From 0e3b9cfb6e97d3fe7e5ec5dcef3186561cb8bf21 Mon Sep 17 00:00:00 2001 From: Balazs Szekeres Date: Mon, 21 Oct 2019 14:55:52 +0200 Subject: [PATCH] CaaS storage seed code Change-Id: I81fe453075379ce49cd5fd7942ffc5c918f8e8a2 Signed-off-by: Balazs Szekeres --- .gitreview | 5 + LICENSE | 178 +++++++++++++++++++++ SPECS/dynamic_local_pv_provisioner.spec | 80 +++++++++ SPECS/storage_local_static_provisioner.spec | 89 +++++++++++ ansible/playbooks/kubernetes_storage.yaml | 22 +++ .../roles/kubernetes_storage/defaults/main.yaml | 25 +++ .../tasks/create_ceph_auth_secret.yaml | 38 +++++ .../tasks/create_ceph_storage_class.yaml | 46 ++++++ .../tasks/create_local_storage_class.yaml | 29 ++++ ansible/roles/kubernetes_storage/tasks/main.yaml | 30 ++++ .../templates/ceph-secret.yaml.j2 | 23 +++ .../templates/ceph-storageclass.yaml.j2 | 36 +++++ .../templates/local-storageclass.yaml.j2 | 24 +++ .../dynamic_local_pv_provisioner/Dockerfile | 54 +++++++ .../storage_local_static_provisioner/Dockerfile | 47 ++++++ 15 files changed, 726 insertions(+) create mode 100644 .gitreview create mode 100644 LICENSE create mode 100644 SPECS/dynamic_local_pv_provisioner.spec create mode 100644 SPECS/storage_local_static_provisioner.spec create mode 100644 ansible/playbooks/kubernetes_storage.yaml create mode 100644 ansible/roles/kubernetes_storage/defaults/main.yaml create mode 100644 ansible/roles/kubernetes_storage/tasks/create_ceph_auth_secret.yaml create mode 100644 ansible/roles/kubernetes_storage/tasks/create_ceph_storage_class.yaml create mode 100644 ansible/roles/kubernetes_storage/tasks/create_local_storage_class.yaml create mode 100644 ansible/roles/kubernetes_storage/tasks/main.yaml create mode 100644 ansible/roles/kubernetes_storage/templates/ceph-secret.yaml.j2 create mode 100644 ansible/roles/kubernetes_storage/templates/ceph-storageclass.yaml.j2 create mode 100644 ansible/roles/kubernetes_storage/templates/local-storageclass.yaml.j2 create mode 100644 docker-build/dynamic_local_pv_provisioner/Dockerfile create mode 100644 docker-build/storage_local_static_provisioner/Dockerfile diff --git a/.gitreview b/.gitreview new file mode 100644 index 0000000..2c98296 --- /dev/null +++ b/.gitreview @@ -0,0 +1,5 @@ +[gerrit] +host=gerrit.akraino.org +port=29418 +project=ta/caas-storage +defaultremote=origin diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e454a52 --- /dev/null +++ b/LICENSE @@ -0,0 +1,178 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + diff --git a/SPECS/dynamic_local_pv_provisioner.spec b/SPECS/dynamic_local_pv_provisioner.spec new file mode 100644 index 0000000..f514bbe --- /dev/null +++ b/SPECS/dynamic_local_pv_provisioner.spec @@ -0,0 +1,80 @@ +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +%define COMPONENT dynamic_local_pv_provisioner +%define RPM_NAME caas-%{COMPONENT} +%define RPM_MAJOR_VERSION 0.1.0 +%define RPM_MINOR_VERSION 0 +%define go_version 1.12.10 +%define DEPENDENCY_MANAGER_VERSION 0.5.4 +%define DYNAMIC_LOCAL_PV_PROVISIONER_VERSION 9ccb76f07031e1779f1308cb8471e2aea199e6c5 +%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} +%define docker_build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build +%define docker_save_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save + +Name: %{RPM_NAME} +Version: %{RPM_MAJOR_VERSION} +Release: %{RPM_MINOR_VERSION}%{?dist} +Summary: Containers as a Service %{COMPONENT} component +License: %{_platform_license} and GNU General Public License v2.0 only and MIT license and BSD 3-clause New or Revised License and MIT License and Curl License and BSD +URL: https://github.com/nokia/dynamic-local-pv-provisioner +BuildArch: %{_arch} +Vendor: %{_platform_vendor} and nokia/dynamic-local-pv-provisioner unmodified +Source0: %{name}-%{version}.tar.gz + +Requires: docker-ce >= 18.09.2, rsync +BuildRequires: docker-ce-cli >= 18.09.2, xz + +%description +This rpm contains the dynamic local pv provisioner container for caas subsystem. + +%prep +%autosetup + +%build +docker build \ + --network=host \ + --no-cache \ + --force-rm \ + --build-arg HTTP_PROXY="${http_proxy}" \ + --build-arg HTTPS_PROXY="${https_proxy}" \ + --build-arg NO_PROXY="${no_proxy}" \ + --build-arg http_proxy="${http_proxy}" \ + --build-arg https_proxy="${https_proxy}" \ + --build-arg no_proxy="${no_proxy}" \ + --build-arg DYNAMIC_LOCAL_PV_PROVISIONER_VERSION="%{DYNAMIC_LOCAL_PV_PROVISIONER_VERSION}" \ + --build-arg go_version="%{go_version}" \ + --build-arg DEPENDENCY_MANAGER_VERSION="%{DEPENDENCY_MANAGER_VERSION}" \ + --tag %{COMPONENT}:%{IMAGE_TAG} \ + %{docker_build_dir}/%{COMPONENT}/ +mkdir -p %{docker_save_dir}/ +docker save %{COMPONENT}:%{IMAGE_TAG} | xz -z -T2 > %{docker_save_dir}/%{COMPONENT}:%{IMAGE_TAG}.tar +docker rmi %{COMPONENT}:%{IMAGE_TAG} + +%install +mkdir -p %{buildroot}/%{_caas_container_tar_path} +rsync -av %{docker_save_dir}/%{COMPONENT}:%{IMAGE_TAG}.tar %{buildroot}/%{_caas_container_tar_path}/ + +%files +%{_caas_container_tar_path}/%{COMPONENT}:%{IMAGE_TAG}.tar + +%preun + +%post + +%postun + +%clean +rm -rf ${buildroot} + diff --git a/SPECS/storage_local_static_provisioner.spec b/SPECS/storage_local_static_provisioner.spec new file mode 100644 index 0000000..ed9ab3d --- /dev/null +++ b/SPECS/storage_local_static_provisioner.spec @@ -0,0 +1,89 @@ +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +%define COMPONENT storage_local_static_provisioner +%define RPM_NAME caas-%{COMPONENT} +%define RPM_MAJOR_VERSION 2.3.3 +%define RPM_MINOR_VERSION 0 +%define go_version 1.12.9 +%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} +%define docker_build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build +%define docker_save_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save + +Name: %{RPM_NAME} +Version: %{RPM_MAJOR_VERSION} +Release: %{RPM_MINOR_VERSION}%{?dist} +Summary: Containers as a Service %{COMPONENT} component +License: %{_platform_license} and GNU General Public License v2.0 only and MIT license and BSD 3-clause New or Revised License and MIT License and Curl License and BSD +URL: https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner +BuildArch: %{_arch} +Vendor: %{_platform_vendor} and kubernetes-sigs/sig-storage-local-static-provisioner unmodified +Source0: %{name}-%{version}.tar.gz + +Requires: docker-ce >= 18.09.2, rsync +BuildRequires: docker-ce-cli >= 18.09.2, xz + +%description +This rpm contains the storage local static provisioner container for caas subsystem. + +%prep +%autosetup + +%build +docker build \ + --network=host \ + --no-cache \ + --force-rm \ + --build-arg HTTP_PROXY="${http_proxy}" \ + --build-arg HTTPS_PROXY="${https_proxy}" \ + --build-arg NO_PROXY="${no_proxy}" \ + --build-arg http_proxy="${http_proxy}" \ + --build-arg https_proxy="${https_proxy}" \ + --build-arg no_proxy="${no_proxy}" \ + --build-arg STORAGE_LOCAL_STATIC_PROVISIONER_VERSION="%{version}" \ + --build-arg go_version="%{go_version}" \ + --tag %{COMPONENT}:%{IMAGE_TAG} \ + %{docker_build_dir}/%{COMPONENT}/ +mkdir -p %{docker_save_dir}/ +docker save %{COMPONENT}:%{IMAGE_TAG} | xz -z -T2 > %{docker_save_dir}/%{COMPONENT}:%{IMAGE_TAG}.tar +docker rmi %{COMPONENT}:%{IMAGE_TAG} + +%install +mkdir -p %{buildroot}/%{_caas_container_tar_path} +rsync -av %{docker_save_dir}/%{COMPONENT}:%{IMAGE_TAG}.tar %{buildroot}/%{_caas_container_tar_path}/ + +mkdir -p %{buildroot}/%{_roles_path} +rsync -av ansible/roles/* %{buildroot}/%{_roles_path}/ + +install -D ansible/playbooks/kubernetes_storage.yaml %{buildroot}/%{_playbooks_path}/kubernetes_storage.yaml + +%files +%{_caas_container_tar_path}/%{COMPONENT}:%{IMAGE_TAG}.tar +%{_roles_path}/kubernetes_storage +%{_playbooks_path}/kubernetes_storage.yaml + +%preun + +%post +mkdir -p %{_postconfig_path} +ln -s %{_playbooks_path}/kubernetes_storage.yaml %{_postconfig_path}/ + +%postun +if [ $1 -eq 0 ]; then + rm -f %{_postconfig_path}/kubernetes_storage.yaml +fi + +%clean +rm -rf ${buildroot} + diff --git a/ansible/playbooks/kubernetes_storage.yaml b/ansible/playbooks/kubernetes_storage.yaml new file mode 100644 index 0000000..5fe19ed --- /dev/null +++ b/ansible/playbooks/kubernetes_storage.yaml @@ -0,0 +1,22 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# nokia.cmframework.requires: kubedns.yaml +- hosts: caas_master + strategy: free + become: true + become_user: "{{ users.admin_user_name }}" + roles: + - role: kubernetes_storage diff --git a/ansible/roles/kubernetes_storage/defaults/main.yaml b/ansible/roles/kubernetes_storage/defaults/main.yaml new file mode 100644 index 0000000..c25df46 --- /dev/null +++ b/ansible/roles/kubernetes_storage/defaults/main.yaml @@ -0,0 +1,25 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +auth_tokens: + - name: admin + secret_name: ceph-admin + namespace: kube-system + - name: caas + secret_name: ceph-user + namespace: kube-system + - name: caas + secret_name: ceph-user + namespace: default diff --git a/ansible/roles/kubernetes_storage/tasks/create_ceph_auth_secret.yaml b/ansible/roles/kubernetes_storage/tasks/create_ceph_auth_secret.yaml new file mode 100644 index 0000000..041699f --- /dev/null +++ b/ansible/roles/kubernetes_storage/tasks/create_ceph_auth_secret.yaml @@ -0,0 +1,38 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + - name: get auth token + become: true + become_user: root + shell: "ceph auth -f json get client.{{ token.name }}" + register: get_auth_token + + - name: extract auth token + set_fact: + ceph_auth_token: "{{ get_auth_token.stdout | from_json | map(attribute='key') | first }}" + + - name: template secret manifest + template: + src: ceph-secret.yaml.j2 + dest: "{{ caas.docker_directory }}/manifests/infra/ceph-{{ token.name }}-secret.yaml" + vars: + name: "{{ token.name }}" + namespace: "{{ token.namespace }}" + + - name: create ceph-{{ token.name }} secret + kubectl: + manifest: "{{ caas.docker_directory }}/manifests/infra/ceph-{{ token.name }}-secret.yaml" + state: present + when: ( nodename | search("caas_master1") ) diff --git a/ansible/roles/kubernetes_storage/tasks/create_ceph_storage_class.yaml b/ansible/roles/kubernetes_storage/tasks/create_ceph_storage_class.yaml new file mode 100644 index 0000000..dbc1854 --- /dev/null +++ b/ansible/roles/kubernetes_storage/tasks/create_ceph_storage_class.yaml @@ -0,0 +1,46 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + - name: get ceph mons + become: true + become_user: root + shell: "ceph mon dump -f json" + register: get_ceph_mons + + - name: parse mons command output + set_fact: + ceph_mons_dump: "{{ get_ceph_mons.stdout | from_json }}" + - name: assemble mons list string + set_fact: + ceph_mons_list: "{{ ceph_mons_dump.mons | map(attribute='addr') | join(',')}}" + + - name: get auth tokens + set_fact: + ceph_admin_token: "{{ auth_tokens | selectattr('name', 'search', 'admin') | first }}" + ceph_user_token: "{{ auth_tokens | selectattr('name', 'search', 'caas') | first }}" + + - name: template storage class manifets + template: + src: ceph-storageclass.yaml.j2 + dest: "{{ caas.docker_directory }}/manifests/infra/ceph-storageclass.yaml" + vars: + name: ceph-storage-class + pool: caas + + - name: create kubernetes storage class + kubectl: + manifest: "{{ caas.docker_directory }}/manifests/infra/ceph-storageclass.yaml" + state: present + when: ( nodename | search("caas_master1") ) diff --git a/ansible/roles/kubernetes_storage/tasks/create_local_storage_class.yaml b/ansible/roles/kubernetes_storage/tasks/create_local_storage_class.yaml new file mode 100644 index 0000000..c80a22f --- /dev/null +++ b/ansible/roles/kubernetes_storage/tasks/create_local_storage_class.yaml @@ -0,0 +1,29 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + - name: template storage class manifets + template: + src: local-storageclass.yaml.j2 + dest: "{{ caas.docker_directory }}/manifests/infra/local-storageclass.yaml" + vars: + name: ceph-storage-class + pool: caas + + - name: create kubernetes storage class + kubectl: + manifest: "{{ caas.docker_directory }}/manifests/infra/local-storageclass.yaml" + state: present + when: ( nodename | search("caas_master1") ) + diff --git a/ansible/roles/kubernetes_storage/tasks/main.yaml b/ansible/roles/kubernetes_storage/tasks/main.yaml new file mode 100644 index 0000000..1724c0d --- /dev/null +++ b/ansible/roles/kubernetes_storage/tasks/main.yaml @@ -0,0 +1,30 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + - name: create kubernetes secret for Ceph auth tokens + include_tasks: create_ceph_auth_secret.yaml + with_items: "{{ auth_tokens }}" + loop_control: + loop_var: token + when: ( ceph_configured | default(False) ) + + - name: create kubernetes ceph storage class + import_tasks: create_ceph_storage_class.yaml + when: ( ceph_configured | default(False) ) + + - name: create kubernetes local storage class + import_tasks: create_local_storage_class.yaml + when: ( not ceph_configured | default(True) ) + diff --git a/ansible/roles/kubernetes_storage/templates/ceph-secret.yaml.j2 b/ansible/roles/kubernetes_storage/templates/ceph-secret.yaml.j2 new file mode 100644 index 0000000..5985a16 --- /dev/null +++ b/ansible/roles/kubernetes_storage/templates/ceph-secret.yaml.j2 @@ -0,0 +1,23 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: ceph-{{ name }} + namespace: {{ namespace }} +type: kubernetes.io/rbd +data: + key: {{ ceph_auth_token | b64encode }} diff --git a/ansible/roles/kubernetes_storage/templates/ceph-storageclass.yaml.j2 b/ansible/roles/kubernetes_storage/templates/ceph-storageclass.yaml.j2 new file mode 100644 index 0000000..d1fcabe --- /dev/null +++ b/ansible/roles/kubernetes_storage/templates/ceph-storageclass.yaml.j2 @@ -0,0 +1,36 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + annotations: + storageclass.kubernetes.io/is-default-class: "true" + name: "{{ name }}" +provisioner: kubernetes.io/rbd +parameters: + monitors: "{{ ceph_mons_list }}" + adminId: "{{ ceph_admin_token.name }}" + adminSecretName: "ceph-{{ ceph_admin_token.name }}" + adminSecretNamespace: "{{ ceph_admin_token.namespace }}" + pool: "{{ pool }}" + userId: "{{ ceph_user_token.name }}" + userSecretName: "ceph-{{ ceph_user_token.name }}" + fsType: ext4 + imageFormat: "2" + imageFeatures: "layering" +reclaimPolicy: Retain +mountOptions: + - debug diff --git a/ansible/roles/kubernetes_storage/templates/local-storageclass.yaml.j2 b/ansible/roles/kubernetes_storage/templates/local-storageclass.yaml.j2 new file mode 100644 index 0000000..c763970 --- /dev/null +++ b/ansible/roles/kubernetes_storage/templates/local-storageclass.yaml.j2 @@ -0,0 +1,24 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + annotations: + storageclass.kubernetes.io/is-default-class: "true" + name: local-volume +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +reclaimPolicy: Retain diff --git a/docker-build/dynamic_local_pv_provisioner/Dockerfile b/docker-build/dynamic_local_pv_provisioner/Dockerfile new file mode 100644 index 0000000..cafbef0 --- /dev/null +++ b/docker-build/dynamic_local_pv_provisioner/Dockerfile @@ -0,0 +1,54 @@ +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM alpine:3.9 + +ARG go_install_dir="/usr/local/go" +ARG go_version +ARG DYNAMIC_LOCAL_PV_PROVISIONER_VERSION +ARG DEPENDENCY_MANAGER_VERSION +ENV GOPATH /build +ENV PATH $go_install_dir/bin:$PATH +ENV BUILD_DIR="$GOPATH/src/github.com/nokia/dynamic-local-pv-provisioner" + +RUN apk update \ +&& apk upgrade \ +&& apk add --no-cache --virtual .build-deps build-base git mercurial go glide bash tar \ +&& apk add --no-cache curl e2fsprogs xfsprogs-extra \ +&& mkdir -p $go_install_dir \ +&& curl -fsSL -k https://dl.google.com/go/go${go_version}.src.tar.gz | tar zx --strip-components=1 -C ${go_install_dir} \ +&& cd ${go_install_dir}/src/ \ +&& ./make.bash \ +&& if [ $(uname -m) == 'aarch64' ]; then HOST_ARCH=arm64; else HOST_ARCH=amd64; fi \ +&& curl -fsSL -o /usr/local/bin/dep https://github.com/golang/dep/releases/download/v${DEPENDENCY_MANAGER_VERSION}/dep-linux-${HOST_ARCH} \ +&& chmod +x /usr/local/bin/dep \ +&& mkdir -p $BUILD_DIR \ +# && git clone https://github.com/balintTobik/dynamic-local-pv-provisioner.git $BUILD_DIR \ +# && git clone https://github.com/nokia/dynamic-local-pv-provisioner.git $BUILD_DIR \ +&& git clone https://github.com/nokia/dynamic-local-pv-provisioner-fork.git $BUILD_DIR \ +&& cd $BUILD_DIR \ +&& git fetch --tags \ +&& git checkout ${DYNAMIC_LOCAL_PV_PROVISIONER_VERSION} \ +&& dep init \ +&& dep ensure --vendor-only \ +&& CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o executor ./cmd/executor \ +&& mv $BUILD_DIR/executor /executor \ +&& CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o provisioner ./cmd/provisioner \ +&& mv $BUILD_DIR/provisioner /provisioner \ +&& apk del .build-deps \ +&& rm -rf $GOPATH \ +&& rm -rf $go_install_dir \ +&& rm -rf /build \ +&& rm -rf /root/.glide + diff --git a/docker-build/storage_local_static_provisioner/Dockerfile b/docker-build/storage_local_static_provisioner/Dockerfile new file mode 100644 index 0000000..c6bbec3 --- /dev/null +++ b/docker-build/storage_local_static_provisioner/Dockerfile @@ -0,0 +1,47 @@ +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM alpine:3.9 +MAINTAINER Balazs Szekeres + +ARG STORAGE_LOCAL_STATIC_PROVISIONER_VERSION +ARG go_install_dir="/usr/local/go" +ARG go_version + +ENV PATH="$go_install_dir/bin:$PATH" +ENV GOPATH /build +ENV USER=root + +RUN apk update \ +&& apk upgrade \ +&& apk add --no-cache --virtual .build-deps build-base go godep curl tar \ +&& apk add util-linux e2fsprogs bash xfsprogs \ +\ +&& mkdir -p $go_install_dir \ +&& curl -fsSL -k https://dl.google.com/go/go${go_version}.src.tar.gz | tar zx --strip-components=1 -C ${go_install_dir} \ +&& cd ${go_install_dir}/src/ \ +&& ./make.bash \ +\ +&& mkdir -p ${GOPATH}/src/sigs.k8s.io/sig-storage-local-static-provisioner \ +&& curl -fsSL -k https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner/archive/v${STORAGE_LOCAL_STATIC_PROVISIONER_VERSION}.tar.gz | tar zx --strip-components=1 -C ${GOPATH}/src/sigs.k8s.io/sig-storage-local-static-provisioner \ +&& cd ${GOPATH}/src/sigs.k8s.io/sig-storage-local-static-provisioner \ +&& GOOS=${OS} GOARCH=${ARCH} go build -a -ldflags '-extldflags "-static"' -o _output/${OS}/${ARCH}/local-volume-provisioner ./cmd/local-volume-provisioner \ +&& mv deployment/docker/scripts /scripts \ +&& mv deployment/docker/test.sh /test.sh \ +&& mv _output/${OS}/${ARCH}/local-volume-provisioner /bin/local-volume-provisioner \ +&& apk del .build-deps \ +&& rm -rf /build \ +&& rm -rf ${GOPATH} + +ENTRYPOINT ["/bin/local-volume-provisioner"] -- 2.16.6