fix: annotations, not labels (#36)
<picard face palm gif> - purelb requires annotations not labels Reviewed-on: #36
This commit is contained in:
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- vaultauth.yaml
|
||||||
|
- vaultstaticsecret.yaml
|
||||||
|
- storageclass.yaml
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: csi-cephfs
|
||||||
@@ -0,0 +1,83 @@
|
|||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephfs-raid6-delete
|
||||||
|
provisioner: cephfs.csi.ceph.com
|
||||||
|
reclaimPolicy: Delete
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||||
|
fsName: "cephfs"
|
||||||
|
subVolumeGroup: csi_ssd_ec_6_2
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephfs-raid6-retain
|
||||||
|
provisioner: cephfs.csi.ceph.com
|
||||||
|
reclaimPolicy: Retain
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||||
|
fsName: "cephfs"
|
||||||
|
subVolumeGroup: csi_ssd_ec_6_2
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephfs-raid5-delete
|
||||||
|
provisioner: cephfs.csi.ceph.com
|
||||||
|
reclaimPolicy: Delete
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||||
|
fsName: "cephfs"
|
||||||
|
subVolumeGroup: csi_ssd_ec_4_1
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephfs-raid5-retain
|
||||||
|
provisioner: cephfs.csi.ceph.com
|
||||||
|
reclaimPolicy: Retain
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||||
|
fsName: "cephfs"
|
||||||
|
subVolumeGroup: csi_ssd_ec_4_1
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: ceph-csi-cephfs
|
||||||
|
namespace: csi-cephfs
|
||||||
|
spec:
|
||||||
|
method: kubernetes
|
||||||
|
mount: k8s/au/syd1
|
||||||
|
vaultConnectionRef: vso-system/default
|
||||||
|
allowedNamespaces:
|
||||||
|
- csi-cephfs
|
||||||
|
kubernetes:
|
||||||
|
role: ceph-csi
|
||||||
|
serviceAccount: ceph-csi-cephfs-csi-cephfs-provisioner
|
||||||
|
audiences:
|
||||||
|
- vault
|
||||||
|
tokenExpirationSeconds: 600
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: csi-cephfs-secret
|
||||||
|
namespace: csi-cephfs
|
||||||
|
spec:
|
||||||
|
vaultAuthRef: ceph-csi-cephfs
|
||||||
|
mount: kv
|
||||||
|
type: kv-v2
|
||||||
|
path: service/kubernetes/au/syd1/csi/ceph-cephfs-secret
|
||||||
|
refreshAfter: 5m
|
||||||
|
destination:
|
||||||
|
name: csi-cephfs-secret
|
||||||
|
create: true
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- vaultauth.yaml
|
||||||
|
- vaultstaticsecret.yaml
|
||||||
|
- storageclass.yaml
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: csi-cephrbd
|
||||||
@@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephrbd-fast-delete
|
||||||
|
annotations:
|
||||||
|
storageclass.kubernetes.io/is-default-class: "true"
|
||||||
|
provisioner: rbd.csi.ceph.com
|
||||||
|
reclaimPolicy: Delete
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||||
|
pool: "kubernetes"
|
||||||
|
imageFeatures: "layering"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephrbd"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephrbd"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephrbd"
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephrbd-fast-retain
|
||||||
|
provisioner: rbd.csi.ceph.com
|
||||||
|
reclaimPolicy: Retain
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||||
|
pool: "kubernetes"
|
||||||
|
imageFeatures: "layering"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephrbd"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephrbd"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephrbd"
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: ceph-csi-rbd
|
||||||
|
namespace: csi-cephrbd
|
||||||
|
spec:
|
||||||
|
method: kubernetes
|
||||||
|
mount: k8s/au/syd1
|
||||||
|
vaultConnectionRef: vso-system/default
|
||||||
|
allowedNamespaces:
|
||||||
|
- csi-cephrbd
|
||||||
|
kubernetes:
|
||||||
|
role: ceph-csi
|
||||||
|
serviceAccount: ceph-csi-rbd-csi-rbd-provisioner
|
||||||
|
audiences:
|
||||||
|
- vault
|
||||||
|
tokenExpirationSeconds: 600
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: csi-rbd-secret
|
||||||
|
namespace: csi-cephrbd
|
||||||
|
spec:
|
||||||
|
vaultAuthRef: ceph-csi-rbd
|
||||||
|
mount: kv
|
||||||
|
type: kv-v2
|
||||||
|
path: service/kubernetes/au/syd1/csi/ceph-rbd-secret
|
||||||
|
refreshAfter: 5m
|
||||||
|
destination:
|
||||||
|
name: csi-rbd-secret
|
||||||
|
create: true
|
||||||
@@ -1,11 +1,12 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
annotations:
|
||||||
external-dns.alpha.kubernetes.io/hostname: puppet.k8s.syd1.au.unkin.net
|
external-dns.alpha.kubernetes.io/hostname: puppet.k8s.syd1.au.unkin.net
|
||||||
external-dns.alpha.kubernetes.io/target: 198.18.200.3
|
external-dns.alpha.kubernetes.io/target: 198.18.200.3
|
||||||
purelb.io/addresses: 198.18.200.3
|
purelb.io/addresses: 198.18.200.3
|
||||||
purelb.io/service-group: common
|
purelb.io/service-group: common
|
||||||
|
labels:
|
||||||
app.kubernetes.io/component: puppetserver-compilers
|
app.kubernetes.io/component: puppetserver-compilers
|
||||||
app.kubernetes.io/instance: puppetserver
|
app.kubernetes.io/instance: puppetserver
|
||||||
app.kubernetes.io/name: puppetserver
|
app.kubernetes.io/name: puppetserver
|
||||||
|
|||||||
@@ -1,11 +1,12 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
annotations:
|
||||||
external-dns.alpha.kubernetes.io/hostname: puppetca.k8s.syd1.au.unkin.net
|
external-dns.alpha.kubernetes.io/hostname: puppetca.k8s.syd1.au.unkin.net
|
||||||
external-dns.alpha.kubernetes.io/target: 198.18.200.2
|
external-dns.alpha.kubernetes.io/target: 198.18.200.2
|
||||||
purelb.io/addresses: 198.18.200.2
|
purelb.io/addresses: 198.18.200.2
|
||||||
purelb.io/service-group: common
|
purelb.io/service-group: common
|
||||||
|
labels:
|
||||||
app.kubernetes.io/component: puppetserver-master
|
app.kubernetes.io/component: puppetserver-master
|
||||||
app.kubernetes.io/instance: puppetserver
|
app.kubernetes.io/instance: puppetserver
|
||||||
app.kubernetes.io/name: puppetserver
|
app.kubernetes.io/name: puppetserver
|
||||||
|
|||||||
@@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ../../../base/csi-cephfs
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: ceph-csi-cephfs
|
||||||
|
repo: https://ceph.github.io/csi-charts
|
||||||
|
version: "3.15.0"
|
||||||
|
releaseName: ceph-csi-cephfs
|
||||||
|
namespace: csi-cephfs
|
||||||
|
valuesFile: values.yaml
|
||||||
@@ -0,0 +1,41 @@
|
|||||||
|
csiConfig:
|
||||||
|
# raid6, 75% space efficiency
|
||||||
|
- clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||||
|
monitors:
|
||||||
|
- "198.18.23.9:6789"
|
||||||
|
- "198.18.23.10:6789"
|
||||||
|
- "198.18.23.11:6789"
|
||||||
|
- "198.18.23.12:6789"
|
||||||
|
- "198.18.23.13:6789"
|
||||||
|
cephFS:
|
||||||
|
subvolumeGroup: csi_ssd_ec_6_2
|
||||||
|
|
||||||
|
# raid5, 80% space efficiency
|
||||||
|
- clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||||
|
monitors:
|
||||||
|
- "198.18.23.9:6789"
|
||||||
|
- "198.18.23.10:6789"
|
||||||
|
- "198.18.23.11:6789"
|
||||||
|
- "198.18.23.12:6789"
|
||||||
|
- "198.18.23.13:6789"
|
||||||
|
cephFS:
|
||||||
|
subvolumeGroup: csi_ssd_ec_4_1
|
||||||
|
|
||||||
|
# Secret containing Ceph credentials
|
||||||
|
secret:
|
||||||
|
create: false
|
||||||
|
name: "csi-cephfs-secret"
|
||||||
|
|
||||||
|
# Storage class configuration (disabled - managed separately when needed)
|
||||||
|
storageClass:
|
||||||
|
create: false
|
||||||
|
|
||||||
|
# Provisioner configuration
|
||||||
|
provisioner:
|
||||||
|
name: csi-cephfs-provisioner
|
||||||
|
replicaCount: 3
