cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity

cluster/kube: finish rook operator

master
q3k 2019-04-01 19:16:18 +02:00
parent b7fcc67f42
commit cdfafaf91e
1 changed files with 154 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
cluster/kube/lib/rook.libsonnet
View File

@ -143,5 +143,159 @@ local kube = import "../../../kube/kube.libsonnet";
},
},
sa: kube.ServiceAccount("rook-ceph-system") {
metadata+: env.metadata,
},
crs: {
clusterMgmt: kube.ClusterRole("rook-ceph-cluster-mgmt") {
metadata+: env.metadata {
namespace:: null,
},
rules: [
{
apiGroups: [""],
resources: ["secrets", "pods", "pods/log", "services", "configmaps"],
verbs: ["get", "list", "watch", "patch", "create", "update", "delete"],
},
{
apiGroups: ["apps"],
resources: ["deployments", "daemonsets", "replicasets"],
verbs: ["get", "list", "watch", "create", "update", "delete"],
},
],
},
global: kube.ClusterRole("rook-ceph-global") {
metadata+: env.metadata {
namespace:: null,
},
rules: [
{
apiGroups: [""],
resources: ["pods", "nodes", "nodes/proxy"],
verbs: ["get", "list", "watch"],
},
{
apiGroups: [""],
resources: ["events", "persistentvolumes", "persistentvolumeclaims", "endpoints"],
verbs: ["get", "list", "watch", "patch", "create", "update", "delete"],
},
{
apiGroups: ["storage.k8s.io"],
resources: ["storageclasses"],
verbs: ["get", "list", "watch", "create", "update", "delete"],
},
{
apiGroups: ["ceph.rook.io"],
resources: ["*"],
verbs: ["*"],
},
{
apiGroups: ["rook.io"],
resources: ["*"],
verbs: ["*"],
},
],
},
mgrCluster: kube.ClusterRole("rook-ceph-mgr-cluster") {
metadata+: env.metadata {
namespace:: null,
},
rules: [
{
apiGroups: [""],
resources: ["configmaps", "nodes", "nodes/proxy"],
verbs: ["get", "list", "watch"],
},
]
},
},
crb: kube.ClusterRoleBinding("ceph-rook-global") {
metadata+: env.metadata,
roleRef: {
apiGroup: "rbac.authorization.k8s.io",
kind: "ClusterRole",
name: env.crs.global.metadata.name,
},
subjects: [
{
kind: "ServiceAccount",
name: env.sa.metadata.name,
namespace: env.sa.metadata.namespace,
},
],
},
role: kube.Role("ceph-rook-system") {
metadata+: env.metadata,
rules: [
{
apiGroups: [""],
resources: ["pods", "configmaps"],
verbs: ["get", "list", "watch", "patch", "create", "update", "delete"],
},
{
apiGroups: ["apps"],
resources: ["daemonsets"],
verbs: ["get", "list", "watch", "create", "update", "delete"],
},
],
},
rb: kube.RoleBinding("ceph-rook-system") {
metadata+: env.metadata,
roleRef: {
apiGroup: "rbac.authorization.k8s.io",
kind: "Role",
name: env.role.metadata.name,
},
subjects: [
{
kind: "ServiceAccount",
name: env.sa.metadata.name,
namespace: env.sa.metadata.namespace,
},
],
},
operator: kube.Deployment("rook-ceph-operator") {
metadata+: env.metadata,
spec+: {
template+: {
spec+: {
serviceAccountName: env.sa.metadata.name,
containers_: {
operator: kube.Container("rook-ceph-operator") {
image: cfg.image,
args: ["ceph", "operator"],
volumeMounts_: {
"rook-config": { mountPath: "/var/lib/rook" },
"default-config-dir": { mountPath: "/etc/ceph" },
},
env_: {
LIB_MODULES_DIR_PATH: "/run/current-system/kernel-modules/lib/modules/",
ROOK_ALLOW_MULTIPLE_FILESYSTEMS: "false",
ROOK_LOG_LEVEL: "info",
ROOK_MON_HEALTHCHECK_INTERVAL: "45s",
ROOK_MON_OUT_TIMEOUT: "600s",
ROOK_DISCOVER_DEVICES_INTERVAL: "60m",
ROOK_HOSTPATH_REQUIRES_PRIVILEGED: "false",
ROOK_ENABLE_SELINUX_RELABELING: "true",
ROOK_ENABLE_FSGROUP: "true",
NODE_NAME: kube.FieldRef("spec.nodeName"),
POD_NAME: kube.FieldRef("metadata.name"),
POD_NAMESPACE: kube.FieldRef("metadata.namespace"),
},
},
},
volumes_: {
"rook-config": { emptyDir: {} },
"default-config-dir": { emptyDir: {} },
},
},
},
},
},
},
}