feat: migrate CSI drivers to dedicated storage project (#45)
- Migrate csi-cephfs from Terraform to ArgoCD - Migrate csi-cephrbd from Terraform to ArgoCD - Create dedicated storage project and ApplicationSet for CSI drivers - Add csi-* pattern matching in storage ApplicationSet - Remove CSI apps from platform project to separate concerns Reviewed-on: #45
This commit was merged in pull request #45.
This commit is contained in:
@@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- vaultauth.yaml
|
||||
- vaultstaticsecret.yaml
|
||||
- storageclass.yaml
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: csi-cephfs
|
||||
@@ -0,0 +1,83 @@
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephfs-raid6-delete
|
||||
provisioner: cephfs.csi.ceph.com
|
||||
reclaimPolicy: Delete
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||
fsName: "cephfs"
|
||||
subVolumeGroup: csi_ssd_ec_6_2
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephfs-raid6-retain
|
||||
provisioner: cephfs.csi.ceph.com
|
||||
reclaimPolicy: Retain
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||
fsName: "cephfs"
|
||||
subVolumeGroup: csi_ssd_ec_6_2
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephfs-raid5-delete
|
||||
provisioner: cephfs.csi.ceph.com
|
||||
reclaimPolicy: Delete
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||
fsName: "cephfs"
|
||||
subVolumeGroup: csi_ssd_ec_4_1
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephfs-raid5-retain
|
||||
provisioner: cephfs.csi.ceph.com
|
||||
reclaimPolicy: Retain
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||
fsName: "cephfs"
|
||||
subVolumeGroup: csi_ssd_ec_4_1
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultAuth
|
||||
metadata:
|
||||
name: ceph-csi-cephfs
|
||||
namespace: csi-cephfs
|
||||
spec:
|
||||
method: kubernetes
|
||||
mount: k8s/au/syd1
|
||||
vaultConnectionRef: vso-system/default
|
||||
allowedNamespaces:
|
||||
- csi-cephfs
|
||||
kubernetes:
|
||||
role: ceph-csi
|
||||
serviceAccount: ceph-csi-cephfs-csi-cephfs-provisioner
|
||||
audiences:
|
||||
- vault
|
||||
tokenExpirationSeconds: 600
|
||||
@@ -0,0 +1,15 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: csi-cephfs-secret
|
||||
namespace: csi-cephfs
|
||||
spec:
|
||||
vaultAuthRef: ceph-csi-cephfs
|
||||
mount: kv
|
||||
type: kv-v2
|
||||
path: service/kubernetes/au/syd1/csi/ceph-cephfs-secret
|
||||
refreshAfter: 5m
|
||||
destination:
|
||||
name: csi-cephfs-secret
|
||||
create: true
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- vaultauth.yaml
|
||||
- vaultstaticsecret.yaml
|
||||
- storageclass.yaml
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: csi-cephrbd
|
||||
@@ -0,0 +1,39 @@
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephrbd-fast-delete
|
||||
annotations:
|
||||
storageclass.kubernetes.io/is-default-class: "true"
|
||||
provisioner: rbd.csi.ceph.com
|
||||
reclaimPolicy: Delete
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||
pool: "kubernetes"
|
||||
imageFeatures: "layering"
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephrbd"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephrbd"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephrbd"
|
||||
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephrbd-fast-retain
|
||||
provisioner: rbd.csi.ceph.com
|
||||
reclaimPolicy: Retain
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||
pool: "kubernetes"
|
||||
imageFeatures: "layering"
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephrbd"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephrbd"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephrbd"
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultAuth
|
||||
metadata:
|
||||
name: ceph-csi-rbd
|
||||
namespace: csi-cephrbd
|
||||
spec:
|
||||
method: kubernetes
|
||||
mount: k8s/au/syd1
|
||||
vaultConnectionRef: vso-system/default
|
||||
allowedNamespaces:
|
||||
- csi-cephrbd
|
||||
kubernetes:
|
||||
role: ceph-csi
|
||||
serviceAccount: ceph-csi-rbd-csi-rbd-provisioner
|
||||
audiences:
|
||||
- vault
|
||||
tokenExpirationSeconds: 600
|
||||
@@ -0,0 +1,15 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: csi-rbd-secret
|
||||
namespace: csi-cephrbd
|
||||
spec:
|
||||
vaultAuthRef: ceph-csi-rbd
|
||||
mount: kv
|
||||
type: kv-v2
|
||||
path: service/kubernetes/au/syd1/csi/ceph-rbd-secret
|
||||
refreshAfter: 5m
|
||||
destination:
|
||||
name: csi-rbd-secret
|
||||
create: true
|
||||
@@ -0,0 +1,14 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../base/csi-cephfs
|
||||
|
||||
helmCharts:
|
||||
- name: ceph-csi-cephfs
|
||||
repo: https://ceph.github.io/csi-charts
|
||||
version: "3.15.0"
|
||||
releaseName: ceph-csi-cephfs
|
||||
namespace: csi-cephfs
|
||||
valuesFile: values.yaml
|
||||
@@ -0,0 +1,41 @@
|
||||
csiConfig:
|
||||
# raid6, 75% space efficiency
|
||||
- clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||
monitors:
|
||||
- "198.18.23.9:6789"
|
||||
- "198.18.23.10:6789"
|
||||
- "198.18.23.11:6789"
|
||||
- "198.18.23.12:6789"
|
||||
- "198.18.23.13:6789"
|
||||
cephFS:
|
||||
subvolumeGroup: csi_ssd_ec_6_2
|
||||
|
||||
# raid5, 80% space efficiency
|
||||
- clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||
monitors:
|
||||
- "198.18.23.9:6789"
|
||||
- "198.18.23.10:6789"
|
||||
- "198.18.23.11:6789"
|
||||
- "198.18.23.12:6789"
|
||||
- "198.18.23.13:6789"
|
||||
cephFS:
|
||||
subvolumeGroup: csi_ssd_ec_4_1
|
||||
|
||||
# Secret containing Ceph credentials
|
||||
secret:
|
||||
create: false
|
||||
name: "csi-cephfs-secret"
|
||||
|
||||
# Storage class configuration (disabled - managed separately when needed)
|
||||
storageClass:
|
||||
create: false
|
||||
|
||||
# Provisioner configuration
|
||||
provisioner:
|
||||
name: csi-cephfs-provisioner
|
||||
replicaCount: 3
|
||||
|
||||
# Image versions
|
||||
image:
|
||||
repository: quay.io/cephcsi/cephcsi
|
||||
tag: v3.15.0
|
||||
@@ -0,0 +1,14 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../base/csi-cephrbd
|
||||
|
||||
helmCharts:
|
||||
- name: ceph-csi-rbd
|
||||
repo: https://ceph.github.io/csi-charts
|
||||
version: "3.15.1"
|
||||
releaseName: ceph-csi-rbd
|
||||
namespace: csi-cephrbd
|
||||
valuesFile: values.yaml
|
||||
@@ -0,0 +1,48 @@
|
||||
csiConfig:
|
||||
- clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||
monitors:
|
||||
- "198.18.23.9:6789"
|
||||
- "198.18.23.10:6789"
|
||||
- "198.18.23.11:6789"
|
||||
- "198.18.23.12:6789"
|
||||
- "198.18.23.13:6789"
|
||||
|
||||
# Secret containing Ceph credentials
|
||||
secret:
|
||||
create: false
|
||||
name: "csi-rbd-secret"
|
||||
|
||||
# Storage class configuration (disabled - managed separately)
|
||||
storageClass:
|
||||
create: false
|
||||
|
||||
# CSI driver configuration
|
||||
csiDriver:
|
||||
name: "rbd.csi.ceph.com"
|
||||
|
||||
# Node plugin configuration
|
||||
nodeplugin:
|
||||
name: csi-rbdplugin
|
||||
updateStrategy: RollingUpdate
|
||||
|
||||
# Provisioner configuration
|
||||
provisioner:
|
||||
name: csi-rbd-provisioner
|
||||
replicaCount: 3
|
||||
|
||||
# Image versions
|
||||
image:
|
||||
repository: quay.io/cephcsi/cephcsi
|
||||
tag: v3.15.0
|
||||
|
||||
# Enable snapshots
|
||||
snapshotter:
|
||||
image:
|
||||
repository: registry.k8s.io/sig-storage/csi-snapshotter
|
||||
tag: v8.0.1
|
||||
|
||||
# Enable volume expansion
|
||||
resizer:
|
||||
image:
|
||||
repository: registry.k8s.io/sig-storage/csi-resizer
|
||||
tag: v1.12.0
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: ApplicationSet
|
||||
metadata:
|
||||
name: storage-apps
|
||||
namespace: argocd
|
||||
spec:
|
||||
generators:
|
||||
- git:
|
||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||
revision: HEAD
|
||||
directories:
|
||||
- path: apps/overlays/*/csi-*
|
||||
template:
|
||||
metadata:
|
||||
name: 'storage-{{path[3]}}' # cluster-app format (e.g., storage-csi-cephfs)
|
||||
spec:
|
||||
project: storage
|
||||
source:
|
||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||
targetRevision: HEAD
|
||||
path: '{{path}}'
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: '{{path[3]}}' # Use directory name as namespace
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
@@ -0,0 +1,32 @@
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: AppProject
|
||||
metadata:
|
||||
name: storage
|
||||
namespace: argocd
|
||||
spec:
|
||||
description: Storage infrastructure and CSI drivers
|
||||
sourceRepos:
|
||||
- https://git.unkin.net/unkin/argocd-apps
|
||||
- https://ceph.github.io/csi-charts
|
||||
destinations:
|
||||
- namespace: 'csi-*'
|
||||
server: https://kubernetes.default.svc
|
||||
clusterResourceWhitelist:
|
||||
- group: ''
|
||||
kind: Namespace
|
||||
- group: 'rbac.authorization.k8s.io'
|
||||
kind: ClusterRole
|
||||
- group: 'rbac.authorization.k8s.io'
|
||||
kind: ClusterRoleBinding
|
||||
- group: 'apiextensions.k8s.io'
|
||||
kind: CustomResourceDefinition
|
||||
- group: 'storage.k8s.io'
|
||||
kind: StorageClass
|
||||
- group: 'storage.k8s.io'
|
||||
kind: CSIDriver
|
||||
- group: 'scheduling.k8s.io'
|
||||
kind: PriorityClass
|
||||
namespaceResourceWhitelist:
|
||||
- group: '*'
|
||||
kind: '*'
|
||||
Reference in New Issue
Block a user