Merge "Enhancements for the rbd-provisioner helm chart"

2018-12-13 21:59:38 +00:00 · 2018-12-13 21:59:38 +00:00 · 6cfef5c237
parent 2139b8d146 6bf075c66a
commit 6cfef5c237
9 changed files with 28 additions and 33 deletions
--- a/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/clusterrolebinding.yaml
+++ b/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/clusterrolebinding.yaml
@ -14,9 +14,9 @@ metadata:
 subjects:
  - kind: ServiceAccount
    name: {{ .Values.rbac.serviceAccount }}
-    namespace: {{ .Values.global.namespace }}
+    namespace: {{ .Release.Namespace }}
 roleRef:
  kind: ClusterRole
  name: {{ .Values.rbac.clusterRole }}
  apiGroup: rbac.authorization.k8s.io
-{{- end}}
+{{- end}}
--- a/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/daemonset.yaml
+++ b/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/daemonset.yaml
@ -11,7 +11,7 @@ apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
  name: {{ .Values.global.name }}
-  namespace: {{ .Values.global.namespace }}
+  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ .Values.global.name }}
 spec:
--- a/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/deployment.yaml
+++ b/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/deployment.yaml
@ -11,7 +11,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: {{ .Values.global.name }}
-  namespace: {{ .Values.global.namespace }}
+  namespace: {{ .Release.Namespace }}
 spec:
  replicas: {{ .Values.global.replicas }}
  strategy:
--- a/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/pre-install-check-ceph.yaml
+++ b/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/pre-install-check-ceph.yaml
@ -16,7 +16,7 @@ kind: ConfigMap
 metadata:
  creationTimestamp: 2016-02-18T19:14:38Z
  name: config-{{- $root.Values.global.name }}
-  namespace: {{ $root.Values.global.namespace }}
+  namespace: {{ $root.Release.Namespace }}
 data:
  ceph.conf: |
    {{ $monitors := $defaults.monitors }}{{ range $index, $element := $monitors}}
@ -31,7 +31,7 @@ data:
    cp {{ $mount -}}/ceph.conf /etc/ceph/

    if [ ! -z $CEPH_ADMIN_SECRET ]; then
-      kubectl get secret -n kube-system | grep $CEPH_ADMIN_SECRET
+      kubectl get secret -n $NAMESPACE | grep $CEPH_ADMIN_SECRET
      ret=$?
      if [ $ret -ne 0 ]; then
          msg="Create $CEPH_ADMIN_SECRET secret"
@ -78,12 +78,8 @@ data:
    # Set up pool key in Ceph format
    CEPH_USER_KEYRING=/etc/ceph/ceph.client.$USER_ID.keyring
    echo $KEYRING > $CEPH_USER_KEYRING
-    IFS=',' read -a POOL_SECRET_NAMESPACES_ARR <<< "${POOL_SECRET_NAMESPACES}"

-    for pool_secret_namespace in "${POOL_SECRET_NAMESPACES_ARR[@]}"
-    do
-      kubectl create secret generic $CEPH_USER_SECRET --type="kubernetes.io/rbd" --from-literal=key=$KEYRING --namespace=$pool_secret_namespace
-    done
+    kubectl create secret generic $CEPH_USER_SECRET --type="kubernetes.io/rbd" --from-literal=key=$KEYRING --namespace=$NAMESPACE

