forked from hswaw/hscloud
Sergiusz Bazanski
d436de2010
This bumps Rook/Ceph. The new resources (mostly RBAC) come from following https://rook.io/docs/rook/v1.1/ceph-upgrade.html . It's already deployed on production. The new CSI driver has not been tested, but the old flexvolume-based provisioners still work. We'll migrate when Rook offers a nice solution for this. We've hit a kubecfg bug that does not allow controlling the CephCluster CRD directly anymore (I had to apply it via kubecfg show / kubectl apply -f instead). This might be due to our bazel/prod k8s version mismatch, or it might be related to https://github.com/bitnami/kubecfg/issues/259. Change-Id: Icd69974b294b823e60b8619a656d4834bd6520fd
99 lines
2.8 KiB
Text
99 lines
2.8 KiB
Text
// Local extensions to kube.upstream.libsonnet.
|
|
|
|
local kube = import "kube.upstream.libsonnet";
|
|
|
|
kube {
|
|
ClusterIssuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "ClusterIssuer", name) {
|
|
spec: error "spec must be defined",
|
|
},
|
|
Issuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "Issuer", name) {
|
|
spec: error "spec must be defined",
|
|
},
|
|
Certificate(name): kube._Object("certmanager.k8s.io/v1alpha1", "Certificate", name) {
|
|
spec: error "spec must be defined",
|
|
},
|
|
|
|
CephObjectStoreUser(name): kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", name) {
|
|
local user = self,
|
|
spec: error "spec must be defined",
|
|
|
|
// Name of the secret that contains the login data for this user.
|
|
// This secret is created in the same namespace as the ceph cluster, so
|
|
// unfortunately you can't really refer to it directly.
|
|
// We should write some automation to copy these secrets over in a
|
|
// secure way.
|
|
secret_name:: "rook-ceph-object-user-%s-%s" % [user.spec.store, user.spec.displayName],
|
|
},
|
|
|
|
// Make OpenAPI v3 schema specification less painful.
|
|
OpenAPI:: {
|
|
Validation(obj):: {
|
|
openAPIV3Schema: obj.render,
|
|
},
|
|
|
|
Dict:: {
|
|
local dict = self,
|
|
required:: false,
|
|
|
|
local requiredList = [
|
|
k for k in std.filter(function(k) dict[k].required, std.objectFields(dict))
|
|
],
|
|
|
|
render:: {
|
|
properties: {
|
|
[k]: dict[k].render
|
|
for k in std.objectFields(dict)
|
|
},
|
|
} + (if std.length(requiredList) > 0 then {
|
|
required: requiredList,
|
|
} else {}),
|
|
},
|
|
|
|
Array(items):: {
|
|
required:: false,
|
|
render:: {
|
|
type: "array",
|
|
items: items.render,
|
|
},
|
|
},
|
|
|
|
Integer:: {
|
|
local integer = self,
|
|
required:: false,
|
|
render:: {
|
|
type: "integer",
|
|
} + (if integer.minimum != null then {
|
|
minimum: integer.minimum,
|
|
} else {}) + (if integer.maximum != null then {
|
|
maximum: integer.maximum,
|
|
} else {}),
|
|
|
|
minimum:: null,
|
|
maximum:: null,
|
|
},
|
|
|
|
String:: {
|
|
local string = self,
|
|
required:: false,
|
|
render:: {
|
|
type: "string",
|
|
} + (if string.pattern != null then {
|
|
pattern: string.pattern,
|
|
} else {}),
|
|
|
|
pattern:: null,
|
|
},
|
|
|
|
Boolean:: {
|
|
required:: false,
|
|
render:: {
|
|
type: "boolean",
|
|
},
|
|
},
|
|
|
|
Any:: {
|
|
required:: false,
|
|
render:: {},
|
|
},
|
|
},
|
|
}
|