Last active
December 12, 2021 09:16
-
-
Save ssube/b5f9a6ab1f5fa3341c1b5f49867c8654 to your computer and use it in GitHub Desktop.
kubernetes storage & monitoring (influx, prometheus, rook)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# step 2.5: prometheus cluster | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: prometheus | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: prometheus | |
rules: | |
- apiGroups: [""] | |
resources: | |
- nodes | |
- services | |
- endpoints | |
- pods | |
verbs: ["get", "list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- configmaps | |
verbs: ["get"] | |
- apiGroups: [""] | |
resources: | |
- nodes/metrics | |
verbs: ["get"] | |
- nonResourceURLs: ["/metrics"] | |
verbs: ["get"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: prometheus | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: prometheus | |
subjects: | |
- kind: ServiceAccount | |
name: prometheus | |
namespace: default | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: Prometheus | |
metadata: | |
labels: | |
prometheus: k8s | |
name: k8s | |
spec: | |
baseImage: quay.io/prometheus/prometheus | |
# nodeSelector: | |
# beta.kubernetes.io/os: linux | |
remoteRead: | |
- url: http://prometheus-influxdb.default.svc:8086/api/v1/prom/read?db=k8s-prometheus | |
remoteWrite: | |
- url: http://prometheus-influxdb.default.svc:8086/api/v1/prom/write?db=k8s-prometheus | |
replicas: 2 | |
resources: | |
requests: | |
memory: 400Mi | |
ruleSelector: | |
matchLabels: | |
prometheus: k8s | |
serviceAccountName: prometheus | |
serviceMonitorSelector: | |
matchExpressions: | |
- key: k8s-app | |
operator: Exists | |
version: v2.2.1 | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: prometheus | |
spec: | |
type: NodePort | |
ports: | |
- name: web | |
nodePort: 30900 | |
port: 9090 | |
protocol: TCP | |
targetPort: web | |
selector: | |
prometheus: k8s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# step 2.2: datastore for prometheus | |
apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
name: prometheus-influxdb | |
labels: | |
k8s-app: prometheus | |
spec: | |
storageClassName: rook-durable | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 16Gi | |
volumeMode: Block | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: prometheus-influxdb | |
labels: | |
k8s-app: prometheus-influxdb | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
k8s-app: prometheus-influxdb | |
template: | |
metadata: | |
labels: | |
task: prometheus | |
k8s-app: prometheus-influxdb | |
spec: | |
containers: | |
- name: influxdb | |
image: influxdb:1.5 | |
env: | |
- name: INFLUXDB_BIND_ADDRESS | |
value: "0.0.0.0:8088" | |
ports: | |
- containerPort: 8086 | |
name: http | |
- containerPort: 8088 | |
name: backup | |
volumeMounts: | |
- mountPath: /var/lib/influxdb | |
name: influxdb-storage | |
volumes: | |
- name: influxdb-storage | |
persistentVolumeClaim: | |
claimName: prometheus-influxdb | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: prometheus-influxdb | |
spec: | |
ports: | |
- name: http | |
port: 8086 | |
targetPort: http | |
- name: backup | |
port: 8088 | |
targetPort: backup | |
selector: | |
k8s-app: prometheus-influxdb |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# step 2.3: services to monitor | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: prometheus | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: prometheus | |
rules: | |
- apiGroups: [""] | |
resources: | |
- nodes | |
- services | |
- endpoints | |
- pods | |
verbs: ["get", "list", "watch"] | |
- apiGroups: [""] | |
resources: | |
- configmaps | |
verbs: ["get"] | |
- apiGroups: [""] | |
resources: | |
- nodes/metrics | |
verbs: ["get"] | |
- nonResourceURLs: ["/metrics"] | |
verbs: ["get"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: prometheus | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: prometheus | |
subjects: | |
- kind: ServiceAccount | |
name: prometheus | |
namespace: default | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: Prometheus | |
metadata: | |
labels: | |
prometheus: k8s | |
name: k8s | |
spec: | |
baseImage: quay.io/prometheus/prometheus | |
# nodeSelector: | |
# beta.kubernetes.io/os: linux | |
remoteRead: | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
namespace: kube-system | |
name: kube-scheduler-prometheus-discovery | |
labels: | |
k8s-app: kube-scheduler | |
spec: | |
selector: | |
k8s-app: kube-scheduler | |
type: ClusterIP | |
clusterIP: None | |
ports: | |
- name: http-metrics | |
port: 10251 | |
targetPort: 10251 | |
protocol: TCP | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
namespace: kube-system | |
name: kube-controller-manager-prometheus-discovery | |
labels: | |
k8s-app: kube-controller-manager | |
spec: | |
selector: | |
k8s-app: kube-controller-manager | |
type: ClusterIP | |
clusterIP: None | |
ports: | |
- name: http-metrics | |
port: 10252 | |
targetPort: 10252 | |
protocol: TCP | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: kube-state-metrics | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
# kubernetes versions before 1.8.0 should use rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: kube-state-metrics | |
rules: | |
- apiGroups: [""] | |
resources: | |
- configmaps | |
- secrets | |
- nodes | |
- pods | |
- services | |
- resourcequotas | |
- replicationcontrollers | |
- limitranges | |
- persistentvolumeclaims | |
- persistentvolumes | |
- namespaces | |
- endpoints | |
verbs: ["list", "watch"] | |
- apiGroups: ["extensions"] | |
resources: | |
- daemonsets | |
- deployments | |
- replicasets | |
verbs: ["list", "watch"] | |
- apiGroups: ["apps"] | |
resources: | |
- statefulsets | |
verbs: ["list", "watch"] | |
- apiGroups: ["batch"] | |
resources: | |
- cronjobs | |
- jobs | |
verbs: ["list", "watch"] | |
- apiGroups: ["autoscaling"] | |
resources: | |
- horizontalpodautoscalers | |
verbs: ["list", "watch"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
# kubernetes versions before 1.8.0 should use rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: kube-state-metrics | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: kube-state-metrics | |
subjects: | |
- kind: ServiceAccount | |
name: kube-state-metrics | |
namespace: kube-system | |
--- | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
name: kube-state-metrics | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
k8s-app: kube-state-metrics | |
template: | |
metadata: | |
labels: | |
app: kube-state-metrics | |
k8s-app: kube-state-metrics | |
spec: | |
serviceAccountName: kube-state-metrics | |
securityContext: | |
runAsNonRoot: true | |
runAsUser: 65534 | |
containers: | |
- name: kube-rbac-proxy-main | |
image: quay.io/brancz/kube-rbac-proxy:v0.2.0 | |
args: | |
- "--secure-listen-address=:8443" | |
- "--upstream=http://127.0.0.1:8081/" | |
ports: | |
- name: https-main | |
containerPort: 8443 | |
resources: | |
requests: | |
memory: 20Mi | |
cpu: 10m | |
limits: | |
memory: 40Mi | |
cpu: 20m | |
- name: kube-rbac-proxy-self | |
image: quay.io/brancz/kube-rbac-proxy:v0.2.0 | |
args: | |
- "--secure-listen-address=:9443" | |
- "--upstream=http://127.0.0.1:8082/" | |
ports: | |
- name: https-self | |
containerPort: 9443 | |
resources: | |
requests: | |
memory: 20Mi | |
cpu: 10m | |
limits: | |
memory: 40Mi | |
cpu: 20m | |
- name: kube-state-metrics | |
image: quay.io/coreos/kube-state-metrics:v1.2.0 | |
args: | |
- "--host=127.0.0.1" | |
- "--port=8081" | |
- "--telemetry-host=127.0.0.1" | |
- "--telemetry-port=8082" | |
- name: addon-resizer | |
image: gcr.io/google_containers/addon-resizer:1.0 | |
resources: | |
limits: | |
cpu: 100m | |
memory: 30Mi | |
requests: | |
cpu: 100m | |
memory: 30Mi | |
env: | |
- name: MY_POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: MY_POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
command: | |
- /pod_nanny | |
- --container=kube-state-metrics | |
- --cpu=100m | |
- --extra-cpu=2m | |
- --memory=150Mi | |
- --extra-memory=30Mi | |
- --threshold=5 | |
- --deployment=kube-state-metrics | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: kube-state-metrics | |
k8s-app: kube-state-metrics | |
name: kube-state-metrics | |
spec: | |
clusterIP: None | |
ports: | |
- name: https-main | |
port: 8443 | |
targetPort: https-main | |
protocol: TCP | |
- name: https-self | |
port: 9443 | |
targetPort: https-self | |
protocol: TCP | |
selector: | |
app: kube-state-metrics | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
labels: | |
k8s-app: apiserver | |
name: kube-apiserver | |
spec: | |
endpoints: | |
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
interval: 30s | |
port: https | |
scheme: https | |
tlsConfig: | |
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | |
serverName: kubernetes | |
jobLabel: component | |
namespaceSelector: | |
matchNames: | |
- default | |
selector: | |
matchLabels: | |
component: apiserver | |
provider: kubernetes | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
labels: | |
k8s-app: kubelet | |
name: kubelet | |
spec: | |
endpoints: | |
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
interval: 30s | |
port: https-metrics | |
scheme: https | |
tlsConfig: | |
insecureSkipVerify: true | |
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
honorLabels: true | |
interval: 30s | |
path: /metrics/cadvisor | |
port: https-metrics | |
scheme: https | |
tlsConfig: | |
insecureSkipVerify: true | |
jobLabel: k8s-app | |
namespaceSelector: | |
matchNames: | |
- kube-system | |
selector: | |
matchLabels: | |
k8s-app: kubelet | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
labels: | |
k8s-app: kube-controller-manager | |
name: kube-controller-manager | |
spec: | |
endpoints: | |
- interval: 30s | |
port: http-metrics | |
jobLabel: k8s-app | |
namespaceSelector: | |
matchNames: | |
- kube-system | |
selector: | |
matchLabels: | |
k8s-app: kube-controller-manager | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
labels: | |
k8s-app: kube-scheduler | |
name: kube-scheduler | |
spec: | |
endpoints: | |
- interval: 30s | |
port: http-metrics | |
jobLabel: k8s-app | |
namespaceSelector: | |
matchNames: | |
- kube-system | |
selector: | |
matchLabels: | |
k8s-app: kube-scheduler | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
labels: | |
k8s-app: kube-state-metrics | |
name: kube-state-metrics | |
spec: | |
endpoints: | |
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
honorLabels: true | |
interval: 30s | |
port: https-main | |
scheme: https | |
tlsConfig: | |
insecureSkipVerify: true | |
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
interval: 30s | |
port: https-self | |
scheme: https | |
tlsConfig: | |
insecureSkipVerify: true | |
jobLabel: k8s-app | |
namespaceSelector: | |
matchNames: | |
- default | |
- isolex | |
selector: | |
matchLabels: | |
k8s-app: kube-state-metrics | |
serviceAccount: prometheus |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# step 2.4: prometheus node exporter | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: node-exporter | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: node-exporter | |
rules: | |
- apiGroups: ["authentication.k8s.io"] | |
resources: ["tokenreviews"] | |
verbs: ["create", "get", "list"] | |
- apiGroups: ["authorization.k8s.io"] | |
resources: ["subjectaccessreviews"] | |
verbs: ["create", "get", "list"] | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: node-exporter | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: node-exporter | |
subjects: | |
- kind: ServiceAccount | |
name: node-exporter | |
namespace: default | |
--- | |
apiVersion: apps/v1 | |
kind: DaemonSet | |
metadata: | |
name: node-exporter | |
spec: | |
updateStrategy: | |
rollingUpdate: | |
maxUnavailable: 1 | |
type: RollingUpdate | |
selector: | |
matchLabels: | |
k8s-app: node-exporter | |
template: | |
metadata: | |
labels: | |
app: node-exporter | |
k8s-app: node-exporter | |
name: node-exporter | |
spec: | |
serviceAccountName: node-exporter | |
securityContext: | |
runAsNonRoot: true | |
runAsUser: 65534 | |
hostNetwork: true | |
hostPID: true | |
containers: | |
- image: quay.io/prometheus/node-exporter:v0.15.2 | |
args: | |
- "--web.listen-address=127.0.0.1:9101" | |
- "--path.procfs=/host/proc" | |
- "--path.sysfs=/host/sys" | |
name: node-exporter | |
resources: | |
requests: | |
memory: 30Mi | |
cpu: 100m | |
limits: | |
memory: 50Mi | |
cpu: 200m | |
volumeMounts: | |
- name: proc | |
readOnly: true | |
mountPath: /host/proc | |
- name: sys | |
readOnly: true | |
mountPath: /host/sys | |
- name: kube-rbac-proxy | |
image: quay.io/brancz/kube-rbac-proxy:v0.2.0 | |
args: | |
- "--secure-listen-address=:9100" | |
- "--upstream=http://127.0.0.1:9101/" | |
ports: | |
- containerPort: 9100 | |
hostPort: 9100 | |
name: https | |
resources: | |
requests: | |
memory: 20Mi | |
cpu: 10m | |
limits: | |
memory: 40Mi | |
cpu: 20m | |
tolerations: | |
- effect: NoSchedule | |
operator: Exists | |
volumes: | |
- name: proc | |
hostPath: | |
path: /proc | |
- name: sys | |
hostPath: | |
path: /sys | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: node-exporter | |
k8s-app: node-exporter | |
name: node-exporter | |
spec: | |
type: ClusterIP | |
clusterIP: None | |
ports: | |
- name: https | |
port: 9100 | |
protocol: TCP | |
selector: | |
app: node-exporter | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
labels: | |
k8s-app: node-exporter | |
name: node-exporter | |
spec: | |
endpoints: | |
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | |
interval: 30s | |
port: https | |
scheme: https | |
tlsConfig: | |
insecureSkipVerify: true | |
jobLabel: k8s-app | |
namespaceSelector: | |
matchNames: | |
- default | |
selector: | |
matchLabels: | |
k8s-app: node-exporter | |
serviceAccount: prometheus |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# step 2.1: prometheus operator | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: prometheus-operator | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: prometheus-operator | |
subjects: | |
- kind: ServiceAccount | |
name: prometheus-operator | |
namespace: default | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: prometheus-operator | |
rules: | |
- apiGroups: | |
- extensions | |
resources: | |
- thirdpartyresources | |
verbs: | |
- "*" | |
- apiGroups: | |
- apiextensions.k8s.io | |
resources: | |
- customresourcedefinitions | |
verbs: | |
- "*" | |
- apiGroups: | |
- monitoring.coreos.com | |
resources: | |
- alertmanagers | |
- prometheuses | |
- prometheuses/finalizers | |
- alertmanagers/finalizers | |
- servicemonitors | |
- rulefiles | |
verbs: | |
- "*" | |
- apiGroups: | |
- apps | |
resources: | |
- statefulsets | |
verbs: ["*"] | |
- apiGroups: [""] | |
resources: | |
- configmaps | |
- secrets | |
verbs: ["*"] | |
- apiGroups: [""] | |
resources: | |
- pods | |
verbs: ["list", "delete"] | |
- apiGroups: [""] | |
resources: | |
- services | |
- endpoints | |
verbs: ["get", "create", "update"] | |
- apiGroups: [""] | |
resources: | |
- nodes | |
- namespaces | |
verbs: ["list", "watch"] | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: prometheus-operator | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
