Add FluxCD version of the rook-ceph app

Add new manifest files to rook-ceph enabling FluxCD support.

The spec file will generate a .deb file with the sources
needed to install rook-ceph with FluxCD

The FluxCD archive will contain the following:
.
├── charts
│   ├── rook-ceph-0.1.0.tgz
│   ├── rook-ceph-provisioner-0.1.0.tgz
│   └── rook-operator-0.1.0.tgz
├── checksum.md5
└── fluxcd-manifests
    ├── base
    │   ├── helmrepository.yaml
    │   ├── kustomization.yaml
    │   └── namespace.yaml
    ├── kustomization.yaml
    ├── rook-ceph
    │   ├── helmrelease.yaml
    │   ├── kustomization.yaml
    │   ├── rook-ceph-static-overrides.yaml
    │   └── rook-ceph-system-overrides.yaml
    ├── rook-operator
    │   ├── helmrelease.yaml
    │   ├── kustomization.yaml
    │   ├── rook-operator-static-overrides.yaml
    │   └── rook-operator-system-overrides.yaml
    └── rook-ceph-provisioner
        ├── helmrelease.yaml
        ├── kustomization.yaml
        ├── rook-ceph-provisioner-static-overrides.yaml
        └── rook-ceph-provisioner-system-overrides.yaml

Test Plan:
PASS: AIO-SX - rook-ceph app files uploaded
PASS: AIO-SX - application applied using FluxCD
PASS: AIO-SX - application removed using
      system application-remove

Story: 2009138
Task: 45404

Depends-On: https://review.opendev.org/c/starlingx/rook-ceph/+/846438

Signed-off-by: Daian Cardoso Sganderlla <Daian.CardosoSganderlla@windriver.com>
Change-Id: Ieaa5a3da6625437722ea6e72e3b5b8f785bfbdab

python-k8sapp-rook/debian/deb_folder/changelog

@@ -0,0 +1,5 @@
+python3-k8sapp-rook (1.0-1) unstable; urgency=medium
+
+  * Initial release.
+
+ --  Tracey Bogue <tracey.bogue@windriver.com>  Wed, 27 Oct 2021 11:25:42 +0000

python-k8sapp-rook/debian/deb_folder/control

@@ -0,0 +1,28 @@
+Source: python3-k8sapp-rook
+Section: libs
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13),
+ dh-python,
+ python3-all,
+ python3-pbr,
+ python3-setuptools,
+ python3-wheel
+Standards-Version: 4.5.1
+Homepage: https://www.starlingx.io
+
+Package: python3-k8sapp-rook
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${python3:Depends}
+Description: StarlingX Sysinv Rook Ceph Extensions
+ This package contains sysinv plugins for the Rook Ceph armada
+ K8S app.
+
+Package: python3-k8sapp-rook-wheels
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${python3:Depends}, python3-wheel
+Description: StarlingX Sysinv Rook Ceph Extension Wheels
+ This package contains python wheels for the Rook Ceph platform armada
+ K8S app plugins.

python-k8sapp-rook/debian/deb_folder/copyright

@@ -0,0 +1,41 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: python3-k8sapp-rook
+Source: https://opendev.org/starlingx/rook-ceph/
+
+Files: *
+Copyright: (c) 2013-2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
+
+# If you want to use GPL v2 or later for the /debian/* files use
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.

python-k8sapp-rook/debian/deb_folder/python3-k8sapp-rook-wheels.install

@@ -0,0 +1 @@
+plugins/rook-ceph-apps/*.whl

python-k8sapp-rook/debian/deb_folder/python3-k8sapp-rook.install

@@ -0,0 +1,2 @@
+usr/lib/python3/dist-packages/k8sapp_rook-1.0.0.egg-info/*
+usr/lib/python3/dist-packages/k8sapp_rook/*

python-k8sapp-rook/debian/deb_folder/rules

@@ -0,0 +1,26 @@
+#!/usr/bin/make -f
+# export DH_VERBOSE = 1
+
+export APP_NAME=rook-ceph-apps
+export PBR_VERSION=1.0.0
+export PYBUILD_NAME=k8sapp-rook
+export SKIP_PIP_INSTALL=1
+export ROOT=debian/tmp
+
+%:
+	dh $@ --with=python3 --buildsystem=pybuild
+
+override_dh_auto_install:
+	python3 setup.py install --install-layout=deb --root $(ROOT)
+	python3 setup.py bdist_wheel \
+		--universal \
+		-d $(ROOT)/plugins/$(APP_NAME)
+
+override_dh_python3:
+	dh_python3 --shebang=/usr/bin/python3
+
+ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS)))
+override_dh_auto_test:
+	# (tbogue) FIXME
+	PYTHONDIR=$(CURDIR) stestr run || true
+endif

python-k8sapp-rook/debian/deb_folder/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

python-k8sapp-rook/debian/meta_data.yaml

@@ -0,0 +1,7 @@
+---
+debname: python3-k8sapp-rook
+debver: 1.0-1
+src_path: k8sapp_rook
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true

python-k8sapp-rook/k8sapp_rook/k8sapp_rook/armada/__init__.py

@@ -1,19 +0,0 @@
-#
-# Copyright (c) 2020 Intel Corporation, Inc.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-
-import yaml
-
-
-class quoted_str(str):
-    pass
-
-
-# force strings to be single-quoted to avoid interpretation as numeric values
-def quoted_presenter(dumper, data):
-    return dumper.represent_scalar(u'tag:yaml.org,2002:str', data, style="'")
-
-
-yaml.add_representer(quoted_str, quoted_presenter)

python-k8sapp-rook/k8sapp_rook/k8sapp_rook/armada/manifest_rook_ceph.py

@@ -1,36 +0,0 @@
-# vim: tabstop=4 shiftwidth=4 softtabstop=4
-#
-# Copyright (c) 2020 Intel Corporation, Inc.
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# All Rights Reserved.
-#
-
-""" System inventory Armada manifest operator."""
-
-from k8sapp_rook.helm.rook_ceph import RookCephHelm
-from k8sapp_rook.helm.rook_ceph_provisioner import RookCephProvisionerHelm
-from k8sapp_rook.helm.rook_operator import RookOperatorHelm
-
-from sysinv.common import constants
-from sysinv.helm import manifest_generic as generic
-
-
-class RookCephArmadaManifestOperator(generic.GenericArmadaManifestOperator):
-
-    APP = constants.HELM_APP_ROOK_CEPH
-    ARMADA_MANIFEST = 'rook-ceph-manifest'
-
-    CHART_GROUP_ROOK = 'starlingx-rook-charts'
-    CHART_GROUPS_LUT = {
-        RookOperatorHelm.CHART: CHART_GROUP_ROOK,
-        RookCephHelm.CHART: CHART_GROUP_ROOK,
-        RookCephProvisionerHelm: CHART_GROUP_ROOK,
-    }
-
-    CHARTS_LUT = {
-        RookOperatorHelm.CHART: 'kube-system-rook-operator',
-        RookCephHelm.CHART: 'kube-system-rook-ceph',
-        RookCephProvisionerHelm.CHART: 'kube-system-rook-ceph-provisioner',
-    }

python-k8sapp-rook/k8sapp_rook/tox.ini

@@ -41,6 +41,7 @@ setenv = VIRTUAL_ENV={envdir}
          TOX_WORK_DIR={toxworkdir}
          PYLINTHOME={toxworkdir}
 
+# for debian the path to cgcs-patch is incorrect
 deps = -r{toxinidir}/requirements.txt
        -r{toxinidir}/test-requirements.txt
        -e{[tox]stxdir}/config/sysinv/sysinv/sysinv

stx-rook-ceph/centos/build_srpm.data

@@ -1,5 +1,5 @@
 SRC_DIR="stx-rook-ceph"
-COPY_LIST="files/*"
+COPY_LIST="files/* $PKG_BASE/$SRC_DIR/fluxcd-manifests/*"
 
