rook-ceph

This commit is contained in:
auricom
2021-04-18 16:31:34 +02:00
parent 1cd0f3a16a
commit 593e9b1d4d
63 changed files with 583 additions and 161 deletions

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -58,17 +58,22 @@ spec:
tls:
- hosts:
- "recipes.${SECRET_CLUSTER_DOMAIN}"
persistence:
config:
enabled: false
media:
enabled: true
additionalVolumes:
- name: files
persistentVolumeClaim:
claimName: recipes-files
- name: recipes-config
configMap:
name: recipes-config
additionalVolumeMounts:
- name: files
mountPath: /opt/recipes/mediafiles
existingClaim: recipes-media
static:
enabled: true
subPath: media
- name: files
mountPath: /opt/recipes/staticfiles
existingClaim: recipes-static
subPath: static
additionalContainers:
- name: nginx
image: nginx:1.19.10
@@ -76,10 +81,12 @@ spec:
- containerPort: 80
name: http
volumeMounts:
- name: media
- name: files
mountPath: "/media"
- name: static
subPath: media
- name: files
mountPath: "/static"
subPath: static
- name: recipes-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx-config

View File

@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- volumes.yaml
- volume.yaml

View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: recipes-files
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -1,26 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: recipes-media
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: recipes-static
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 1Gi

View File

@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- statefulset.yaml
- volumes.yaml
- volume.yaml

View File

@@ -39,8 +39,9 @@ spec:
- containerPort: 55555
name: com-claude
volumeMounts:
- name: config-claude
- name: config
mountPath: /config
subPath: claude
- name: sync-conf-claude
mountPath: /config/sync.conf
subPath: sync.conf
@@ -72,8 +73,9 @@ spec:
- containerPort: 55556
name: com-helene
volumeMounts:
- name: config-helene
- name: config
mountPath: /config
subPath: helene
- name: sync-conf-helene
mountPath: /config/sync.conf
subPath: sync.conf
@@ -82,18 +84,15 @@ spec:
- name: nfs-backups-data
mountPath: /sync/backup
volumes:
- name: config
persistentVolumeClaim:
claimName: resilio-sync-config
- name: sync-conf-claude
configMap:
name: resilio-sync-claude-conf
- name: sync-conf-helene
configMap:
name: resilio-sync-helene-conf
- name: config-claude
persistentVolumeClaim:
claimName: resilio-sync-config-claude
- name: config-helene
persistentVolumeClaim:
claimName: resilio-sync-config-helene
- name: home-claude-data
persistentVolumeClaim:
claimName: nfs-home-claude-data

View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: resilio-sync-config
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -1,26 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: resilio-sync-config-claude
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: resilio-sync-config-helene
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 15Gi
storage: 10Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 10Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 10Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 10Gi

View File

@@ -27,7 +27,7 @@ spec:
homeassistant: true
device_options:
retain: true
permit_join: false
permit_join: true
mqtt:
base_topic: zigbee2mqtt
server: "mqtt://vernemq"

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 10Gi
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 10Gi

View File

@@ -24,7 +24,7 @@ spec:
email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
global:
persistence:
storageClass: longhorn
storageClass: rook-ceph-block
auth:
tokenAuth:
enabled: true

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 20Gi
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 20Gi
storage: 30Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 20Gi

View File

@@ -21,14 +21,17 @@ spec:
repository: lycheeorg/lychee-laravel
pullPolicy: IfNotPresent
tag: v4.2.2
strategy:
type: Recreate
service:
port:
port: 80
annotations:
prometheus.io/probe: "true"
prometheus.io/protocol: http
ingress:
enabled: true
annotations:
@@ -44,6 +47,7 @@ spec:
tls:
- hosts:
- "lychee.${SECRET_CLUSTER_DOMAIN}"
env:
PHP_TZ: Europe/Paris
DB_CONNECTION: pgsql
@@ -52,20 +56,22 @@ spec:
DB_DATABASE: lychee
DB_USERNAME: lychee
DB_PASSWORD: ${SECRET_LYCHEE_DB_PASSWORD}
persistence:
config:
enabled: true
mountPath: /conf
existingClaim: lychee-config
uploads:
enabled: true
mountPath: /uploads
existingClaim: lychee-uploads
sym:
enabled: true
mountPath: /sym
existingClaim: lychee-sym
photo:
enabled: true
mountPath: /mnt/storage/photo
existingClaim: nfs-photo-media
readOnly: true
additionalVolumes:
- name: files
persistentVolumeClaim:
claimName: lychee-files
additionalVolumeMounts:
- name: files
mountPath: /uploads
subPath: uploads
- name: files
mountPath: /sym
subPath: sym

View File

@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- volumes.yaml
- volume.yaml

View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lychee-files
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 100Gi

View File

@@ -1,39 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lychee-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lychee-uploads
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lychee-sym
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

View File

@@ -66,6 +66,11 @@ spec:
forecastle.stakater.com/appName: "Radarr"
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Radarr/Radarr/develop/Logo/256.png"
forecastle.stakater.com/network-restricted: "true"
# -- Nginx client Body Buffer Size
nginx.ingress.kubernetes.io/client-body-buffer-size: "20m"
# -- Nginx Proxy Body Size
nginx.ingress.kubernetes.io/proxy-body-size: "20m"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
hosts:
- host: radarr.${SECRET_CLUSTER_DOMAIN}
paths:

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 20Gi

View File

@@ -46,6 +46,11 @@ spec:
forecastle.stakater.com/appName: "Sonarr"
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Sonarr/Sonarr/develop/Logo/256.png"
forecastle.stakater.com/network-restricted: "true"
# -- Nginx client Body Buffer Size
nginx.ingress.kubernetes.io/client-body-buffer-size: "20m"
# -- Nginx Proxy Body Size
nginx.ingress.kubernetes.io/proxy-body-size: "20m"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
hosts:
- host: sonarr.${SECRET_CLUSTER_DOMAIN}
paths:

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 20Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 2Gi
storage: 5Gi

View File

@@ -65,7 +65,7 @@ spec:
storage:
volumeClaimTemplate:
spec:
storageClassName: longhorn
storageClassName: rook-ceph-block
resources:
requests:
storage: 10Gi
@@ -92,9 +92,6 @@ spec:
kubernetes-custom:
url: https://raw.githubusercontent.com/auricom/home-cluster/main/cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/kubernetes-custom.json
datasource: Prometheus
longhorn:
url: https://raw.githubusercontent.com/auricom/home-cluster/main/cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/longhorn.json
datasource: Prometheus
deploymentStrategy:
type: Recreate
persistence:
@@ -198,7 +195,7 @@ spec:
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: longhorn
storageClassName: rook-ceph-block
resources:
requests:
storage: 10Gi

View File

@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
storageClassName: rook-ceph-block
resources:
requests:
storage: 10Gi

View File

@@ -21,6 +21,7 @@ resources:
- nicholaswilde.yaml
- node-feature-discovery.yaml
- prometheus-community-charts.yaml
- rook-ceph-charts.yaml
- runix-charts.yaml
- stakater-charts.yaml
- twuni-charts.yaml

View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: rook-ceph-charts
namespace: flux-system
spec:
interval: 10m
url: https://charts.rook.io/release
timeout: 3m

View File

@@ -7,4 +7,5 @@ resources:
- intel-gpu-plugin
- longhorn-system
- node-feature-discovery
- rook-ceph
- system-upgrade

View File

@@ -0,0 +1,29 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rook-ceph-mgr-dashboard
namespace: rook-ceph
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
labels:
app.kubernetes.io/instance: rook-ceph-mgr-dashboard
app.kubernetes.io/name: rook-ceph-mgr-dashboard
spec:
rules:
- host: "rook.${SECRET_CLUSTER_DOMAIN}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: rook-ceph-mgr-dashboard
port:
name: http-dashboard
tls:
- hosts:
- "rook.${SECRET_CLUSTER_DOMAIN}"

View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ingress.yaml

View File

@@ -0,0 +1,35 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: rook-ceph
namespace: rook-ceph
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://charts.rook.io/release
chart: rook-ceph
version: v1.5.10
sourceRef:
kind: HelmRepository
name: rook-ceph-charts
namespace: flux-system
values:
crds:
enabled: false
csi:
kubeletDirPath: /var/lib/kubelet
pluginTolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1000m

View File

@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rbac.yaml
- helm-release.yaml
- storage
- rook-direct-mount
- servicemonitor
- snapshot-controller
- dashboard

View File

@@ -0,0 +1,17 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: "rook-ceph-system-psp-user"
labels:
operator: rook
storage-backend: ceph
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
resourceNames:
- 00-rook-ceph-operator
verbs:
- use

View File

@@ -0,0 +1,65 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rook-direct-mount
namespace: rook-ceph
labels:
app: rook-direct-mount
spec:
replicas: 1
selector:
matchLabels:
app: rook-direct-mount
template:
metadata:
labels:
app: rook-direct-mount
spec:
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: rook-direct-mount
image: rook/ceph:v1.6.0
command: ["/tini"]
args: ["-g", "--", "/usr/local/bin/toolbox.sh"]
imagePullPolicy: IfNotPresent
env:
- name: ROOK_CEPH_USERNAME
valueFrom:
secretKeyRef:
name: rook-ceph-mon
key: ceph-username
- name: ROOK_CEPH_SECRET
valueFrom:
secretKeyRef:
name: rook-ceph-mon
key: ceph-secret
securityContext:
privileged: true
volumeMounts:
- mountPath: /dev
name: dev
- mountPath: /sys/bus
name: sysbus
- mountPath: /lib/modules
name: libmodules
- name: mon-endpoint-volume
mountPath: /etc/rook
# if hostNetwork: false, the "rbd map" command hangs, see https://github.com/rook/rook/issues/2021
hostNetwork: true
volumes:
- name: dev
hostPath:
path: /dev
- name: sysbus
hostPath:
path: /sys/bus
- name: libmodules
hostPath:
path: /lib/modules
- name: mon-endpoint-volume
configMap:
name: rook-ceph-mon-endpoints
items:
- key: data
path: mon-endpoints

View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml

View File

@@ -0,0 +1,19 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: csi-metrics
namespace: rook-ceph
labels:
team: rook
spec:
namespaceSelector:
matchNames:
- rook-ceph
selector:
matchLabels:
app: csi-metrics
endpoints:
- port: csi-http-metrics
path: /metrics
interval: 5s

View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- csi-metrics.yaml
- rook-ceph-mgr.yaml

View File

@@ -0,0 +1,20 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: rook-ceph-mgr
namespace: rook-ceph
labels:
team: rook
spec:
namespaceSelector:
matchNames:
- rook-ceph
selector:
matchLabels:
app: rook-ceph-mgr
rook_cluster: rook-ceph
endpoints:
- port: http-metrics
path: /metrics
interval: 5s

View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rbac.yaml
- statefulset.yaml

View File

@@ -0,0 +1,73 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: snapshot-controller
namespace: rook-ceph
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-role
subjects:
- kind: ServiceAccount
name: snapshot-controller
namespace: rook-ceph
roleRef:
kind: ClusterRole
name: snapshot-controller-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: rook-ceph
name: snapshot-controller-leaderelection
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-leaderelection
namespace: rook-ceph
subjects:
- kind: ServiceAccount
name: snapshot-controller
namespace: rook-ceph
roleRef:
kind: Role
name: snapshot-controller-leaderelection
apiGroup: rbac.authorization.k8s.io

View File

@@ -0,0 +1,25 @@
---
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: snapshot-controller
namespace: rook-ceph
spec:
serviceName: "snapshot-controller"
replicas: 1
selector:
matchLabels:
app: snapshot-controller
template:
metadata:
labels:
app: snapshot-controller
spec:
serviceAccount: snapshot-controller
containers:
- name: snapshot-controller
image: k8s.gcr.io/sig-storage/snapshot-controller:v4.0.0
args:
- "--v=5"
- "--leader-election=false"
imagePullPolicy: IfNotPresent

View File

@@ -0,0 +1,11 @@
---
apiVersion: ceph.rook.io/v1
kind: CephBlockPool
metadata:
name: replicapool
namespace: rook-ceph
spec:
failureDomain: host
replicated:
size: 3
requireSafeReplicaSize: true

View File

@@ -0,0 +1,71 @@
---
apiVersion: ceph.rook.io/v1
kind: CephCluster
metadata:
name: rook-ceph
namespace: rook-ceph
spec:
cephVersion:
image: ceph/ceph:v15.2.10
allowUnsupported: false
dataDirHostPath: /var/lib/rook
skipUpgradeChecks: false
continueUpgradeAfterChecksEvenIfNotHealthy: false
removeOSDsIfOutAndSafeToRemove: false
mon:
count: 3
allowMultiplePerNode: false
monitoring:
enabled: true
rulesNamespace: rook-ceph
network:
crashCollector:
disable: false
cleanupPolicy:
confirmation: ""
sanitizeDisks:
method: quick
dataSource: zero
iteration: 1
mgr:
modules:
- name: pg_autoscaler
enabled: true
dashboard:
enabled: true
port: 7000
ssl: false
disruptionManagement:
managePodBudgets: false
osdMaintenanceTimeout: 30
manageMachineDisruptionBudgets: false
machineDisruptionBudgetNamespace: openshift-machine-api
resources:
mon:
requests:
cpu: 35m
memory: 800Mi
limits:
memory: 1024Mi
osd:
requests:
cpu: 35m
memory: 2048Mi
limits:
memory: 4096Mi
storage:
useAllNodes: false
useAllDevices: false
config:
metadataDevice:
osdsPerDevice: "1"
nodes:
- name: "k3s-worker1"
devices:
- name: "nvme0n1"
- name: "k3s-worker2"
devices:
- name: "nvme0n1"
- name: "k3s-worker3"
devices:
- name: "nvme0n1"

View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cephblockpool.yaml
- cephcluster.yaml
- storageclass.yaml
- volumesnapshotclass.yaml

View File

@@ -0,0 +1,22 @@
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: rook-ceph-block
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: rook-ceph.rbd.csi.ceph.com
parameters:
clusterID: rook-ceph
pool: replicapool
imageFormat: "2"
imageFeatures: layering
csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/fstype: ext4
reclaimPolicy: Delete
allowVolumeExpansion: true

View File

@@ -0,0 +1,16 @@
---
apiVersion: snapshot.storage.k8s.io/v1beta1
kind: VolumeSnapshotClass
metadata:
name: csi-rbdplugin-snapclass
annotations:
k10.kasten.io/is-snapshot-class: "true"
driver: rook-ceph.rbd.csi.ceph.com
parameters:
# Specify a string that identifies your cluster. Ceph CSI supports any
# unique string. When Ceph CSI is deployed by Rook use the Rook namespace,
# for example "rook-ceph".
clusterID: rook-ceph
csi.storage.k8s.io/snapshotter-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/snapshotter-secret-namespace: rook-ceph
deletionPolicy: Delete

View File

@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: rook-ceph