~bitfehler/k8s.sr.ht

faa436a74e95c1ad611e0c035eba73aa28a8124b — Conrad Hoffmann 1 year, 4 months ago c7dff79
ceph-csi: finalize CephFS setup
M ceph-csi/cephfs/Makefile => ceph-csi/cephfs/Makefile +4 -0
@@ 10,5 10,9 @@ ceph-secret.yaml: ceph-secret.yaml.m4
		-DCLIENT_KUBE_CEPHFS_KEY=$$(ssh patchouli2.sr.ht doas ceph auth get-key client.kube-cephfs) \
	       	> $@ < $<

ceph-secret-build-images.yaml: ceph-secret-build-images.yaml.m4
	m4 -DCLIENT_BUILD_IMAGES_CEPHFS_KEY=$$(ssh patchouli2.sr.ht doas ceph auth get-key client.build-images) \
	       	> $@ < $<

clean:
	rm -f ceph-secret.yaml

A ceph-csi/cephfs/ceph-secret-build-images.yaml.m4 => ceph-csi/cephfs/ceph-secret-build-images.yaml.m4 +9 -0
@@ 0,0 1,9 @@
# TODO restrict this account's access to csi subvolumegroup?
apiVersion: v1
stringData:
  userID: build-images
  userKey: CLIENT_BUILD_IMAGES_CEPHFS_KEY
kind: Secret
metadata:
  name: csi-cephfs-build-images-secret
  namespace: default

M ceph-csi/cephfs/ceph-secret.yaml.m4 => ceph-csi/cephfs/ceph-secret.yaml.m4 +1 -0
@@ 1,3 1,4 @@
# TODO restrict this account's access to csi subvolumegroup?
apiVersion: v1
stringData:
  userID: kube-cephfs

A ceph-csi/cephfs/pv_build_images.yaml => ceph-csi/cephfs/pv_build_images.yaml +26 -0
@@ 0,0 1,26 @@
# See https://github.com/ceph/ceph-csi/blob/devel/docs/static-pvc.md#cephfs-static-pvc
apiVersion: v1
kind: PersistentVolume
metadata:
  name: cephfs-build-images-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 300Gi
  csi:
    driver: cephfs.csi.ceph.com
    nodeStageSecretRef:
      name: csi-cephfs-build-images-secret
      namespace: default
    volumeAttributes:
      # Required options from storageclass parameters need to be added in volumeAttributes
      "clusterID": "da256dbb-b2c3-4570-ad6f-7712693a547c"
      "fsName": "cephfs"
      "staticVolume": "true"
      "rootPath": /volumes/csi/build-images/d853ba37-8d94-41ea-b720-024f47908f26
    # volumeHandle can be anything, need not to be same
    # as PV name or volume name. keeping same for brevity
    volumeHandle: cephfs-build-images-pv
  persistentVolumeReclaimPolicy: Retain
  volumeMode: Filesystem

A ceph-csi/cephfs/pvc_build_images.yaml => ceph-csi/cephfs/pvc_build_images.yaml +14 -0
@@ 0,0 1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cephfs-build-images-pvc
  namespace: default
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 300Gi
  volumeMode: Filesystem
  # volumeName should be same as PV name
  volumeName: cephfs-build-images-pv

M ceph-csi/cephfs/storageclass_cephfs.yaml => ceph-csi/cephfs/storageclass_cephfs.yaml +1 -1
@@ 63,7 63,7 @@ parameters:
  # encryptionKMSID: <kms-config-id>


reclaimPolicy: Retain
reclaimPolicy: Delete
allowVolumeExpansion: true
mountOptions:
  - debug

M ceph-csi/cephfs/test/pod2.yaml => ceph-csi/cephfs/test/pod2.yaml +6 -0
@@ 12,8 12,14 @@ spec:
      volumeMounts:
        - name: mypvc
          mountPath: /mnt
        - name: build-images
          mountPath: /var/lib/images
  volumes:
    - name: mypvc
      persistentVolumeClaim:
        claimName: csi-cephfs-test-pvc
        readOnly: false
    - name: build-images
      persistentVolumeClaim:
        claimName: cephfs-build-images-pvc
        readOnly: false