|
||||||
|
|
||||||
|
# Image versions
|
||||||
|
image:
|
||||||
|
repository: quay.io/cephcsi/cephcsi
|
||||||
|
tag: v3.15.0
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ../../../base/csi-cephrbd
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: ceph-csi-rbd
|
||||||
|
repo: https://ceph.github.io/csi-charts
|
||||||
|
version: "3.15.1"
|
||||||
|
releaseName: ceph-csi-rbd
|
||||||
|
namespace: csi-cephrbd
|
||||||
|
valuesFile: values.yaml
|
||||||
@@ -0,0 +1,48 @@
|
|||||||
|
csiConfig:
|
||||||
|
- clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||||
|
monitors:
|
||||||
|
- "198.18.23.9:6789"
|
||||||
|
- "198.18.23.10:6789"
|
||||||
|
- "198.18.23.11:6789"
|
||||||
|
- "198.18.23.12:6789"
|
||||||
|
- "198.18.23.13:6789"
|
||||||
|
|
||||||
|
# Secret containing Ceph credentials
|
||||||
|
secret:
|
||||||
|
create: false
|
||||||
|
name: "csi-rbd-secret"
|
||||||
|
|
||||||
|
# Storage class configuration (disabled - managed separately)
|
||||||
|
storageClass:
|
||||||
|
create: false
|
||||||
|
|
||||||
|
# CSI driver configuration
|
||||||
|
csiDriver:
|
||||||
|
name: "rbd.csi.ceph.com"
|
||||||
|
|
||||||
|
# Node plugin configuration
|
||||||
|
nodeplugin:
|
||||||
|
name: csi-rbdplugin
|
||||||
|
updateStrategy: RollingUpdate
|
||||||
|
|
||||||
|
# Provisioner configuration
|
||||||
|
provisioner:
|
||||||
|
name: csi-rbd-provisioner
|
||||||
|
replicaCount: 3
|
||||||
|
|
||||||
|
# Image versions
|
||||||
|
image:
|
||||||
|
repository: quay.io/cephcsi/cephcsi
|
||||||
|
tag: v3.15.0
|
||||||
|
|
||||||
|
# Enable snapshots
|
||||||
|
snapshotter:
|
||||||
|
image:
|
||||||
|
repository: registry.k8s.io/sig-storage/csi-snapshotter
|
||||||
|
tag: v8.0.1
|
||||||
|
|
||||||
|
# Enable volume expansion
|
||||||
|
resizer:
|
||||||
|
image:
|
||||||
|
repository: registry.k8s.io/sig-storage/csi-resizer
|
||||||
|
tag: v1.12.0
|
||||||
@@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: ApplicationSet
|
||||||
|
metadata:
|
||||||
|
name: storage-apps
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
generators:
|
||||||
|
- git:
|
||||||
|
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||||
|
revision: HEAD
|
||||||
|
directories:
|
||||||
|
- path: apps/overlays/*/csi-*
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: 'storage-{{path[3]}}' # cluster-app format (e.g., storage-csi-cephfs)
|
||||||
|
spec:
|
||||||
|
project: storage
|
||||||
|
source:
|
||||||
|
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||||
|
targetRevision: HEAD
|
||||||
|
path: '{{path}}'
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: '{{path[3]}}' # Use directory name as namespace
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
@@ -0,0 +1,30 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: AppProject
|
||||||
|
metadata:
|
||||||
|
name: storage
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
description: Storage infrastructure and CSI drivers
|
||||||
|
sourceRepos:
|
||||||
|
- https://git.unkin.net/unkin/argocd-apps
|
||||||
|
- https://ceph.github.io/csi-charts
|
||||||
|
destinations:
|
||||||
|
- namespace: 'csi-*'
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
clusterResourceWhitelist:
|
||||||
|
- group: ''
|
||||||
|
kind: Namespace
|
||||||
|
- group: 'rbac.authorization.k8s.io'
|
||||||
|
kind: ClusterRole
|
||||||
|
- group: 'rbac.authorization.k8s.io'
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
- group: 'apiextensions.k8s.io'
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
- group: 'storage.k8s.io'
|
||||||
|
kind: StorageClass
|
||||||
|
- group: 'storage.k8s.io'
|
||||||
|
kind: CSIDriver
|
||||||
|
namespaceResourceWhitelist:
|
||||||
|
- group: '*'
|
||||||
|
kind: '*'
|
||||||
Reference in New Issue
Block a user