From 6c8041b15f28181fdf7054ea5ff39af48be2ef66 Mon Sep 17 00:00:00 2001
From: portdirect <pete@port.direct>
Date: Mon, 2 Apr 2018 10:35:30 -0400
Subject: [PATCH] Ceph: Make mon deployment compatible with k8s >= 1.10

This PS updates the ceph chart to work with newer versions of K8s
which always mounts configmaps as read-only.

Change-Id: If96dec4af385ed1ce210f2d4f63e09c89ec82c76
---
 ceph/templates/bin/mon/_start.sh.tpl |  6 ++++--
 ceph/templates/daemonset-mon.yaml    | 10 +++++-----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/ceph/templates/bin/mon/_start.sh.tpl b/ceph/templates/bin/mon/_start.sh.tpl
index 451eeb26e9..24b6ed8e21 100644
--- a/ceph/templates/bin/mon/_start.sh.tpl
+++ b/ceph/templates/bin/mon/_start.sh.tpl
@@ -68,9 +68,11 @@ get_mon_config
 
 # If we don't have a monitor keyring, this is a new monitor
 if [ ! -e "${MON_DATA_DIR}/keyring" ]; then
-  if [ ! -e ${MON_KEYRING} ]; then
-    echo "ERROR- ${MON_KEYRING} must exist.  You can extract it from your current monitor by running 'ceph auth get mon. -o ${MON_KEYRING}' or use a KV Store"
+  if [ ! -e ${MON_KEYRING}.seed ]; then
+    echo "ERROR- ${MON_KEYRING}.seed must exist. You can extract it from your current monitor by running 'ceph auth get mon. -o ${MON_KEYRING}' or use a KV Store"
     exit 1
+  else
+    cp -vf ${MON_KEYRING}.seed ${MON_KEYRING}
   fi
 
   if [ ! -e ${MONMAP} ]; then
diff --git a/ceph/templates/daemonset-mon.yaml b/ceph/templates/daemonset-mon.yaml
index 022052d126..a0354cd4e2 100644
--- a/ceph/templates/daemonset-mon.yaml
+++ b/ceph/templates/daemonset-mon.yaml
@@ -161,21 +161,21 @@ spec:
               subPath: ceph.client.admin.keyring
               readOnly: true
             - name: ceph-mon-keyring
-              mountPath: /etc/ceph/ceph.mon.keyring
+              mountPath: /etc/ceph/ceph.mon.keyring.seed
               subPath: ceph.mon.keyring
-              readOnly: false
+              readOnly: true
             - name: ceph-bootstrap-osd-keyring
               mountPath: /var/lib/ceph/bootstrap-osd/ceph.keyring
               subPath: ceph.keyring
-              readOnly: false
+              readOnly: true
             - name: ceph-bootstrap-mds-keyring
               mountPath: /var/lib/ceph/bootstrap-mds/ceph.keyring
               subPath: ceph.keyring
-              readOnly: false
+              readOnly: true
             - name: ceph-bootstrap-rgw-keyring
               mountPath: /var/lib/ceph/bootstrap-rgw/ceph.keyring
               subPath: ceph.keyring
-              readOnly: false
+              readOnly: true
             - name: pod-var-lib-ceph
               mountPath: /var/lib/ceph
               readOnly: false