ceph

Author: AC

kubernetes/storage/ceph/README.adoc

@@ -12,10 +12,11 @@ This section describes deploying Ceph storage on Kubernetes.
 
 The following instructions and scripts were generated with information 
  obtained from 
- link:https://computingforgeeks.com/ceph-persistent-storage-for-kubernetes-with-cephfs/[computingforgeeks - Ceph Persistent Storage for Kubernetes with Cephfs]
- tutorial.
+ link:https://computingforgeeks.com/ceph-persistent-storage-for-kubernetes-with-cephfs/[computingforgeeks - Ceph Persistent Storage for Kubernetes with Cephfs] 
+ and link:https://computingforgeeks.com/persistent-storage-for-kubernetes-with-ceph-rbd/[computingforgeeks - Persistent Storage for Kubernetes with Ceph RBD]
+ tutorials.
 
-== Configure
+== Collect information
 
 Define environment variables.
 
@@ -27,16 +28,22 @@ PROXMOX_HOST=<2>
 <1> Ceph Admin Key obtained with `ceph auth get-key client.admin` using root.
 <2> Ansible inventory hostname for a proxmox host.
 
+== Configure Ceph RBD
+
+TBD
+
+== Configure Ceph OSD
+
 [sourec,bash]
 ----
-ansible-playbook kubernetes/storage/ceph/ansible/05-setup-cephfs.yaml \
+ansible-playbook kubernetes/storage/ceph/ansible/55-setup-cephfs.yaml \
   -e @kubernetes/storage/ceph/ansible/defaults/main.yaml \
   -e ceph_admin_key=${CEPH_ADM_KEY}
 ----
 
 [sourec,bash]
 ----
-ansible-playbook kubernetes/storage/ceph/ansible/10-proxmox-create-cephfs-pool.yaml \
+ansible-playbook kubernetes/storage/ceph/ansible/60-proxmox-create-cephfs-pool.yaml \
   -e @kubernetes/storage/ceph/ansible/defaults/main.yaml \
   -e proxmox_host=${PROXMOX_HOST}
 ----
@@ -47,7 +54,7 @@ Set the `ceph_monitors` variable with the list of Ceph Monitor information,
 
 [sourec,bash]
 ----
-ansible-playbook kubernetes/storage/ceph/ansible/20-setup-cephfs.yaml \
+ansible-playbook kubernetes/storage/ceph/ansible/65-setup-cephfs.yaml \
   -e @kubernetes/storage/ceph/ansible/defaults/main.yaml \
   -e @_local_config/network.yaml
 ----

kubernetes/storage/ceph/ansible/05-ceph-rbd-setup.yaml

@@ -0,0 +1,22 @@
+---
+- name: "Create LVM DaemonSet"
+  hosts: "{{ k8s_host | default('localhost') }}"
+  gather_facts: "{{ gathering_host_info | default('true') | bool == true }}"
+
+  pre_tasks:
+
+  tasks:
+
+  - name: "Create application k8s namespace"
+    kubernetes.core.k8s:
+      src: files/ceph-rbd-provisioner.yml
+      state: present
+
+  - name: "Create k8s secret with Ceph Admin key"
+    ansible.builtin.shell: |
+      kubectl create secret generic ceph-admin-secret  \
+        --type="kubernetes.io/rbd" \
+        --from-literal=key='{{ ceph_admin_key }}' \
+        --namespace=kube-system
+...
+

…torage/ceph/ansible/05-setup-cephfs.yaml …torage/ceph/ansible/55-setup-cephfs.yamlkubernetes/storage/ceph/ansible/05-setup-cephfs.yaml renamed to kubernetes/storage/ceph/ansible/55-setup-cephfs.yaml kubernetes/storage/ceph/ansible/05-setup-cephfs.yaml renamed to kubernetes/storage/ceph/ansible/55-setup-cephfs.yaml

@@ -0,0 +1,102 @@
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: rbd-provisioner
+  namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rbd-provisioner
+  namespace: kube-system
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["services"]
+    resourceNames: ["kube-dns","coredns"]
+    verbs: ["list", "get"]
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rbd-provisioner
+  namespace: kube-system
+subjects:
+  - kind: ServiceAccount
+    name: rbd-provisioner
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: rbd-provisioner
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: rbd-provisioner
+  namespace: kube-system
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["endpoints"]
+  verbs: ["get", "list", "watch", "create", "update", "patch"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: rbd-provisioner
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rbd-provisioner
+subjects:
+- kind: ServiceAccount
+  name: rbd-provisioner
+  namespace: kube-system
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rbd-provisioner
+  namespace: kube-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rbd-provisioner
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: rbd-provisioner
+    spec:
+      containers:
+      - name: rbd-provisioner
+        image: "quay.io/external_storage/rbd-provisioner:latest"
+        env:
+        - name: PROVISIONER_NAME
+          value: ceph.com/rbd
+      serviceAccount: rbd-provisioner