feat: migrate CSI drivers to dedicated storage project
- Migrate csi-cephfs from Terraform to ArgoCD - Migrate csi-cephrbd from Terraform to ArgoCD - Create dedicated storage project and ApplicationSet for CSI drivers - Add csi-* pattern matching in storage ApplicationSet - Remove CSI apps from platform project to separate concerns
This commit is contained in:
@@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- vaultauth.yaml
|
||||
- vaultstaticsecret.yaml
|
||||
- storageclass.yaml
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: csi-cephfs
|
||||
@@ -0,0 +1,83 @@
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephfs-raid6-delete
|
||||
provisioner: cephfs.csi.ceph.com
|
||||
reclaimPolicy: Delete
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||
fsName: "cephfs"
|
||||
subVolumeGroup: csi_ssd_ec_6_2
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephfs-raid6-retain
|
||||
provisioner: cephfs.csi.ceph.com
|
||||
reclaimPolicy: Retain
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "cephfs_csi_ssd_ec_6_2"
|
||||
fsName: "cephfs"
|
||||
subVolumeGroup: csi_ssd_ec_6_2
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephfs-raid5-delete
|
||||
provisioner: cephfs.csi.ceph.com
|
||||
reclaimPolicy: Delete
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||
fsName: "cephfs"
|
||||
subVolumeGroup: csi_ssd_ec_4_1
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephfs-raid5-retain
|
||||
provisioner: cephfs.csi.ceph.com
|
||||
reclaimPolicy: Retain
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "cephfs_csi_ssd_ec_4_1"
|
||||
fsName: "cephfs"
|
||||
subVolumeGroup: csi_ssd_ec_4_1
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephfs"
|
||||
csi.storage.k8s.io/controller-publish-secret-name: "csi-cephfs-secret"
|
||||
csi.storage.k8s.io/controller-publish-secret-namespace: "csi-cephfs"
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultAuth
|
||||
metadata:
|
||||
name: ceph-csi-cephfs
|
||||
namespace: csi-cephfs
|
||||
spec:
|
||||
method: kubernetes
|
||||
mount: k8s/au/syd1
|
||||
vaultConnectionRef: vso-system/default
|
||||
allowedNamespaces:
|
||||
- csi-cephfs
|
||||
kubernetes:
|
||||
role: ceph-csi
|
||||
serviceAccount: ceph-csi-cephfs-csi-cephfs-provisioner
|
||||
audiences:
|
||||
- vault
|
||||
tokenExpirationSeconds: 600
|
||||
@@ -0,0 +1,15 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: csi-cephfs-secret
|
||||
namespace: csi-cephfs
|
||||
spec:
|
||||
vaultAuthRef: ceph-csi-cephfs
|
||||
mount: kv
|
||||
type: kv-v2
|
||||
path: service/kubernetes/au/syd1/csi/ceph-cephfs-secret
|
||||
refreshAfter: 5m
|
||||
destination:
|
||||
name: csi-cephfs-secret
|
||||
create: true
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- vaultauth.yaml
|
||||
- vaultstaticsecret.yaml
|
||||
- storageclass.yaml
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: csi-cephrbd
|
||||
@@ -0,0 +1,39 @@
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephrbd-fast-delete
|
||||
annotations:
|
||||
storageclass.kubernetes.io/is-default-class: "true"
|
||||
provisioner: rbd.csi.ceph.com
|
||||
reclaimPolicy: Delete
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||
pool: "kubernetes"
|
||||
imageFeatures: "layering"
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephrbd"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephrbd"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephrbd"
|
||||
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: cephrbd-fast-retain
|
||||
provisioner: rbd.csi.ceph.com
|
||||
reclaimPolicy: Retain
|
||||
allowVolumeExpansion: true
|
||||
parameters:
|
||||
clusterID: "de96a98f-3d23-465a-a899-86d3d67edab8"
|
||||
pool: "kubernetes"
|
||||
imageFeatures: "layering"
|
||||
csi.storage.k8s.io/provisioner-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/provisioner-secret-namespace: "csi-cephrbd"
|
||||
csi.storage.k8s.io/controller-expand-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/controller-expand-secret-namespace: "csi-cephrbd"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "csi-rbd-secret"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "csi-cephrbd"
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultAuth
|
||||
metadata:
|
||||
name: ceph-csi-rbd
|
||||
namespace: csi-cephrbd
|
||||
spec:
|
||||
method: kubernetes
|
||||
mount: k8s/au/syd1
|
||||
vaultConnectionRef: vso-system/default
|
||||
allowedNamespaces:
|
||||
- csi-cephrbd
|
||||
kubernetes:
|
||||
role: ceph-csi
|
||||
serviceAccount: ceph-csi-rbd-csi-rbd-provisioner
|
||||
audiences:
|
||||
- vault
|
||||
tokenExpirationSeconds: 600
|
||||
@@ -0,0 +1,15 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: csi-rbd-secret
|
||||
namespace: csi-cephrbd
|
||||
spec:
|
||||
vaultAuthRef: ceph-csi-rbd
|
||||
mount: kv
|
||||
type: kv-v2
|
||||
path: service/kubernetes/au/syd1/csi/ceph-rbd-secret
|
||||
refreshAfter: 5m
|
||||
destination:
|
||||
name: csi-rbd-secret
|
||||
create: true
|
||||
Reference in New Issue
Block a user