace status (#15817, @travisn)
object: fix uppercase serialization of fields in KafkaEndpointSpec (#15815, @jhoblitt)
cephfs: Update ceph-csi CephFS caps to include executable permission (#15793, @flx5)
object: Change CephObjectStore "foo" found log level to debug (#15829, @jhoblitt)
rgw: Use pod name in ops log filename (#15605, @arttor)
exporter: Add name to containerPort (#15801, @jrcichra)
rbdmirror: Log message clarification with namespace (#15798, @subhamkrai)
osd: Fix osd disk cleanup for mpath setups (#15761, @sp98)
ci: Add test support for latest K8s version 1.33 (#15795, @subhamkrai)

`v1.17.1`

Compare Source

Improvements

Rook v1.17.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

cluster: Specify sensitive ceph config in the CephCluster CR via secrets (#15696, @patrostkowski)
object: Lower retry log verbosity in notification OBC controller (#15764, @BlaineEXE)
object: Log all reconcile errors during object store creation (#15747, @travisn)
docs: Update Prometheus Operator to v0.82.0 (#15750, @OdedViner)
build: Set correct helm version tag for the release (#15748, @travisn)
build: Stop publishing release artifacts for non-released builds (#15742, @travisn)

`v1.17.0`

Compare Source

Upgrade Guide

To upgrade from previous versions of Rook, see the Rook upgrade guide.

Breaking Changes

Kubernetes v1.28 is now the minimum version supported by Rook through the soon-to-be K8s release v1.33.
Several ObjectBucketClaim options were added previously in Rook v1.16 that allowed more control over buckets. These controls allow users to self-serve their own S3 policies. Administrators may consider this flexibility a risk, depending on their environment. Rook now disables these options by default to ensure the safest off-the-shelf configurations. To enable the full range of OBC configurations, the new setting ROOK_OBC_ALLOW_ADDITIONAL_CONFIG_FIELDS must be set to enable users to set all of these options. For more details, see the OBC additionalConfig documentation.
First-class credential management added to CephObjectStoreUser resources, allowing multiple credentials and declarative credential rotation. For more details, see Managing User S3 Credentials. As a result, existing S3 users provisioned via CephObjectStoreUser resources no longer allow multiple credentials to exist on underlying S3 users, unless explicitly managed by Rook. Rook will purge all but one of the undeclared credentials. This could be a user observable regression for administrators who manually edited/rotated S3 user credentials for CephObjectStoreUsers, and affected users can make use of the new credential management feature as an alternative.
Kafka notifications configured via CephBucketTopic resources will now default to setting the Kafka authentication mechanism to PLAIN. Previously, no auth mechanism was specified by default. It was possible to set the auth mechanism via CephBucketTopic.spec.endpoint.kafka.opaqueData. However, setting &mechanism=<auth type> via opaqueData is no longer possible. If any auth mechanism other than PLAIN is in use, modification to CephBucketTopic resources is required.

Features

The name of a pre-existing Ceph RGW user account can be set as the bucket owner on an ObjectBucketClaim (OBC), rather than a unique RGW user being created for every bucket. A CephObjectStoreUser resource may be used to create the Ceph RGW user account which will be specified on the OBC. If the bucket owner is set on a bucket that already exists and is owned by a different user, the bucket will be re-linked to the specified user.
The Ceph CSI 3.14 release has a number of features and improvements for RBD and CephFS volumes, volume snapshots, and many more areas. See the Ceph CSI 3.14 release notes for more details.
External mons: In some two-datacenter clusters, there is no option to start an arbiter mon in an independent K8s node to configure a proper stretch cluster. The external mons now allow a mon to be configured outside the Kubernetes cluster, while Rook manages everything else inside the cluster. For more details, see the External Mon documentation. This feature is in currently in experimental mode.
DNS resolution for mons: Allows clients outside the K8s cluster to resolve mon endpoints via DNS without requiring manual updates to the list of mon endpoints. This helps in scenarios such as virtual machine live migration. The Ceph client can connect to rook-ceph-active-mons..svc.cluster.local to dynamically resolve mon endpoints and receive automatic updates when mon IPs change. To configure this DNS resolution, see Tracking Mon Endpoints.
Node-specific ceph.conf overrides: The ceph.conf overrides can now be customized per-node. This may be helpful for some ceph.conf settings that need to be unique per node depending on the hardware. This can be configured by creating a node-specific configmap that will be loaded for all OSDs and OSD prepare jobs on that node, instead of the default settings that are loaded from the rook-config-override configmap.

`v1.16.9`

Compare Source

Improvements

Rook v1.16.9 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

discover: Delete ceph-volume log to reduce discover daemon log size (#16276, @anshuman-agarwala)
core: Update go modules needed for security checks (#16140, @travisn)
core: CephObjectRealm controller generated generated AccessKey invalid chars (#16078, @raaizik)
exporter: Add Hostnetwork bool to ceph-exporter (#16025, @adilGhaffarDev)

`v1.16.8`

Compare Source

Improvements

Rook v1.16.8 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator.

rbdmirror: Nil pointer check during status updates (#15989, @parth-gr)
core: ensure consistent LeastUptodateDaemonVersion (#15931, @BlaineEXE)
exporter: Add name to the exporter container port (#15801, @jrcichra)
osd: Fix osd disk cleanup for mpath setups (#15761, @sp98)
object: Log all reconcile errors during object store creation (#15747, @travisn)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

github-actions · 2025-08-21T00:15:56Z

--- kubernetes/rook-ceph Kustomization: flux-system/2-rook-ceph HelmRelease: rook-ceph/rook-ceph

+++ kubernetes/rook-ceph Kustomization: flux-system/2-rook-ceph HelmRelease: rook-ceph/rook-ceph

@@ -11,13 +11,13 @@

   chart:
     spec:
       chart: rook-ceph
       sourceRef:
         kind: HelmRepository
         name: rook-ceph
-      version: v1.16.7
+      version: v1.18.7
   install:
     crds: CreateReplace
   interval: 1h
   maxHistory: 1
   upgrade:
     crds: CreateReplace

github-actions · 2025-08-21T00:16:10Z

--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-osd

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-osd

@@ -1,13 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-osd
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-mgr

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-mgr

@@ -1,13 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-mgr
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-cmd-reporter

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-cmd-reporter

@@ -1,13 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-cmd-reporter
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-purge-osd

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-purge-osd

@@ -1,7 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-purge-osd
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-rgw

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-rgw

@@ -1,13 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-rgw
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-default

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-default

@@ -1,10 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-default
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-ceph-system

@@ -1,13 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-ceph-system
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-cephfs-plugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-cephfs-plugin-sa

@@ -1,7 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-csi-cephfs-plugin-sa
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-cephfs-provisioner-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-cephfs-provisioner-sa

@@ -1,7 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-csi-cephfs-provisioner-sa
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-rbd-plugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-rbd-plugin-sa

@@ -1,7 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-csi-rbd-plugin-sa
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-rbd-provisioner-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/rook-csi-rbd-provisioner-sa

@@ -1,7 +1,15 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: rook-csi-rbd-provisioner-sa
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/objectstorage-provisioner

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/objectstorage-provisioner

@@ -1,9 +1,9 @@

 ---
+kind: ServiceAccount
 apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: objectstorage-provisioner
   namespace: rook-ceph
   labels:
     app.kubernetes.io/part-of: container-object-storage-interface
     app.kubernetes.io/component: driver-ceph
--- HelmRelease: rook-ceph/rook-ceph ConfigMap: rook-ceph/rook-ceph-operator-config

+++ HelmRelease: rook-ceph/rook-ceph ConfigMap: rook-ceph/rook-ceph-operator-config

@@ -1,18 +1,28 @@

 ---
 kind: ConfigMap
 apiVersion: v1
 metadata:
   name: rook-ceph-operator-config
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 data:
   ROOK_LOG_LEVEL: INFO
   ROOK_CEPH_COMMANDS_TIMEOUT_SECONDS: '15'
   ROOK_OBC_WATCH_OPERATOR_NAMESPACE: 'true'
+  ROOK_OBC_ALLOW_ADDITIONAL_CONFIG_FIELDS: maxObjects,maxSize
   ROOK_CEPH_ALLOW_LOOP_DEVICES: 'false'
   ROOK_ENABLE_DISCOVERY_DAEMON: 'false'
+  ROOK_USE_CSI_OPERATOR: 'true'
   ROOK_CSI_ENABLE_RBD: 'true'
   ROOK_CSI_ENABLE_CEPHFS: 'true'
   ROOK_CSI_DISABLE_DRIVER: 'false'
   CSI_ENABLE_CEPHFS_SNAPSHOTTER: 'true'
   CSI_ENABLE_NFS_SNAPSHOTTER: 'true'
   CSI_ENABLE_RBD_SNAPSHOTTER: 'true'
@@ -24,21 +34,22 @@

   CSI_ENABLE_VOLUME_GROUP_SNAPSHOT: 'true'
   CSI_PLUGIN_PRIORITY_CLASSNAME: system-node-critical
   CSI_PROVISIONER_PRIORITY_CLASSNAME: system-cluster-critical
   CSI_RBD_FSGROUPPOLICY: File
   CSI_CEPHFS_FSGROUPPOLICY: File
   CSI_NFS_FSGROUPPOLICY: File
-  ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.13.1
+  ROOK_CSI_CEPH_IMAGE: quay.io/cephcsi/cephcsi:v3.15.0
   ROOK_CSI_REGISTRAR_IMAGE: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.13.0
-  ROOK_CSI_PROVISIONER_IMAGE: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0
-  ROOK_CSI_SNAPSHOTTER_IMAGE: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0
-  ROOK_CSI_ATTACHER_IMAGE: registry.k8s.io/sig-storage/csi-attacher:v4.8.0
-  ROOK_CSI_RESIZER_IMAGE: registry.k8s.io/sig-storage/csi-resizer:v1.13.1
+  ROOK_CSI_PROVISIONER_IMAGE: registry.k8s.io/sig-storage/csi-provisioner:v5.2.0
+  ROOK_CSI_SNAPSHOTTER_IMAGE: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.1
+  ROOK_CSI_ATTACHER_IMAGE: registry.k8s.io/sig-storage/csi-attacher:v4.8.1
+  ROOK_CSI_RESIZER_IMAGE: registry.k8s.io/sig-storage/csi-resizer:v1.13.2
   ROOK_CSI_IMAGE_PULL_POLICY: IfNotPresent
   CSI_ENABLE_CSIADDONS: 'false'
-  ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.11.0
+  ROOK_CSIADDONS_IMAGE: quay.io/csiaddons/k8s-sidecar:v0.13.0
+  CSI_ENABLE_CROSS_NAMESPACE_VOLUME_DATA_SOURCE: 'false'
   CSI_ENABLE_TOPOLOGY: 'false'
   ROOK_CSI_ENABLE_NFS: 'false'
   CSI_PLUGIN_TOLERATIONS: |-
     - effect: NoSchedule
       key: node-role.kubernetes.io/control-plane
       operator: Exists
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-system

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-system
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-cluster-mgmt

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-cluster-mgmt

@@ -1,14 +1,16 @@

 ---
+kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
 metadata:
   name: rook-ceph-cluster-mgmt
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-global

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-global

@@ -1,14 +1,16 @@

 ---
+kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
 metadata:
   name: rook-ceph-global
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
@@ -21,18 +23,21 @@

   verbs:
   - get
   - list
   - watch
 - apiGroups:
   - ''
+  - discovery.k8s.io
   resources:
   - events
   - persistentvolumes
   - persistentvolumeclaims
   - endpoints
   - services
+  - endpointslices
+  - endpointslices/restricted
   verbs:
   - get
   - list
   - watch
   - patch
   - create
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-mgr-cluster

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-mgr-cluster

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr-cluster
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-mgr-system

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-mgr-system

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr-system
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - configmaps
   verbs:
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-object-bucket

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-object-bucket

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-object-bucket
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-osd

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rook-ceph-osd

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-osd
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - nodes
   verbs:
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-csi-nodeplugin

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-csi-nodeplugin

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-csi-nodeplugin
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - nodes
   verbs:
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-external-provisioner-runner

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/cephfs-external-provisioner-runner

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-external-provisioner-runner
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - secrets
   verbs:
@@ -161,7 +169,13 @@

 - apiGroups:
   - ''
   resources:
   - serviceaccounts/token
   verbs:
   - create
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
 
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rbd-csi-nodeplugin

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rbd-csi-nodeplugin

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-nodeplugin
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
@@ -52,7 +54,13 @@

 - apiGroups:
   - ''
   resources:
   - nodes
   verbs:
   - get
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
 
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rbd-external-provisioner-runner

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/rbd-external-provisioner-runner

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-external-provisioner-runner
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - secrets
   verbs:
@@ -169,7 +177,37 @@

   resources:
   - nodes
   verbs:
   - get
   - list
   - watch
+- apiGroups:
+  - gateway.networking.k8s.io
+  resources:
+  - referencegrants
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationcontents
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
 
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rook-ceph-mgr-cluster

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rook-ceph-mgr-cluster

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr-cluster
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: rook-ceph-mgr-cluster
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rook-ceph-osd

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rook-ceph-osd

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-osd
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: rook-ceph-osd
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rook-ceph-system

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-system
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rook-ceph-global

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rook-ceph-global

@@ -3,12 +3,14 @@

 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-global
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rook-ceph-object-bucket

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rook-ceph-object-bucket

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-object-bucket
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: rook-ceph-object-bucket
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rbd-csi-nodeplugin

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rbd-csi-nodeplugin

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-nodeplugin
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-rbd-plugin-sa
   namespace: rook-ceph
 roleRef:
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/cephfs-csi-provisioner-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/cephfs-csi-provisioner-role

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-csi-provisioner-role
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-cephfs-provisioner-sa
   namespace: rook-ceph
 roleRef:
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/cephfs-csi-nodeplugin-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/cephfs-csi-nodeplugin-role

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-csi-nodeplugin-role
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-cephfs-plugin-sa
   namespace: rook-ceph
 roleRef:
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rbd-csi-provisioner-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/rbd-csi-provisioner-role

@@ -1,11 +1,19 @@

 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-provisioner-role
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-rbd-provisioner-sa
   namespace: rook-ceph
 roleRef:
   kind: ClusterRole
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-osd

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-osd

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-osd
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - secrets
   verbs:
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-mgr

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-mgr

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - pods
   - services
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-cmd-reporter

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-cmd-reporter

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-cmd-reporter
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - pods
   - configmaps
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-purge-osd

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-purge-osd

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-purge-osd
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
   resources:
   - configmaps
   verbs:
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-monitoring

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-monitoring

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-monitoring
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - monitoring.coreos.com
   resources:
   - servicemonitors
   verbs:
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-monitoring-mgr

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-monitoring-mgr

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-monitoring-mgr
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - monitoring.coreos.com
   resources:
   - servicemonitors
   verbs:
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rook-ceph-system

@@ -1,15 +1,17 @@

 ---
+kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
 metadata:
   name: rook-ceph-system
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - ''
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/cephfs-external-provisioner-cfg

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/cephfs-external-provisioner-cfg

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-external-provisioner-cfg
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - coordination.k8s.io
   resources:
   - leases
   verbs:
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rbd-external-provisioner-cfg

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/rbd-external-provisioner-cfg

@@ -1,12 +1,20 @@

 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-external-provisioner-cfg
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 rules:
 - apiGroups:
   - coordination.k8s.io
   resources:
   - leases
   verbs:
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-cluster-mgmt

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-cluster-mgmt

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-cluster-mgmt
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: rook-ceph-cluster-mgmt
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-osd

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-osd

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-osd
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-osd
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-mgr

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-mgr

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-mgr
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-mgr-system

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-mgr-system

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-mgr-system
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: rook-ceph-mgr-system
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-cmd-reporter

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-cmd-reporter

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-cmd-reporter
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-cmd-reporter
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-purge-osd

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-purge-osd

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-purge-osd
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-purge-osd
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-monitoring

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-monitoring

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-monitoring
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-monitoring
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-monitoring-mgr

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-monitoring-mgr

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rook-ceph-monitoring-mgr
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: rook-ceph-monitoring-mgr
 subjects:
 - kind: ServiceAccount
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-system

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rook-ceph-system

@@ -4,12 +4,14 @@

 metadata:
   name: rook-ceph-system
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/cephfs-csi-provisioner-role-cfg

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/cephfs-csi-provisioner-role-cfg

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cephfs-csi-provisioner-role-cfg
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-cephfs-provisioner-sa
   namespace: rook-ceph
 roleRef:
   kind: Role
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rbd-csi-provisioner-role-cfg

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/rbd-csi-provisioner-role-cfg

@@ -1,12 +1,20 @@

 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: rbd-csi-provisioner-role-cfg
   namespace: rook-ceph
+  labels:
+    operator: rook
+    storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/part-of: rook-ceph-operator
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/created-by: helm
 subjects:
 - kind: ServiceAccount
   name: rook-csi-rbd-provisioner-sa
   namespace: rook-ceph
 roleRef:
   kind: Role
--- HelmRelease: rook-ceph/rook-ceph Deployment: rook-ceph/rook-ceph-operator

+++ HelmRelease: rook-ceph/rook-ceph Deployment: rook-ceph/rook-ceph-operator

@@ -1,15 +1,17 @@

 ---
+kind: Deployment
 apiVersion: apps/v1
-kind: Deployment
 metadata:
   name: rook-ceph-operator
   namespace: rook-ceph
   labels:
     operator: rook
     storage-backend: ceph
+    app.kubernetes.io/name: rook-ceph
+    app.kubernetes.io/instance: rook-ceph
     app.kubernetes.io/part-of: rook-ceph-operator
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/created-by: helm
 spec:
   replicas: 1
   selector:
@@ -26,13 +28,13 @@

       - effect: NoExecute
         key: node.kubernetes.io/unreachable
         operator: Exists
         tolerationSeconds: 5
       containers:
       - name: rook-ceph-operator
-        image: docker.io/rook/ceph:v1.16.7
+        image: docker.io/rook/ceph:v1.18.7
         imagePullPolicy: IfNotPresent
         args:
         - ceph
         - operator
         securityContext:
           capabilities:
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-cephfs-ctrlplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-cephfs-ctrlplugin-sa

@@ -0,0 +1,10 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-cephfs-ctrlplugin-sa
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-cephfs-nodeplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-cephfs-nodeplugin-sa

@@ -0,0 +1,10 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-cephfs-nodeplugin-sa
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-controller-manager

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-controller-manager

@@ -0,0 +1,10 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-controller-manager
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-nfs-ctrlplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-nfs-ctrlplugin-sa

@@ -0,0 +1,10 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-nfs-ctrlplugin-sa
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-nfs-nodeplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-nfs-nodeplugin-sa

@@ -0,0 +1,10 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-nfs-nodeplugin-sa
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-rbd-ctrlplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-rbd-ctrlplugin-sa

@@ -0,0 +1,10 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-rbd-ctrlplugin-sa
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-rbd-nodeplugin-sa

+++ HelmRelease: rook-ceph/rook-ceph ServiceAccount: rook-ceph/ceph-csi-rbd-nodeplugin-sa

@@ -0,0 +1,10 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: ceph-csi-rbd-nodeplugin-sa
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephconnection-viewer-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephconnection-viewer-role

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-cephconnection-viewer-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephconnections-editor-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephconnections-editor-role

@@ -0,0 +1,29 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-cephconnections-editor-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephfs-ctrlplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephfs-ctrlplugin-cr

@@ -0,0 +1,202 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-cephfs-ctrlplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csinodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+  - update
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - update
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments/status
+  verbs:
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims/status
+  verbs:
+  - patch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshots
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - update
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephfs-nodeplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-cephfs-nodeplugin-cr

@@ -0,0 +1,58 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-cephfs-nodeplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumes
+  - persistentvolumeclaims
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-clientprofile-viewer-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-clientprofile-viewer-role

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-clientprofile-viewer-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofiles
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofiles/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-clientprofilemapping-editor-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-clientprofilemapping-editor-role

@@ -0,0 +1,29 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-clientprofilemapping-editor-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-clientprofilemapping-viewer-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-clientprofilemapping-viewer-role

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-clientprofilemapping-viewer-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-clientprofiles-editor-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-clientprofiles-editor-role

@@ -0,0 +1,29 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-clientprofiles-editor-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofiles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofiles/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-driver-editor-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-driver-editor-role

@@ -0,0 +1,29 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-driver-editor-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - drivers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - drivers/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-driver-viewer-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-driver-viewer-role

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-driver-viewer-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - drivers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - drivers/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-manager-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-manager-role

@@ -0,0 +1,107 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-manager-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cbt.storage.k8s.io
+  resources:
+  - snapshotmetadataservices
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - cephconnections
+  verbs:
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings
+  - clientprofiles
+  - drivers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings/finalizers
+  - clientprofiles/finalizers
+  - drivers/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - clientprofilemappings/status
+  - clientprofiles/status
+  - drivers/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csidrivers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-metrics-auth-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-metrics-auth-role

@@ -0,0 +1,23 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-metrics-auth-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-metrics-reader

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-metrics-reader

@@ -0,0 +1,15 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-metrics-reader
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-nfs-ctrlplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-nfs-ctrlplugin-cr

@@ -0,0 +1,138 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-nfs-ctrlplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - update
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csinodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshots
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims/status
+  verbs:
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments/status
+  verbs:
+  - patch
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-nfs-nodeplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-nfs-nodeplugin-cr

@@ -0,0 +1,17 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-nfs-nodeplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-operatorconfig-editor-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-operatorconfig-editor-role

@@ -0,0 +1,29 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-operatorconfig-editor-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-operatorconfig-viewer-role

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-operatorconfig-viewer-role

@@ -0,0 +1,25 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-operatorconfig-viewer-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csi.ceph.io
+  resources:
+  - operatorconfigs/status
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-rbd-ctrlplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-rbd-ctrlplugin-cr

@@ -0,0 +1,231 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-rbd-ctrlplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - patch
+  - update
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments/status
+  verbs:
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csinodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims/status
+  verbs:
+  - patch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshots
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - patch
+  - update
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.openshift.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationcontents
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - replication.storage.openshift.io
+  resources:
+  - volumegroupreplicationclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - cbt.storage.k8s.io
+  resources:
+  - snapshotmetadataservices
+  verbs:
+  - get
+  - list
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-rbd-nodeplugin-cr

+++ HelmRelease: rook-ceph/rook-ceph ClusterRole: rook-ceph/ceph-csi-rbd-nodeplugin-cr

@@ -0,0 +1,78 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ceph-csi-rbd-nodeplugin-cr
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ''
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - get
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - list
+  - watch
+  - create
+  - update
+  - patch
+- apiGroups:
+  - ''
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-cephfs-ctrlplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-cephfs-ctrlplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-cephfs-ctrlplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-cephfs-nodeplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-cephfs-nodeplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-cephfs-nodeplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-manager-rolebinding

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-manager-rolebinding

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-manager-rolebinding
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-manager-role
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-controller-manager
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-metrics-auth-rolebinding

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-metrics-auth-rolebinding

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-metrics-auth-rolebinding
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-metrics-auth-role
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-controller-manager
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-nfs-ctrlplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-nfs-ctrlplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-nfs-ctrlplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-nfs-ctrlplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-nfs-ctrlplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-nfs-nodeplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-nfs-nodeplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-nfs-nodeplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-nfs-nodeplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-nfs-nodeplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-rbd-ctrlplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-rbd-ctrlplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-rbd-ctrlplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-crb

+++ HelmRelease: rook-ceph/rook-ceph ClusterRoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-crb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ceph-csi-rbd-nodeplugin-crb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ceph-csi-rbd-nodeplugin-cr
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-rbd-nodeplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-cephfs-ctrlplugin-r

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-cephfs-ctrlplugin-r

@@ -0,0 +1,52 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ceph-csi-cephfs-ctrlplugin-r
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - watch
+  - list
+  - delete
+  - update
+  - create
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - csiaddonsnodes
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  - daemonsets/finalizers
+  verbs:
+  - update
+
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-cephfs-nodeplugin-r

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-cephfs-nodeplugin-r

@@ -0,0 +1,41 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ceph-csi-cephfs-nodeplugin-r
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - csiaddonsnodes
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  - daemonsets/finalizers
+  verbs:
+  - update
+
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-leader-election-role

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-leader-election-role

@@ -0,0 +1,42 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ceph-csi-leader-election-role
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-rbd-ctrlplugin-r

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-rbd-ctrlplugin-r

@@ -0,0 +1,52 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ceph-csi-rbd-ctrlplugin-r
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - watch
+  - list
+  - delete
+  - update
+  - create
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - csiaddonsnodes
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  - daemonsets/finalizers
+  verbs:
+  - update
+
--- HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-rbd-nodeplugin-r

+++ HelmRelease: rook-ceph/rook-ceph Role: rook-ceph/ceph-csi-rbd-nodeplugin-r

@@ -0,0 +1,41 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ceph-csi-rbd-nodeplugin-r
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - csiaddonsnodes
+  verbs:
+  - get
+  - watch
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  - daemonsets/finalizers
+  verbs:
+  - update
+
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-cephfs-ctrlplugin-rb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ceph-csi-cephfs-ctrlplugin-rb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ceph-csi-cephfs-ctrlplugin-r
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-cephfs-ctrlplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-cephfs-nodeplugin-rb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ceph-csi-cephfs-nodeplugin-rb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ceph-csi-cephfs-nodeplugin-r
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-cephfs-nodeplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-leader-election-rolebinding

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-leader-election-rolebinding

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ceph-csi-leader-election-rolebinding
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ceph-csi-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-controller-manager
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-rbd-ctrlplugin-rb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ceph-csi-rbd-ctrlplugin-rb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ceph-csi-rbd-ctrlplugin-r
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-rbd-ctrlplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-rb

+++ HelmRelease: rook-ceph/rook-ceph RoleBinding: rook-ceph/ceph-csi-rbd-nodeplugin-rb

@@ -0,0 +1,18 @@

+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ceph-csi-rbd-nodeplugin-rb
+  labels:
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ceph-csi-rbd-nodeplugin-r
+subjects:
+- kind: ServiceAccount
+  name: ceph-csi-rbd-nodeplugin-sa
+  namespace: rook-ceph
+
--- HelmRelease: rook-ceph/rook-ceph Deployment: rook-ceph/ceph-csi-controller-manager

+++ HelmRelease: rook-ceph/rook-ceph Deployment: rook-ceph/ceph-csi-controller-manager

@@ -0,0 +1,75 @@

+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ceph-csi-controller-manager
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: ceph-csi
+    app.kubernetes.io/instance: rook-ceph
+    app.kubernetes.io/managed-by: Helm
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      control-plane: ceph-csi-op-controller-manager
+      app.kubernetes.io/name: ceph-csi
+      app.kubernetes.io/instance: rook-ceph
+  template:
+    metadata:
+      labels:
+        control-plane: ceph-csi-op-controller-manager
+        app.kubernetes.io/name: ceph-csi
+        app.kubernetes.io/instance: rook-ceph
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+    spec:
+      containers:
+      - args:
+        - --leader-elect
+        command:
+        - /manager
+        env:
+        - name: OPERATOR_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CSI_SERVICE_ACCOUNT_PREFIX
+          value: ceph-csi-
+        - name: WATCH_NAMESPACE
+          value: ''
+        - name: KUBERNETES_CLUSTER_DOMAIN
+          value: cluster.local
+        image: quay.io/cephcsi/ceph-csi-operator:v0.4.1
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: manager
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+      imagePullSecrets: []
+      securityContext:
+        runAsNonRoot: true
+      serviceAccountName: ceph-csi-controller-manager
+      terminationGracePeriodSeconds: 10
+

timtor-bot changed the title ~~chore(deps): update helm release rook-ceph to v1.18.0~~ chore(deps): update helm release rook-ceph to v1.18.1 Aug 30, 2025

timtor-bot force-pushed the renovate/minor-1.18-rook-ceph branch from 8f64996 to f8e3f05 Compare August 30, 2025 00:15

timtor-bot changed the title ~~chore(deps): update helm release rook-ceph to v1.18.1~~ chore(deps): update helm release rook-ceph to v1.18.2 Sep 11, 2025

timtor-bot force-pushed the renovate/minor-1.18-rook-ceph branch from f8e3f05 to 12bffcf Compare September 11, 2025 00:15

timtor-bot changed the title ~~chore(deps): update helm release rook-ceph to v1.18.2~~ chore(deps): update helm release rook-ceph to v1.18.3 Oct 3, 2025

timtor-bot force-pushed the renovate/minor-1.18-rook-ceph branch from 12bffcf to ace9cdd Compare October 3, 2025 00:16

timtor-bot changed the title ~~chore(deps): update helm release rook-ceph to v1.18.3~~ chore(deps): update helm release rook-ceph to v1.18.4 Oct 7, 2025

timtor-bot force-pushed the renovate/minor-1.18-rook-ceph branch from ace9cdd to 1c9b1f2 Compare October 7, 2025 00:16

timtor-bot changed the title ~~chore(deps): update helm release rook-ceph to v1.18.4~~ chore(deps): update helm release rook-ceph to v1.18.5 Oct 24, 2025

timtor-bot force-pushed the renovate/minor-1.18-rook-ceph branch from 1c9b1f2 to a8002c5 Compare October 24, 2025 00:15

timtor-bot changed the title ~~chore(deps): update helm release rook-ceph to v1.18.5~~ chore(deps): update helm release rook-ceph to v1.18.6 Oct 29, 2025

timtor-bot force-pushed the renovate/minor-1.18-rook-ceph branch from a8002c5 to 90ab35b Compare October 29, 2025 00:17

chore(deps): update helm release rook-ceph to v1.18.7

a4386eb

timtor-bot changed the title ~~chore(deps): update helm release rook-ceph to v1.18.6~~ chore(deps): update helm release rook-ceph to v1.18.7 Nov 14, 2025

timtor-bot force-pushed the renovate/minor-1.18-rook-ceph branch from 90ab35b to a4386eb Compare November 14, 2025 00:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update helm release rook-ceph to v1.18.7 #778

chore(deps): update helm release rook-ceph to v1.18.7 #778

Uh oh!

timtor-bot commented Aug 21, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Aug 21, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Aug 21, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore(deps): update helm release rook-ceph to v1.18.7 #778

Are you sure you want to change the base?

chore(deps): update helm release rook-ceph to v1.18.7 #778

Uh oh!

Conversation

timtor-bot commented Aug 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Improvements

Improvements

Improvements

Improvements

Improvements

Improvements

Improvements

Upgrade Guide

Breaking Changes

Features

Improvements

Improvements

Improvements

Improvements

Improvements

Improvements

Improvements

Improvements

Improvements

Upgrade Guide

Breaking Changes

Features

Improvements

Improvements

Configuration

Uh oh!

github-actions bot commented Aug 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Aug 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

timtor-bot commented Aug 21, 2025 •

edited

Loading

github-actions bot commented Aug 21, 2025 •

edited

Loading

github-actions bot commented Aug 21, 2025 •

edited

Loading