diff --git a/python-k8sapp-rook/debian/deb_folder/changelog b/python-k8sapp-rook/debian/deb_folder/changelog new file mode 100644 index 0000000..b43e7b6 --- /dev/null +++ b/python-k8sapp-rook/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +python3-k8sapp-rook (1.0-1) unstable; urgency=medium + + * Initial release. + + -- Tracey Bogue Wed, 27 Oct 2021 11:25:42 +0000 diff --git a/python-k8sapp-rook/debian/deb_folder/control b/python-k8sapp-rook/debian/deb_folder/control new file mode 100644 index 0000000..acd4394 --- /dev/null +++ b/python-k8sapp-rook/debian/deb_folder/control @@ -0,0 +1,28 @@ +Source: python3-k8sapp-rook +Section: libs +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), + dh-python, + python3-all, + python3-pbr, + python3-setuptools, + python3-wheel +Standards-Version: 4.5.1 +Homepage: https://www.starlingx.io + +Package: python3-k8sapp-rook +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${python3:Depends} +Description: StarlingX Sysinv Rook Ceph Extensions + This package contains sysinv plugins for the Rook Ceph armada + K8S app. + +Package: python3-k8sapp-rook-wheels +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${python3:Depends}, python3-wheel +Description: StarlingX Sysinv Rook Ceph Extension Wheels + This package contains python wheels for the Rook Ceph platform armada + K8S app plugins. diff --git a/python-k8sapp-rook/debian/deb_folder/copyright b/python-k8sapp-rook/debian/deb_folder/copyright new file mode 100644 index 0000000..5228cab --- /dev/null +++ b/python-k8sapp-rook/debian/deb_folder/copyright @@ -0,0 +1,41 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: python3-k8sapp-rook +Source: https://opendev.org/starlingx/rook-ceph/ + +Files: * +Copyright: (c) 2013-2021 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2021 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/python-k8sapp-rook/debian/deb_folder/python3-k8sapp-rook-wheels.install b/python-k8sapp-rook/debian/deb_folder/python3-k8sapp-rook-wheels.install new file mode 100644 index 0000000..e07bd60 --- /dev/null +++ b/python-k8sapp-rook/debian/deb_folder/python3-k8sapp-rook-wheels.install @@ -0,0 +1 @@ +plugins/rook-ceph-apps/*.whl diff --git a/python-k8sapp-rook/debian/deb_folder/python3-k8sapp-rook.install b/python-k8sapp-rook/debian/deb_folder/python3-k8sapp-rook.install new file mode 100644 index 0000000..8e722f6 --- /dev/null +++ b/python-k8sapp-rook/debian/deb_folder/python3-k8sapp-rook.install @@ -0,0 +1,2 @@ +usr/lib/python3/dist-packages/k8sapp_rook-1.0.0.egg-info/* +usr/lib/python3/dist-packages/k8sapp_rook/* diff --git a/python-k8sapp-rook/debian/deb_folder/rules b/python-k8sapp-rook/debian/deb_folder/rules new file mode 100755 index 0000000..62180fd --- /dev/null +++ b/python-k8sapp-rook/debian/deb_folder/rules @@ -0,0 +1,26 @@ +#!/usr/bin/make -f +# export DH_VERBOSE = 1 + +export APP_NAME=rook-ceph-apps +export PBR_VERSION=1.0.0 +export PYBUILD_NAME=k8sapp-rook +export SKIP_PIP_INSTALL=1 +export ROOT=debian/tmp + +%: + dh $@ --with=python3 --buildsystem=pybuild + +override_dh_auto_install: + python3 setup.py install --install-layout=deb --root $(ROOT) + python3 setup.py bdist_wheel \ + --universal \ + -d $(ROOT)/plugins/$(APP_NAME) + +override_dh_python3: + dh_python3 --shebang=/usr/bin/python3 + +ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS))) +override_dh_auto_test: + # (tbogue) FIXME + PYTHONDIR=$(CURDIR) stestr run || true +endif diff --git a/python-k8sapp-rook/debian/deb_folder/source/format b/python-k8sapp-rook/debian/deb_folder/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/python-k8sapp-rook/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/python-k8sapp-rook/debian/meta_data.yaml b/python-k8sapp-rook/debian/meta_data.yaml new file mode 100644 index 0000000..3b0c0df --- /dev/null +++ b/python-k8sapp-rook/debian/meta_data.yaml @@ -0,0 +1,7 @@ +--- +debname: python3-k8sapp-rook +debver: 1.0-1 +src_path: k8sapp_rook +revision: + dist: $STX_DIST + PKG_GITREVCOUNT: true diff --git a/python-k8sapp-rook/k8sapp_rook/k8sapp_rook/armada/__init__.py b/python-k8sapp-rook/k8sapp_rook/k8sapp_rook/armada/__init__.py deleted file mode 100644 index 9d45f6c..0000000 --- a/python-k8sapp-rook/k8sapp_rook/k8sapp_rook/armada/__init__.py +++ /dev/null @@ -1,19 +0,0 @@ -# -# Copyright (c) 2020 Intel Corporation, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -import yaml - - -class quoted_str(str): - pass - - -# force strings to be single-quoted to avoid interpretation as numeric values -def quoted_presenter(dumper, data): - return dumper.represent_scalar(u'tag:yaml.org,2002:str', data, style="'") - - -yaml.add_representer(quoted_str, quoted_presenter) diff --git a/python-k8sapp-rook/k8sapp_rook/k8sapp_rook/armada/manifest_rook_ceph.py b/python-k8sapp-rook/k8sapp_rook/k8sapp_rook/armada/manifest_rook_ceph.py deleted file mode 100644 index a2a4ee0..0000000 --- a/python-k8sapp-rook/k8sapp_rook/k8sapp_rook/armada/manifest_rook_ceph.py +++ /dev/null @@ -1,36 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 -# -# Copyright (c) 2020 Intel Corporation, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# All Rights Reserved. -# - -""" System inventory Armada manifest operator.""" - -from k8sapp_rook.helm.rook_ceph import RookCephHelm -from k8sapp_rook.helm.rook_ceph_provisioner import RookCephProvisionerHelm -from k8sapp_rook.helm.rook_operator import RookOperatorHelm - -from sysinv.common import constants -from sysinv.helm import manifest_generic as generic - - -class RookCephArmadaManifestOperator(generic.GenericArmadaManifestOperator): - - APP = constants.HELM_APP_ROOK_CEPH - ARMADA_MANIFEST = 'rook-ceph-manifest' - - CHART_GROUP_ROOK = 'starlingx-rook-charts' - CHART_GROUPS_LUT = { - RookOperatorHelm.CHART: CHART_GROUP_ROOK, - RookCephHelm.CHART: CHART_GROUP_ROOK, - RookCephProvisionerHelm: CHART_GROUP_ROOK, - } - - CHARTS_LUT = { - RookOperatorHelm.CHART: 'kube-system-rook-operator', - RookCephHelm.CHART: 'kube-system-rook-ceph', - RookCephProvisionerHelm.CHART: 'kube-system-rook-ceph-provisioner', - } diff --git a/python-k8sapp-rook/k8sapp_rook/tox.ini b/python-k8sapp-rook/k8sapp_rook/tox.ini index c5136dc..adac05c 100644 --- a/python-k8sapp-rook/k8sapp_rook/tox.ini +++ b/python-k8sapp-rook/k8sapp_rook/tox.ini @@ -41,6 +41,7 @@ setenv = VIRTUAL_ENV={envdir} TOX_WORK_DIR={toxworkdir} PYLINTHOME={toxworkdir} +# for debian the path to cgcs-patch is incorrect deps = -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt -e{[tox]stxdir}/config/sysinv/sysinv/sysinv diff --git a/stx-rook-ceph/centos/build_srpm.data b/stx-rook-ceph/centos/build_srpm.data index 205d704..2fe1716 100644 --- a/stx-rook-ceph/centos/build_srpm.data +++ b/stx-rook-ceph/centos/build_srpm.data @@ -1,5 +1,5 @@ SRC_DIR="stx-rook-ceph" -COPY_LIST="files/*" +COPY_LIST="files/* $PKG_BASE/$SRC_DIR/fluxcd-manifests/*" EXCLUDE_LIST_FROM_TAR=".stestr" diff --git a/stx-rook-ceph/centos/stx-rook-ceph.spec b/stx-rook-ceph/centos/stx-rook-ceph.spec index 70bb799..b831d7c 100644 --- a/stx-rook-ceph/centos/stx-rook-ceph.spec +++ b/stx-rook-ceph/centos/stx-rook-ceph.spec @@ -8,7 +8,7 @@ # Build variables %global helm_folder /usr/lib/helm #%global toolkit_version 0.1.0 -%global rook_version 1.2.7 +%global rook_version 1.9.6 Summary: StarlingX K8S application: Rook Ceph Name: stx-rook-ceph @@ -33,6 +33,14 @@ BuildRequires: python-k8sapp-rook-wheels %description The StarlingX K8S application for Rook Ceph +%package fluxcd +Summary: StarlingX K8s application for Rook Ceph FluxCD +Group: base +License: Apache-2.0 + +%description fluxcd +StarlingX K8s application for Rook Ceph FluxCD + %prep %setup @@ -54,7 +62,8 @@ kill %1 # Create a chart tarball compliant with sysinv kube-app.py %define app_staging %{_builddir}/staging -%define app_tarball %{app_name}-%{version}-%{tis_patch_ver}.tgz +%define app_tarball_armada %{app_name}-%{version}-%{tis_patch_ver}.tgz +%define app_tarball_fluxcd %{app_name}-fluxcd-%{version}-%{tis_patch_ver}.tgz # Setup staging mkdir -p %{app_staging} @@ -73,9 +82,21 @@ sed -i 's/@HELM_REPO@/%{helm_repo}/g' %{app_staging}/metadata.yaml mkdir -p %{app_staging}/plugins cp /plugins/%{app_name}/*.whl %{app_staging}/plugins -# package it up +# package Armada find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 -tar -zcf %{_builddir}/%{app_tarball} -C %{app_staging}/ . +tar -zcf %{_builddir}/%{app_tarball_armada} -C %{app_staging}/ . + +# package FluxCD +rm -f %{app_staging}/manifest.yaml + +cd - +cp -R fluxcd-manifests %{app_staging}/ +cd %{app_staging} + +find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 +tar -zcf %{_builddir}/%{app_tarball_fluxcd} -C %{app_staging}/ . + +cd - # Cleanup staging rm -fr %{app_staging} @@ -83,10 +104,16 @@ rm -fr %{app_staging} %install install -d -m 755 %{buildroot}/%{app_folder} install -d -m 755 %{buildroot}%{_initrddir} -install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder} +install -p -D -m 755 %{_builddir}/%{app_tarball_armada} %{buildroot}/%{app_folder} install -m 750 %{SOURCE1} %{buildroot}%{_initrddir}/rook-mon-exit +install -p -D -m 755 %{_builddir}/%{app_tarball_fluxcd} %{buildroot}/%{app_folder} + %files %defattr(-,root,root,-) -%{app_folder}/* +%{app_folder}/%{app_tarball_armada} %{_initrddir}/rook-mon-exit + +%files fluxcd +%defattr(-,root,root,-) +%{app_folder}/%{app_tarball_fluxcd} diff --git a/stx-rook-ceph/debian/deb_folder/rules b/stx-rook-ceph/debian/deb_folder/rules old mode 100755 new mode 100644 index 06526cc..14f7f86 --- a/stx-rook-ceph/debian/deb_folder/rules +++ b/stx-rook-ceph/debian/deb_folder/rules @@ -11,16 +11,19 @@ export MINOR_PATCH = $(shell echo $(DEB_VERSION) | cut -f 2 -d '.') export APP_NAME = rook-ceph-apps export APP_VERSION = $(MAJOR).$(MINOR_PATCH) -export APP_TARBALL = $(APP_NAME)-$(APP_VERSION).tgz +export APP_TARBALL_FLUXCD = $(APP_NAME)-fluxcd-$(APP_VERSION).tgz export HELM_REPO = stx-platform -export STAGING = staging +export STAGING_FLUXCD = staging-fluxcd %: dh $@ override_dh_auto_build: + ############ + # COMMON # + ############ # Host a server for the helm charts. chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="./helm-charts" & sleep 2 @@ -35,35 +38,39 @@ override_dh_auto_build: # Terminate the helm chart server. pkill chartmuseum + + ############ + # FLUXCD # + ############ # Setup staging - mkdir -p $(STAGING) - cp files/metadata.yaml $(STAGING) - cp manifests/manifest.yaml $(STAGING) - mkdir -p $(STAGING)/charts - cp helm-charts/*.tgz $(STAGING)/charts - cd $(STAGING) + mkdir -p $(STAGING_FLUXCD) + cp files/metadata.yaml $(STAGING_FLUXCD) + cp -Rv fluxcd-manifests $(STAGING_FLUXCD) + mkdir -p $(STAGING_FLUXCD)/charts + cp helm-charts/*.tgz $(STAGING_FLUXCD)/charts # Populate metadata - sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING)/metadata.yaml - sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING)/metadata.yaml - sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING)/metadata.yaml + sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING_FLUXCD)/metadata.yaml + sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING_FLUXCD)/metadata.yaml + sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING_FLUXCD)/metadata.yaml # Copy the plugins: installed in the buildroot - mkdir -p $(STAGING)/plugins - cp /plugins/$(APP_NAME)/*.whl $(STAGING)/plugins + mkdir -p $(STAGING_FLUXCD)/plugins + cp /plugins/$(APP_NAME)/*.whl $(STAGING_FLUXCD)/plugins # Package it up + cd $(STAGING_FLUXCD) find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 - tar -zcf $(APP_TARBALL) -C $(STAGING)/ . + tar -zcf $(APP_TARBALL_FLUXCD) -C $(STAGING_FLUXCD)/ . # Cleanup staging - rm -fr $(STAGING) + rm -fr $(STAGING_FLUXCD) override_dh_auto_install: # Install the app tar file install -d -m 755 $(APP_FOLDER) install -d -m 755 $(INITRD_DIR) - install -p -D -m 755 $(APP_TARBALL) $(APP_FOLDER) + install -p -D -m 755 $(APP_TARBALL_FLUXCD) $(APP_FOLDER) install -m 750 files/rook-mon-exit.sh $(INITRD_DIR)/rook-mon-exit # Prevents dh_fixperms from changing the permissions defined in this file @@ -72,3 +79,4 @@ override_dh_fixperms: override_dh_usrlocal: echo "do nothing" + diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/helmrepository.