From 1a4944c994f6ceea56b0a3949ab480076578b984 Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Thu, 25 Aug 2022 19:24:57 +0200 Subject: [PATCH] Update code --- README.md | 2 + bin/update.sh | 44 ++++++++------- defaults/main.yml | 36 ++++++------ tasks/local-path.yml | 14 ++--- tasks/longhorn.yml | 65 +++------------------- tasks/main.yml | 19 +++++-- tasks/nfs.yml | 8 +-- tasks/seaweedfs.yml | 55 ++++++++++++++++++ tasks/secrets-store.yml | 10 ++-- templates/longhorn/longhorn-values.yaml.j2 | 47 ++++++++++++++++ 10 files changed, 182 insertions(+), 118 deletions(-) create mode 100644 tasks/seaweedfs.yml create mode 100644 templates/longhorn/longhorn-values.yaml.j2 diff --git a/README.md b/README.md index 6b5b4dc..7069167 100644 --- a/README.md +++ b/README.md @@ -6,3 +6,5 @@ Deploy storage class to kubernetes cluster for KUBENODE in node1 node2 node3; do kubectl --context my_context label node ${KUBENODE} node.longhorn.io/create-default-disk=config; kubectl --context my_context annotate node ${KUBENODE} node.longhorn.io/default-disks-config='[{"path":"/var/lib/longhorn","allowScheduling":true}]'; done + +For some idea, you can open [this page](https://kubernetes-csi.github.io/docs/drivers.html) diff --git a/bin/update.sh b/bin/update.sh index 6f068e4..8dc45ca 100755 --- a/bin/update.sh +++ b/bin/update.sh @@ -4,10 +4,10 @@ # Run from files directory # -#git clone https://github.com/linode/linode-blockstorage-csi-driver.git -#mv linode{,.old} -#mv linode-blockstorage-csi-driver/pkg/linode-bs/deploy/kubernetes linode -#rm -fr linode-blockstorage-csi-driver linode.old +# git clone https://github.com/linode/linode-blockstorage-csi-driver.git +# mv linode{,.old} +# mv linode-blockstorage-csi-driver/pkg/linode-bs/deploy/kubernetes linode +# rm -fr linode-blockstorage-csi-driver linode.old # https://raw.githubusercontent.com/linode/linode-blockstorage-csi-driver/master/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.1.4.yaml wget https://raw.githubusercontent.com/linode/linode-blockstorage-csi-driver/master/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml kubernetes-split-yaml linode-blockstorage-csi-driver.yaml > generated.log @@ -41,23 +41,25 @@ wget https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass/raw/ \mv provider-gopass-installer.yaml files/secrets-provider-gopass/ -#https://github.com/scaleway/scaleway-csi -#https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver -#https://github.com/hetznercloud/csi-driver -#https://github.com/packethost/csi-packet -#https://github.com/kubernetes-sigs/azuredisk-csi-driver -#https://github.com/kubernetes-sigs/azurefile-csi-driver -#https://github.com/TencentCloud/kubernetes-csi-tencentcloud -#https://github.com/flant/yandex-csi-driver +# https://github.com/scaleway/scaleway-csi +# https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver +# https://github.com/hetznercloud/csi-driver +# https://github.com/packethost/csi-packet +# https://github.com/kubernetes-sigs/azuredisk-csi-driver +# https://github.com/kubernetes-sigs/azurefile-csi-driver +# https://github.com/TencentCloud/kubernetes-csi-tencentcloud +# https://github.com/flant/yandex-csi-driver -#https://github.com/ceph/ceph-csi -#https://github.com/jparklab/synology-csi -#https://github.com/woohhan/dropbox-csi -#https://github.com/chr-fritz/csi-sshfs -#https://github.com/ctrox/csi-s3 ? -#https://github.com/wavezhang/k8s-csi-lvm ? -#https://github.com/juicedata/juicefs-csi-driver ? +# https://github.com/ceph/ceph-csi +# https://github.com/jparklab/synology-csi +# https://github.com/woohhan/dropbox-csi +# https://github.com/chr-fritz/csi-sshfs +# https://github.com/ctrox/csi-s3 ? +# https://github.com/wavezhang/k8s-csi-lvm ? +# https://github.com/juicedata/juicefs-csi-driver ? -#https://github.com/Azure/secrets-store-csi-driver-provider-azure -#https://github.com/hashicorp/secrets-store-csi-driver-provider-vault +# https://github.com/Azure/secrets-store-csi-driver-provider-azure +# https://github.com/hashicorp/secrets-store-csi-driver-provider-vault + +# https://github.com/topolvm/topolvm/tree/main/charts/topolvm diff --git a/defaults/main.yml b/defaults/main.yml index 8ac8975..90989cf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,29 +1,27 @@ my_context: minikube -storage_manual: - enabled: true +storage_manual_enabled: true -storage_localpath: - enabled: true - version: "v0.0.22" - default_path: "/mnt/local" - namespace: "local-path-storage" +storage_localpath_enabled: true +storage_localpath_version: "v0.0.22" +storage_localpath_default_path: "/mnt/local" +storage_localpath_namespace: "local-path-storage" -storage_longhorn: - enabled: false - version: "v1.3.1" - namespace: "longhorn-system" +storage_longhorn_enabled: false +storage_longhorn_version: "v1.3.1" +storage_longhorn_namespace: "longhorn-system" -storage_nfs: - enabled: false - namespace: "nfs-client-provisioner" +storage_nfs_enabled: false +storage_nfs_namespace: "nfs-client-provisioner" -storage_secrets_store: - enabled: false - version: "v1.2.3" +storage_secrets_store_enabled: false +storage_secrets_store_version: "v1.2.3" -storage_secrets_store_azure: - version: "v1.3.0" +storage_secrets_store_azure_version: "v1.3.0" + +storage_seaweedfs_enabled: false +storage_seaweedfs_version: "v1.0.9" +storage_seaweedfs_namespace: "seaweedfs-csi" storage_linode: false storage_digitalocean: false diff --git a/tasks/local-path.yml b/tasks/local-path.yml index 65aab13..a718625 100644 --- a/tasks/local-path.yml +++ b/tasks/local-path.yml @@ -8,7 +8,7 @@ ansible.builtin.git: repo: "https://github.com/rancher/local-path-provisioner.git" dest: tmp/local-path-provisioner - version: "{{ storage_localpath.version }}" + version: "{{ storage_localpath_version }}" - name: Deploy local-path chart from local path kubernetes.core.helm: @@ -16,15 +16,15 @@ name: local-path-provisioner context: "{{ my_context }}" chart_ref: tmp/local-path-provisioner/deploy/chart/local-path-provisioner - release_namespace: "{{ storage_localpath.namespace }}" + release_namespace: "{{ storage_localpath_namespace }}" create_namespace: true values: nodePathMap: - node: DEFAULT_PATH_FOR_NON_LISTED_NODES - paths: ["{{ storage_localpath.default_path }}"] + paths: ["{{ storage_localpath_default_path }}"] when: - - storage_localpath.enabled + - storage_localpath_enabled - name: Uninstall Local-path block: @@ -33,18 +33,18 @@ context: "{{ my_context }}" name: local-path-provisioner release_state: absent - release_namespace: "{{ storage_localpath.namespace }}" + release_namespace: "{{ storage_localpath_namespace }}" - name: namespace kubernetes.core.k8s: state: absent context: "{{ my_context }}" - namespace: "{{ storage_localpath.namespace }}" + namespace: "{{ storage_localpath_namespace }}" resource_definition: "{{ lookup('template', 'local-path/' + item) | from_yaml }}" with_items: - "local-path-namespace.yml.j2" when: - - not storage_localpath.enabled + - not storage_localpath_enabled tags: - storage diff --git a/tasks/longhorn.yml b/tasks/longhorn.yml index ecfb5a7..f263e1c 100644 --- a/tasks/longhorn.yml +++ b/tasks/longhorn.yml @@ -10,57 +10,10 @@ context: "{{ my_context }}" name: longhorn chart_ref: longhorn/longhorn - chart_version: "{{ storage_longhorn.version }}" + chart_version: "{{ storage_longhorn_version }}" create_namespace: true - release_namespace: "{{ storage_longhorn.namespace }}" - values: - persistence: - defaultClass: true -# defaultClassReplicaCount: 3 -# reclaimPolicy: Delete - recurringJobSelector: - enable: true - jobList: '[ - { - "name":"snapshot", - "isGroup":true, - }, - { - "name":"backup-daily", - "isGroup":true, - } - ]' - defaultSettings: - defaultDataPath: "/var/lib/longhorn/" - backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore" - allowRecurringJobWhileVolumeDetached: true - createDefaultDiskLabeledNodes: true - replicaSoftAntiAffinity: false -# defaultReplicaCount: 2 - defaultDataLocality: best-effort -# defaultLonghornStaticStorageClass: longhorn -# disableSchedulingOnCordonedNode: false - replicaZoneSoftAntiAffinity: false - guaranteed-engine-manager-cpu: 6 - guaranteed-replica-manager-cpu: 6 - ingress: - enabled: true - host: "longhorn.