Last active
August 20, 2018 16:07
-
-
Save rtmie/ab74bc0f4bdedc2d0625e9e5ce912e64 to your computer and use it in GitHub Desktop.
Configuration for CephRBD dynamic provisioning on kubernetes 1.7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ceph auth get-or-create client.kube mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=kubernetes' -o /etc/ceph/ceph.client.kube.keyring |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: ceph-secret | |
namespace: kube-system | |
type: kubernetes.io/rbd | |
data: | |
key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | |
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: ceph-secret-user | |
type: kubernetes.io/rbd | |
data: | |
key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | |
--- | |
apiVersion: storage.k8s.io/v1 | |
kind: StorageClass | |
metadata: | |
name: rbd | |
provisioner: ceph.com/rbd | |
parameters: | |
monitors: 10.168.170.99:6789 | |
adminId: admin | |
adminSecretName: ceph-secret | |
adminSecretNamespace: kube-system | |
pool: kubernetes | |
userId: kube | |
userSecretName: ceph-secret-user | |
imageFormat: "2" | |
imageFeatures: layering | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
name: rbd-provisioner | |
namespace: kube-system | |
spec: | |
replicas: 1 | |
strategy: | |
type: Recreate | |
template: | |
metadata: | |
labels: | |
app: rbd-provisioner | |
spec: | |
containers: | |
- name: rbd-provisioner | |
image: "quay.io/external_storage/rbd-provisioner:latest" | |
env: | |
- name: PROVISIONER_NAME | |
value: ceph.com/rbd | |
serviceAccountName: persistent-volume-binder | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello Rob,
Nice snippet. I followed it to create a rbd-provisioner pod but the PVC was stuck in the state - Pending. When I checked the container logs, i found this :
E0820 15:52:06.434456 1 leaderelection.go:268] Failed to update lock: endpoints "ceph.com-rbd" is forbidden: User "system:serviceaccount:kube-system:persistent-volume-binder" cannot update endpoints in the namespace "kube-system"
Can you help me with this? :)