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/helmrepository.yaml new file mode 100644 index 0000000..4c4adfe --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/helmrepository.yaml @@ -0,0 +1,13 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: stx-platform +spec: + url: http://192.168.206.1:8080/helm_charts/stx-platform + interval: 60m diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/kustomization.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/kustomization.yaml new file mode 100644 index 0000000..c0f37cd --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/kustomization.yaml @@ -0,0 +1,8 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +resources: + - helmrepository.yaml diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/namespace.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/namespace.yaml new file mode 100644 index 0000000..6726614 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/base/namespace.yaml @@ -0,0 +1,10 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: v1 +kind: Namespace +metadata: + name: kube-system diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/kustomization.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/kustomization.yaml new file mode 100644 index 0000000..fc304f5 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/kustomization.yaml @@ -0,0 +1,14 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - base + - rook-ceph + - rook-operator + - rook-ceph-provisioner diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/helmrelease.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/helmrelease.yaml new file mode 100644 index 0000000..12f5560 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/helmrelease.yaml @@ -0,0 +1,40 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: rook-ceph-provisioner + labels: + chart_group: starlingx-rook-charts +spec: + releaseName: rook-ceph-provisioner + chart: + spec: + chart: rook-ceph-provisioner + version: 0.1.0 + sourceRef: + kind: HelmRepository + name: stx-platform + interval: 5m + timeout: 30m + dependsOn: + - name: rook-ceph + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + uninstall: + disableHooks: true + valuesFrom: + - kind: Secret + name: rook-ceph-provisioner-static-overrides + valuesKey: rook-ceph-provisioner-static-overrides.yaml + - kind: Secret + name: rook-ceph-provisioner-system-overrides + valuesKey: rook-ceph-provisioner-system-overrides.yaml diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/kustomization.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/kustomization.yaml new file mode 100644 index 0000000..10b2e3e --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/kustomization.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +namespace: kube-system +resources: + - helmrelease.yaml +secretGenerator: + - name: rook-ceph-provisioner-static-overrides + files: + - rook-ceph-provisioner-static-overrides.yaml + - name: rook-ceph-provisioner-system-overrides + files: + - rook-ceph-provisioner-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/rook-ceph-provisioner-static-overrides.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/rook-ceph-provisioner-static-overrides.yaml new file mode 100644 index 0000000..5ee30cd --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/rook-ceph-provisioner-static-overrides.yaml @@ -0,0 +1,92 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +global: + configmap_key_init: ceph-key-init-bin + # + provision_storage: true + cephfs_storage: true + job_ceph_mgr_provision: true + job_ceph_mon_audit: false + job_ceph_osd_audit: true + job_host_provision: true + job_cleanup: true + deployment_stx_ceph_manager: true + # Defines whether to generate service account and role bindings. + rbac: true + # Node Selector + nodeSelector: { node-role.kubernetes.io/master: "" } + +# +# RBAC options. +# Defaults should be fine in most cases. +rbac: + clusterRole: rook-ceph-provisioner + clusterRoleBinding: rook-ceph-provisioner + role: rook-ceph-provisioner + roleBinding: rook-ceph-provisioner + serviceAccount: rook-ceph-provisioner + + +images: + tags: + ceph_config_helper: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20220802 + stx_ceph_manager: docker.io/starlingx/stx-ceph-manager:master-centos-stable-latest + k8s_entrypoint: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 + + +provisionStorage: + # Defines the name of the provisioner associated with a set of storage classes + provisioner_name: kube-system.rbd.csi.ceph.com + # Enable this storage class as the system default storage class + defaultStorageClass: rook-ceph + # Configure storage classes. + # Defaults for storage classes. Update this if you have a single Ceph storage cluster. + # No need to add them to each class. + classdefaults: + # Define ip addresses of Ceph Monitors + monitors: 192.168.204.3:6789,192.168.204.4:6789,192.168.204.1:6789 + # Ceph admin account + adminId: admin + # K8 secret name for the admin context + adminSecretName: ceph-secret + # Configure storage classes. + # This section should be tailored to your setup. It allows you to define multiple storage + # classes for the same cluster (e.g. if you have tiers of drives with different speeds). + # If you have multiple Ceph clusters take attributes from classdefaults and add them here. + classes: + name: rook-ceph # Name of storage class. + secret: + # K8 secret name with key for accessing the Ceph pool + userSecretName: ceph-secret-kube + # Ceph user name to access this pool + userId: kube + pool: + pool_name: kube + replication: 1 + crush_rule_name: storage_tier_ruleset + chunk_size: 8 + + +cephfsStorage: + provisioner_name: kube-system.cephfs.csi.ceph.com + fs_name: stxfs + pool_name: stxfs-data0 + + +host_provision: + controller_hosts: + - controller-0 + + +ceph_audit_jobs: + floatIP: 192.168.204.2 + audit: + cron: "*/3 * * * *" + deadline: 200 + history: + success: 1 + failed: 1 diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/rook-ceph-provisioner-system-overrides.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/rook-ceph-provisioner-system-overrides.yaml new file mode 100644 index 0000000..7e93270 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph-provisioner/rook-ceph-provisioner-system-overrides.yaml @@ -0,0 +1,6 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/helmrelease.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/helmrelease.yaml new file mode 100644 index 0000000..cedb837 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/helmrelease.yaml @@ -0,0 +1,40 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: rook-ceph + labels: + chart_group: starlingx-rook-charts +spec: + releaseName: rook-ceph + chart: + spec: + chart: rook-ceph + version: 0.1.0 + sourceRef: + kind: HelmRepository + name: stx-platform + interval: 5m + timeout: 30m + dependsOn: + - name: rook-operator + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + uninstall: + disableHooks: true + valuesFrom: + - kind: Secret + name: rook-ceph-static-overrides + valuesKey: rook-ceph-static-overrides.yaml + - kind: Secret + name: rook-ceph-system-overrides + valuesKey: rook-ceph-system-overrides.yaml diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/kustomization.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/kustomization.yaml new file mode 100644 index 0000000..0d7496e --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/kustomization.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +namespace: kube-system +resources: + - helmrelease.yaml +secretGenerator: + - name: rook-ceph-static-overrides + files: + - rook-ceph-static-overrides.yaml + - name: rook-ceph-system-overrides + files: + - rook-ceph-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/rook-ceph-static-overrides.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/rook-ceph-static-overrides.yaml new file mode 100644 index 0000000..7192b71 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/rook-ceph-static-overrides.yaml @@ -0,0 +1,64 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Default values for ceph-cluster +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +cluster: + image: + repository: quay.io/ceph/ceph + tag: v16.2.9 + pullPolicy: IfNotPresent + # Tolerations for the ceph-cluster to allow it to run on nodes with particular taints + tolerations: [] + mon: + count: 3 + allowMultiplePerNode: false + hostNetwork: true + storage: + storeType: bluestore + databaseSizeMB: 1024 + ## Annotations to be added to pod + annotations: {} + ## LogLevel can be set to: TRACE, DEBUG, INFO, NOTICE, WARNING, ERROR or CRITICAL + logLevel: INFO + # Writing to the hostPath is required for the Ceph mon and osd pods. Given the restricted permissions in OpenShift with SELinux, + # the pod must be running privileged in order to write to the hostPath volume, this must be set to true then. + hostpathRequiresPrivileged: false + # Disable automatic orchestration when new devices are discovered. + disableDeviceHotplug: false + + +mds: + name: stxfs + replica: 3 + + +toolbox: + image: + prefix: rook + repository: rook/ceph + tag: v1.9.6 + pullPolicy: IfNotPresent + + +hook: + image: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20220802 + duplexPreparation: + enable: false + activeController: controller-0 + floatIP: 192.188.204.2 + cleanup: + enable: true + rbac: + clusterRole: rook-ceph-cleanup + clusterRoleBinding: rook-ceph-cleanup + role: rook-ceph-cleanup + roleBinding: rook-ceph-cleanup + serviceAccount: rook-ceph-cleanup + mon_hosts: + - controller-0 + diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/rook-ceph-system-overrides.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/rook-ceph-system-overrides.yaml new file mode 100644 index 0000000..7e93270 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-ceph/rook-ceph-system-overrides.yaml @@ -0,0 +1,6 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/README.md b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/README.md new file mode 100644 index 0000000..07ba3ac --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/README.md @@ -0,0 +1,122 @@ + + +Other values + +--- + +## .operator.csi: + +CSI CephFS plugin daemonset update strategy, supported values are OnDelete and RollingUpdate. +Default value is RollingUpdate. +``` +rbdPluginUpdateStrategy: OnDelete +``` + +CSI Rbd plugin daemonset update strategy, supported values are OnDelete and RollingUpdate. +Default value is RollingUpdate. +``` +cephFSPluginUpdateStrategy: OnDelete +``` + +Set provisonerTolerations and provisionerNodeAffinity for provisioner pod. +The CSI provisioner would be best to start on the same nodes as other ceph daemons. +``` +provisionerTolerations: + - key: key + operator: Exists + effect: NoSchedule +provisionerNodeAffinity: key1=value1,value2; key2=value3 +``` + +Set pluginTolerations and pluginNodeAffinity for plugin daemonset pods. +The CSI plugins need to be started on all the nodes where the clients need to mount the storage. +``` +pluginTolerations: + - key: key + operator: Exists + effect: NoSchedule +pluginNodeAffinity: key1=value1,value2; key2=value3 +cephfsGrpcMetricsPort: 9091 +cephfsLivenessMetricsPort: 9081 +rbdGrpcMetricsPort: 9090 +``` + +Enable Ceph Kernel clients on kernel < 4.17. If your kernel does not support quotas for CephFS +you may want to disable this setting. However, this will cause an issue during upgrades +with the FUSE client. See the upgrade guide: https://rook.io/docs/rook/v1.2/ceph-upgrade.html +``` +forceCephFSKernelClient: true +rbdLivenessMetricsPort: 9080 +``` + +## .operator: + +if true, run rook operator on the host network +``` +useOperatorHostNetwork: true +``` + +Rook Agent configuration +toleration: NoSchedule, PreferNoSchedule or NoExecute +tolerationKey: Set this to the specific key of the taint to tolerate +tolerations: Array of tolerations in YAML format which will be added to agent deployment +nodeAffinity: Set to labels of the node to match +flexVolumeDirPath: The path where the Rook agent discovers the flex volume plugins +libModulesDirPath: The path where the Rook agent can find kernel modules +``` +agent: + toleration: NoSchedule + tolerationKey: key + tolerations: + - key: key + operator: Exists + effect: NoSchedule + nodeAffinity: key1=value1,value2; key2=value3 + mountSecurityMode: Any +``` + +For information on FlexVolume path, please refer to https://rook.io/docs/rook/master/flexvolume.html +``` +flexVolumeDirPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/ +libModulesDirPath: /lib/modules +mounts: mount1=/host/path:/container/path,/host/path2:/container/path2 +``` + +Rook Discover configuration +toleration: NoSchedule, PreferNoSchedule or NoExecute +tolerationKey: Set this to the specific key of the taint to tolerate +tolerations: Array of tolerations in YAML format which will be added to agent deployment +nodeAffinity: Set to labels of the node to match +``` +discover: + toleration: NoSchedule + tolerationKey: key + tolerations: + - key: key + operator: Exists + effect: NoSchedule + nodeAffinity: key1=value1,value2; key2=value3 +``` + +In some situations SELinux relabelling breaks (times out) on large filesystems, and doesn't work with cephfs ReadWriteMany volumes (last relabel wins). +Disable it here if you have similar issues. +For more details see https://github.com/rook/rook/issues/2417 +``` +enableSelinuxRelabeling: true +``` + +Writing to the hostPath is required for the Ceph mon and osd pods. Given the restricted permissions in OpenShift with SELinux, +the pod must be running privileged in order to write to the hostPath volume, this must be set to true then. +``` +hostpathRequiresPrivileged: false +``` + +Disable automatic orchestration when new devices are discovered. +``` +disableDeviceHotplug: false +``` + +Blacklist certain disks according to the regex provided. +``` +discoverDaemonUdev: +``` diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/helmrelease.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/helmrelease.yaml new file mode 100644 index 0000000..f2df0e6 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/helmrelease.yaml @@ -0,0 +1,38 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: rook-operator + labels: + chart_group: starlingx-rook-charts +spec: + releaseName: rook-operator + chart: + spec: + chart: rook-operator + version: 0.1.0 + sourceRef: + kind: HelmRepository + name: stx-platform + interval: 5m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + uninstall: + disableHooks: true + valuesFrom: + - kind: Secret + name: rook-operator-static-overrides + valuesKey: rook-operator-static-overrides.yaml + - kind: Secret + name: rook-operator-system-overrides + valuesKey: rook-operator-system-overrides.yaml diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/kustomization.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/kustomization.yaml new file mode 100644 index 0000000..5850ea1 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/kustomization.yaml @@ -0,0 +1,18 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +namespace: kube-system +resources: + - helmrelease.yaml +secretGenerator: + - name: rook-operator-static-overrides + files: + - rook-operator-static-overrides.yaml + - name: rook-operator-system-overrides + files: + - rook-operator-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/rook-operator-static-overrides.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/rook-operator-static-overrides.yaml new file mode 100644 index 0000000..71fa291 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/rook-operator-static-overrides.yaml @@ -0,0 +1,91 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +operator: + image: + prefix: rook + repository: rook/ceph + tag: v1.9.6 + pullPolicy: IfNotPresent + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + # Tolerations for the rook-ceph-operator to allow it to run on nodes with particular taints + tolerations: [] + # Delay to use in node.kubernetes.io/unreachable toleration + unreachableNodeTolerationSeconds: 5 + # Whether rook watches its current namespace for CRDs or the entire cluster, defaults to false + currentNamespaceOnly: false + # Interval at which to get the ceph status and update the cluster custom resource status + cephStatusCheckInterval: "60s" + mon: + healthCheckInterval: "45s" + monOutTimeout: "600s" + ## Annotations to be added to pod + annotations: {} + ## LogLevel can be set to: TRACE, DEBUG, INFO, NOTICE, WARNING, ERROR or CRITICAL + logLevel: INFO + ## If true, create & use RBAC resources + rbacEnable: true + ## If true, create & use PSP resources + pspEnable: false + ## Settings for whether to disable the drivers or other daemons if they are not needed + csi: + enableRbdDriver: true + enableCephfsDriver: true + enableGrpcMetrics: true + enableSnapshotter: true + + # Enable Ceph Kernel clients on kernel < 4.17. If your kernel does not support quotas for CephFS + # you may want to disable this setting. However, this will cause an issue during upgrades + # with the FUSE client. See the upgrade guide: https://rook.io/docs/rook/v1.2/ceph-upgrade.html + forceCephFSKernelClient: true + + kubeletDirPath: /var/lib/kubelet + cephcsi: + image: quay.io/cephcsi/cephcsi:v3.6.2 + registrar: + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.4.0 + provisioner: + image: gcr.io/k8s-staging-sig-storage/csi-provisioner:v3.1.0 + snapshotter: + image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.0 + attacher: + image: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0 + resizer: + image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0 + enableFlexDriver: false + enableDiscoveryDaemon: true + + # In some situations SELinux relabelling breaks (times out) on large filesystems, and doesn't work with cephfs ReadWriteMany volumes (last relabel wins). + # Disable it here if you have similar issues. + # For more details see https://github.com/rook/rook/issues/2417 + enableSelinuxRelabeling: true + # Writing to the hostPath is required for the Ceph mon and osd pods. Given the restricted permissions in OpenShift with SELinux, + # the pod must be running privileged in order to write to the hostPath volume, this must be set to true then. + hostpathRequiresPrivileged: false + # Disable automatic orchestration when new devices are discovered. + disableDeviceHotplug: false + # Blacklist certain disks according to the regex provided. + discoverDaemonUdev: + +# imagePullSecrets option allow to pull docker images from private docker registry. Option will be passed to all service accounts. +imagePullSecrets: +- name: default-registry-key + +saInit: + name: sa-init + images: + tags: + sa_init_provisioner: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20220802 + +cleanup: + enable: true + cluster_cleanup: ceph-cluster diff --git a/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/rook-operator-system-overrides.yaml b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/rook-operator-system-overrides.yaml new file mode 100644 index 0000000..7e93270 --- /dev/null +++ b/stx-rook-ceph/stx-rook-ceph/fluxcd-manifests/rook-operator/rook-operator-system-overrides.yaml @@ -0,0 +1,6 @@ +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +