openstack/openstack-helm-infra
Code Issues Proposed changes

Remove unnecessary ceph provisioners templates

Browse Source 
Change-Id: Ia12a99e7c97f7af701b17e1f783d772ab44b5cd7
This commit is contained in:
Vladimir Kozhukalov 2023-03-09 05:07:14 +03:00
parent 334123e81c
commit 42752cca63
19 changed files with 6 additions and 432 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ceph-provisioners/Chart.yaml
View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Ceph Provisioner
name: ceph-provisioners
version: 0.1.22
version: 0.1.23
home: https://github.com/ceph/ceph
...

201
ceph-provisioners/templates/deployment-cephfs-provisioner.yaml
View File

@ -1,201 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.deployment_cephfs_provisioner .Values.deployment.cephfs_provisioner }}
{{- $envAll := . }}
{{- $serviceAccountName := printf "%s-%s" .Release.Name "ceph-cephfs-provisioner" }}
{{ tuple $envAll "cephfs_provisioner" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ''
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- ''
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- extensions
resources:
- podsecuritypolicies
resourceNames:
- cephfs-provisioner
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}-run-cephfs-provisioner
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ $serviceAccountName }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: ceph-cephfs-provisioner
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "cephfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.cephfs_provisioner }}
selector:
matchLabels:
{{ tuple $envAll "cephfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "cephfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
{{ dict "envAll" $envAll "podName" "ceph-cephfs-provisioner" "containerNames" (list "ceph-cephfs-provisioner" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "cephfs" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
{{ tuple $envAll "cephfs_provisioner" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
nodeSelector:
{{ .Values.labels.provisioner.node_selector_key }}: {{ .Values.labels.provisioner.node_selector_value }}
initContainers:
{{ tuple $envAll "cephfs_provisioner" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ceph-cephfs-provisioner
{{ tuple $envAll "ceph_cephfs_provisioner" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.cephfs_provisioner | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "provisioner" "container" "ceph_cephfs_provisioner" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
- name: PROVISIONER_NAME
value: {{ .Values.storageclass.cephfs.provisioner }}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
command:
- /tmp/provisioner-cephfs-start.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: pod-run
mountPath: /run
- name: pod-etc-ceph
mountPath: /etc/ceph
- name: ceph-provisioners-bin
mountPath: /tmp/provisioner-cephfs-start.sh
subPath: provisioner-cephfs-start.sh
readOnly: true
volumes:
- name: pod-tmp
emptyDir: {}
- name: pod-run
emptyDir:
medium: "Memory"
- name: pod-etc-ceph
emptyDir: {}
- name: ceph-provisioners-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }}
defaultMode: 0555
{{- end }}

191
ceph-provisioners/templates/deployment-rbd-provisioner.yaml
View File

@ -1,191 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.deployment_rbd_provisioner .Values.deployment.rbd_provisioner }}
{{- $envAll := . }}
{{- $serviceAccountName := printf "%s-%s" .Release.Name "ceph-rbd-provisioner" }}
{{ tuple $envAll "rbd_provisioner" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ''
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- ''
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- extensions
resources:
- podsecuritypolicies
resourceNames:
- rbd-provisioner
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}-run-rbd-provisioner
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ $serviceAccountName }}
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ $serviceAccountName }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: ceph-rbd-provisioner
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "rbd" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: {{ .Values.pod.replicas.rbd_provisioner }}
selector:
matchLabels:
{{ tuple $envAll "rbd" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "rbd" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
{{ dict "envAll" $envAll "podName" "ceph-rbd-provisioner" "containerNames" (list "ceph-rbd-provisioner" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "rbd" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
{{ tuple $envAll "rbd_provisioner" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
nodeSelector:
{{ .Values.labels.provisioner.node_selector_key }}: {{ .Values.labels.provisioner.node_selector_value }}
initContainers:
{{ tuple $envAll "rbd_provisioner" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ceph-rbd-provisioner
{{ tuple $envAll "ceph_rbd_provisioner" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.rbd_provisioner | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "provisioner" "container" "ceph_rbd_provisioner" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
- name: PROVISIONER_NAME
value: {{ .Values.storageclass.rbd.provisioner }}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
command:
- /tmp/provisioner-rbd-start.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: pod-run
mountPath: /run
- name: pod-etc-ceph
mountPath: /etc/ceph
- name: ceph-provisioners-bin
mountPath: /tmp/provisioner-rbd-start.sh
subPath: provisioner-rbd-start.sh
readOnly: true
volumes:
- name: pod-tmp
emptyDir: {}
- name: pod-run
emptyDir:
medium: "Memory"
- name: pod-etc-ceph
emptyDir: {}
- name: ceph-provisioners-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }}
defaultMode: 0555
{{- end }}

8
ceph-provisioners/values.yaml
View File

@ -23,8 +23,6 @@ deployment:
# Original rbd_provisioner and cephfs_provisioner are now DEPRECATED. They
# will be removed in the next release; CSI provisioners should be used
# instead.
rbd_provisioner: false
cephfs_provisioner: false
release_group: null
@ -372,7 +370,7 @@ bootstrap:
# and derive the manifest.
storageclass:
rbd:
provision_storage_class: true
provision_storage_class: false
provisioner: ceph.com/rbd
ceph_configmap_name: ceph-etc
metadata:
@ -411,7 +409,7 @@ storageclass:
userId: admin
userSecretName: pvc-ceph-client-key
cephfs:
provision_storage_class: true
provision_storage_class: false
provisioner: ceph.com/cephfs
metadata:
name: cephfs
@ -467,11 +465,9 @@ manifests:
configmap_bin: true
configmap_bin_common: true
configmap_etc: true
deployment_rbd_provisioner: true
# Original rbd_provisioner is now DEPRECATED. It will be removed in the
# next release; CSI RBD provisioner should be used instead.
deployment_csi_rbd_provisioner: true
deployment_cephfs_provisioner: true
job_bootstrap: false
job_cephfs_client_key: true
job_image_repo_sync: true

1
releasenotes/notes/ceph-provisioners.yaml
View File

@ -22,4 +22,5 @@ ceph-provisioners:
- 0.1.20 Add missing CRDs for volume snapshots (classes, contents)
- 0.1.21 Added OCI registry authentication
- 0.1.22 Remove legacy Ceph provisioners
- 0.1.23 Remove unnecessary templates
...

3
tools/deployment/multinode/030-ceph.sh
View File

@ -55,9 +55,7 @@ network:
deployment:
storage_secrets: true
ceph: true
rbd_provisioner: true
csi_rbd_provisioner: true
cephfs_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:
@ -104,7 +102,6 @@ storageclass:
provision_storage_class: false
manifests:
cronjob_defragosds: true
deployment_cephfs_provisioner: false
job_cephfs_client_key: false
EOF

2
tools/deployment/multinode/035-ceph-ns-activate.sh
View File

@ -27,9 +27,7 @@ network:
deployment:
storage_secrets: false
ceph: false
rbd_provisioner: false
csi_rbd_provisioner: false
cephfs_provisioner: false
client_secrets: true
rgw_keystone_user_and_endpoints: false
storageclass:

2
tools/deployment/multinode/115-radosgw-osh-infra.sh
View File

@ -32,9 +32,7 @@ network:
deployment:
storage_secrets: false
ceph: true
rbd_provisioner: false
csi_rbd_provisioner: false
cephfs_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:

2
tools/deployment/openstack-support/025-ceph-ns-activate.sh
View File

@ -29,9 +29,7 @@ network:
deployment:
storage_secrets: false
ceph: false
rbd_provisioner: false
csi_rbd_provisioner: false
cephfs_provisioner: false
client_secrets: true
rgw_keystone_user_and_endpoints: false
bootstrap:

2
tools/deployment/osh-infra-logging-tls/020-ceph.sh
View File

@ -61,9 +61,7 @@ network:
deployment:
storage_secrets: true
ceph: true
rbd_provisioner: true
csi_rbd_provisioner: true
cephfs_provisioner: true
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:

2
tools/deployment/osh-infra-logging-tls/025-ceph-ns-activate.sh
View File

@ -29,9 +29,7 @@ network:
deployment:
storage_secrets: false
ceph: false
rbd_provisioner: false
csi_rbd_provisioner: false
cephfs_provisioner: false
client_secrets: true
rgw_keystone_user_and_endpoints: false
bootstrap:

2
tools/deployment/osh-infra-logging-tls/030-radosgw-osh-infra.sh
View File

@ -33,9 +33,7 @@ network:
deployment:
storage_secrets: false
ceph: true
rbd_provisioner: false
csi_rbd_provisioner: false
cephfs_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:

2
tools/deployment/osh-infra-logging/020-ceph.sh
View File

@ -61,9 +61,7 @@ network:
deployment:
storage_secrets: true
ceph: true
rbd_provisioner: true
csi_rbd_provisioner: true
cephfs_provisioner: true
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:

2
tools/deployment/osh-infra-logging/025-ceph-ns-activate.sh
View File

@ -29,9 +29,7 @@ network:
deployment:
storage_secrets: false
ceph: false
rbd_provisioner: false
csi_rbd_provisioner: false
cephfs_provisioner: false
client_secrets: true
rgw_keystone_user_and_endpoints: false
bootstrap:

2
tools/deployment/osh-infra-logging/030-radosgw-osh-infra.sh
View File

@ -30,9 +30,7 @@ network:
deployment:
storage_secrets: false
ceph: true
rbd_provisioner: false
csi_rbd_provisioner: false
cephfs_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:

3
tools/deployment/tenant-ceph/030-ceph.sh
View File

@ -56,9 +56,7 @@ network:
deployment:
storage_secrets: true
ceph: true
rbd_provisioner: false
csi_rbd_provisioner: true
cephfs_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: false
jobs:
@ -77,7 +75,6 @@ jobs:
manifests:
deployment_mds: false
cronjob_defragosds: true
deployment_cephfs_provisioner: false
job_cephfs_client_key: false
bootstrap:
enabled: true

3
tools/deployment/tenant-ceph/040-tenant-ceph.sh
View File

@ -64,9 +64,7 @@ network:
deployment:
storage_secrets: true
ceph: true
rbd_provisioner: false
csi_rbd_provisioner: false
cephfs_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: false
labels:
@ -116,7 +114,6 @@ jobs:
manifests:
deployment_mds: false
cronjob_defragosds: true
deployment_cephfs_provisioner: false
job_cephfs_client_key: false
ceph_mgr_modules_config:
prometheus:

6
tools/deployment/tenant-ceph/045-tenant-ceph-ns-activate.sh
View File

@ -34,9 +34,7 @@ network:
deployment:
storage_secrets: false
ceph: false
rbd_provisioner: false
csi_rbd_provisioner: false
cephfs_provisioner: false
client_secrets: true
rgw_keystone_user_and_endpoints: false
bootstrap:
@ -46,7 +44,7 @@ conf:
enabled: true
storageclass:
rbd:
provision_storage_class: true
provision_storage_class: false
metadata:
name: tenant-rbd
parameters:
@ -63,7 +61,7 @@ storageclass:
adminSecretNamespace: tenant-ceph
userSecretName: pvc-tenant-ceph-client-key
cephfs:
provision_storage_class: true
provision_storage_class: false
metadata:
name: cephfs
parameters:

2
tools/deployment/tenant-ceph/060-radosgw-openstack.sh
View File

@ -37,9 +37,7 @@ network:
deployment:
storage_secrets: false
ceph: true
rbd_provisioner: false
csi_rbd_provisioner: false
cephfs_provisioner: false
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap: