Merge "Enhancements for the rbd-provisioner helm chart"
This commit is contained in:
commit
6cfef5c237
|
@ -14,9 +14,9 @@ metadata:
|
|||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.rbac.serviceAccount }}
|
||||
namespace: {{ .Values.global.namespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ .Values.rbac.clusterRole }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end}}
|
||||
{{- end}}
|
||||
|
|
|
@ -11,7 +11,7 @@ apiVersion: extensions/v1beta1
|
|||
kind: DaemonSet
|
||||
metadata:
|
||||
name: {{ .Values.global.name }}
|
||||
namespace: {{ .Values.global.namespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ .Values.global.name }}
|
||||
spec:
|
||||
|
|
|
@ -11,7 +11,7 @@ apiVersion: extensions/v1beta1
|
|||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ .Values.global.name }}
|
||||
namespace: {{ .Values.global.namespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
replicas: {{ .Values.global.replicas }}
|
||||
strategy:
|
||||
|
|
|
@ -16,7 +16,7 @@ kind: ConfigMap
|
|||
metadata:
|
||||
creationTimestamp: 2016-02-18T19:14:38Z
|
||||
name: config-{{- $root.Values.global.name }}
|
||||
namespace: {{ $root.Values.global.namespace }}
|
||||
namespace: {{ $root.Release.Namespace }}
|
||||
data:
|
||||
ceph.conf: |
|
||||
{{ $monitors := $defaults.monitors }}{{ range $index, $element := $monitors}}
|
||||
|
@ -31,7 +31,7 @@ data:
|
|||
cp {{ $mount -}}/ceph.conf /etc/ceph/
|
||||
|
||||
if [ ! -z $CEPH_ADMIN_SECRET ]; then
|
||||
kubectl get secret -n kube-system | grep $CEPH_ADMIN_SECRET
|
||||
kubectl get secret -n $NAMESPACE | grep $CEPH_ADMIN_SECRET
|
||||
ret=$?
|
||||
if [ $ret -ne 0 ]; then
|
||||
msg="Create $CEPH_ADMIN_SECRET secret"
|
||||
|
@ -78,12 +78,8 @@ data:
|
|||
# Set up pool key in Ceph format
|
||||
CEPH_USER_KEYRING=/etc/ceph/ceph.client.$USER_ID.keyring
|
||||
echo $KEYRING > $CEPH_USER_KEYRING
|
||||
IFS=',' read -a POOL_SECRET_NAMESPACES_ARR <<< "${POOL_SECRET_NAMESPACES}"
|
||||
|
||||
for pool_secret_namespace in "${POOL_SECRET_NAMESPACES_ARR[@]}"
|
||||
do
|
||||
kubectl create secret generic $CEPH_USER_SECRET --type="kubernetes.io/rbd" --from-literal=key=$KEYRING --namespace=$pool_secret_namespace
|
||||
done
|
||||
kubectl create secret generic $CEPH_USER_SECRET --type="kubernetes.io/rbd" --from-literal=key=$KEYRING --namespace=$NAMESPACE
|
||||
|
||||
set +ex
|
||||
|
||||
|
@ -108,7 +104,7 @@ apiVersion: batch/v1
|
|||
kind: Job
|
||||
metadata:
|
||||
name: rbd-provisioner-storage-init
|
||||
namespace: {{ $root.Values.global.namespace }}
|
||||
namespace: {{ $root.Release.Namespace }}
|
||||
labels:
|
||||
heritage: {{$root.Release.Service | quote }}
|
||||
release: {{$root.Release.Name | quote }}
|
||||
|
@ -119,7 +115,7 @@ spec:
|
|||
template:
|
||||
metadata:
|
||||
name: "{{$root.Release.Name}}"
|
||||
namespace: {{ $root.Values.global.namespace }}
|
||||
namespace: {{ $root.Release.Namespace }}
|
||||
labels:
|
||||
heritage: {{$root.Release.Service | quote }}
|
||||
release: {{$root.Release.Name | quote }}
|
||||
|
@ -138,9 +134,7 @@ spec:
|
|||
command: [ "/bin/bash", "{{ $mount }}/check_ceph.sh" ]
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
value: {{ $root.Values.global.namespace }}
|
||||
- name: POOL_SECRET_NAMESPACES
|
||||
value: {{ $classConfig.pool_secrets_namespaces }}
|
||||
value: {{ $root.Release.Namespace }}
|
||||
- name: CEPH_ADMIN_SECRET
|
||||
value: {{ $defaults.adminSecretName }}
|
||||
- name: CEPH_USER_SECRET
|
||||
|
@ -165,7 +159,7 @@ spec:
|
|||
command: [ "/bin/bash", "{{ $mount }}/check_ceph.sh" ]
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
value: {{ $root.Values.global.namespace }}
|
||||
value: {{ $root.Release.Namespace }}
|
||||
- name: POOL_NAME
|
||||
value: {{ $ephemeralPool.pool_name }}
|
||||
- name: POOL_REPLICATION
|
||||
|
@ -185,7 +179,7 @@ kind: ConfigMap
|
|||
metadata:
|
||||
name: ceph-etc
|
||||
# This is the name of the openstack application's namespace
|
||||
namespace: openstack
|
||||
namespace: {{ $root.Release.Namespace }}
|
||||
data:
|
||||
ceph.conf: |
|
||||
[global]
|
||||
|
@ -194,4 +188,13 @@ data:
|
|||
[mon.{{- $index }}]
|
||||
mon_addr = {{ $element }}
|
||||
{{- end }}
|
||||
---
|
||||
# Create the pvc-ceph-client-key. We need this here as we're not launching
|
||||
# Ceph using the Helm chart.
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: kubernetes.io/rbd
|
||||
metadata:
|
||||
name: pvc-ceph-client-key
|
||||
namespace: {{ $root.Release.Namespace }}
|
||||
{{- end }}
|
||||
|
|
|
@ -11,9 +11,9 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: Role
|
||||
metadata:
|
||||
name: {{ .Values.rbac.role }}
|
||||
namespace: {{ .Values.global.namespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get", "create", "list", "update"]
|
||||
{{- end}}
|
||||
{{- end}}
|
||||
|
|
|
@ -11,7 +11,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ .Values.rbac.roleBinding }}
|
||||
namespace: {{ .Values.global.namespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
|
@ -19,5 +19,5 @@ roleRef:
|
|||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.rbac.serviceAccount }}
|
||||
namespace: {{ .Values.global.namespace }}
|
||||
{{- end}}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end}}
|
||||
|
|
|
@ -11,5 +11,5 @@ apiVersion: v1
|
|||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ .Values.rbac.serviceAccount }}
|
||||
namespace: {{ .Values.global.namespace }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
*/}}
|
||||
|
||||
{{- if .Values.global.provisionStorageClass }}
|
||||
{{ $namespace := .Values.global.namespace }}
|
||||
{{ $namespace := .Release.Namespace }}
|
||||
{{ $defaults := .Values.classdefaults}}
|
||||
{{- range $classConfig := .Values.classes }}
|
||||
apiVersion: storage.k8s.io/v1
|
||||
|
|
|
@ -13,10 +13,6 @@ global:
|
|||
#
|
||||
name: "rbd-provisioner"
|
||||
#
|
||||
# Defines the namespace where provisioner runs.
|
||||
#
|
||||
namespace: kube-system
|
||||
#
|
||||
# Execute initialization job to verify external Ceph cluster access
|
||||
# and setup additional dependencies assumed by dependent helm charts
|
||||
# (i.e. configmap and secrets).
|
||||
|
@ -135,10 +131,6 @@ classes:
|
|||
userId: kube
|
||||
# K8 secret name with key for accessing the Ceph pool
|
||||
userSecretName: ceph-secret-kube
|
||||
# Namespaces for creating the k8s secrets for accessing the Ceph pools
|
||||
pool_secrets_namespaces: kube-system
|
||||
# Name of pool to configure
|
||||
pool_name: kube-rbd
|
||||
# Pool replication
|
||||
replication: 1
|
||||
# Pool crush rule name
|
||||
|
|
Loading…
Reference in New Issue