From b44245392e4b3c9250ee9ee3047f91a800e15ef8 Mon Sep 17 00:00:00 2001 From: ace Date: Sun, 11 Jun 2023 02:50:22 +0300 Subject: [PATCH] add csi ceph --- .../ghp/sample/group_vars/all/versions.yaml | 10 ++++- playbooks/ghp/core-infra.yaml | 12 ++++++ roles/ceph-csi-cephfs/defaults/main.yaml | 37 +++++++++++++++++++ roles/ceph-csi-cephfs/tasks/main.yaml | 12 ++++++ roles/ceph-csi-rbd/defaults/main.yaml | 37 +++++++++++++++++++ roles/ceph-csi-rbd/tasks/main.yaml | 12 ++++++ roles/cert-manager/defaults/main.yaml | 2 +- roles/cert-manager/tasks/main.yaml | 4 +- 8 files changed, 121 insertions(+), 5 deletions(-) create mode 100644 roles/ceph-csi-cephfs/defaults/main.yaml create mode 100644 roles/ceph-csi-cephfs/tasks/main.yaml create mode 100644 roles/ceph-csi-rbd/defaults/main.yaml create mode 100644 roles/ceph-csi-rbd/tasks/main.yaml diff --git a/inventory/ghp/sample/group_vars/all/versions.yaml b/inventory/ghp/sample/group_vars/all/versions.yaml index 2947c70..ba3cf77 100644 --- a/inventory/ghp/sample/group_vars/all/versions.yaml +++ b/inventory/ghp/sample/group_vars/all/versions.yaml @@ -2,8 +2,14 @@ metallb_version: 0.13.10 # NFS provisioners -nfs_client_provisioner_hdd_version: 4.0.14 -nfs_client_provisioner_ssd_version: 4.0.14 +nfs_client_provisioner_hdd_version: 4.0.18 +nfs_client_provisioner_ssd_version: 4.0.18 + +# CSI Ceph RBD provisioner +ceph_csi_rbd_version: 3.8.0 + +# CSI CephFS provisioner +ceph_csi_cephfs_version: 3.8.0 # Cert-manager cert_manager_version: 1.12.1 diff --git a/playbooks/ghp/core-infra.yaml b/playbooks/ghp/core-infra.yaml index 6281b84..12ad9d7 100644 --- a/playbooks/ghp/core-infra.yaml +++ b/playbooks/ghp/core-infra.yaml @@ -68,6 +68,18 @@ when: nfs_client_provisioner_enabled | default(true) tags: nfs-client-provisioner + - name: Deploy CSI Ceph RBD + import_role: + name: ceph-csi-rbd + when: ceph_csi_rbd_enabled | default(false) + tags: ceph-csi-rbd + + - name: Deploy CSI CephFS + import_role: + name: ceph-csi-cephfs + when: ceph_csi_cephfs_enabled | default(false) + tags: ceph-csi-cephfs + - name: Deploy Metrics-server import_role: name: metrics-server diff --git a/roles/ceph-csi-cephfs/defaults/main.yaml b/roles/ceph-csi-cephfs/defaults/main.yaml new file mode 100644 index 0000000..b5418a1 --- /dev/null +++ b/roles/ceph-csi-cephfs/defaults/main.yaml @@ -0,0 +1,37 @@ +ceph_csi_cephfs_namespace: "ceph-csi-cephfs" +ceph_csi_cephfs_chart_ref: "ceph-csi/ceph-csi-cephfs" +ceph_csi_cephfs_default_values: + nodeplugin: + httpMetrics: + # Fix nginx conflict + containerPort: 8083 + storageClass: + # Specifies whether the storageclass should be created + create: true + name: csi-cephfs-sc + + # Annotations for the storage class + # Example: + # annotations: + # storageclass.kubernetes.io/is-default-class: "true" + annotations: {} + + # (required) String representing a Ceph cluster to provision storage from. + # Should be unique across all Ceph clusters in use for provisioning, + # cannot be greater than 36 bytes in length, and should remain immutable for + # the lifetime of the StorageClass in use. + clusterID: ceph + + # (required) CephFS filesystem name into which the volume shall be created + # eg: fsName: myfs + fsName: cephfs + + secret: + # Specifies whether the secret should be created + create: true + name: csi-cephfs-secret + # Key values correspond to a user name and its key, as defined in the + # ceph cluster. User ID should have required access to the 'pool' + # specified in the storage class + userID: "" + userKey: "" diff --git a/roles/ceph-csi-cephfs/tasks/main.yaml b/roles/ceph-csi-cephfs/tasks/main.yaml new file mode 100644 index 0000000..ea0f06b --- /dev/null +++ b/roles/ceph-csi-cephfs/tasks/main.yaml @@ -0,0 +1,12 @@ +- set_fact: + ceph_csi_cephfs_combined_values: "{{ ceph_csi_cephfs_default_values | combine(ceph_csi_cephfs_values, recursive=true) }}" + +- name: Deploy CSI CephFS {{ ceph_csi_cephfs_version }} + kubernetes.core.helm: + create_namespace: true + release_namespace: "{{ ceph_csi_cephfs_namespace | default('ceph-csi-cephfs') }}" + release_name: "{{ ceph_csi_cephfs_name | default('ceph-csi-cephfs') }}" + chart_ref: "{{ ceph_csi_cephfs_chart_ref }}" + chart_version: "{{ ceph_csi_cephfs_version | default(omit) }}" + release_values: "{{ ceph_csi_cephfs_combined_values | from_yaml | default(omit) }}" + #wait: true diff --git a/roles/ceph-csi-rbd/defaults/main.yaml b/roles/ceph-csi-rbd/defaults/main.yaml new file mode 100644 index 0000000..996a9d6 --- /dev/null +++ b/roles/ceph-csi-rbd/defaults/main.yaml @@ -0,0 +1,37 @@ +ceph_csi_rbd_namespace: "ceph-csi-rbd" +ceph_csi_rbd_chart_ref: "ceph-csi/ceph-csi-rbd" +ceph_csi_rbd_default_values: + nodeplugin: + httpMetrics: + # Fix nginx conflict + containerPort: 8082 + storageClass: + # Specifies whether the storageclass should be created + create: true + name: csi-rbd-sc + + # Annotations for the storage class + # Example: + # annotations: + # storageclass.kubernetes.io/is-default-class: "true" + annotations: {} + + # (required) String representing a Ceph cluster to provision storage from. + # Should be unique across all Ceph clusters in use for provisioning, + # cannot be greater than 36 bytes in length, and should remain immutable for + # the lifetime of the StorageClass in use. + clusterID: ceph + + # (required) Ceph pool into which the RBD image shall be created + # eg: pool: replicapool + pool: k8s + + secret: + # Specifies whether the secret should be created + create: true + name: csi-rbd-secret + # Key values correspond to a user name and its key, as defined in the + # ceph cluster. User ID should have required access to the 'pool' + # specified in the storage class + userID: "" + userKey: "" diff --git a/roles/ceph-csi-rbd/tasks/main.yaml b/roles/ceph-csi-rbd/tasks/main.yaml new file mode 100644 index 0000000..bdaef5e --- /dev/null +++ b/roles/ceph-csi-rbd/tasks/main.yaml @@ -0,0 +1,12 @@ +- set_fact: + ceph_csi_rbd_combined_values: "{{ ceph_csi_rbd_default_values | combine(ceph_csi_rbd_values, recursive=true) }}" + +- name: Deploy CSI Ceph RBD {{ ceph_csi_rbd_version }} + kubernetes.core.helm: + create_namespace: true + release_namespace: "{{ ceph_csi_rbd_namespace | default('ceph-csi-rbd') }}" + release_name: "{{ ceph_csi_rbd_name | default('ceph-csi-rbd') }}" + chart_ref: "{{ ceph_csi_rbd_chart_ref }}" + chart_version: "{{ ceph_csi_rbd_version | default(omit) }}" + release_values: "{{ ceph_csi_rbd_combined_values | from_yaml | default(omit) }}" + #wait: true diff --git a/roles/cert-manager/defaults/main.yaml b/roles/cert-manager/defaults/main.yaml index 1f86e81..ef318fc 100644 --- a/roles/cert-manager/defaults/main.yaml +++ b/roles/cert-manager/defaults/main.yaml @@ -1,6 +1,6 @@ cert_manager_chart_ref: "jetstack/cert-manager" cert_manager_namespace: "cert-manager" -lets_encrypt_mailbox: "admin@{{ domain }}" +ceph_manager_lets_encrypt_mailbox: "admin@{{ domain }}" cert_manager_base64_tsig_key: "{{ k8s_tsig | b64encode }}" cert_manager_default_values: installCRDs: true diff --git a/roles/cert-manager/tasks/main.yaml b/roles/cert-manager/tasks/main.yaml index 422d683..875d7cb 100644 --- a/roles/cert-manager/tasks/main.yaml +++ b/roles/cert-manager/tasks/main.yaml @@ -37,7 +37,7 @@ # The ACME server URL server: https://acme-v02.api.letsencrypt.org/directory # Email address used for ACME registration - email: "{{ lets_encrypt_mailbox }}" + email: "{{ cert_manager_lets_encrypt_mailbox }}" # Name of a secret used to store the ACME account private key privateKeySecretRef: name: letsencrypt-prod @@ -68,7 +68,7 @@ # The ACME server URL server: https://acme-staging-v02.api.letsencrypt.org/directory # Email address used for ACME registration - email: "{{ lets_encrypt_mailbox }}" + email: "{{ cert_manager_lets_encrypt_mailbox }}" # Name of a secret used to store the ACME account private key privateKeySecretRef: name: letsencrypt-staging