labels: | |
k8s-app: prometheus-operator | |
name: prometheus-operator | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
k8s-app: prometheus-operator | |
template: | |
metadata: | |
labels: | |
k8s-app: prometheus-operator | |
spec: | |
containers: | |
- args: | |
- --kubelet-service=kube-system/kubelet | |
- --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 | |
image: quay.io/coreos/prometheus-operator:v0.19.0 | |
name: prometheus-operator | |
ports: | |
- containerPort: 8080 | |
name: http | |
resources: | |
limits: | |
cpu: 200m | |
memory: 100Mi | |
requests: | |
cpu: 100m | |
memory: 50Mi | |
securityContext: | |
runAsNonRoot: true | |
runAsUser: 65534 | |
serviceAccountName: prometheus-operator |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# step 1.2: rook ceph cluster | |
apiVersion: rook.io/v1alpha1 | |
kind: Cluster | |
metadata: | |
name: rook | |
namespace: rook | |
spec: | |
backend: ceph | |
dashboard: | |
enabled: true | |
dataDirHostPath: /data/rook | |
hostNetwork: false | |
monCount: 3 | |
resources: | |
placement: | |
all: | |
nodeAffinity: | |
requiredDuringSchedulingIgnoredDuringExecution: | |
nodeSelectorTerms: | |
- matchExpressions: | |
- key: zone | |
operator: In | |
values: | |
- maple | |
storage: | |
useAllNodes: false | |
useAllDevices: false | |
storeConfig: | |
databaseSizeMB: 1024 | |
journalSizeMB: 1024 | |
storeType: bluestore | |
nodes: | |
- name: game-1 | |
directories: | |
- path: /rook-dev/ssd-1 | |
- name: game-2 | |
directories: | |
- path: /rook-dev/ssd-1 | |
- name: iron-1 | |
directories: | |
- path: /rook-dev/hdd-1 | |
- path: /rook-dev/hdd-2 | |
- name: iron-2 | |
directories: | |
- path: /rook-dev/hdd-1 | |
- path: /rook-dev/hdd-2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# step 1.1: rook operator | |
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: rook-system | |
--- | |
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: rook | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: clusters.rook.io | |
spec: | |
group: rook.io | |
names: | |
kind: Cluster | |
listKind: ClusterList | |
plural: clusters | |
singular: cluster | |
scope: Namespaced | |
version: v1alpha1 | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: filesystems.rook.io | |
spec: | |
group: rook.io | |
names: | |
kind: Filesystem | |
listKind: FilesystemList | |
plural: filesystems | |
singular: filesystem | |
scope: Namespaced | |
version: v1alpha1 | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: objectstores.rook.io | |
spec: | |
group: rook.io | |
names: | |
kind: ObjectStore | |
listKind: ObjectStoreList | |
plural: objectstores | |
singular: objectstore | |
scope: Namespaced | |
version: v1alpha1 | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: pools.rook.io | |
spec: | |
group: rook.io | |
names: | |
kind: Pool | |
listKind: PoolList | |
plural: pools | |
singular: pool | |
scope: Namespaced | |
version: v1alpha1 | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: volumeattachments.rook.io | |
spec: | |
group: rook.io | |
names: | |
kind: VolumeAttachment | |
listKind: VolumeAttachmentList | |
plural: volumeattachments | |
singular: volumeattachment | |
scope: Namespaced | |
version: v1alpha1 | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
kind: ClusterRole | |
metadata: | |
name: rook-operator | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- namespaces | |
- serviceaccounts | |
- secrets | |
- pods | |
- services | |
- nodes | |
- nodes/proxy | |
- configmaps | |
- events | |
- persistentvolumes | |
- persistentvolumeclaims | |
verbs: | |
- get | |
- list | |
- watch | |
- patch | |
- create | |
- update | |
- delete | |
- apiGroups: | |
- extensions | |
resources: | |
- deployments | |
- daemonsets | |