    set +ex

@ -108,7 +104,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  name: rbd-provisioner-storage-init
-  namespace: {{ $root.Values.global.namespace }}
+  namespace: {{ $root.Release.Namespace }}
  labels:
    heritage: {{$root.Release.Service | quote }}
    release: {{$root.Release.Name | quote }}
@ -119,7 +115,7 @@ spec:
  template:
    metadata:
      name: "{{$root.Release.Name}}"
-      namespace: {{ $root.Values.global.namespace }}
+      namespace: {{ $root.Release.Namespace }}
      labels:
        heritage: {{$root.Release.Service | quote }}
        release: {{$root.Release.Name | quote }}
@ -138,9 +134,7 @@ spec:
          command: [ "/bin/bash", "{{ $mount }}/check_ceph.sh" ]
          env:
            - name: NAMESPACE
-              value: {{ $root.Values.global.namespace }}
-            - name: POOL_SECRET_NAMESPACES
-              value: {{ $classConfig.pool_secrets_namespaces }}
+              value: {{ $root.Release.Namespace }}
            - name: CEPH_ADMIN_SECRET
              value: {{ $defaults.adminSecretName }}
            - name: CEPH_USER_SECRET
@ -165,7 +159,7 @@ spec:
          command: [ "/bin/bash", "{{ $mount }}/check_ceph.sh" ]
          env:
            - name: NAMESPACE
-              value: {{ $root.Values.global.namespace }}
+              value: {{ $root.Release.Namespace }}
            - name: POOL_NAME
              value: {{ $ephemeralPool.pool_name }}
            - name: POOL_REPLICATION
@ -185,7 +179,7 @@ kind: ConfigMap
 metadata:
  name: ceph-etc
  # This is the name of the openstack application's namespace
-  namespace: openstack
+  namespace: {{ $root.Release.Namespace }}
 data:
  ceph.conf: |
    [global]
@ -194,4 +188,13 @@ data:
    [mon.{{- $index }}]
    mon_addr = {{ $element }}
    {{- end }}
+---
+# Create the pvc-ceph-client-key. We need this here as we're not launching
+# Ceph using the Helm chart.
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/rbd
+metadata:
+  name: pvc-ceph-client-key
+  namespace: {{ $root.Release.Namespace }}
 {{- end }}
--- a/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/role.yaml
+++ b/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/role.yaml
@ -11,9 +11,9 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ .Values.rbac.role }}
-  namespace: {{ .Values.global.namespace }}
+  namespace: {{ .Release.Namespace }}
 rules:
 - apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "create", "list", "update"]
-{{- end}}
+{{- end}}
--- a/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/rolebinding.yaml
+++ b/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/rolebinding.yaml
@ -11,7 +11,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ .Values.rbac.roleBinding }}
-  namespace: {{ .Values.global.namespace }}
+  namespace: {{ .Release.Namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@ -19,5 +19,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: {{ .Values.rbac.serviceAccount }}
-  namespace: {{ .Values.global.namespace }}
-{{- end}}
+  namespace: {{ .Release.Namespace }}
+{{- end}}
--- a/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/serviceaccount.yaml
+++ b/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/serviceaccount.yaml
@ -11,5 +11,5 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ .Values.rbac.serviceAccount }}
-  namespace: {{ .Values.global.namespace }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}
--- a/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/storageclass.yaml
+++ b/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/templates/storageclass.yaml
@ -7,7 +7,7 @@
 */}}

 {{- if .Values.global.provisionStorageClass }}
-{{ $namespace := .Values.global.namespace }}
+{{ $namespace := .Release.Namespace }}
 {{ $defaults := .Values.classdefaults}}
 {{- range $classConfig := .Values.classes }}
 apiVersion: storage.k8s.io/v1
--- a/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/values.yaml
+++ b/stx-platform-helm/stx-platform-helm/helm-charts/rbd-provisioner/values.yaml
@ -13,10 +13,6 @@ global:
  #
  name: "rbd-provisioner"
  #
-  # Defines the namespace where provisioner runs.
-  #
-  namespace: kube-system
-  #
  # Execute initialization job to verify external Ceph cluster access
  # and setup additional dependencies assumed by dependent helm charts
  # (i.e. configmap and secrets).
@ -135,10 +131,6 @@ classes:
  userId: kube
  # K8 secret name with key for accessing the Ceph pool
  userSecretName: ceph-secret-kube
-  # Namespaces for creating the k8s secrets for accessing the Ceph pools
-  pool_secrets_namespaces: kube-system
-  # Name of pool to configure
-  pool_name: kube-rbd
  # Pool replication
  replication: 1
  # Pool crush rule name