877e0cd46f
* As of helm 2.0.0, it no longer seems necessary to copy a "globals.tpl" into each child chart, defines in child charts now seem to be reliably rendered in the parent. This was not working correctly in 2.0.0rc2 and so after a lot of testing, the globals define insertion has been removed from the Makefiles. Also, includes piped to b64encode are working now, meaning we no longer have to do Makefile magic to base64 encode successfully. That has been removed. Once .Files.Get works properly in a child chart context we can remove all Make help. * The openstack-base chart has been renamed to common to better reflect that it is common to everything in aic-helm, even non-openstack projects like ceph. All charts now include it as a requirement. * A first pass at a "cleaner" template directory approach has been applied to rabbitmq as a test chart. This allows files such as _start_rabbit to live in their raw form and organizes files by config vs script in 'etc' or 'bin' directories. If accepted, will apply to all other charts for consistency. |
||
|---|---|---|
| .. | ||
| templates/ceph | ||
| ceph-key.py | ||
| generate_secrets.sh | ||
| README.md | ||
Ceph Kubernetes Secret Generation
This script will generate ceph keyrings and configs as Kubernetes secrets.
Sigil is required for template handling and must be installed in system PATH. Instructions can be found here: https://github.com/gliderlabs/sigil
The following functions are provided:
Generate raw FSID (can be used for other functions)
./generate_secrets.sh fsid
Generate raw ceph.conf (For verification)
./generate_secrets.sh ceph-conf-raw <fsid> "overridekey=value"
Take a look at ceph/ceph.conf.tmpl for the default values
Generate encoded ceph.conf secret
./generate_secrets.sh ceph-conf <fsid> "overridekey=value"
Generate encoded admin keyring secret
./generate_secrets.sh admin-keyring
Generate encoded mon keyring secret
./generate_secrets.sh mon-keyring
Generate a combined secret
Contains ceph.conf, admin keyring and mon keyring. Useful for generating the /etc/ceph directory
./generate_secrets.sh combined-conf
Generate encoded boostrap keyring secret
./generate_secrets.sh bootstrap-keyring <osd|mds|rgw>
Kubernetes workflow
./generator/generate_secrets.sh all `./generate_secrets.sh fsid`
kubectl create secret generic ceph-conf-combined --from-file=ceph.conf --from-file=ceph.client.admin.keyring --from-file=ceph.mon.keyring --namespace=ceph
kubectl create secret generic ceph-bootstrap-rgw-keyring --from-file=ceph.keyring=ceph.rgw.keyring --namespace=ceph
kubectl create secret generic ceph-bootstrap-mds-keyring --from-file=ceph.keyring=ceph.mds.keyring --namespace=ceph
kubectl create secret generic ceph-bootstrap-osd-keyring --from-file=ceph.keyring=ceph.osd.keyring --namespace=ceph
kubectl create secret generic ceph-client-key --from-file=ceph-client-key --namespace=ceph