[Ceph-rgw] Add bootstrap job
The PS adds bootstrap job for ceph-rgw chart. Change-Id: I3055e1afe8072277166b8a659c940320720a0588
This commit is contained in:
parent
de5dd82ff8
commit
844d2cd16d
20
ceph-rgw/templates/bin/_bootstrap.sh.tpl
Normal file
20
ceph-rgw/templates/bin/_bootstrap.sh.tpl
Normal file
@ -0,0 +1,20 @@
|
||||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2020 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }}
|
@ -25,6 +25,11 @@ data:
|
||||
{{- if .Values.images.local_registry.active }}
|
||||
image-repo-sync.sh: |
|
||||
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
bootstrap.sh: |
|
||||
{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
init-dirs.sh: |
|
||||
|
128
ceph-rgw/templates/job-bootstrap.yaml
Normal file
128
ceph-rgw/templates/job-bootstrap.yaml
Normal file
@ -0,0 +1,128 @@
|
||||
{{/*
|
||||
Copyright 2020 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-rgw-bootstrap" }}
|
||||
{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: ceph-rgw-bootstrap
|
||||
annotations:
|
||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
{{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-keyring-placement
|
||||
{{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "bootstrap" "container" "keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
command:
|
||||
- /tmp/ceph-admin-keyring.sh
|
||||
volumeMounts:
|
||||
- name: pod-tmp
|
||||
mountPath: /tmp
|
||||
- name: pod-etc-ceph
|
||||
mountPath: /etc/ceph
|
||||
- name: ceph-rgw-bin
|
||||
mountPath: /tmp/ceph-admin-keyring.sh
|
||||
subPath: ceph-admin-keyring.sh
|
||||
readOnly: true
|
||||
- name: ceph-rgw-admin-keyring
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
readOnly: true
|
||||
containers:
|
||||
- name: ceph-rgw-bootstrap
|
||||
{{ tuple $envAll "ceph_bootstrap" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "bootstrap" "container" "bootstrap" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
command:
|
||||
- /tmp/bootstrap.sh
|
||||
volumeMounts:
|
||||
- name: pod-tmp
|
||||
mountPath: /tmp
|
||||
- name: pod-etc-ceph
|
||||
mountPath: /etc/ceph
|
||||
- name: ceph-rgw-bin
|
||||
mountPath: /tmp/bootstrap.sh
|
||||
subPath: bootstrap.sh
|
||||
readOnly: true
|
||||
- name: ceph-rgw-etc
|
||||
mountPath: /etc/ceph/ceph.conf
|
||||
subPath: ceph.conf
|
||||
readOnly: true
|
||||
- name: ceph-rgw-admin-keyring
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
emptyDir: {}
|
||||
- name: pod-etc-ceph
|
||||
emptyDir: {}
|
||||
- name: ceph-rgw-bin
|
||||
configMap:
|
||||
name: ceph-rgw-bin
|
||||
defaultMode: 0555
|
||||
- name: ceph-rgw-etc
|
||||
configMap:
|
||||
name: {{ .Values.ceph_client.configmap }}
|
||||
defaultMode: 0444
|
||||
- name: ceph-rgw-admin-keyring
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.keyrings.admin | quote }}
|
||||
{{- end }}
|
@ -25,6 +25,7 @@ release_group: null
|
||||
images:
|
||||
pull_policy: IfNotPresent
|
||||
tags:
|
||||
ceph_bootstrap: 'docker.io/openstackhelm/ceph-daemon:ubuntu_bionic-20191216'
|
||||
ceph_config_helper: 'docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20191216'
|
||||
ceph_rgw: 'docker.io/openstackhelm/ceph-daemon:ubuntu_bionic-20191216'
|
||||
dep_check: 'quay.io/airshipit/kubernetes-entrypoint:v1.0.0'
|
||||
@ -85,6 +86,16 @@ pod:
|
||||
create_s3_admin:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
bootstrap:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
container:
|
||||
keyring_placement:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
bootstrap:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
dns_policy: "ClusterFirstWithHostNet"
|
||||
replicas:
|
||||
rgw: 2
|
||||
@ -106,6 +117,13 @@ pod:
|
||||
memory: "512Mi"
|
||||
cpu: "1000m"
|
||||
jobs:
|
||||
bootstrap:
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
ceph-rgw-storage-init:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
@ -379,11 +397,6 @@ dependencies:
|
||||
s3:
|
||||
rgw: {}
|
||||
static:
|
||||
bootstrap:
|
||||
jobs: null
|
||||
services:
|
||||
- endpoint: internal
|
||||
service: ceph_mon
|
||||
rgw:
|
||||
jobs:
|
||||
- ceph-rgw-storage-init
|
||||
@ -559,6 +572,7 @@ manifests:
|
||||
configmap_etc: true
|
||||
deployment_rgw: true
|
||||
ingress_rgw: true
|
||||
job_bootstrap: false
|
||||
job_ceph_rgw_storage_init: true
|
||||
job_image_repo_sync: true
|
||||
job_ks_endpoints: true
|
||||
|
@ -37,7 +37,7 @@ deployment:
|
||||
client_secrets: false
|
||||
rgw_keystone_user_and_endpoints: false
|
||||
bootstrap:
|
||||
enabled: false
|
||||
enabled: true
|
||||
conf:
|
||||
rgw_ks:
|
||||
enabled: false
|
||||
@ -46,6 +46,8 @@ conf:
|
||||
pod:
|
||||
replicas:
|
||||
rgw: 1
|
||||
manifests:
|
||||
job_bootstrap: true
|
||||
EOF
|
||||
helm upgrade --install radosgw-osh-infra ./ceph-rgw \
|
||||
--namespace=osh-infra \
|
||||
|
Loading…
x
Reference in New Issue
Block a user