kubespray 2.24 추가
This commit is contained in:
변정훈
@@ -0,0 +1,17 @@
|
||||
---
|
||||
rbd_provisioner_namespace: "rbd-provisioner"
|
||||
rbd_provisioner_replicas: 2
|
||||
rbd_provisioner_monitors: ~
|
||||
rbd_provisioner_pool: kube
|
||||
rbd_provisioner_admin_id: admin
|
||||
rbd_provisioner_secret_name: ceph-secret-admin
|
||||
rbd_provisioner_secret: ceph-key-admin
|
||||
rbd_provisioner_user_id: kube
|
||||
rbd_provisioner_user_secret_name: ceph-secret-user
|
||||
rbd_provisioner_user_secret: ceph-key-user
|
||||
rbd_provisioner_user_secret_namespace: rbd-provisioner
|
||||
rbd_provisioner_fs_type: ext4
|
||||
rbd_provisioner_image_format: "2"
|
||||
rbd_provisioner_image_features: layering
|
||||
rbd_provisioner_storage_class: rbd
|
||||
rbd_provisioner_reclaim_policy: Delete
|
||||
@@ -0,0 +1,71 @@
|
||||
---
|
||||
|
||||
- name: RBD Provisioner | Remove legacy addon dir and manifests
|
||||
file:
|
||||
path: "{{ kube_config_dir }}/addons/rbd_provisioner"
|
||||
state: absent
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
tags:
|
||||
- upgrade
|
||||
|
||||
- name: RBD Provisioner | Remove legacy namespace
|
||||
command: >
|
||||
{{ kubectl }} delete namespace {{ rbd_provisioner_namespace }}
|
||||
ignore_errors: true # noqa ignore-errors
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
tags:
|
||||
- upgrade
|
||||
|
||||
- name: RBD Provisioner | Remove legacy storageclass
|
||||
command: >
|
||||
{{ kubectl }} delete storageclass {{ rbd_provisioner_storage_class }}
|
||||
ignore_errors: true # noqa ignore-errors
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
tags:
|
||||
- upgrade
|
||||
|
||||
- name: RBD Provisioner | Create addon dir
|
||||
file:
|
||||
path: "{{ kube_config_dir }}/addons/rbd_provisioner"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
|
||||
- name: RBD Provisioner | Templates list
|
||||
set_fact:
|
||||
rbd_provisioner_templates:
|
||||
- { name: 00-namespace, file: 00-namespace.yml, type: ns }
|
||||
- { name: secret-rbd-provisioner, file: secret-rbd-provisioner.yml, type: secret }
|
||||
- { name: sa-rbd-provisioner, file: sa-rbd-provisioner.yml, type: sa }
|
||||
- { name: clusterrole-rbd-provisioner, file: clusterrole-rbd-provisioner.yml, type: clusterrole }
|
||||
- { name: clusterrolebinding-rbd-provisioner, file: clusterrolebinding-rbd-provisioner.yml, type: clusterrolebinding }
|
||||
- { name: role-rbd-provisioner, file: role-rbd-provisioner.yml, type: role }
|
||||
- { name: rolebinding-rbd-provisioner, file: rolebinding-rbd-provisioner.yml, type: rolebinding }
|
||||
- { name: deploy-rbd-provisioner, file: deploy-rbd-provisioner.yml, type: deploy }
|
||||
- { name: sc-rbd-provisioner, file: sc-rbd-provisioner.yml, type: sc }
|
||||
|
||||
- name: RBD Provisioner | Create manifests
|
||||
template:
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/addons/rbd_provisioner/{{ item.file }}"
|
||||
mode: 0644
|
||||
with_items: "{{ rbd_provisioner_templates }}"
|
||||
register: rbd_provisioner_manifests
|
||||
when: inventory_hostname == groups['kube_control_plane'][0]
|
||||
|
||||
- name: RBD Provisioner | Apply manifests
|
||||
kube:
|
||||
name: "{{ item.item.name }}"
|
||||
namespace: "{{ rbd_provisioner_namespace }}"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
resource: "{{ item.item.type }}"
|
||||
filename: "{{ kube_config_dir }}/addons/rbd_provisioner/{{ item.item.file }}"
|
||||
state: "latest"
|
||||
with_items: "{{ rbd_provisioner_manifests.results }}"
|
||||
when: inventory_hostname == groups['kube_control_plane'][0]
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ rbd_provisioner_namespace }}
|
||||
labels:
|
||||
name: {{ rbd_provisioner_namespace }}
|
||||
@@ -0,0 +1,26 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: rbd-provisioner
|
||||
namespace: {{ rbd_provisioner_namespace }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumes"]
|
||||
verbs: ["get", "list", "watch", "create", "delete"]
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumeclaims"]
|
||||
verbs: ["get", "list", "watch", "update"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["storageclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["create", "update", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["services"]
|
||||
resourceNames: ["kube-dns","coredns"]
|
||||
verbs: ["list", "get"]
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get", "create", "delete"]
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: rbd-provisioner
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: rbd-provisioner
|
||||
namespace: {{ rbd_provisioner_namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: rbd-provisioner
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
@@ -0,0 +1,40 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: rbd-provisioner
|
||||
namespace: {{ rbd_provisioner_namespace }}
|
||||
labels:
|
||||
app: rbd-provisioner
|
||||
version: {{ rbd_provisioner_image_tag }}
|
||||
spec:
|
||||
replicas: {{ rbd_provisioner_replicas }}
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: rbd-provisioner
|
||||
version: {{ rbd_provisioner_image_tag }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: rbd-provisioner
|
||||
version: {{ rbd_provisioner_image_tag }}
|
||||
spec:
|
||||
priorityClassName: {% if rbd_provisioner_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{ '' }}
|
||||
serviceAccount: rbd-provisioner
|
||||
containers:
|
||||
- name: rbd-provisioner
|
||||
image: {{ rbd_provisioner_image_repo }}:{{ rbd_provisioner_image_tag }}
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
env:
|
||||
- name: PROVISIONER_NAME
|
||||
value: ceph.com/rbd
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
command:
|
||||
- "/usr/local/bin/rbd-provisioner"
|
||||
args:
|
||||
- "-id=${POD_NAME}"
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: rbd-provisioner
|
||||
namespace: {{ rbd_provisioner_namespace }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get"]
|
||||
- apiGroups: [""]
|
||||
resources: ["endpoints"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch"]
|
||||
@@ -0,0 +1,14 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: rbd-provisioner
|
||||
namespace: {{ rbd_provisioner_namespace }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: rbd-provisioner
|
||||
namespace: {{ rbd_provisioner_namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: rbd-provisioner
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: rbd-provisioner
|
||||
namespace: {{ rbd_provisioner_namespace }}
|
||||
@@ -0,0 +1,19 @@
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: {{ rbd_provisioner_storage_class }}
|
||||
provisioner: ceph.com/rbd
|
||||
reclaimPolicy: {{ rbd_provisioner_reclaim_policy }}
|
||||
parameters:
|
||||
monitors: {{ rbd_provisioner_monitors }}
|
||||
adminId: {{ rbd_provisioner_admin_id }}
|
||||
adminSecretNamespace: {{ rbd_provisioner_namespace }}
|
||||
adminSecretName: {{ rbd_provisioner_secret_name }}
|
||||
pool: {{ rbd_provisioner_pool }}
|
||||
userId: {{ rbd_provisioner_user_id }}
|
||||
userSecretNamespace: {{ rbd_provisioner_user_secret_namespace }}
|
||||
userSecretName: {{ rbd_provisioner_user_secret_name }}
|
||||
fsType: "{{ rbd_provisioner_fs_type }}"
|
||||
imageFormat: "{{ rbd_provisioner_image_format }}"
|
||||
imageFeatures: {{ rbd_provisioner_image_features }}
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
kind: Secret
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ rbd_provisioner_secret_name }}
|
||||
namespace: {{ rbd_provisioner_namespace }}
|
||||
type: Opaque
|
||||
data:
|
||||
secret: {{ rbd_provisioner_secret | b64encode }}
|
||||
---
|
||||
kind: Secret
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ rbd_provisioner_user_secret_name }}
|
||||
namespace: {{ rbd_provisioner_user_secret_namespace }}
|
||||
type: Opaque
|
||||
data:
|
||||
key: {{ rbd_provisioner_user_secret | b64encode }}
|
||||
Reference in New Issue
Block a user