 EXCLUDE_LIST_FROM_TAR=".stestr"
 

stx-rook-ceph/centos/stx-rook-ceph.spec

@@ -8,7 +8,7 @@
 # Build variables
 %global helm_folder /usr/lib/helm
 #%global toolkit_version 0.1.0
-%global rook_version 1.2.7
+%global rook_version 1.9.6
 
 Summary: StarlingX K8S application: Rook Ceph
 Name: stx-rook-ceph
@@ -33,6 +33,14 @@ BuildRequires: python-k8sapp-rook-wheels
 %description
 The StarlingX K8S application for Rook Ceph
 
+%package fluxcd
+Summary: StarlingX K8s application for Rook Ceph FluxCD
+Group: base
+License: Apache-2.0
+
+%description fluxcd
+StarlingX K8s application for Rook Ceph FluxCD
+
 %prep
 %setup
 
@@ -54,7 +62,8 @@ kill %1
 
 # Create a chart tarball compliant with sysinv kube-app.py
 %define app_staging %{_builddir}/staging
-%define app_tarball %{app_name}-%{version}-%{tis_patch_ver}.tgz
+%define app_tarball_armada %{app_name}-%{version}-%{tis_patch_ver}.tgz
+%define app_tarball_fluxcd %{app_name}-fluxcd-%{version}-%{tis_patch_ver}.tgz
 
 # Setup staging
 mkdir -p %{app_staging}
@@ -73,9 +82,21 @@ sed -i 's/@HELM_REPO@/%{helm_repo}/g' %{app_staging}/metadata.yaml
 mkdir -p %{app_staging}/plugins
 cp /plugins/%{app_name}/*.whl %{app_staging}/plugins
 
-# package it up
+# package Armada
 find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
-tar -zcf %{_builddir}/%{app_tarball} -C %{app_staging}/ .
+tar -zcf %{_builddir}/%{app_tarball_armada} -C %{app_staging}/ .
+
+# package FluxCD
+rm -f %{app_staging}/manifest.yaml
+
+cd -
+cp -R fluxcd-manifests %{app_staging}/
+cd %{app_staging}
+
+find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
+tar -zcf %{_builddir}/%{app_tarball_fluxcd} -C %{app_staging}/ .
+
+cd -
 
 # Cleanup staging
 rm -fr %{app_staging}
@@ -83,10 +104,16 @@ rm -fr %{app_staging}
 %install
 install -d -m 755 %{buildroot}/%{app_folder}
 install -d -m 755 %{buildroot}%{_initrddir}
-install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder}
+install -p -D -m 755 %{_builddir}/%{app_tarball_armada} %{buildroot}/%{app_folder}
 install -m 750 %{SOURCE1} %{buildroot}%{_initrddir}/rook-mon-exit
 
+install -p -D -m 755 %{_builddir}/%{app_tarball_fluxcd} %{buildroot}/%{app_folder}
+
 %files
 %defattr(-,root,root,-)
-%{app_folder}/*
+%{app_folder}/%{app_tarball_armada}
 %{_initrddir}/rook-mon-exit
+
+%files fluxcd
+%defattr(-,root,root,-)
+%{app_folder}/%{app_tarball_fluxcd}

stx-rook-ceph/debian/deb_folder/rules

@@ -11,16 +11,19 @@ export MINOR_PATCH = $(shell echo $(DEB_VERSION) | cut -f 2 -d '.')
 
 export APP_NAME = rook-ceph-apps
 export APP_VERSION = $(MAJOR).$(MINOR_PATCH)
-export APP_TARBALL = $(APP_NAME)-$(APP_VERSION).tgz
+export APP_TARBALL_FLUXCD = $(APP_NAME)-fluxcd-$(APP_VERSION).tgz
 
 export HELM_REPO = stx-platform
-export STAGING = staging
+export STAGING_FLUXCD = staging-fluxcd
 
 %:
 	dh $@
 
 override_dh_auto_build:
 
