Created
August 30, 2019 09:15
-
-
Save vikas027/3d3890168e16bfbf2c90d16036be11b3 to your computer and use it in GitHub Desktop.
Revisions
-
vikas027 created this gist
Aug 30, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,180 @@ --- apiVersion: v1 kind: ServiceAccount metadata: name: rbd-provisioner namespace: default --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rbd-provisioner namespace: default rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["create", "update", "patch"] - apiGroups: [""] resources: ["services"] resourceNames: ["kube-dns","coredns"] verbs: ["list", "get"] - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "watch", "create", "update", "patch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rbd-provisioner subjects: - kind: ServiceAccount name: rbd-provisioner namespace: default roleRef: kind: ClusterRole name: rbd-provisioner apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: rbd-provisioner namespace: default rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get"] - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "watch", "create", "update", "patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: rbd-provisioner namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: rbd-provisioner subjects: - kind: ServiceAccount name: rbd-provisioner namespace: default --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: rbd-provisioner namespace: default spec: replicas: 1 strategy: type: Recreate template: metadata: labels: app: rbd-provisioner spec: containers: - name: rbd-provisioner image: "quay.io/external_storage/rbd-provisioner:latest" env: - name: PROVISIONER_NAME value: ceph.com/rbd serviceAccount: rbd-provisioner --- apiVersion: v1 kind: Secret metadata: name: ceph-admin-secret namespace: default type: kubernetes.io/rbd data: # ceph --cluster ceph auth get-key client.admin | base64 key: QVFEU0dtSmR4M2gvS0JBQUsvdWxHYVpjQlYwK1ZXQlVBWnllUnc9PQ== --- apiVersion: v1 kind: Secret metadata: name: ceph-kube-secret namespace: default type: kubernetes.io/rbd data: # ceph auth add client.kube mon 'allow r' osd 'allow rwx pool=kube' # ceph auth get-key client.kube | base64 key: QVFDQitXVmRHelFXTVJBQVZRSTQrMUJHaUw3OGlTVFlKeEw4SUE9PQ== --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: rbd namespace: default provisioner: ceph.com/rbd parameters: monitors: 10.10.10.1:6789 pool: ceph-vm adminId: admin adminSecretNamespace: default adminSecretName: ceph-admin-secret userId: kube userSecretNamespace: default userSecretName: ceph-kube-secret imageFormat: "2" imageFeatures: layering --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: claim1 namespace: default spec: storageClassName: rbd accessModes: - ReadWriteOnce resources: requests: storage: 1Gi --- kind: Pod apiVersion: v1 metadata: name: test-pod spec: containers: - name: test-pod image: gcr.io/google_containers/busybox:1.24 command: - "/bin/sh" args: - "-c" - "touch /mnt/SUCCESS && exit 0 || exit 1" volumeMounts: - name: pvc mountPath: "/mnt" restartPolicy: "Never" volumes: - name: pvc persistentVolumeClaim: claimName: claim1