hswaw
/
hscloud
mirror of https://gerrit.hackerspace.pl/hscloud
4
0
Fork 2
Code Actions

cluster/kube: ceph-waw1 up

changes/03/3/1
q3k 2019-04-02 00:06:13 +02:00
parent cdfafaf91e
commit c6da127d3f
2 changed files with 204 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
cluster/kube/cluster.jsonnet
View File

@ -61,8 +61,43 @@ local Cluster(fqdn) = {
},
// Main nginx Ingress Controller
nginx: nginx.Environment {},
// Rook Ceph storage
rook: rook.Environment {},
rook: rook.Operator {},
// waw1 ceph cluster
cephWaw1: rook.Cluster(cluster.rook, "ceph-waw1") {
spec: {
mon: {
count: 3,
allowMultiplePerNode: false,
},
storage: {
useAllNodes: false,
useAllDevices: false,
config: {
databaseSizeMB: "1024",
journalSizeMB: "1024",
},
nodes: [
{
name: "bc01n01.hswaw.net",
location: "rack=dcr01 chassis=bc01 host=bc01n01",
devices: [ { name: "sda" } ],
},
{
name: "bc01n02.hswaw.net",
location: "rack=dcr01 chassis=bc01 host=bc01n02",
devices: [ { name: "sda" } ],
},
{
name: "bc01n03.hswaw.net",
location: "rack=dcr01 chassis=bc01 host=bc01n03",
devices: [ { name: "sda" } ],
},
],
},
},
},
};

180
cluster/kube/lib/rook.libsonnet
View File

@ -3,7 +3,7 @@
local kube = import "../../../kube/kube.libsonnet";
{
Environment: {
Operator: {
local env = self,
local cfg = env.cfg,
cfg:: {
@ -127,6 +127,7 @@ local kube = import "../../../kube/kube.libsonnet";
cephnfses: kube.CustomResourceDefinition("ceph.rook.io", "v1", "CephNFS") {
spec+: {
names+: {
plural: "cephnfses",
shortNames: ["nfs"],
},
},
@ -149,9 +150,7 @@ local kube = import "../../../kube/kube.libsonnet";
crs: {
clusterMgmt: kube.ClusterRole("rook-ceph-cluster-mgmt") {
metadata+: env.metadata {
namespace:: null,
},
metadata+: env.metadata { namespace:: null },
rules: [
{
apiGroups: [""],
@ -166,9 +165,7 @@ local kube = import "../../../kube/kube.libsonnet";
],
},
global: kube.ClusterRole("rook-ceph-global") {
metadata+: env.metadata {
namespace:: null,
},
metadata+: env.metadata { namespace:: null },
rules: [
{
apiGroups: [""],
@ -185,6 +182,11 @@ local kube = import "../../../kube/kube.libsonnet";
resources: ["storageclasses"],
verbs: ["get", "list", "watch", "create", "update", "delete"],
},
{
apiGroups: ["batch"],
resources: ["jobs"],
verbs: ["get", "list", "watch", "create", "update", "delete"],
},
{
apiGroups: ["ceph.rook.io"],
resources: ["*"],
@ -198,9 +200,7 @@ local kube = import "../../../kube/kube.libsonnet";
],
},
mgrCluster: kube.ClusterRole("rook-ceph-mgr-cluster") {
metadata+: env.metadata {
namespace:: null,
},
metadata+: env.metadata { namespace:: null },
rules: [
{
apiGroups: [""],
@ -212,7 +212,7 @@ local kube = import "../../../kube/kube.libsonnet";
},
crb: kube.ClusterRoleBinding("ceph-rook-global") {
metadata+: env.metadata,
metadata+: env.metadata { namespace:: null },
roleRef: {
apiGroup: "rbac.authorization.k8s.io",
kind: "ClusterRole",
@ -276,7 +276,7 @@ local kube = import "../../../kube/kube.libsonnet";
env_: {
LIB_MODULES_DIR_PATH: "/run/current-system/kernel-modules/lib/modules/",
ROOK_ALLOW_MULTIPLE_FILESYSTEMS: "false",
ROOK_LOG_LEVEL: "info",
ROOK_LOG_LEVEL: "DEBUG",
ROOK_MON_HEALTHCHECK_INTERVAL: "45s",
ROOK_MON_OUT_TIMEOUT: "600s",
ROOK_DISCOVER_DEVICES_INTERVAL: "60m",
@ -298,4 +298,160 @@ local kube = import "../../../kube/kube.libsonnet";
},
},
},
// Create a new Ceph cluster in a new namespace.
Cluster(operator, name):: {
local cluster = self,
spec:: error "please define cluster spec",
metadata:: {
namespace: name,
},
name(suffix):: cluster.metadata.namespace + "-" + suffix,
namespace: kube.Namespace(cluster.metadata.namespace),
sa: {
// service accounts need to be hardcoded, see operator source.
osd: kube.ServiceAccount("rook-ceph-osd") {
metadata+: cluster.metadata,
},
mgr: kube.ServiceAccount("rook-ceph-mgr") {
metadata+: cluster.metadata,
},
},
roles: {
osd: kube.Role(cluster.name("osd")) {
metadata+: cluster.metadata,
rules: [
{
apiGroups: [""],
resources: ["configmaps"],
verbs: ["get", "list", "watch", "create", "update", "delete"],
}
],
},
mgr: kube.Role(cluster.name("mgr")) {
metadata+: cluster.metadata,
rules: [
{
apiGroups: [""],
resources: ["pods", "services"],
verbs: ["get", "list", "watch"],
},
{
apiGroups: ["batch"],
resources: ["jobs"],
verbs: ["get", "list", "watch", "create", "update", "delete"],
},
{
apiGroups: ["ceph.rook.io"],
resources: ["*"],
verbs: ["*"],
},
],
},
mgrSystem: kube.ClusterRole(cluster.name("mgr-system")) {
metadata+: cluster.metadata { namespace:: null },
rules: [
{
apiGroups: [""],
resources: ["configmaps"],
verbs: ["get", "list", "watch"],
}
],
},
},
rbs: [
kube.RoleBinding(cluster.name(el.name)) {
metadata+: cluster.metadata,
roleRef: {
apiGroup: "rbac.authorization.k8s.io",
kind: el.role.kind,
name: el.role.metadata.name,
},
subjects: [
{
kind: el.sa.kind,
name: el.sa.metadata.name,
namespace: el.sa.metadata.namespace,
},
],
},
for el in [
// Allow Operator SA to perform Cluster Mgmt in this namespace.
{ name: "cluster-mgmt", role: operator.crs.clusterMgmt, sa: operator.sa },
{ name: "osd", role: cluster.roles.osd, sa: cluster.sa.osd },
{ name: "mgr", role: cluster.roles.mgr, sa: cluster.sa.mgr },
{ name: "mgr-cluster", role: operator.crs.mgrCluster, sa: cluster.sa.mgr },
]
],
mgrSystemRB: kube.RoleBinding(cluster.name("mgr-system")) {
metadata+: {
namespace: operator.cfg.namespace,
},
roleRef: {
apiGroup: "rbac.authorization.k8s.io",
kind: cluster.roles.mgrSystem.kind,
name: cluster.roles.mgrSystem.metadata.name,
},
subjects: [
{
kind: cluster.sa.mgr.kind,
name: cluster.sa.mgr.metadata.name,
namespace: cluster.sa.mgr.metadata.namespace,
},
],
},
cluster: kube._Object("ceph.rook.io/v1", "CephCluster", name) {
metadata+: cluster.metadata,
spec: {
cephVersion: {
image: "ceph/ceph:v13.2.5-20190319",
},
dataDirHostPath: "/var/lib/rook",
dashboard: {
ssl: false,
enabled: true,
port: 8080,
},
} + cluster.spec,
},
dashboardService: kube.Service(cluster.name("dashboard")) {
metadata+: cluster.metadata,
spec: {
ports: [
{ name: "dashboard", port: 80, targetPort: 8080, protocol: "TCP" },
],
selector: {
app: "rook-ceph-mgr",
rook_cluster: name,
},
type: "ClusterIP",
},
},
dashboardIngress: kube.Ingress(cluster.name("dashboard")) {
metadata+: cluster.metadata,
spec+: {
rules: [
{
host: "%s.hswaw.net" % name,
http: {
paths: [
{ path: "/", backend: cluster.dashboardService.name_port },
]
},
}
],
},
},
},
}