{{ cluster_domain }}" -# tls: false -# tlsSecret: longhorn.local-tls - annotations: - kubernetes.io/ingress.class: traefik -# cert-manager.io/cluster-issuer: letsencrypt-prod -# {% if ingress_whitelist is defined %} -# ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}" -# {% endif %} - traefik.ingress.kubernetes.io/router.entrypoints: web,websecure -# {% if basic_auth is defined %} -# traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd -# traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file -# #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd -# {% endif %} -# enablePSP: true + release_namespace: "{{ storage_longhorn_namespace }}" + values: "{{ lookup('template', 'longhorn/longhorn-values.yaml.j2') | from_yaml }}" - name: Configure Longhorn kubernetes.core.k8s: @@ -92,7 +45,7 @@ state: present context: "{{ my_context }}" apply: true - namespace: "{{ storage_longhorn.namespace }}" + namespace: "{{ storage_longhorn_namespace }}" resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}" with_items: - { @@ -113,12 +66,12 @@ # state: present # context: "{{ my_context }}" # apply: true -# namespace: "{{ storage_longhorn.namespace }}" +# namespace: "{{ storage_longhorn_namespace }}" # resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}" # with_items: # - "longhorn_ingressroute.yaml.j2" when: - - storage_longhorn.enabled + - storage_longhorn_enabled tags: - longhorn - storage @@ -130,19 +83,19 @@ context: "{{ my_context }}" name: longhorn state: absent - release_namespace: "{{ storage_longhorn.namespace }}" + release_namespace: "{{ storage_longhorn_namespace }}" - name: Remove Ingress for longhorn UI kubernetes.core.k8s: state: absent context: "{{ my_context }}" - namespace: "{{ storage_longhorn.namespace }}" + namespace: "{{ storage_longhorn_namespace }}" resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}" with_items: # - "longhorn_ingressroute.yaml.j2" - "longhorn-namespace.yml.j2" when: - - not storage_longhorn.enabled + - not storage_longhorn_enabled tags: - longhorn - storage diff --git a/tasks/main.yml b/tasks/main.yml index e1fe3b0..e0e4aa9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -13,7 +13,7 @@ volumeBindingMode: WaitForFirstConsumer allowVolumeExpansion: true when: - - storage_manual.enabled + - storage_manual_enabled tags: - manual - storage @@ -38,6 +38,11 @@ tags: - secrets-store - storage + - name: include seaweedfs tasks + ansible.builtin.include_tasks: "seaweedfs.yml" + tags: + - seaweedfs + - storage # https://medium.com/asl19-developers/create-readwritemany-persistentvolumeclaims-on-your-kubernetes-cluster-3a8db51f98e3 # https://github.com/ctrox/csi-s3 @@ -56,16 +61,18 @@ apiVersion: v1 kind: StorageClass metadata: - name: "{{ storage.default_storageclass }}" + name: "{{ storage_default_storageclass }}" annotations: storageclass.kubernetes.io/is-default-class: "true" when: - - storage.default_storageclass is defined + - storage_default_storageclass is defined tags: - manual - local-path - nfs - longhorn + - secrets-store + - seaweedfs - storage - name: Select the default VolumeSnapshotClass @@ -76,9 +83,9 @@ apiVersion: v1 kind: VolumeSnapshotClass metadata: - name: "{{ storage.default_storageclass }}" + name: "{{ storage_default_storageclass }}" annotations: snapshot.storage.kubernetes.io/is-default-class: "true" when: - - storage.default_storageclass is defined - - storage.default_storageclass == "do-block-storage" + - storage_default_storageclass is defined + - storage_default_storageclass == "do-block-storage" diff --git a/tasks/nfs.yml b/tasks/nfs.yml index ec8bb0e..4b4f22e 100644 --- a/tasks/nfs.yml +++ b/tasks/nfs.yml @@ -17,7 +17,7 @@ name: nfs-subdir-external-provisioner chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner create_namespace: true - release_namespace: "{{ storage_nfs.namespace }}" + release_namespace: "{{ storage_nfs_namespace }}" values: nfs: server: x.x.x.x @@ -30,7 +30,7 @@ # provisionerName: "" # accessModes: ReadWriteOnce when: - - storage_nfs.enabled + - storage_nfs_enabled tags: - nfs - storage @@ -42,9 +42,9 @@ context: "{{ my_context }}" name: nfs-subdir-external-provisioner release_state: absent - release_namespace: "{{ storage_nfs.namespace }}" + release_namespace: "{{ storage_nfs_namespace }}" when: - - not storage_nfs.enabled + - not storage_nfs_enabled tags: - nfs - storage diff --git a/tasks/seaweedfs.yml b/tasks/seaweedfs.yml new file mode 100644 index 0000000..7bbb563 --- /dev/null +++ b/tasks/seaweedfs.yml @@ -0,0 +1,55 @@ +--- +- name: seaweedfs + block: +# https://github.com/seaweedfs/seaweedfs-csi-driver + - name: Install seaweedfs + block: + - name: Git clone stable repo on HEAD + ansible.builtin.git: + repo: "https://github.com/seaweedfs/seaweedfs-csi-driver.git" + dest: tmp/seaweedfs-csi-driver + version: "{{ storage_seaweedfs_version }}" + + - name: Deploy local-path chart from local path + kubernetes.core.helm: + state: "present" + name: seaweedfs-csi-driver + context: "{{ my_context }}" + chart_ref: tmp/seaweedfs-csi-driver/deploy/helm/seaweedfs-csi-driver + release_namespace: "{{ storage_seaweedfs_namespace }}" + create_namespace: true + values: + seaweedfsFiler: + storageClassName: seaweedfs + isDefaultStorageClass: false + + when: + - storage_seaweedfs_enabled + + - name: Uninstall seaweedfs + block: + - name: Uninstall seaweedfs + kubernetes.core.helm: + context: "{{ my_context }}" + name: seaweedfs-csi-driver + release_state: absent + release_namespace: "{{ storage_seaweedfs_namespace }}" + - name: namespace + kubernetes.core.k8s: + state: absent + context: "{{ my_context }}" + namespace: "{{ storage_seaweedfs_namespace }}" + definition: + api_version: v1 + kind: Namespace + metadata: + name: '{{ storage_seaweedfs_namespace }}' + labels: + namespace: '{{ storage_seaweedfs_namespace }}' + + when: + - not storage_seaweedfs_enabled + + tags: + - storage + - seaweedfs diff --git a/tasks/secrets-store.yml b/tasks/secrets-store.yml index fea74fa..58cf63d 100644 --- a/tasks/secrets-store.yml +++ b/tasks/secrets-store.yml @@ -12,7 +12,7 @@ context: "{{ my_context }}" name: csi-secrets-store release_namespace: "kube-system" - chart_version: "{{ storage_secrets_store.version }}" + chart_version: "{{ storage_secrets_store_version }}" chart_ref: secrets-store-csi-driver/secrets-store-csi-driver # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass @@ -34,13 +34,13 @@ context: "{{ my_context }}" name: csi-secrets-store-provider-azure release_namespace: "kube-system" - chart_version: "{{ storage_secrets_store_azure.version }}" + chart_version: "{{ storage_secrets_store_azure_version }}" chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure values: secrets-store-csi-driver: install: false when: - - storage_secrets_store.enabled + - storage_secrets_store_enabled tags: - storage - secrets-store @@ -58,7 +58,7 @@ with_items: - "csi-secrets-store" - "csi-secrets-store-provider-azure" - - name: Remove Ingress for longhorn UI + - name: Remove Gopass provider kubernetes.core.k8s: state: absent context: "{{ my_context }}" @@ -68,7 +68,7 @@ - "secrets-provider-gopass/provider-gopass-installer.yaml" when: - - not storage_secrets_store.enabled + - not storage_secrets_store_enabled tags: - secrets-store - storage diff --git a/templates/longhorn/longhorn-values.yaml.j2 b/templates/longhorn/longhorn-values.yaml.j2 new file mode 100644 index 0000000..a371494 --- /dev/null +++ b/templates/longhorn/longhorn-values.yaml.j2 @@ -0,0 +1,47 @@ +persistence: + defaultClass: true +# defaultClassReplicaCount: 3 +# reclaimPolicy: Delete + recurringJobSelector: + enable: true + jobList: '[ + { + "name":"snapshot", + "isGroup":true, + }, + { + "name":"backup-daily", + "isGroup":true, + } + ]' +defaultSettings: + defaultDataPath: "/var/lib/longhorn/" + backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore" + allowRecurringJobWhileVolumeDetached: true + createDefaultDiskLabeledNodes: true + replicaSoftAntiAffinity: false +# defaultReplicaCount: 2 + defaultDataLocality: best-effort +# defaultLonghornStaticStorageClass: longhorn +# disableSchedulingOnCordonedNode: false + replicaZoneSoftAntiAffinity: false + guaranteed-engine-manager-cpu: 6 + guaranteed-replica-manager-cpu: 6 +ingress: + enabled: true + host: "longhorn.{{ cluster_domain }}" +# tls: false +# tlsSecret: longhorn.local-tls + annotations: + kubernetes.io/ingress.class: traefik +# cert-manager.io/cluster-issuer: letsencrypt-prod +{% if ingress_whitelist is defined %} + ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}" +{% endif %} + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure +{% if basic_auth is defined %} +# traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd + traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file +# #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd +{% endif %} +#enablePSP: true