add csi ceph

inventory/ghp/sample/group_vars/all/versions.yaml

@@ -2,8 +2,14 @@
 metallb_version: 0.13.10
 
 # NFS provisioners
-nfs_client_provisioner_hdd_version: 4.0.14
-nfs_client_provisioner_ssd_version: 4.0.14
+nfs_client_provisioner_hdd_version: 4.0.18
+nfs_client_provisioner_ssd_version: 4.0.18
+
+# CSI Ceph RBD provisioner
+ceph_csi_rbd_version: 3.8.0
+
+# CSI CephFS provisioner
+ceph_csi_cephfs_version: 3.8.0
 
 # Cert-manager
 cert_manager_version: 1.12.1

playbooks/ghp/core-infra.yaml

@@ -68,6 +68,18 @@
     when: nfs_client_provisioner_enabled | default(true)
     tags: nfs-client-provisioner
   
+  - name: Deploy CSI Ceph RBD
+    import_role: 
+      name: ceph-csi-rbd
+    when: ceph_csi_rbd_enabled | default(false)
+    tags: ceph-csi-rbd
+
+  - name: Deploy CSI CephFS
+    import_role: 
+      name: ceph-csi-cephfs
+    when: ceph_csi_cephfs_enabled | default(false)
+    tags: ceph-csi-cephfs
+
   - name: Deploy Metrics-server
     import_role: 
       name: metrics-server

roles/ceph-csi-cephfs/defaults/main.yaml

@@ -0,0 +1,37 @@
+ceph_csi_cephfs_namespace: "ceph-csi-cephfs"
+ceph_csi_cephfs_chart_ref: "ceph-csi/ceph-csi-cephfs"
+ceph_csi_cephfs_default_values:
+  nodeplugin:
+    httpMetrics:
+      # Fix nginx conflict
+      containerPort: 8083
+  storageClass:
+    # Specifies whether the storageclass should be created
+    create: true
+    name: csi-cephfs-sc
+  
+    # Annotations for the storage class
+    # Example:
+    # annotations:
+    #   storageclass.kubernetes.io/is-default-class: "true"
+    annotations: {}
+  
+    # (required) String representing a Ceph cluster to provision storage from.
+    # Should be unique across all Ceph clusters in use for provisioning,
+    # cannot be greater than 36 bytes in length, and should remain immutable for
+    # the lifetime of the StorageClass in use.
+    clusterID: ceph
+  
+    # (required) CephFS filesystem name into which the volume shall be created
+    # eg: fsName: myfs
+    fsName: cephfs
+  
+  secret:
+    # Specifies whether the secret should be created
+    create: true
+    name: csi-cephfs-secret
+    # Key values correspond to a user name and its key, as defined in the
+    # ceph cluster. User ID should have required access to the 'pool'
+    # specified in the storage class
+    userID: ""
+    userKey: ""

roles/ceph-csi-cephfs/tasks/main.yaml

@@ -0,0 +1,12 @@
+- set_fact:
+    ceph_csi_cephfs_combined_values: "{{ ceph_csi_cephfs_default_values | combine(ceph_csi_cephfs_values, recursive=true) }}"
+
+- name: Deploy CSI CephFS {{ ceph_csi_cephfs_version }}
+  kubernetes.core.helm:
+    create_namespace: true
+    release_namespace: "{{ ceph_csi_cephfs_namespace | default('ceph-csi-cephfs') }}"
+    release_name: "{{ ceph_csi_cephfs_name | default('ceph-csi-cephfs') }}"
+    chart_ref: "{{ ceph_csi_cephfs_chart_ref }}"
+    chart_version: "{{ ceph_csi_cephfs_version | default(omit) }}"
+    release_values: "{{ ceph_csi_cephfs_combined_values | from_yaml | default(omit) }}"
+    #wait: true

roles/ceph-csi-rbd/defaults/main.yaml

@@ -0,0 +1,37 @@
+ceph_csi_rbd_namespace: "ceph-csi-rbd"
+ceph_csi_rbd_chart_ref: "ceph-csi/ceph-csi-rbd"
+ceph_csi_rbd_default_values:
+  nodeplugin:
+    httpMetrics:
+      # Fix nginx conflict
+      containerPort: 8082
+  storageClass:
+    # Specifies whether the storageclass should be created
+    create: true
+    name: csi-rbd-sc
+  
+    # Annotations for the storage class
+    # Example:
+    # annotations:
+    #   storageclass.kubernetes.io/is-default-class: "true"
+    annotations: {}
+  
+    # (required) String representing a Ceph cluster to provision storage from.
+    # Should be unique across all Ceph clusters in use for provisioning,
+    # cannot be greater than 36 bytes in length, and should remain immutable for
+    # the lifetime of the StorageClass in use.
+    clusterID: ceph
+  
+    # (required) Ceph pool into which the RBD image shall be created
+    # eg: pool: replicapool
+    pool: k8s
+  
+  secret:
+    # Specifies whether the secret should be created
+    create: true
+    name: csi-rbd-secret
+    # Key values correspond to a user name and its key, as defined in the
+    # ceph cluster. User ID should have required access to the 'pool'
+    # specified in the storage class
+    userID: ""
+    userKey: ""

roles/ceph-csi-rbd/tasks/main.yaml

@@ -0,0 +1,12 @@
+- set_fact:
+    ceph_csi_rbd_combined_values: "{{ ceph_csi_rbd_default_values | combine(ceph_csi_rbd_values, recursive=true) }}"
+
+- name: Deploy CSI Ceph RBD {{ ceph_csi_rbd_version }}
+  kubernetes.core.helm:
+    create_namespace: true
+    release_namespace: "{{ ceph_csi_rbd_namespace | default('ceph-csi-rbd') }}"
+    release_name: "{{ ceph_csi_rbd_name | default('ceph-csi-rbd') }}"
+    chart_ref: "{{ ceph_csi_rbd_chart_ref }}"
+    chart_version: "{{ ceph_csi_rbd_version | default(omit) }}"
+    release_values: "{{ ceph_csi_rbd_combined_values | from_yaml | default(omit) }}"
+    #wait: true

roles/cert-manager/defaults/main.yaml

@@ -1,6 +1,6 @@
 cert_manager_chart_ref: "jetstack/cert-manager"
 cert_manager_namespace: "cert-manager"
-lets_encrypt_mailbox: "admin@{{ domain }}"
+ceph_manager_lets_encrypt_mailbox: "admin@{{ domain }}"
 cert_manager_base64_tsig_key: "{{ k8s_tsig | b64encode }}"
 cert_manager_default_values:
   installCRDs: true

roles/cert-manager/tasks/main.yaml

@@ -37,7 +37,7 @@
           # The ACME server URL
           server: https://acme-v02.api.letsencrypt.org/directory
           # Email address used for ACME registration
-          email: "{{ lets_encrypt_mailbox }}"
+          email: "{{ cert_manager_lets_encrypt_mailbox }}"
           # Name of a secret used to store the ACME account private key
           privateKeySecretRef:
             name: letsencrypt-prod
@@ -68,7 +68,7 @@
           # The ACME server URL
           server: https://acme-staging-v02.api.letsencrypt.org/directory
           # Email address used for ACME registration
-          email: "{{ lets_encrypt_mailbox }}"
+          email: "{{ cert_manager_lets_encrypt_mailbox }}"
           # Name of a secret used to store the ACME account private key
           privateKeySecretRef:
             name: letsencrypt-staging