X-Git-Url: https://gerrit.nordix.org/gitweb?p=infra%2Fstack%2Fkubernetes.git;a=blobdiff_plain;f=apps%2Fceph%2Fkubespray%2Fplaybooks%2Froles%2Finstall%2Ftemplates%2Foperator.yaml.j2;fp=apps%2Fceph%2Fkubespray%2Fplaybooks%2Froles%2Finstall%2Ftemplates%2Foperator.yaml.j2;h=24a5db0d55b9b3b1055776ec4f00c43e856fe6b6;hp=0000000000000000000000000000000000000000;hb=a1e1f40e71a48d8c5315f37999b9123c7ea908ab;hpb=20d34e772e021fabdee0aa9b50e9804a80d5108a diff --git a/apps/ceph/kubespray/playbooks/roles/install/templates/operator.yaml.j2 b/apps/ceph/kubespray/playbooks/roles/install/templates/operator.yaml.j2 new file mode 100644 index 0000000..24a5db0 --- /dev/null +++ b/apps/ceph/kubespray/playbooks/roles/install/templates/operator.yaml.j2 @@ -0,0 +1,261 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################################################################# +# The deployment for the rook operator +# Contains the common settings for most Kubernetes deployments. +# For example, to create the rook-ceph cluster: +# kubectl create -f common.yaml +# kubectl create -f operator.yaml +# kubectl create -f cluster.yaml +# +# Also see other operator sample files for variations of operator.yaml: +# - operator-openshift.yaml: Common settings for running in OpenShift +################################################################################################################# +# OLM: BEGIN OPERATOR DEPLOYMENT +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rook-ceph-operator + namespace: "{{ rook_namespace }}" + labels: + operator: rook + storage-backend: ceph +spec: + selector: + matchLabels: + app: rook-ceph-operator + replicas: 1 + template: + metadata: + labels: + app: rook-ceph-operator + spec: + serviceAccountName: rook-ceph-system + containers: + - name: rook-ceph-operator + image: "{{ rook_repository }}:{{ rook_version }}" + args: ["ceph", "operator"] + volumeMounts: + - mountPath: /var/lib/rook + name: rook-config + - mountPath: /etc/ceph + name: default-config-dir + env: + # If the operator should only watch for cluster CRDs in the same namespace, set this to "true". + # If this is not set to true, the operator will watch for cluster CRDs in all namespaces. + - name: ROOK_CURRENT_NAMESPACE_ONLY + value: "false" + # To disable RBAC, uncomment the following: + # - name: RBAC_ENABLED + # value: "false" + # Rook Agent toleration. Will tolerate all taints with all keys. + # Choose between NoSchedule, PreferNoSchedule and NoExecute: + # - name: AGENT_TOLERATION + # value: "NoSchedule" + # (Optional) Rook Agent toleration key. Set this to the key of the taint you want to tolerate + # - name: AGENT_TOLERATION_KEY + # value: "" + # (Optional) Rook Agent tolerations list. Put here list of taints you want to tolerate in YAML format. + # - name: AGENT_TOLERATIONS + # value: | + # - effect: NoSchedule + # key: node-role.kubernetes.io/controlplane + # operator: Exists + # - effect: NoExecute + # key: node-role.kubernetes.io/etcd + # operator: Exists + # (Optional) Rook Agent NodeAffinity. + # - name: AGENT_NODE_AFFINITY + # value: "role=storage-node; storage=rook,ceph" + # (Optional) Rook Agent mount security mode. Can by `Any` or `Restricted`. + # `Any` uses Ceph admin credentials by default/fallback. + # For using `Restricted` you must have a Ceph secret in each namespace storage should be consumed from and + # set `mountUser` to the Ceph user, `mountSecret` to the Kubernetes secret name. + # to the namespace in which the `mountSecret` Kubernetes secret namespace. + # - name: AGENT_MOUNT_SECURITY_MODE + # value: "Any" + # Set the path where the Rook agent can find the flex volumes + # - name: FLEXVOLUME_DIR_PATH + # value: "" + # Set the path where kernel modules can be found + # - name: LIB_MODULES_DIR_PATH + # value: "" + # Mount any extra directories into the agent container + # - name: AGENT_MOUNTS + # value: "somemount=/host/path:/container/path,someothermount=/host/path2:/container/path2" + # Rook Discover toleration. Will tolerate all taints with all keys. + # Choose between NoSchedule, PreferNoSchedule and NoExecute: + # - name: DISCOVER_TOLERATION + # value: "NoSchedule" + # (Optional) Rook Discover toleration key. Set this to the key of the taint you want to tolerate + # - name: DISCOVER_TOLERATION_KEY + # value: "" + # (Optional) Rook Discover tolerations list. Put here list of taints you want to tolerate in YAML format. + # - name: DISCOVER_TOLERATIONS + # value: | + # - effect: NoSchedule + # key: node-role.kubernetes.io/controlplane + # operator: Exists + # - effect: NoExecute + # key: node-role.kubernetes.io/etcd + # operator: Exists + # (Optional) Discover Agent NodeAffinity. + # - name: DISCOVER_AGENT_NODE_AFFINITY + # value: "role=storage-node; storage=rook, ceph" + # Allow rook to create multiple file systems. Note: This is considered + # an experimental feature in Ceph as described at + # http://docs.ceph.com/docs/master/cephfs/experimental-features/#multiple-filesystems-within-a-ceph-cluster + # which might cause mons to crash as seen in https://github.com/rook/rook/issues/1027 + - name: ROOK_ALLOW_MULTIPLE_FILESYSTEMS + value: "false" + + # The logging level for the operator: INFO | DEBUG + - name: ROOK_LOG_LEVEL + value: "INFO" + + # The interval to check the health of the ceph cluster and update the status in the custom resource. + - name: ROOK_CEPH_STATUS_CHECK_INTERVAL + value: "60s" + + # The interval to check if every mon is in the quorum. + - name: ROOK_MON_HEALTHCHECK_INTERVAL + value: "45s" + + # The duration to wait before trying to failover or remove/replace the + # current mon with a new mon (useful for compensating flapping network). + - name: ROOK_MON_OUT_TIMEOUT + value: "600s" + + # The duration between discovering devices in the rook-discover daemonset. + - name: ROOK_DISCOVER_DEVICES_INTERVAL + value: "60m" + + # Whether to start pods as privileged that mount a host path, which includes the Ceph mon and osd pods. + # This is necessary to workaround the anyuid issues when running on OpenShift. + # For more details see https://github.com/rook/rook/issues/1314#issuecomment-355799641 + - name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED + value: "false" + + # In some situations SELinux relabelling breaks (times out) on large filesystems, and doesn't work with cephfs ReadWriteMany volumes (last relabel wins). + # Disable it here if you have similar issues. + # For more details see https://github.com/rook/rook/issues/2417 + - name: ROOK_ENABLE_SELINUX_RELABELING + value: "true" + + # In large volumes it will take some time to chown all the files. Disable it here if you have performance issues. + # For more details see https://github.com/rook/rook/issues/2254 + - name: ROOK_ENABLE_FSGROUP + value: "true" + + # Disable automatic orchestration when new devices are discovered + - name: ROOK_DISABLE_DEVICE_HOTPLUG + value: "false" + + # Whether to enable the flex driver. By default it is enabled and is fully supported, but will be deprecated in some future release + # in favor of the CSI driver. + - name: ROOK_ENABLE_FLEX_DRIVER + value: "true" + + # Whether to start the discovery daemon to watch for raw storage devices on nodes in the cluster. + # This daemon does not need to run if you are only going to create your OSDs based on StorageClassDeviceSets with PVCs. + - name: ROOK_ENABLE_DISCOVERY_DAEMON + value: "false" + + # Enable the default version of the CSI CephFS driver. To start another version of the CSI driver, see image properties below. + - name: ROOK_CSI_ENABLE_CEPHFS + value: "true" + + # Enable the default version of the CSI RBD driver. To start another version of the CSI driver, see image properties below. + - name: ROOK_CSI_ENABLE_RBD + value: "true" + - name: ROOK_CSI_ENABLE_GRPC_METRICS + value: "true" + # The default version of CSI supported by Rook will be started. To change the version + # of the CSI driver to something other than what is officially supported, change + # these images to the desired release of the CSI driver. + #- name: ROOK_CSI_CEPH_IMAGE + # value: "quay.io/cephcsi/cephcsi:v1.2.1" + #- name: ROOK_CSI_REGISTRAR_IMAGE + # value: "quay.io/k8scsi/csi-node-driver-registrar:v1.1.0" + #- name: ROOK_CSI_PROVISIONER_IMAGE + # value: "quay.io/k8scsi/csi-provisioner:v1.3.0" + #- name: ROOK_CSI_SNAPSHOTTER_IMAGE + # value: "quay.io/k8scsi/csi-snapshotter:v1.2.0" + #- name: ROOK_CSI_ATTACHER_IMAGE + # value: "quay.io/k8scsi/csi-attacher:v1.2.0" + # kubelet directory path, if kubelet configured to use other than /var/lib/kubelet path. + #- name: ROOK_CSI_KUBELET_DIR_PATH + # value: "/var/lib/kubelet" + # (Optional) Ceph Provisioner NodeAffinity. + # - name: CSI_PROVISIONER_NODE_AFFINITY + # value: "role=storage-node; storage=rook, ceph" + # (Optional) CEPH CSI provisioner tolerations list. Put here list of taints you want to tolerate in YAML format. + # CSI provisioner would be best to start on the same nodes as other ceph daemons. + # - name: CSI_PROVISIONER_TOLERATIONS + # value: | + # - effect: NoSchedule + # key: node-role.kubernetes.io/controlplane + # operator: Exists + # - effect: NoExecute + # key: node-role.kubernetes.io/etcd + # operator: Exists + # (Optional) Ceph CSI plugin NodeAffinity. + # - name: CSI_PLUGIN_NODE_AFFINITY + # value: "role=storage-node; storage=rook, ceph" + # (Optional) CEPH CSI plugin tolerations list. Put here list of taints you want to tolerate in YAML format. + # CSI plugins need to be started on all the nodes where the clients need to mount the storage. + # - name: CSI_PLUGIN_TOLERATIONS + # value: | + # - effect: NoSchedule + # key: node-role.kubernetes.io/controlplane + # operator: Exists + # - effect: NoExecute + # key: node-role.kubernetes.io/etcd + # operator: Exists + # The name of the node to pass with the downward API + - name: ROOK_CSI_CEPH_IMAGE + value: "{{ cephcsi_repository }}:{{ cephcsi_version }}" + - name: ROOK_CSI_REGISTRAR_IMAGE + value: "{{ csi_node_driver_registrar_repository }}:{{ csi_node_driver_registrar_version }}" + - name: ROOK_CSI_PROVISIONER_IMAGE + value: "{{ csi_provisioner_repository }}:{{ csi_provisioner_version }}" + - name: ROOK_CSI_SNAPSHOTTER_IMAGE + value: "{{ csi_snapshotter_repository }}:{{ csi_snapshotter_version }}" + - name: ROOK_CSI_ATTACHER_IMAGE + value: "{{ csi_attacherr_repository }}:{{ csi_attacher_version }}" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + # The pod name to pass with the downward API + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + # The pod namespace to pass with the downward API + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumes: + - name: rook-config + emptyDir: {} + - name: default-config-dir + emptyDir: {} +# OLM: END OPERATOR DEPLOYMENT