+	############
+	#  COMMON  #
+	############
 #	Host a server for the helm charts.
 	chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="./helm-charts" &
 	sleep 2
@@ -35,35 +38,39 @@ override_dh_auto_build:
 #	Terminate the helm chart server.
 	pkill chartmuseum
 
+
+	############
+	#  FLUXCD  #
+	############
 #	Setup staging
-	mkdir -p $(STAGING)
-	cp files/metadata.yaml $(STAGING)
-	cp manifests/manifest.yaml $(STAGING)
-	mkdir -p $(STAGING)/charts
-	cp helm-charts/*.tgz $(STAGING)/charts
-	cd $(STAGING)
+	mkdir -p $(STAGING_FLUXCD)
+	cp files/metadata.yaml $(STAGING_FLUXCD)
+	cp -Rv fluxcd-manifests $(STAGING_FLUXCD)
+	mkdir -p $(STAGING_FLUXCD)/charts
+	cp helm-charts/*.tgz $(STAGING_FLUXCD)/charts
 
 #	Populate metadata
-	sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING)/metadata.yaml
-	sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING)/metadata.yaml
-	sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING)/metadata.yaml
+	sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING_FLUXCD)/metadata.yaml
+	sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING_FLUXCD)/metadata.yaml
+	sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING_FLUXCD)/metadata.yaml
 
 #	Copy the plugins: installed in the buildroot
-	mkdir -p $(STAGING)/plugins
-	cp /plugins/$(APP_NAME)/*.whl $(STAGING)/plugins
+	mkdir -p $(STAGING_FLUXCD)/plugins
+	cp /plugins/$(APP_NAME)/*.whl $(STAGING_FLUXCD)/plugins
 
 #	Package it up
+	cd $(STAGING_FLUXCD)
 	find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
-	tar -zcf $(APP_TARBALL) -C $(STAGING)/ .
+	tar -zcf $(APP_TARBALL_FLUXCD) -C $(STAGING_FLUXCD)/ .
 
 #	Cleanup staging
-	rm -fr $(STAGING)
+	rm -fr $(STAGING_FLUXCD)
 
 override_dh_auto_install:
 #	Install the app tar file
 	install -d -m 755 $(APP_FOLDER)
 	install -d -m 755 $(INITRD_DIR)
-	install -p -D -m 755 $(APP_TARBALL) $(APP_FOLDER)
+	install -p -D -m 755 $(APP_TARBALL_FLUXCD) $(APP_FOLDER)
 	install -m 750 files/rook-mon-exit.sh $(INITRD_DIR)/rook-mon-exit
 
 # Prevents dh_fixperms from changing the permissions defined in this file
@@ -72,3 +79,4 @@ override_dh_fixperms:
 
 override_dh_usrlocal:
 	echo "do nothing"
+

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/helmrepository.yaml

@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: stx-platform
+spec:
+  url: http://192.168.206.1:8080/helm_charts/stx-platform
+  interval: 60m

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/kustomization.yaml

@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+resources:
+  - helmrepository.yaml

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/namespace.yaml

@@ -0,0 +1,10 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-system

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/kustomization.yaml

@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+  - base
+  - rook-ceph
+  - rook-operator
+  - rook-ceph-provisioner

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/helmrelease.yaml

@@ -0,0 +1,40 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
+kind: HelmRelease
+metadata:
+  name: rook-ceph-provisioner
+  labels:
+    chart_group: starlingx-rook-charts
+spec:
+  releaseName: rook-ceph-provisioner
+  chart:
+    spec:
+      chart: rook-ceph-provisioner
+      version: 0.1.0
+      sourceRef:
+        kind: HelmRepository
+        name: stx-platform
+  interval: 5m
+  timeout: 30m
+  dependsOn:
+    - name: rook-ceph
+  test:
+    enable: false
+  install:
+    disableHooks: false
+  upgrade:
+    disableHooks: false
+  uninstall:
+    disableHooks: true
+  valuesFrom:
+    - kind: Secret
+      name: rook-ceph-provisioner-static-overrides
+      valuesKey: rook-ceph-provisioner-static-overrides.yaml
+    - kind: Secret
+      name: rook-ceph-provisioner-system-overrides
+      valuesKey: rook-ceph-provisioner-system-overrides.yaml

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/kustomization.yaml

@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+namespace: kube-system
+resources:
+  - helmrelease.yaml
+secretGenerator:
+  - name: rook-ceph-provisioner-static-overrides
+    files:
+      - rook-ceph-provisioner-static-overrides.yaml
+  - name: rook-ceph-provisioner-system-overrides
+    files:
+      - rook-ceph-provisioner-system-overrides.yaml
+generatorOptions:
+  disableNameSuffixHash: true

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/rook-ceph-provisioner-static-overrides.yaml

@@ -0,0 +1,92 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+global:
+  configmap_key_init: ceph-key-init-bin
+  #
+  provision_storage: true
+  cephfs_storage: true
+  job_ceph_mgr_provision: true
+  job_ceph_mon_audit: false
+  job_ceph_osd_audit: true
+  job_host_provision: true
+  job_cleanup: true
+  deployment_stx_ceph_manager: true
+  # Defines whether to generate service account and role bindings.
+  rbac: true
+  # Node Selector
+  nodeSelector: { node-role.kubernetes.io/master: "" }
+
+#
+# RBAC options.
+# Defaults should be fine in most cases.
+rbac:
+  clusterRole: rook-ceph-provisioner
+  clusterRoleBinding: rook-ceph-provisioner
+  role: rook-ceph-provisioner
+  roleBinding: rook-ceph-provisioner
+  serviceAccount: rook-ceph-provisioner
+
+
+images:
+  tags:
+    ceph_config_helper: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20220802
+    stx_ceph_manager: docker.io/starlingx/stx-ceph-manager:master-centos-stable-latest
+    k8s_entrypoint: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+
+
+provisionStorage:
+  # Defines the name of the provisioner associated with a set of storage classes
+  provisioner_name: kube-system.rbd.csi.ceph.com
+  # Enable this storage class as the system default storage class
+  defaultStorageClass: rook-ceph
+  # Configure storage classes.
+  # Defaults for storage classes. Update this if you have a single Ceph storage cluster.
+  # No need to add them to each class.
+  classdefaults:
+    # Define ip addresses of Ceph Monitors
+    monitors: 192.168.204.3:6789,192.168.204.4:6789,192.168.204.1:6789
+    # Ceph admin account
+    adminId: admin
+    # K8 secret name for the admin context
+    adminSecretName: ceph-secret
+  # Configure storage classes.
+  # This section should be tailored to your setup. It allows you to define multiple storage
+  # classes for the same cluster (e.g. if you have tiers of drives with different speeds).
+  # If you have multiple Ceph clusters take attributes from classdefaults and add them here.
+  classes:
+    name: rook-ceph # Name of storage class.
+    secret:
+      # K8 secret name with key for accessing the Ceph pool
+      userSecretName: ceph-secret-kube
+      # Ceph user name to access this pool
+      userId: kube
+    pool:
+      pool_name: kube
+      replication: 1
+      crush_rule_name: storage_tier_ruleset
+      chunk_size: 8
+
+
+cephfsStorage:
+  provisioner_name: kube-system.cephfs.csi.ceph.com
+  fs_name: stxfs
+  pool_name: stxfs-data0
+
+
+host_provision:
+  controller_hosts:
+  - controller-0
+
+
+ceph_audit_jobs:
+  floatIP: 192.168.204.2
+  audit:
+    cron: "*/3 * * * *"
+    deadline: 200
+    history:
+      success: 1
+      failed: 1

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/rook-ceph-provisioner-system-overrides.yaml

@@ -0,0 +1,6 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/helmrelease.yaml

@@ -0,0 +1,40 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
+kind: HelmRelease
+metadata:
+  name: rook-ceph
+  labels:
+    chart_group: starlingx-rook-charts
+spec:
+  releaseName: rook-ceph
+  chart:
+    spec:
+      chart: rook-ceph
+      version: 0.1.0
+      sourceRef:
+        kind: HelmRepository
+        name: stx-platform
+  interval: 5m
+  timeout: 30m
+  dependsOn:
+    - name: rook-operator 
+  test:
+    enable: false
+  install:
+    disableHooks: false
+  upgrade:
+    disableHooks: false
+  uninstall:
+    disableHooks: true
+  valuesFrom:
+    - kind: Secret
+      name: rook-ceph-static-overrides
+      valuesKey: rook-ceph-static-overrides.yaml
+    - kind: Secret
+      name: rook-ceph-system-overrides
+      valuesKey: rook-ceph-system-overrides.yaml

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/kustomization.yaml

@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+namespace: kube-system
+resources:
+  - helmrelease.yaml
+secretGenerator:
+  - name: rook-ceph-static-overrides
+    files:
+      - rook-ceph-static-overrides.yaml
+  - name: rook-ceph-system-overrides
+    files:
+      - rook-ceph-system-overrides.yaml
+generatorOptions:
+  disableNameSuffixHash: true

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/rook-ceph-static-overrides.yaml

@@ -0,0 +1,64 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# Default values for ceph-cluster
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+cluster:
+  image:
+    repository: quay.io/ceph/ceph
+    tag: v16.2.9
+    pullPolicy: IfNotPresent
+  # Tolerations for the ceph-cluster to allow it to run on nodes with particular taints
+  tolerations: []
+  mon:
+    count: 3
+    allowMultiplePerNode: false
+  hostNetwork: true
+  storage:
+    storeType: bluestore
+    databaseSizeMB: 1024
+  ## Annotations to be added to pod
+  annotations: {}
+  ## LogLevel can be set to: TRACE, DEBUG, INFO, NOTICE, WARNING, ERROR or CRITICAL
+  logLevel: INFO
+  # Writing to the hostPath is required for the Ceph mon and osd pods. Given the restricted permissions in OpenShift with SELinux,
+  # the pod must be running privileged in order to write to the hostPath volume, this must be set to true then.
+  hostpathRequiresPrivileged: false
+  # Disable automatic orchestration when new devices are discovered.
+  disableDeviceHotplug: false
+
+
+mds:
+  name: stxfs
+  replica: 3
+
+
+toolbox:
+  image:
+    prefix: rook
+    repository: rook/ceph
+    tag: v1.9.6
+    pullPolicy: IfNotPresent
+
+
+hook:
+  image: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20220802
+  duplexPreparation:
+    enable: false
+    activeController: controller-0
+    floatIP: 192.188.204.2
+  cleanup:
+    enable: true
+    rbac:
+      clusterRole: rook-ceph-cleanup
+      clusterRoleBinding: rook-ceph-cleanup
+      role: rook-ceph-cleanup
+      roleBinding: rook-ceph-cleanup
+      serviceAccount: rook-ceph-cleanup
+    mon_hosts:
+    - controller-0
+

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/rook-ceph-system-overrides.yaml

@@ -0,0 +1,6 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/README.md

@@ -0,0 +1,122 @@
+
+
+Other values
+
+---
+
+## .operator.csi:
+
+CSI CephFS plugin daemonset update strategy, supported values are OnDelete and RollingUpdate.
+Default value is RollingUpdate.
+```
+rbdPluginUpdateStrategy: OnDelete
+```
+
+CSI Rbd plugin daemonset update strategy, supported values are OnDelete and RollingUpdate.
+Default value is RollingUpdate.
+```
+cephFSPluginUpdateStrategy: OnDelete
+```
+
+Set provisonerTolerations and provisionerNodeAffinity for provisioner pod.
+The CSI provisioner would be best to start on the same nodes as other ceph daemons.
+```
+provisionerTolerations:
+  - key: key
+    operator: Exists
+    effect: NoSchedule
+provisionerNodeAffinity: key1=value1,value2; key2=value3
+```
+
+Set pluginTolerations and pluginNodeAffinity for plugin daemonset pods.
+The CSI plugins need to be started on all the nodes where the clients need to mount the storage.
+```
+pluginTolerations:
+  - key: key
+    operator: Exists
+    effect: NoSchedule
+pluginNodeAffinity: key1=value1,value2; key2=value3
+cephfsGrpcMetricsPort: 9091
+cephfsLivenessMetricsPort: 9081
+rbdGrpcMetricsPort: 9090
+```
+
+Enable Ceph Kernel clients on kernel < 4.17. If your kernel does not support quotas for CephFS
+you may want to disable this setting. However, this will cause an issue during upgrades
+with the FUSE client. See the upgrade guide: https://rook.io/docs/rook/v1.2/ceph-upgrade.html
+```
+forceCephFSKernelClient: true
+rbdLivenessMetricsPort: 9080
+```
+
+## .operator:
+
+if true, run rook operator on the host network
+```
+useOperatorHostNetwork: true
+```
+
+Rook Agent configuration
+toleration: NoSchedule, PreferNoSchedule or NoExecute
+tolerationKey: Set this to the specific key of the taint to tolerate
+tolerations: Array of tolerations in YAML format which will be added to agent deployment
+nodeAffinity: Set to labels of the node to match
+flexVolumeDirPath: The path where the Rook agent discovers the flex volume plugins
+libModulesDirPath: The path where the Rook agent can find kernel modules
+```
+agent:
+  toleration: NoSchedule
+  tolerationKey: key
+  tolerations:
+  - key: key
+    operator: Exists
+    effect: NoSchedule
+  nodeAffinity: key1=value1,value2; key2=value3
+  mountSecurityMode: Any
+```
+
+For information on FlexVolume path, please refer to https://rook.io/docs/rook/master/flexvolume.html
+```
+flexVolumeDirPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/
+libModulesDirPath: /lib/modules
+mounts: mount1=/host/path:/container/path,/host/path2:/container/path2
+```
+
+Rook Discover configuration
+toleration: NoSchedule, PreferNoSchedule or NoExecute
+tolerationKey: Set this to the specific key of the taint to tolerate
+tolerations: Array of tolerations in YAML format which will be added to agent deployment
+nodeAffinity: Set to labels of the node to match
+```
+discover:
+  toleration: NoSchedule
+  tolerationKey: key
+  tolerations:
+  - key: key
+    operator: Exists
+    effect: NoSchedule
+  nodeAffinity: key1=value1,value2; key2=value3
+```
+
+In some situations SELinux relabelling breaks (times out) on large filesystems, and doesn't work with cephfs ReadWriteMany volumes (last relabel wins).
+Disable it here if you have similar issues.
+For more details see https://github.com/rook/rook/issues/2417
+```
+enableSelinuxRelabeling: true
+```
+
+Writing to the hostPath is required for the Ceph mon and osd pods. Given the restricted permissions in OpenShift with SELinux,
+the pod must be running privileged in order to write to the hostPath volume, this must be set to true then.
+```
+hostpathRequiresPrivileged: false
+```
+
+Disable automatic orchestration when new devices are discovered.
+```
+disableDeviceHotplug: false
+```
+
+Blacklist certain disks according to the regex provided.
+```
+discoverDaemonUdev:
+```

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/helmrelease.yaml

@@ -0,0 +1,38 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
+kind: HelmRelease
+metadata:
+  name: rook-operator
+  labels:
+    chart_group: starlingx-rook-charts
+spec:
+  releaseName: rook-operator
+  chart:
+    spec:
+      chart: rook-operator
+      version: 0.1.0
+      sourceRef:
+        kind: HelmRepository
+        name: stx-platform
+  interval: 5m
+  timeout: 30m
+  test:
+    enable: false
+  install:
+    disableHooks: false
+  upgrade:
+    disableHooks: false
+  uninstall:
+    disableHooks: true
+  valuesFrom:
+    - kind: Secret
+      name: rook-operator-static-overrides
+      valuesKey: rook-operator-static-overrides.yaml
+    - kind: Secret
+      name: rook-operator-system-overrides
+      valuesKey: rook-operator-system-overrides.yaml

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/kustomization.yaml

@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+namespace: kube-system
+resources:
+  - helmrelease.yaml
+secretGenerator:
+  - name: rook-operator-static-overrides
+    files:
+      - rook-operator-static-overrides.yaml
+  - name: rook-operator-system-overrides
+    files:
+      - rook-operator-system-overrides.yaml
+generatorOptions:
+  disableNameSuffixHash: true

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/rook-operator-static-overrides.yaml

@@ -0,0 +1,91 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+operator:
+  image:
+    prefix: rook
+    repository: rook/ceph
+    tag: v1.9.6
+    pullPolicy: IfNotPresent
+  resources:
+    limits:
+      cpu: 500m
+      memory: 256Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+  # Tolerations for the rook-ceph-operator to allow it to run on nodes with particular taints
+  tolerations: []
+  # Delay to use in node.kubernetes.io/unreachable toleration
+  unreachableNodeTolerationSeconds: 5
+  # Whether rook watches its current namespace for CRDs or the entire cluster, defaults to false
+  currentNamespaceOnly: false
+  # Interval at which to get the ceph status and update the cluster custom resource status
+  cephStatusCheckInterval: "60s"
+  mon:
+    healthCheckInterval: "45s"
+    monOutTimeout: "600s"
+  ## Annotations to be added to pod
+  annotations: {}
+  ## LogLevel can be set to: TRACE, DEBUG, INFO, NOTICE, WARNING, ERROR or CRITICAL
+  logLevel: INFO
+  ## If true, create & use RBAC resources
+  rbacEnable: true
+  ## If true, create & use PSP resources
+  pspEnable: false
+  ## Settings for whether to disable the drivers or other daemons if they are not needed
+  csi:
+    enableRbdDriver: true
+    enableCephfsDriver: true
+    enableGrpcMetrics: true
+    enableSnapshotter: true
+
+    # Enable Ceph Kernel clients on kernel < 4.17. If your kernel does not support quotas for CephFS
+    # you may want to disable this setting. However, this will cause an issue during upgrades
+    # with the FUSE client. See the upgrade guide: https://rook.io/docs/rook/v1.2/ceph-upgrade.html
+    forceCephFSKernelClient: true
+
+    kubeletDirPath: /var/lib/kubelet
+    cephcsi:
+      image: quay.io/cephcsi/cephcsi:v3.6.2
+    registrar:
+      image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.4.0
+    provisioner:
+      image: gcr.io/k8s-staging-sig-storage/csi-provisioner:v3.1.0
+    snapshotter:
+      image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.0
+    attacher:
+      image: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0
+    resizer:
+      image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0
+  enableFlexDriver: false
+  enableDiscoveryDaemon: true
+
+  # In some situations SELinux relabelling breaks (times out) on large filesystems, and doesn't work with cephfs ReadWriteMany volumes (last relabel wins).
+  # Disable it here if you have similar issues.
+  # For more details see https://github.com/rook/rook/issues/2417
+  enableSelinuxRelabeling: true
+  # Writing to the hostPath is required for the Ceph mon and osd pods. Given the restricted permissions in OpenShift with SELinux,
+  # the pod must be running privileged in order to write to the hostPath volume, this must be set to true then.
+  hostpathRequiresPrivileged: false
+  # Disable automatic orchestration when new devices are discovered.
+  disableDeviceHotplug: false
+  # Blacklist certain disks according to the regex provided.
+  discoverDaemonUdev:
+
+# imagePullSecrets option allow to pull docker images from private docker registry. Option will be passed to all service accounts.
+imagePullSecrets:
+- name: default-registry-key
+
+saInit:
+  name: sa-init
+  images:
+    tags:
+      sa_init_provisioner: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20220802
+
+cleanup:
+  enable: true
+  cluster_cleanup: ceph-cluster

stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/rook-operator-system-overrides.yaml

@@ -0,0 +1,6 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+