- replicasets | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- delete | |
- apiGroups: | |
- rbac.authorization.k8s.io | |
resources: | |
- clusterroles | |
- clusterrolebindings | |
- roles | |
- rolebindings | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- delete | |
- apiGroups: | |
- storage.k8s.io | |
resources: | |
- storageclasses | |
verbs: | |
- get | |
- list | |
- watch | |
- delete | |
- apiGroups: | |
- rook.io | |
resources: | |
- "*" | |
verbs: | |
- "*" | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: rook-operator | |
namespace: rook-system | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
metadata: | |
name: rook-operator | |
namespace: rook-system | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: rook-operator | |
subjects: | |
- kind: ServiceAccount | |
name: rook-operator | |
namespace: rook-system | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: rook-operator | |
namespace: rook-system | |
labels: | |
k8s-app: rook-operator | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
k8s-app: rook-operator | |
template: | |
metadata: | |
labels: | |
k8s-app: rook-operator | |
spec: | |
serviceAccountName: rook-operator | |
containers: | |
- name: rook-operator | |
image: rook/rook:master | |
args: ["operator"] | |
env: | |
- name: ROOK_ALLOW_MULTIPLE_FILESYSTEMS | |
value: "false" | |
- name: ROOK_MON_HEALTHCHECK_INTERVAL | |
value: "45s" | |
- name: ROOK_MON_OUT_TIMEOUT | |
value: "300s" | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
--- | |
apiVersion: monitoring.coreos.com/v1 | |
kind: ServiceMonitor | |
metadata: | |
name: rook-ceph-mgr | |
labels: | |
k8s-app: rook | |
spec: | |
namespaceSelector: | |
matchNames: | |
- rook | |
selector: | |
matchLabels: | |
app: rook-ceph-mgr | |
rook_cluster: rook | |
endpoints: | |
- port: http-metrics | |
path: /metrics | |
interval: 5s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# step 1.3: rook storage pools & k8s classes | |
apiVersion: rook.io/v1alpha1 | |
kind: Pool | |
metadata: | |
name: rook-durable | |
namespace: rook | |
spec: | |
crushRoot: hdd | |
failureDomain: osd | |
replicated: | |
size: 3 | |
--- | |
apiVersion: rook.io/v1alpha1 | |
kind: Pool | |
metadata: | |
name: rook-mirror | |
namespace: rook | |
spec: | |
crushRoot: ssd | |
failureDomain: osd | |
replicated: | |
size: 2 | |
--- | |
apiVersion: storage.k8s.io/v1 | |
kind: StorageClass | |
metadata: | |
name: rook-durable | |
provisioner: rook.io/block | |
parameters: | |
pool: rook-durable | |
clusterName: rook | |
--- | |
apiVersion: storage.k8s.io/v1 | |
kind: StorageClass | |
metadata: | |
name: rook-mirror | |
provisioner: rook.io/block | |
parameters: | |
pool: rook-mirror | |
clusterName: rook |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# step 1.4: rook debug tools | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: rook-ceph-tools | |
namespace: rook | |
spec: | |
dnsPolicy: ClusterFirstWithHostNet | |
containers: | |
- name: rook-ceph-tools | |
image: rook/ceph-toolbox:master | |
imagePullPolicy: IfNotPresent | |
env: | |
- name: ROOK_ADMIN_SECRET | |
valueFrom: | |
secretKeyRef: | |
name: rook-ceph-mon | |
key: admin-secret | |
securityContext: | |
privileged: true | |
volumeMounts: | |
- mountPath: /dev | |
name: dev | |
- mountPath: /sys/bus | |
name: sysbus | |
- mountPath: /lib/modules | |
name: libmodules | |
- name: mon-endpoint-volume | |
mountPath: /etc/rook | |
hostNetwork: false | |
volumes: | |
- name: dev | |
hostPath: | |
path: /dev | |
- name: sysbus | |
hostPath: | |
path: /sys/bus | |
- name: libmodules | |
hostPath: | |
path: /lib/modules | |
- name: mon-endpoint-volume | |
configMap: | |
name: rook-ceph-mon-endpoints | |
items: | |
- key: data | |
path: mon-endpoints |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment