Skip to content

Instantly share code, notes, and snippets.

@ashleyw

ashleyw/edgefs-cluster.yml

Last active October 14, 2019 18:43
Show Gist options
  • Save ashleyw/628c10aa0678acba9eaef015846bd61d to your computer and use it in GitHub Desktop.
Save ashleyw/628c10aa0678acba9eaef015846bd61d to your computer and use it in GitHub Desktop.
Download ZIP
Corosync boot issue
Raw
edgefs-cluster.yml
apiVersion: v1
kind: Namespace
metadata:
name: rook-edgefs
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: rook-edgefs-cluster
namespace: rook-edgefs
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: rook-edgefs-cluster
namespace: rook-edgefs
rules:
- apiGroups: [""]
resources: ["configmaps", "endpoints"]
verbs: [ "get", "list", "watch", "create", "update", "delete" ]
- apiGroups: ["edgefs.rook.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: [""]
resources: ["pods"]
verbs: [ "get", "list" ]
- apiGroups: ["extensions"]
resources: ["deployments/scale"]
verbs: [ "get", "update" ]
---
# Allow the operator to create resources in this cluster's namespace
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: rook-edgefs-cluster-mgmt
namespace: rook-edgefs
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rook-edgefs-cluster-mgmt
subjects:
- kind: ServiceAccount
name: rook-edgefs-system
namespace: rook-edgefs-system
---
# Allow the pods in this namespace to work with configmaps
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: rook-edgefs-cluster
namespace: rook-edgefs
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rook-edgefs-cluster
subjects:
- kind: ServiceAccount
name: rook-edgefs-cluster
namespace: rook-edgefs
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: privileged
spec:
fsGroup:
rule: RunAsAny
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
allowedCapabilities:
- '*'
hostPID: true
hostIPC: true
hostNetwork: false
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: privileged-psp-user
rules:
- apiGroups:
- apps
resources:
- podsecuritypolicies
resourceNames:
- privileged
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rook-edgefs-system-psp
namespace: rook-edgefs
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: privileged-psp-user
subjects:
- kind: ServiceAccount
name: rook-edgefs-system
namespace: rook-edgefs-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rook-edgefs-cluster-psp
namespace: rook-edgefs
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: privileged-psp-user
subjects:
- kind: ServiceAccount
name: rook-edgefs-cluster
namespace: rook-edgefs
---
apiVersion: edgefs.rook.io/v1
kind: Cluster
metadata:
name: rook-edgefs
namespace: rook-edgefs
spec:
edgefsImageName: edgefs/edgefs:1.2.78
serviceAccount: rook-edgefs-cluster
dataDirHostPath: /var/lib/edgefs
storage:
useAllNodes: true
useAllDevices: false
directories:
- path: /var/lib/edgefs/data
Raw
kind-cluster.yml
kind: Cluster
apiVersion: kind.sigs.k8s.io/v1alpha3
nodes:
- role: control-plane
- role: worker
- role: worker
- role: worker
Raw
operator.yml
apiVersion: v1
kind: Namespace
metadata:
name: rook-edgefs-system
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusters.edgefs.rook.io
spec:
group: edgefs.rook.io
names:
kind: Cluster
listKind: ClusterList
plural: clusters
singular: cluster
scope: Namespaced
version: v1
validation:
openAPIV3Schema:
properties:
spec:
properties:
edgefsImageName:
type: string
dataDirHostPath:
pattern: ^/(\S+)
type: string
devicesResurrectMode:
pattern: ^(restore|restoreZap|restoreZapWait)$
type: string
dashboard:
properties:
localAddr:
type: string
network:
properties:
serverIfName:
type: string
brokerIfName:
type: string
skipHostPrepare:
type: boolean
storage:
properties:
nodes:
items: {}
type: array
useAllDevices: {}
useAllNodes:
type: boolean
required:
- edgefsImageName
- dataDirHostPath
additionalPrinterColumns:
- name: Image
type: string
description: Edgefs target image
JSONPath: .spec.edgefsImageName
- name: HostPath
type: string
description: Directory used on the Kubernetes nodes to store Edgefs data
JSONPath: .spec.dataDirHostPath
- name: Age
type: date
JSONPath: .metadata.creationTimestamp
- name: State
type: string
description: Current State
JSONPath: .status.state
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: nfss.edgefs.rook.io
spec:
group: edgefs.rook.io
names:
kind: NFS
listKind: NFSList
plural: nfss
singular: nfs
scope: Namespaced
version: v1
validation:
openAPIV3Schema:
properties:
spec:
properties:
instances:
type: integer
minimum: 1
required:
- instances
additionalPrinterColumns:
- name: Instances
type: string
description: Edgefs's service instances count
JSONPath: .spec.instances
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: swifts.edgefs.rook.io
spec:
group: edgefs.rook.io
names:
kind: SWIFT
listKind: SWIFTList
plural: swifts
singular: swift
scope: Namespaced
version: v1
validation:
openAPIV3Schema:
properties:
spec:
properties:
instances:
type: integer
minimum: 1
required:
- instances
additionalPrinterColumns:
- name: Instances
type: string
description: Edgefs's service instances count
JSONPath: .spec.instances
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: s3s.edgefs.rook.io
spec:
group: edgefs.rook.io
names:
kind: S3
listKind: S3List
plural: s3s
singular: s3
scope: Namespaced
version: v1
validation:
openAPIV3Schema:
properties:
spec:
properties:
instances:
type: integer
minimum: 1
required:
