M ceph-csi/cephfs/Makefile => ceph-csi/cephfs/Makefile +4 -0
@@ 10,5 10,9 @@ ceph-secret.yaml: ceph-secret.yaml.m4
-DCLIENT_KUBE_CEPHFS_KEY=$$(ssh patchouli2.sr.ht doas ceph auth get-key client.kube-cephfs) \
> $@ < $<
+ceph-secret-build-images.yaml: ceph-secret-build-images.yaml.m4
+ m4 -DCLIENT_BUILD_IMAGES_CEPHFS_KEY=$$(ssh patchouli2.sr.ht doas ceph auth get-key client.build-images) \
+ > $@ < $<
+
clean:
rm -f ceph-secret.yaml
A ceph-csi/cephfs/ceph-secret-build-images.yaml.m4 => ceph-csi/cephfs/ceph-secret-build-images.yaml.m4 +9 -0
@@ 0,0 1,9 @@
+# TODO restrict this account's access to csi subvolumegroup?
+apiVersion: v1
+stringData:
+ userID: build-images
+ userKey: CLIENT_BUILD_IMAGES_CEPHFS_KEY
+kind: Secret
+metadata:
+ name: csi-cephfs-build-images-secret
+ namespace: default
M ceph-csi/cephfs/ceph-secret.yaml.m4 => ceph-csi/cephfs/ceph-secret.yaml.m4 +1 -0
@@ 1,3 1,4 @@
+# TODO restrict this account's access to csi subvolumegroup?
apiVersion: v1
stringData:
userID: kube-cephfs
A ceph-csi/cephfs/pv_build_images.yaml => ceph-csi/cephfs/pv_build_images.yaml +26 -0
@@ 0,0 1,26 @@
+# See https://github.com/ceph/ceph-csi/blob/devel/docs/static-pvc.md#cephfs-static-pvc
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: cephfs-build-images-pv
+spec:
+ accessModes:
+ - ReadWriteMany
+ capacity:
+ storage: 300Gi
+ csi:
+ driver: cephfs.csi.ceph.com
+ nodeStageSecretRef:
+ name: csi-cephfs-build-images-secret
+ namespace: default
+ volumeAttributes:
+ # Required options from storageclass parameters need to be added in volumeAttributes
+ "clusterID": "da256dbb-b2c3-4570-ad6f-7712693a547c"
+ "fsName": "cephfs"
+ "staticVolume": "true"
+ "rootPath": /volumes/csi/build-images/d853ba37-8d94-41ea-b720-024f47908f26
+ # volumeHandle can be anything, need not to be same
+ # as PV name or volume name. keeping same for brevity
+ volumeHandle: cephfs-build-images-pv
+ persistentVolumeReclaimPolicy: Retain
+ volumeMode: Filesystem
A ceph-csi/cephfs/pvc_build_images.yaml => ceph-csi/cephfs/pvc_build_images.yaml +14 -0
@@ 0,0 1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: cephfs-build-images-pvc
+ namespace: default
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 300Gi
+ volumeMode: Filesystem
+ # volumeName should be same as PV name
+ volumeName: cephfs-build-images-pv
M ceph-csi/cephfs/storageclass_cephfs.yaml => ceph-csi/cephfs/storageclass_cephfs.yaml +1 -1
@@ 63,7 63,7 @@ parameters:
# encryptionKMSID: <kms-config-id>
-reclaimPolicy: Retain
+reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
- debug
M ceph-csi/cephfs/test/pod2.yaml => ceph-csi/cephfs/test/pod2.yaml +6 -0
@@ 12,8 12,14 @@ spec:
volumeMounts:
- name: mypvc
mountPath: /mnt
+ - name: build-images
+ mountPath: /var/lib/images
volumes:
- name: mypvc
persistentVolumeClaim:
claimName: csi-cephfs-test-pvc
readOnly: false
+ - name: build-images
+ persistentVolumeClaim:
+ claimName: cephfs-build-images-pvc
+ readOnly: false