diff --git a/ceph-adapter-rook/Chart.yaml b/ceph-adapter-rook/Chart.yaml index 2df80a44a..b31a1e1e3 100644 --- a/ceph-adapter-rook/Chart.yaml +++ b/ceph-adapter-rook/Chart.yaml @@ -15,6 +15,6 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceph Adapter Rook name: ceph-adapter-rook -version: 0.1.2 +version: 0.1.3 home: https://github.com/ceph/ceph ... diff --git a/ceph-adapter-rook/README.md b/ceph-adapter-rook/README.md index 0a1f457db..7a3e5b557 100644 --- a/ceph-adapter-rook/README.md +++ b/ceph-adapter-rook/README.md @@ -7,45 +7,12 @@ via CRDs which can be used for managing pools/keys/users etc. However Openstack-Helm charts do not utilize Rook CRDs but instead manage Ceph assets like pools/keyrings/users/buckets etc. by means of running bootstrap scripts. Before using Openstack-Helm charts we -have to provision a minimal set of assets like Ceph admin keys and -endpoints and this chart provides exactly this minimal set of templates. +have to provision a minimal set of assets like Ceph admin key and +Ceph client config. # Usage -Deploy Ceph admin key and Ceph mon endpoint in the namespace where Ceph cluster is deployed. -``` -tee > /tmp/ceph-adapter-rook-ceph.yaml < /tmp/ceph-adapter-rook-openstack.yaml < -create_kube_key ${CEPH_CLIENT_KEY} ${CEPH_KEYRING_NAME} ${CEPH_KEYRING_TEMPLATE} ${CEPH_KEYRING_ADMIN_NAME} - -function create_kube_storage_key () { - CEPH_KEYRING=$1 - KUBE_SECRET_NAME=$2 - - if ! kubectl get --namespace ${DEPLOYMENT_NAMESPACE} secrets ${KUBE_SECRET_NAME}; then - { - cat < -create_kube_storage_key ${CEPH_CLIENT_KEY} ${CEPH_STORAGECLASS_ADMIN_SECRET_NAME} - -{{ else }} - -echo "Not touching ${KUBE_SECRET_NAME} as this is not the initial deployment" - -{{ end }} diff --git a/ceph-adapter-rook/templates/configmap-bin.yaml b/ceph-adapter-rook/templates/configmap-bin.yaml index 235a1a2c4..c7375134a 100644 --- a/ceph-adapter-rook/templates/configmap-bin.yaml +++ b/ceph-adapter-rook/templates/configmap-bin.yaml @@ -20,11 +20,9 @@ kind: ConfigMap metadata: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} data: - keys-storage-keyring-manager.sh: | -{{ tuple "bin/_storage-keyring-manager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - provisioner-rbd-namespace-client-key-manager.sh: | -{{ tuple "bin/_namespace-client-key-manager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - provisioner-rbd-namespace-client-ceph-config-manager.sh: | -{{ tuple "bin/_namespace-client-ceph-config-manager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + key-manager.sh: | +{{ tuple "bin/_key-manager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + config-manager.sh: | +{{ tuple "bin/_config-manager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} \ No newline at end of file diff --git a/ceph-adapter-rook/templates/configmap-etc-client.yaml b/ceph-adapter-rook/templates/configmap-etc-client.yaml index c64308ad8..043aaf400 100644 --- a/ceph-adapter-rook/templates/configmap-etc-client.yaml +++ b/ceph-adapter-rook/templates/configmap-etc-client.yaml @@ -44,6 +44,6 @@ data: {{- end }} {{- end }} -{{- if .Values.manifests.configmap_etc }} -{{- list .Values.ceph_configmap_name . | include "ceph.configmap.etc" }} +{{- if .Values.manifests.configmap_etc_client }} +{{- list .Values.configmap_name . | include "ceph.configmap.etc" }} {{- end }} diff --git a/ceph-adapter-rook/templates/configmap-templates.yaml b/ceph-adapter-rook/templates/configmap-templates.yaml deleted file mode 100644 index 92b92a02b..000000000 --- a/ceph-adapter-rook/templates/configmap-templates.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.configmap_templates }} -{{- $envAll := . }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-%s" $envAll.Release.Name "templates" | quote }} -data: - admin.keyring: | -{{ .Values.conf.templates.keyring.admin | indent 4 }} -{{- end }} diff --git a/ceph-adapter-rook/templates/job-namespace-client-ceph-config.yaml b/ceph-adapter-rook/templates/job-namespace-client-ceph-config.yaml index ff60c1e4a..18dc78c06 100644 --- a/ceph-adapter-rook/templates/job-namespace-client-ceph-config.yaml +++ b/ceph-adapter-rook/templates/job-namespace-client-ceph-config.yaml @@ -17,8 +17,8 @@ limitations under the License. {{- $randStringSuffix := randAlphaNum 5 | lower }} -{{- $serviceAccountName := print $envAll.Release.Name "-ceph-ns-ceph-config-generator" }} -{{ tuple $envAll "namespace_client_ceph_config_generator" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $serviceAccountName := print $envAll.Release.Name "-namespace-client-ceph-config" }} +{{ tuple $envAll "namespace_client_ceph_config" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -52,12 +52,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }} - namespace: {{ .Values.admin_secret_namespace }} + namespace: {{ .Values.ceph_cluster_namespace }} rules: - apiGroups: - "" resources: - - endpoints + - configmaps verbs: - get - list @@ -66,7 +66,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }} - namespace: {{ .Values.admin_secret_namespace }} + namespace: {{ .Values.ceph_cluster_namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -81,53 +81,53 @@ kind: Job metadata: name: {{ $serviceAccountName }} labels: -{{ tuple $envAll "ceph" "client-ceph-config-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{ tuple $envAll "ceph" "namespace-client-ceph-config" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: template: metadata: labels: -{{ tuple $envAll "ceph" "client-ceph-config-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} +{{ tuple $envAll "ceph" "namespace-client-ceph-config" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: {{ dict "envAll" $envAll "podName" $serviceAccountName "containerNames" (list "ceph-storage-keys-generator" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: -{{ dict "envAll" $envAll "application" "client_ceph_config_generator" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} +{{ dict "envAll" $envAll "application" "namespace_client_ceph_config" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: {{ $envAll.Values.labels.job.node_selector_key }}: {{ $envAll.Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll "namespace_client_ceph_config_generator" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "namespace-client-ceph-config-init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - - name: ceph-storage-keys-generator + - name: namespace-client-ceph-config {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.secret_provisioning | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -{{ dict "envAll" $envAll "application" "client_ceph_config_generator" "container" "ceph_storage_keys_generator" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.namespace_client_ceph_config | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "namespace_client_ceph_config" "container" "ceph_storage_keys_generator" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} env: - name: CEPH_CONF_ETC - value: {{ .Values.ceph_configmap_name }} + value: {{ .Values.configmap_name }} - name: DEPLOYMENT_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - - name: PVC_CEPH_RBD_STORAGECLASS_DEPLOYED_NAMESPACE - value: {{ .Values.admin_secret_namespace }} + - name: CEPH_CLUSTER_NAMESPACE + value: {{ .Values.ceph_cluster_namespace }} command: - - /tmp/provisioner-rbd-namespace-client-ceph-config-manager.sh + - /tmp/config-manager.sh volumeMounts: - name: pod-tmp mountPath: /tmp - name: pod-etc-ceph mountPath: /etc/ceph - - name: ceph-provisioners-bin-clients - mountPath: /tmp/provisioner-rbd-namespace-client-ceph-config-manager.sh - subPath: provisioner-rbd-namespace-client-ceph-config-manager.sh + - name: bin + mountPath: /tmp/config-manager.sh + subPath: config-manager.sh readOnly: true volumes: - name: pod-tmp emptyDir: {} - name: pod-etc-ceph emptyDir: {} - - name: ceph-provisioners-bin-clients + - name: bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} defaultMode: 0555 diff --git a/ceph-adapter-rook/templates/job-namespace-client-key.yaml b/ceph-adapter-rook/templates/job-namespace-client-key.yaml index a94540fb7..0af358f45 100644 --- a/ceph-adapter-rook/templates/job-namespace-client-key.yaml +++ b/ceph-adapter-rook/templates/job-namespace-client-key.yaml @@ -17,8 +17,8 @@ limitations under the License. {{- $randStringSuffix := randAlphaNum 5 | lower }} -{{- $serviceAccountName := print $envAll.Release.Name "-ceph-ns-key-generator" }} -{{ tuple $envAll "namespace_client_key_generator" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $serviceAccountName := print $envAll.Release.Name "-namespace-client-key" }} +{{ tuple $envAll "namespace-client-key" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -52,21 +52,27 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }} - namespace: {{ .Values.admin_secret_namespace }} + namespace: {{ .Values.ceph_cluster_namespace }} rules: - apiGroups: - "" resources: - - secrets + - pods verbs: - get - list + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }} - namespace: {{ .Values.admin_secret_namespace }} + namespace: {{ .Values.ceph_cluster_namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -81,55 +87,53 @@ kind: Job metadata: name: {{ $serviceAccountName }} labels: -{{ tuple $envAll "ceph" "client-key-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{ tuple $envAll "ceph" "namespace-client-key" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: template: metadata: labels: -{{ tuple $envAll "ceph" "client-key-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} +{{ tuple $envAll "ceph" "namespace-client-key" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: {{ dict "envAll" $envAll "podName" $serviceAccountName "containerNames" (list "ceph-storage-keys-generator" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: -{{ dict "envAll" $envAll "application" "client_key_generator" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} +{{ dict "envAll" $envAll "application" "namespace-client-key" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: {{ $envAll.Values.labels.job.node_selector_key }}: {{ $envAll.Values.labels.job.node_selector_value }} initContainers: -{{ tuple $envAll "namespace_client_key_generator" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "namespace-client-key-init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - - name: ceph-storage-keys-generator + - name: namespace-client-key {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.secret_provisioning | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -{{ dict "envAll" $envAll "application" "client_key_generator" "container" "ceph_storage_keys_generator" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.namespace_client_key | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "namespace-client-key" "container" "namespace-client-key" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} env: - name: DEPLOYMENT_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - - name: PVC_CEPH_RBD_STORAGECLASS_USER_SECRET_NAME - value: {{ .Values.secrets.keys.user }} - - name: PVC_CEPH_RBD_STORAGECLASS_ADMIN_SECRET_NAME - value: {{ .Values.secrets.keys.admin }} - - name: PVC_CEPH_RBD_STORAGECLASS_DEPLOYED_NAMESPACE - value: {{ .Values.admin_secret_namespace }} + - name: SECRET_NAME + value: {{ .Values.secret_name }} + - name: CEPH_CLUSTER_NAMESPACE + value: {{ .Values.ceph_cluster_namespace }} command: - - /tmp/provisioner-rbd-namespace-client-key-manager.sh + - /tmp/key-manager.sh volumeMounts: - name: pod-tmp mountPath: /tmp - name: pod-etc-ceph mountPath: /etc/ceph - - name: ceph-provisioners-bin-clients - mountPath: /tmp/provisioner-rbd-namespace-client-key-manager.sh - subPath: provisioner-rbd-namespace-client-key-manager.sh + - name: bin + mountPath: /tmp/key-manager.sh + subPath: key-manager.sh readOnly: true volumes: - name: pod-tmp emptyDir: {} - name: pod-etc-ceph emptyDir: {} - - name: ceph-provisioners-bin-clients + - name: bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} defaultMode: 0555 diff --git a/ceph-adapter-rook/templates/job-storage-admin-keys.yaml b/ceph-adapter-rook/templates/job-storage-admin-keys.yaml deleted file mode 100644 index 9fac4580b..000000000 --- a/ceph-adapter-rook/templates/job-storage-admin-keys.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.job_storage_admin_keys }} -{{- $envAll := . }} - -{{- $serviceAccountName := "ceph-storage-keys-generator" }} -{{ tuple $envAll "storage_keys_generator" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $serviceAccountName }} - namespace: {{ .Values.admin_secret_namespace }} -rules: - - apiGroups: - - "" - resources: - - pods - - pods/exec - - secrets - verbs: - - get - - create - - patch - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $serviceAccountName }} - namespace: {{ .Values.admin_secret_namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $serviceAccountName }} -subjects: - - kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ $envAll.Release.Namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: ceph-storage-keys-generator - namespace: {{ .Values.admin_secret_namespace }} - labels: -{{ tuple $envAll "ceph" "storage-keys-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} - annotations: - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} -spec: - template: - metadata: - labels: -{{ tuple $envAll "ceph" "storage-keys-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - annotations: -{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} - configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -{{ dict "envAll" $envAll "podName" "ceph-storage-keys-generator" "containerNames" (list "ceph-storage-keys-generator" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} - spec: -{{ dict "envAll" $envAll "application" "storage_keys_generator" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ $envAll.Values.labels.job.node_selector_key }}: {{ $envAll.Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll "storage_keys_generator" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: ceph-storage-keys-generator -{{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.secret_provisioning | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -{{ dict "envAll" $envAll "application" "storage_keys_generator" "container" "ceph_storage_keys_generator" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} - env: - - name: DEPLOYMENT_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CEPH_GEN_DIR - value: /tmp - - name: CEPH_TEMPLATES_DIR - value: /tmp/templates - - name: CEPH_KEYRING_NAME - value: ceph.client.admin.keyring - - name: CEPH_KEYRING_TEMPLATE - value: admin.keyring - - name: CEPH_KEYRING_ADMIN_NAME - value: {{ .Values.secrets.keyrings.admin }} - - name: CEPH_STORAGECLASS_ADMIN_SECRET_NAME - value: {{ .Values.secrets.keys.admin }} - command: - - /tmp/keys-storage-keyring-manager.sh - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: pod-etc-ceph - mountPath: /etc/ceph - - name: ceph-mon-bin - mountPath: /tmp/keys-storage-keyring-manager.sh - subPath: keys-storage-keyring-manager.sh - readOnly: true - - name: ceph-templates - mountPath: /tmp/templates - readOnly: true - volumes: - - name: pod-tmp - emptyDir: {} - - name: pod-etc-ceph - emptyDir: {} - - name: ceph-mon-bin - configMap: - name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 0555 - - name: ceph-templates - configMap: - name: {{ printf "%s-%s" $envAll.Release.Name "templates" | quote }} - defaultMode: 0444 -{{- end }} diff --git a/ceph-adapter-rook/templates/service-mon-discovery.yaml b/ceph-adapter-rook/templates/service-mon-discovery.yaml deleted file mode 100644 index b37d38bea..000000000 --- a/ceph-adapter-rook/templates/service-mon-discovery.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if and .Values.manifests.service_mon_discovery }} -{{- $envAll := . }} ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ tuple "ceph_mon" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -spec: - ports: - - name: mon - port: {{ tuple "ceph_mon" "discovery" "mon" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - protocol: TCP - targetPort: {{ tuple "ceph_mon" "discovery" "mon" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - - name: mon-msgr2 - port: {{ tuple "ceph_mon" "discovery" "mon_msgr2" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - protocol: TCP - targetPort: {{ tuple "ceph_mon" "discovery" "mon_msgr2" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - selector: - app: rook-ceph-mon - ceph_daemon_type: mon - clusterIP: None - publishNotReadyAddresses: true -{{- end }} diff --git a/ceph-adapter-rook/values.yaml b/ceph-adapter-rook/values.yaml index d39276828..7c3b4ca64 100644 --- a/ceph-adapter-rook/values.yaml +++ b/ceph-adapter-rook/values.yaml @@ -18,33 +18,25 @@ labels: pod: security_context: - storage_keys_generator: - pod: - runAsUser: 65534 - container: - ceph_storage_keys_generator: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - client_key_generator: + namespace_client_key: pod: runAsUser: 99 container: - ceph_storage_keys_generator: + namespace_client_key: allowPrivilegeEscalation: false readOnlyRootFilesystem: true dns_policy: "ClusterFirstWithHostNet" - affinity: - anti: - type: - default: preferredDuringSchedulingIgnoredDuringExecution - topologyKey: - default: kubernetes.io/hostname - weight: - default: 10 resources: enabled: false jobs: - secret_provisioning: + namespace_client_key: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "500m" + namespace_client_ceph_config: limits: memory: "1024Mi" cpu: "2000m" @@ -52,68 +44,28 @@ pod: memory: "128Mi" cpu: "500m" -secrets: - keyrings: - admin: ceph-client-admin-keyring - keys: - admin: pvc-ceph-conf-combined-storageclass - user: pvc-ceph-client-key -admin_secret_namespace: ceph -ceph_configmap_name: ceph-etc +ceph_cluster_namespace: ceph + +secret_name: pvc-ceph-client-key +configmap_name: ceph-etc conf: - templates: - keyring: - admin: | - [client.admin] - key = {{ key }} - auid = 0 - caps mds = "allow" - caps mon = "allow *" - caps osd = "allow *" - caps mgr = "allow *" ceph: global: - # auth - cephx: true - cephx_require_signatures: false - cephx_cluster_require_signatures: true - cephx_service_require_signatures: false - objecter_inflight_op_bytes: "1073741824" - objecter_inflight_ops: 10240 - debug_ms: "0/0" - log_file: /dev/stdout - mon_cluster_log_file: /dev/stdout # TODO: Get mon host from rook-ceph-mon-endpoints configmap mon_host: "will be discovered" -endpoints: - cluster_domain_suffix: cluster.local - ceph_mon: - namespace: ceph - hosts: - default: ceph-mon - discovery: ceph-mon-discovery - host_fqdn_override: - default: null - port: - mon: - default: 6789 - mon_msgr2: - default: 3300 - dependencies: static: - storage_keys_generator: + namespace_client_key: + jobs: null + namespace_client_ceph_config: jobs: null manifests: configmap_bin: true - configmap_templates: true - configmap_etc: true - job_storage_admin_keys: true - job_namespace_client_key: true + configmap_etc_client: true job_namespace_client_ceph_config: true - service_mon_discovery: true + job_namespace_client_key: true ... diff --git a/releasenotes/notes/ceph-adapter-rook.yaml b/releasenotes/notes/ceph-adapter-rook.yaml index 4b4f7327c..81a14a5f6 100644 --- a/releasenotes/notes/ceph-adapter-rook.yaml +++ b/releasenotes/notes/ceph-adapter-rook.yaml @@ -3,4 +3,5 @@ ceph-adapter-rook: - 0.1.0 Initial Chart - 0.1.1 Update Ceph images to Jammy and Reef 18.2.1 - 0.1.2 Update Ceph images to patched 18.2.2 and restore debian-reef repo + - 0.1.3 Simplify and remove unnecessary entities ... diff --git a/tools/deployment/ceph/ceph-adapter-rook.sh b/tools/deployment/ceph/ceph-adapter-rook.sh index 530fd123e..3fc6011b1 100755 --- a/tools/deployment/ceph/ceph-adapter-rook.sh +++ b/tools/deployment/ceph/ceph-adapter-rook.sh @@ -15,40 +15,12 @@ set -xe -make ceph-adapter-rook +#NOTE: Define variables +: ${OSH_INFRA_HELM_REPO:="../openstack-helm-infra"} +: ${OSH_INFRA_PATH:="../openstack-helm-infra"} -tee > /tmp/ceph-adapter-rook-ceph.yaml < /tmp/ceph-adapter-rook-openstack.yaml <