- instances
additionalPrinterColumns:
- name: Instances
type: string
description: Edgefs's service instances count
JSONPath: .spec.instances
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: s3xs.edgefs.rook.io
spec:
group: edgefs.rook.io
names:
kind: S3X
listKind: S3XList
plural: s3xs
singular: s3x
scope: Namespaced
version: v1
validation:
openAPIV3Schema:
properties:
spec:
properties:
instances:
type: integer
minimum: 1
required:
- instances
additionalPrinterColumns:
- name: Instances
type: string
description: Edgefs's service instances count
JSONPath: .spec.instances
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: iscsis.edgefs.rook.io
spec:
group: edgefs.rook.io
names:
kind: ISCSI
listKind: ISCSIList
plural: iscsis
singular: iscsi
scope: Namespaced
version: v1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: isgws.edgefs.rook.io
spec:
group: edgefs.rook.io
names:
kind: ISGW
listKind: ISGWList
plural: isgws
singular: isgw
scope: Namespaced
version: v1
validation:
openAPIV3Schema:
properties:
spec:
properties:
direction:
type: string
pattern: ^(send|receive|send\+receive)$
remoteURL:
type: string
required:
- direction
- remoteURL
additionalPrinterColumns:
- name: Direction
type: string
description: ISGW service direction
JSONPath: .spec.direction
- name: RemoteEndpoint
type: string
description: Remote ISGW service endpoint
JSONPath: .spec.remoteURL
---
# The cluster role for managing all the cluster-specific resources in a namespace
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: rook-edgefs-cluster-mgmt
labels:
operator: rook
storage-backend: edgefs
rules:
- apiGroups: [""]
resources: ["secrets", "pods", "nodes", "services", "configmaps", "endpoints"]
verbs: ["get", "list", "watch", "patch", "create", "update", "delete"]
- apiGroups: ["apps"]
resources: ["statefulsets", "statefulsets/scale"]
verbs: ["create", "delete", "deletecollection", "patch", "update"]
- apiGroups: ["apps"]
resources: ["deployments", "daemonsets", "replicasets", "statefulsets"]
verbs: ["get", "list", "watch", "create", "update", "delete"]
---
# The role for the operator to manage resources in the system namespace
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: rook-edgefs-system
namespace: rook-edgefs-system
labels:
operator: rook
storage-backend: edgefs
rules:
- apiGroups: [""]
resources: ["pods", "nodes", "configmaps"]
verbs: ["get", "list", "watch", "patch", "create", "update", "delete"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get", "list", "watch", "create", "update", "delete"]
---
# The cluster role for managing the Rook CRDs
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: rook-edgefs-global
labels:
operator: rook
storage-backend: edgefs
rules:
- apiGroups: [""]
# Pod access is needed for fencing
# Node access is needed for determining nodes where mons should run
resources: ["pods", "nodes", "nodes/proxy"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
# PVs and PVCs are managed by the Rook provisioner
resources: ["events", "persistentvolumes", "persistentvolumeclaims"]
verbs: ["get", "list", "watch", "patch", "create", "update", "delete"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "watch", "create", "update", "delete"]
- apiGroups: ["edgefs.rook.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["rook.io"]
resources: ["*"]
verbs: ["*"]
---
# The rook system service account used by the operator, agent, and discovery pods
apiVersion: v1
kind: ServiceAccount
metadata:
name: rook-edgefs-system
namespace: rook-edgefs-system
labels:
operator: rook
storage-backend: edgefs
---
# Grant the operator, agent, and discovery agents access to resources in its own namespace
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: rook-edgefs-system
namespace: rook-edgefs-system
labels:
operator: rook
storage-backend: edgefs
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rook-edgefs-system
subjects:
- kind: ServiceAccount
name: rook-edgefs-system
namespace: rook-edgefs-system
---
# Grant the rook system daemons cluster-wide access to manage the Rook CRDs, PVCs, and storage classes
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: rook-edgefs-global
namespace: rook-edgefs-system
labels:
operator: rook
storage-backend: edgefs
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rook-edgefs-global
subjects:
- kind: ServiceAccount
name: rook-edgefs-system
namespace: rook-edgefs-system
---
# The deployment for the rook operator
apiVersion: apps/v1
kind: Deployment
metadata:
name: rook-edgefs-operator
namespace: rook-edgefs-system
labels:
operator: rook
storage-backend: edgefs
spec:
selector:
matchLabels:
app: rook-edgefs-operator
replicas: 1
template:
metadata:
labels:
app: rook-edgefs-operator
spec:
serviceAccountName: rook-edgefs-system
containers:
- name: rook-edgefs-operator
image: rook/edgefs:v1.1.2
imagePullPolicy: "IfNotPresent"
args: ["edgefs", "operator"]
env:
- name: ROOK_LOG_LEVEL
value: "DEBUG"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# Rook Discover toleration. Will tolerate all taints with all keys.
# Choose between NoSchedule, PreferNoSchedule and NoExecute:
# - name: DISCOVER_TOLERATION
# value: "NoSchedule"
# (Optional) Rook Discover toleration key. Set this to the key of the taint you want to tolerate
# - name: DISCOVER_TOLERATION_KEY
# value: "<KeyOfTheTaintToTolerate>"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment