Created
November 24, 2019 16:13
-
-
Save tutsunom/1be5a50b52a1cb293f8086199023abc7 to your computer and use it in GitHub Desktop.
rook-ceph operator deployment ; rook-discover agent pods will deployed on nodes labelled "role=storage"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################################################# | |
# The deployment for the rook operator | |
# Contains the common settings for most Kubernetes deployments. | |
# For example, to create the rook-ceph cluster: | |
# kubectl create -f common.yaml | |
# kubectl create -f operator.yaml | |
# kubectl create -f cluster.yaml | |
# | |
# Also see other operator sample files for variations of operator.yaml: | |
# - operator-openshift.yaml: Common settings for running in OpenShift | |
################################################################################################################# | |
# OLM: BEGIN OPERATOR DEPLOYMENT | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: rook-ceph-operator | |
namespace: rook-ceph | |
labels: | |
operator: rook | |
storage-backend: ceph | |
spec: | |
selector: | |
matchLabels: | |
app: rook-ceph-operator | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
app: rook-ceph-operator | |
spec: | |
serviceAccountName: rook-ceph-system | |
containers: | |
- name: rook-ceph-operator | |
image: rook/ceph:v1.1.7 | |
args: ["ceph", "operator"] | |
volumeMounts: | |
- mountPath: /var/lib/rook | |
name: rook-config | |
- mountPath: /etc/ceph | |
name: default-config-dir | |
env: | |
# If the operator should only watch for cluster CRDs in the same namespace, set this to "true". | |
# If this is not set to true, the operator will watch for cluster CRDs in all namespaces. | |
- name: ROOK_CURRENT_NAMESPACE_ONLY | |
value: "false" | |
# To disable RBAC, uncomment the following: | |
# - name: RBAC_ENABLED | |
# value: "false" | |
# Rook Agent toleration. Will tolerate all taints with all keys. | |
# Choose between NoSchedule, PreferNoSchedule and NoExecute: | |
# - name: AGENT_TOLERATION | |
# value: "NoSchedule" | |
# (Optional) Rook Agent toleration key. Set this to the key of the taint you want to tolerate | |
# - name: AGENT_TOLERATION_KEY | |
# value: "<KeyOfTheTaintToTolerate>" | |
# (Optional) Rook Agent tolerations list. Put here list of taints you want to tolerate in YAML format. | |
# - name: AGENT_TOLERATIONS | |
# value: | | |
# - effect: NoSchedule | |
# key: node-role.kubernetes.io/controlplane | |
# operator: Exists | |
# - effect: NoExecute | |
# key: node-role.kubernetes.io/etcd | |
# operator: Exists | |
# (Optional) Rook Agent NodeAffinity. | |
# - name: AGENT_NODE_AFFINITY | |
# value: "role=storage-node; storage=rook,ceph" | |
# (Optional) Rook Agent mount security mode. Can by `Any` or `Restricted`. | |
# `Any` uses Ceph admin credentials by default/fallback. | |
# For using `Restricted` you must have a Ceph secret in each namespace storage should be consumed from and | |
# set `mountUser` to the Ceph user, `mountSecret` to the Kubernetes secret name. | |
# to the namespace in which the `mountSecret` Kubernetes secret namespace. | |
# - name: AGENT_MOUNT_SECURITY_MODE | |
# value: "Any" | |
# Set the path where the Rook agent can find the flex volumes | |
# - name: FLEXVOLUME_DIR_PATH | |
# value: "<PathToFlexVolumes>" | |
# Set the path where kernel modules can be found | |
# - name: LIB_MODULES_DIR_PATH | |
# value: "<PathToLibModules>" | |
# Mount any extra directories into the agent container | |
# - name: AGENT_MOUNTS | |
# value: "somemount=/host/path:/container/path,someothermount=/host/path2:/container/path2" | |
# Rook Discover toleration. Will tolerate all taints with all keys. | |
# Choose between NoSchedule, PreferNoSchedule and NoExecute: | |
# - name: DISCOVER_TOLERATION | |
# value: "NoSchedule" | |
# (Optional) Rook Discover toleration key. Set this to the key of the taint you want to tolerate | |
# - name: DISCOVER_TOLERATION_KEY | |
# value: "<KeyOfTheTaintToTolerate>" | |
# (Optional) Rook Discover tolerations list. Put here list of taints you want to tolerate in YAML format. | |
# - name: DISCOVER_TOLERATIONS | |
# value: | | |
# - effect: NoSchedule | |
# key: node-role.kubernetes.io/controlplane | |
# operator: Exists | |
# - effect: NoExecute | |
# key: node-role.kubernetes.io/etcd | |
# operator: Exists | |
# (Optional) Discover Agent NodeAffinity. | |
- name: DISCOVER_AGENT_NODE_AFFINITY | |
value: "role=storage" | |
# Allow rook to create multiple file systems. Note: This is considered | |
# an experimental feature in Ceph as described at | |
# http://docs.ceph.com/docs/master/cephfs/experimental-features/#multiple-filesystems-within-a-ceph-cluster | |
# which might cause mons to crash as seen in https://github.com/rook/rook/issues/1027 | |
- name: ROOK_ALLOW_MULTIPLE_FILESYSTEMS | |
value: "false" | |
# The logging level for the operator: INFO | DEBUG | |
- name: ROOK_LOG_LEVEL | |
value: "INFO" | |
# The interval to check the health of the ceph cluster and update the status in the custom resource. | |
- name: ROOK_CEPH_STATUS_CHECK_INTERVAL | |
value: "60s" | |
# The interval to check if every mon is in the quorum. | |
- name: ROOK_MON_HEALTHCHECK_INTERVAL | |
value: "45s" | |
# The duration to wait before trying to failover or remove/replace the | |
# current mon with a new mon (useful for compensating flapping network). | |
- name: ROOK_MON_OUT_TIMEOUT | |
value: "600s" | |
# The duration between discovering devices in the rook-discover daemonset. | |
- name: ROOK_DISCOVER_DEVICES_INTERVAL | |
value: "60m" | |
# Whether to start pods as privileged that mount a host path, which includes the Ceph mon and osd pods. | |
# This is necessary to workaround the anyuid issues when running on OpenShift. | |
# For more details see https://github.com/rook/rook/issues/1314#issuecomment-355799641 | |
- name: ROOK_HOSTPATH_REQUIRES_PRIVILEGED | |
value: "false" | |
# In some situations SELinux relabelling breaks (times out) on large filesystems, and doesn't work with cephfs ReadWriteMany volumes (last relabel wins). | |
# Disable it here if you have similar issues. | |
# For more details see https://github.com/rook/rook/issues/2417 | |
- name: ROOK_ENABLE_SELINUX_RELABELING | |
value: "true" | |
# In large volumes it will take some time to chown all the files. Disable it here if you have performance issues. | |
# For more details see https://github.com/rook/rook/issues/2254 | |
- name: ROOK_ENABLE_FSGROUP | |
value: "true" | |
# Disable automatic orchestration when new devices are discovered | |
- name: ROOK_DISABLE_DEVICE_HOTPLUG | |
value: "false" | |
# Whether to enable the flex driver. By default it is enabled and is fully supported, but will be deprecated in some future release | |
# in favor of the CSI driver. | |
- name: ROOK_ENABLE_FLEX_DRIVER | |
value: "false" | |
# Whether to start the discovery daemon to watch for raw storage devices on nodes in the cluster. | |
# This daemon does not need to run if you are only going to create your OSDs based on StorageClassDeviceSets with PVCs. | |
- name: ROOK_ENABLE_DISCOVERY_DAEMON | |
value: "true" | |
# Enable the default version of the CSI CephFS driver. To start another version of the CSI driver, see image properties below. | |
- name: ROOK_CSI_ENABLE_CEPHFS | |
value: "true" | |
# Enable the default version of the CSI RBD driver. To start another version of the CSI driver, see image properties below. | |
- name: ROOK_CSI_ENABLE_RBD | |
value: "true" | |
- name: ROOK_CSI_ENABLE_GRPC_METRICS | |
value: "true" | |
# The default version of CSI supported by Rook will be started. To change the version | |
# of the CSI driver to something other than what is officially supported, change | |
# these images to the desired release of the CSI driver. | |
#- name: ROOK_CSI_CEPH_IMAGE | |
# value: "quay.io/cephcsi/cephcsi:v1.2.1" | |
#- name: ROOK_CSI_REGISTRAR_IMAGE | |
# value: "quay.io/k8scsi/csi-node-driver-registrar:v1.1.0" | |
#- name: ROOK_CSI_PROVISIONER_IMAGE | |
# value: "quay.io/k8scsi/csi-provisioner:v1.3.0" | |
#- name: ROOK_CSI_SNAPSHOTTER_IMAGE | |
# value: "quay.io/k8scsi/csi-snapshotter:v1.2.0" | |
#- name: ROOK_CSI_ATTACHER_IMAGE | |
# value: "quay.io/k8scsi/csi-attacher:v1.2.0" | |
# kubelet directory path, if kubelet configured to use other than /var/lib/kubelet path. | |
#- name: ROOK_CSI_KUBELET_DIR_PATH | |
# value: "/var/lib/kubelet" | |
# (Optional) Ceph Provisioner NodeAffinity. | |
#- name: CSI_PROVISIONER_NODE_AFFINITY | |
# value: "role=storage" | |
# (Optional) CEPH CSI provisioner tolerations list. Put here list of taints you want to tolerate in YAML format. | |
# CSI provisioner would be best to start on the same nodes as other ceph daemons. | |
# - name: CSI_PROVISIONER_TOLERATIONS | |
# value: | | |
# - effect: NoSchedule | |
# key: node-role.kubernetes.io/controlplane | |
# operator: Exists | |
# - effect: NoExecute | |
# key: node-role.kubernetes.io/etcd | |
# operator: Exists | |
# (Optional) Ceph CSI plugin NodeAffinity. | |
#- name: CSI_PLUGIN_NODE_AFFINITY | |
# value: "role=storage" | |
# (Optional) CEPH CSI plugin tolerations list. Put here list of taints you want to tolerate in YAML format. | |
# CSI plugins need to be started on all the nodes where the clients need to mount the storage. | |
# - name: CSI_PLUGIN_TOLERATIONS | |
# value: | | |
# - effect: NoSchedule | |
# key: node-role.kubernetes.io/controlplane | |
# operator: Exists | |
# - effect: NoExecute | |
# key: node-role.kubernetes.io/etcd | |
# operator: Exists | |
# Configure CSI cephfs grpc and liveness metrics port | |
#- name: CSI_CEPHFS_GRPC_METRICS_PORT | |
# value: "9091" | |
#- name: CSI_CEPHFS_LIVENESS_METRICS_PORT | |
# value: "9081" | |
# Configure CSI rbd grpc and liveness metrics port | |
#- name: CSI_RBD_GRPC_METRICS_PORT | |
# value: "9090" | |
#- name: CSI_RBD_LIVENESS_METRICS_PORT | |
# value: "9080" | |
# The name of the node to pass with the downward API | |
- name: NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
# The pod name to pass with the downward API | |
- name: POD_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.name | |
# The pod namespace to pass with the downward API | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
volumes: | |
- name: rook-config | |
emptyDir: {} | |
- name: default-config-dir | |
emptyDir: {} | |
# OLM: END OPERATOR DEPLOYMENT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment