feat: migrate CSI drivers to dedicated storage project (#45)
- Migrate csi-cephfs from Terraform to ArgoCD - Migrate csi-cephrbd from Terraform to ArgoCD - Create dedicated storage project and ApplicationSet for CSI drivers - Add csi-* pattern matching in storage ApplicationSet - Remove CSI apps from platform project to separate concerns Reviewed-on: #45
This commit was merged in pull request #45.
This commit is contained in:
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- vaultauth.yaml
|
||||||
|
- vaultstaticsecret.yaml
|
||||||
|
- storageclass.yaml
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: csi-cephfs
|
||||||
@@ -0,0 +1,83 @@
|
|||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephfs-raid6-delete
|
||||||
|
provisioner: cephfs.csi.ceph.com
|
||||||
|
reclaimPolicy: Delete
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||||
|
fsName: "cephfs"
|
||||||
|
subVolumeGroup: csi_ssd_ec_6_2
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephfs-raid6-retain
|
||||||
|
provisioner: cephfs.csi.ceph.com
|
||||||
|
reclaimPolicy: Retain
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||||
|
fsName: "cephfs"
|
||||||
|
subVolumeGroup: csi_ssd_ec_6_2
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephfs-raid5-delete
|
||||||
|
provisioner: cephfs.csi.ceph.com
|
||||||
|
reclaimPolicy: Delete
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||||
|
fsName: "cephfs"
|
||||||
|
subVolumeGroup: csi_ssd_ec_4_1
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephfs-raid5-retain
|
||||||
|
provisioner: cephfs.csi.ceph.com
|
||||||
|
reclaimPolicy: Retain
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||||
|
fsName: "cephfs"
|
||||||
|
subVolumeGroup: csi_ssd_ec_4_1
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||||
|
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: ceph-csi-cephfs
|
||||||
|
namespace: csi-cephfs
|
||||||
|
spec:
|
||||||
|
method: kubernetes
|
||||||
|
mount: k8s/au/syd1
|
||||||
|
vaultConnectionRef: vso-system/default
|
||||||
|
allowedNamespaces:
|
||||||
|
- csi-cephfs
|
||||||
|
kubernetes:
|
||||||
|
role: ceph-csi
|
||||||
|
serviceAccount: ceph-csi-cephfs-csi-cephfs-provisioner
|
||||||
|
audiences:
|
||||||
|
- vault
|
||||||
|
tokenExpirationSeconds: 600
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: csi-cephfs-secret
|
||||||
|
namespace: csi-cephfs
|
||||||
|
spec:
|
||||||
|
vaultAuthRef: ceph-csi-cephfs
|
||||||
|
mount: kv
|
||||||
|
type: kv-v2
|
||||||
|
path: service/kubernetes/au/syd1/csi/ceph-cephfs-secret
|
||||||
|
refreshAfter: 5m
|
||||||
|
destination:
|
||||||
|
name: csi-cephfs-secret
|
||||||
|
create: true
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- vaultauth.yaml
|
||||||
|
- vaultstaticsecret.yaml
|
||||||
|
- storageclass.yaml
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: csi-cephrbd
|
||||||
@@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephrbd-fast-delete
|
||||||
|
annotations:
|
||||||
|
storageclass.kubernetes.io/is-default-class: "true"
|
||||||
|
provisioner: rbd.csi.ceph.com
|
||||||
|
reclaimPolicy: Delete
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||||
|
pool: "kubernetes"
|
||||||
|
imageFeatures: "layering"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephrbd"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephrbd"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephrbd"
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: cephrbd-fast-retain
|
||||||
|
provisioner: rbd.csi.ceph.com
|
||||||
|
reclaimPolicy: Retain
|
||||||
|
allowVolumeExpansion: true
|
||||||
|
parameters:
|
||||||
|
clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||||
|
pool: "kubernetes"
|
||||||
|
imageFeatures: "layering"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephrbd"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephrbd"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-name: "csi-rbd-secret"
|
||||||
|
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephrbd"
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultAuth
|
||||||
|
metadata:
|
||||||
|
name: ceph-csi-rbd
|
||||||
|
namespace: csi-cephrbd
|
||||||
|
spec:
|
||||||
|
method: kubernetes
|
||||||
|
mount: k8s/au/syd1
|
||||||
|
vaultConnectionRef: vso-system/default
|
||||||
|
allowedNamespaces:
|
||||||
|
- csi-cephrbd
|
||||||
|
kubernetes:
|
||||||
|
role: ceph-csi
|
||||||
|
serviceAccount: ceph-csi-rbd-csi-rbd-provisioner
|
||||||
|
audiences:
|
||||||
|
- vault
|
||||||
|
tokenExpirationSeconds: 600
|
||||||
@@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: csi-rbd-secret
|
||||||
|
namespace: csi-cephrbd
|
||||||
|
spec:
|
||||||
|
vaultAuthRef: ceph-csi-rbd
|
||||||
|
mount: kv
|
||||||
|
type: kv-v2
|
||||||
|
path: service/kubernetes/au/syd1/csi/ceph-rbd-secret
|
||||||
|
refreshAfter: 5m
|
||||||
|
destination:
|
||||||
|
name: csi-rbd-secret
|
||||||
|
create: true
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ../../../base/csi-cephfs
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: ceph-csi-cephfs
|
||||||
|
repo: https://ceph.github.io/csi-charts
|
||||||
|
version: "3.15.0"
|
||||||
|
releaseName: ceph-csi-cephfs
|
||||||
|
namespace: csi-cephfs
|
||||||
|
valuesFile: values.yaml
|
||||||
@@ -0,0 +1,41 @@
|
|||||||
|
csiConfig:
|
||||||
|
# raid6, 75% space efficiency
|
||||||
|
- clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||||
|
monitors:
|
||||||
|
- "198.18.23.9:6789"
|
||||||
|
- "198.18.23.10:6789"
|
||||||
|
- "198.18.23.11:6789"
|
||||||
|
- "198.18.23.12:6789"
|
||||||
|
- "198.18.23.13:6789"
|
||||||
|
cephFS:
|
||||||
|
subvolumeGroup: csi_ssd_ec_6_2
|
||||||
|
|
||||||
|
# raid5, 80% space efficiency
|
||||||
|
- clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||||
|
monitors:
|
||||||
|
- "198.18.23.9:6789"
|
||||||
|
- "198.18.23.10:6789"
|
||||||
|
- "198.18.23.11:6789"
|
||||||
|
- "198.18.23.12:6789"
|
||||||
|
- "198.18.23.13:6789"
|
||||||
|
cephFS:
|
||||||
|
subvolumeGroup: csi_ssd_ec_4_1
|
||||||
|
|
||||||
|
# Secret containing Ceph credentials
|
||||||
|
secret:
|
||||||
|
create: false
|
||||||
|
name: "csi-cephfs-secret"
|
||||||
|
|
||||||
|
# Storage class configuration (disabled - managed separately when needed)
|
||||||
|
storageClass:
|
||||||
|
create: false
|
||||||
|
|
||||||
|
# Provisioner configuration
|
||||||
|
provisioner:
|
||||||
|
name: csi-cephfs-provisioner
|
||||||
|
replicaCount: 3
|
||||||
|
|
||||||
|
# Image versions
|
||||||
|
image:
|
||||||
|
repository: quay.io/cephcsi/cephcsi
|
||||||
|
tag: v3.15.0
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- ../../../base/csi-cephrbd
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: ceph-csi-rbd
|
||||||
|
repo: https://ceph.github.io/csi-charts
|
||||||
|
version: "3.15.1"
|
||||||
|
releaseName: ceph-csi-rbd
|
||||||
|
namespace: csi-cephrbd
|
||||||
|
valuesFile: values.yaml
|
||||||
@@ -0,0 +1,48 @@
|
|||||||
|
csiConfig:
|
||||||
|
- clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||||
|
monitors:
|
||||||
|
- "198.18.23.9:6789"
|
||||||
|
- "198.18.23.10:6789"
|
||||||
|
- "198.18.23.11:6789"
|
||||||
|
- "198.18.23.12:6789"
|
||||||
|
- "198.18.23.13:6789"
|
||||||
|
|
||||||
|
# Secret containing Ceph credentials
|
||||||
|
secret:
|
||||||
|
create: false
|
||||||
|
name: "csi-rbd-secret"
|
||||||
|
|
||||||
|
# Storage class configuration (disabled - managed separately)
|
||||||
|
storageClass:
|
||||||
|
create: false
|
||||||
|
|
||||||
|
# CSI driver configuration
|
||||||
|
csiDriver:
|
||||||
|
name: "rbd.csi.ceph.com"
|
||||||
|
|
||||||
|
# Node plugin configuration
|
||||||
|
nodeplugin:
|
||||||
|
name: csi-rbdplugin
|
||||||
|
updateStrategy: RollingUpdate
|
||||||
|
|
||||||
|
# Provisioner configuration
|
||||||
|
provisioner:
|
||||||
|
name: csi-rbd-provisioner
|
||||||
|
replicaCount: 3
|
||||||
|
|
||||||
|
# Image versions
|
||||||
|
image:
|
||||||
|
repository: quay.io/cephcsi/cephcsi
|
||||||
|
tag: v3.15.0
|
||||||
|
|
||||||
|
# Enable snapshots
|
||||||
|
snapshotter:
|
||||||
|
image:
|
||||||
|
repository: registry.k8s.io/sig-storage/csi-snapshotter
|
||||||
|
tag: v8.0.1
|
||||||
|
|
||||||
|
# Enable volume expansion
|
||||||
|
resizer:
|
||||||
|
image:
|
||||||
|
repository: registry.k8s.io/sig-storage/csi-resizer
|
||||||
|
tag: v1.12.0
|
||||||
@@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: ApplicationSet
|
||||||
|
metadata:
|
||||||
|
name: storage-apps
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
generators:
|
||||||
|
- git:
|
||||||
|
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||||
|
revision: HEAD
|
||||||
|
directories:
|
||||||
|
- path: apps/overlays/*/csi-*
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: 'storage-{{path[3]}}' # cluster-app format (e.g., storage-csi-cephfs)
|
||||||
|
spec:
|
||||||
|
project: storage
|
||||||
|
source:
|
||||||
|
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||||
|
targetRevision: HEAD
|
||||||
|
path: '{{path}}'
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: '{{path[3]}}' # Use directory name as namespace
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
||||||
@@ -0,0 +1,32 @@
|
|||||||
|
---
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: AppProject
|
||||||
|
metadata:
|
||||||
|
name: storage
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
description: Storage infrastructure and CSI drivers
|
||||||
|
sourceRepos:
|
||||||
|
- https://git.unkin.net/unkin/argocd-apps
|
||||||
|
- https://ceph.github.io/csi-charts
|
||||||
|
destinations:
|
||||||
|
- namespace: 'csi-*'
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
clusterResourceWhitelist:
|
||||||
|
- group: ''
|
||||||
|
kind: Namespace
|
||||||
|
- group: 'rbac.authorization.k8s.io'
|
||||||
|
kind: ClusterRole
|
||||||
|
- group: 'rbac.authorization.k8s.io'
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
- group: 'apiextensions.k8s.io'
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
- group: 'storage.k8s.io'
|
||||||
|
kind: StorageClass
|
||||||
|
- group: 'storage.k8s.io'
|
||||||
|
kind: CSIDriver
|
||||||
|
- group: 'scheduling.k8s.io'
|
||||||
|
kind: PriorityClass
|
||||||
|
namespaceResourceWhitelist:
|
||||||
|
- group: '*'
|
||||||
|
kind: '*'
|
||||||
Reference in New Issue
Block a user