Update code

2022-08-25 19:24:57 +02:00 · 2022-08-25 19:24:57 +02:00 · 1a4944c994
commit 1a4944c994
parent 3159c8412d
10 changed files with 182 additions and 118 deletions
--- a/README.md
+++ b/README.md
@ -6,3 +6,5 @@ Deploy storage class to kubernetes cluster
 for KUBENODE in node1 node2 node3; do kubectl --context my_context label node ${KUBENODE} node.longhorn.io/create-default-disk=config; kubectl --context my_context annotate node ${KUBENODE} node.longhorn.io/default-disks-config='[{"path":"/var/lib/longhorn","allowScheduling":true}]'; done
 For some idea, you can open [this page](https://kubernetes-csi.github.io/docs/drivers.html)
--- a/bin/update.sh
+++ b/bin/update.sh
@ -4,10 +4,10 @@
 # Run from files directory
 #
-#git clone https://github.com/linode/linode-blockstorage-csi-driver.git
+# git clone https://github.com/linode/linode-blockstorage-csi-driver.git
-#mv linode{,.old}
+# mv linode{,.old}
-#mv linode-blockstorage-csi-driver/pkg/linode-bs/deploy/kubernetes linode
+# mv linode-blockstorage-csi-driver/pkg/linode-bs/deploy/kubernetes linode
-#rm -fr linode-blockstorage-csi-driver linode.old
+# rm -fr linode-blockstorage-csi-driver linode.old
 # https://raw.githubusercontent.com/linode/linode-blockstorage-csi-driver/master/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.1.4.yaml
 wget https://raw.githubusercontent.com/linode/linode-blockstorage-csi-driver/master/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml
 kubernetes-split-yaml linode-blockstorage-csi-driver.yaml > generated.log
@ -41,23 +41,25 @@ wget https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass/raw/
  \mv provider-gopass-installer.yaml files/secrets-provider-gopass/
-#https://github.com/scaleway/scaleway-csi
+# https://github.com/scaleway/scaleway-csi
-#https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver
+# https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver
-#https://github.com/hetznercloud/csi-driver
+# https://github.com/hetznercloud/csi-driver
-#https://github.com/packethost/csi-packet
+# https://github.com/packethost/csi-packet
-#https://github.com/kubernetes-sigs/azuredisk-csi-driver
+# https://github.com/kubernetes-sigs/azuredisk-csi-driver
-#https://github.com/kubernetes-sigs/azurefile-csi-driver
+# https://github.com/kubernetes-sigs/azurefile-csi-driver
-#https://github.com/TencentCloud/kubernetes-csi-tencentcloud
+# https://github.com/TencentCloud/kubernetes-csi-tencentcloud
-#https://github.com/flant/yandex-csi-driver
+# https://github.com/flant/yandex-csi-driver
-#https://github.com/ceph/ceph-csi
+# https://github.com/ceph/ceph-csi
-#https://github.com/jparklab/synology-csi
+# https://github.com/jparklab/synology-csi
-#https://github.com/woohhan/dropbox-csi
+# https://github.com/woohhan/dropbox-csi
-#https://github.com/chr-fritz/csi-sshfs
+# https://github.com/chr-fritz/csi-sshfs
-#https://github.com/ctrox/csi-s3 ?
+# https://github.com/ctrox/csi-s3 ?
-#https://github.com/wavezhang/k8s-csi-lvm ?
+# https://github.com/wavezhang/k8s-csi-lvm ?
-#https://github.com/juicedata/juicefs-csi-driver ?
+# https://github.com/juicedata/juicefs-csi-driver ?
-#https://github.com/Azure/secrets-store-csi-driver-provider-azure
+# https://github.com/Azure/secrets-store-csi-driver-provider-azure
-#https://github.com/hashicorp/secrets-store-csi-driver-provider-vault
+# https://github.com/hashicorp/secrets-store-csi-driver-provider-vault
 # https://github.com/topolvm/topolvm/tree/main/charts/topolvm
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,29 +1,27 @@
 my_context: minikube
-storage_manual:
+storage_manual_enabled: true
    enabled: true
-storage_localpath:
+storage_localpath_enabled: true
-    enabled: true
+storage_localpath_version: "v0.0.22"
-    version: "v0.0.22"
+storage_localpath_default_path: "/mnt/local"
-    default_path: "/mnt/local"
+storage_localpath_namespace: "local-path-storage"
    namespace: "local-path-storage"
-storage_longhorn:
+storage_longhorn_enabled: false
-    enabled: false
+storage_longhorn_version: "v1.3.1"
-    version: "v1.3.1"
+storage_longhorn_namespace: "longhorn-system"
    namespace: "longhorn-system"
-storage_nfs:
+storage_nfs_enabled: false
-    enabled: false
+storage_nfs_namespace: "nfs-client-provisioner"
    namespace: "nfs-client-provisioner"
-storage_secrets_store:
+storage_secrets_store_enabled: false
-    enabled: false
+storage_secrets_store_version: "v1.2.3"
    version: "v1.2.3"
-storage_secrets_store_azure:
+storage_secrets_store_azure_version: "v1.3.0"
-    version: "v1.3.0"
+
 storage_seaweedfs_enabled: false
 storage_seaweedfs_version: "v1.0.9"
 storage_seaweedfs_namespace: "seaweedfs-csi"
 storage_linode: false
 storage_digitalocean: false
--- a/tasks/local-path.yml
+++ b/tasks/local-path.yml
@ -8,7 +8,7 @@
        ansible.builtin.git:
          repo: "https://github.com/rancher/local-path-provisioner.git"
          dest: tmp/local-path-provisioner
-          version: "{{ storage_localpath.version }}"
+          version: "{{ storage_localpath_version }}"
      - name: Deploy local-path chart from local path
        kubernetes.core.helm:
@ -16,15 +16,15 @@
          name: local-path-provisioner
          context: "{{ my_context }}"
          chart_ref: tmp/local-path-provisioner/deploy/chart/local-path-provisioner
-          release_namespace: "{{ storage_localpath.namespace }}"
+          release_namespace: "{{ storage_localpath_namespace }}"
          create_namespace: true
          values:
            nodePathMap:
              - node: DEFAULT_PATH_FOR_NON_LISTED_NODES
-                paths: ["{{ storage_localpath.default_path }}"]
+                paths: ["{{ storage_localpath_default_path }}"]
    when:
-      - storage_localpath.enabled
+      - storage_localpath_enabled
  - name: Uninstall Local-path
    block:
@ -33,18 +33,18 @@
          context: "{{ my_context }}"
          name: local-path-provisioner
          release_state: absent
-          release_namespace: "{{ storage_localpath.namespace }}"
+          release_namespace: "{{ storage_localpath_namespace }}"
      - name: namespace
        kubernetes.core.k8s:
          state: absent
          context: "{{ my_context }}"
-          namespace: "{{ storage_localpath.namespace }}"
+          namespace: "{{ storage_localpath_namespace }}"
          resource_definition: "{{ lookup('template', 'local-path/' + item) | from_yaml }}"
        with_items:
          - "local-path-namespace.yml.j2"
    when:
-      - not storage_localpath.enabled
+      - not storage_localpath_enabled
  tags:
    - storage
--- a/tasks/longhorn.yml
+++ b/tasks/longhorn.yml
@ -10,57 +10,10 @@
        context: "{{ my_context }}"
        name: longhorn
        chart_ref: longhorn/longhorn
-        chart_version: "{{ storage_longhorn.version }}"
+        chart_version: "{{ storage_longhorn_version }}"
        create_namespace: true
-        release_namespace: "{{ storage_longhorn.namespace }}"
+        release_namespace: "{{ storage_longhorn_namespace }}"
-        values:
+        values: "{{ lookup('template', 'longhorn/longhorn-values.yaml.j2') | from_yaml }}"
          persistence:
            defaultClass: true
 #            defaultClassReplicaCount: 3
 #            reclaimPolicy: Delete
            recurringJobSelector:
              enable: true
              jobList: '[
                {
                  "name":"snapshot",
                  "isGroup":true,
                },
                {
                  "name":"backup-daily",
                  "isGroup":true,
                }
              ]'
          defaultSettings:
            defaultDataPath: "/var/lib/longhorn/"
            backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore"
            allowRecurringJobWhileVolumeDetached: true
            createDefaultDiskLabeledNodes: true
            replicaSoftAntiAffinity: false
 #            defaultReplicaCount: 2
            defaultDataLocality: best-effort
 #            defaultLonghornStaticStorageClass: longhorn
 #            disableSchedulingOnCordonedNode: false
            replicaZoneSoftAntiAffinity: false
            guaranteed-engine-manager-cpu: 6
            guaranteed-replica-manager-cpu: 6
          ingress:
            enabled: true
            host: "longhorn.{{ cluster_domain }}"
 #            tls: false
 #            tlsSecret: longhorn.local-tls
            annotations:
              kubernetes.io/ingress.class: traefik
 #              cert-manager.io/cluster-issuer: letsencrypt-prod
 # {% if ingress_whitelist is defined %}
 #              ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
 # {% endif %}
              traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
 # {% if basic_auth is defined %}
 #              traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd
 #              traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file
 #              #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd
 # {% endif %}
 #          enablePSP: true
    - name: Configure Longhorn
      kubernetes.core.k8s:
@ -92,7 +45,7 @@
        state: present
        context: "{{ my_context }}"
        apply: true
-        namespace: "{{ storage_longhorn.namespace }}"
+        namespace: "{{ storage_longhorn_namespace }}"
        resource_definition: "{{ lookup('template', 'longhorn/longhorn/longhorn_recurringjob.yml.j2') | from_yaml }}"
      with_items:
        - {
@ -113,12 +66,12 @@
 #        state: present
 #        context: "{{ my_context }}"
 #        apply: true
-#        namespace: "{{ storage_longhorn.namespace }}"
+#        namespace: "{{ storage_longhorn_namespace }}"
 #        resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
 #      with_items:
 #        - "longhorn_ingressroute.yaml.j2"
  when:
-    - storage_longhorn.enabled
+    - storage_longhorn_enabled
  tags:
    - longhorn
    - storage
@ -130,19 +83,19 @@
        context: "{{ my_context }}"
        name: longhorn
        state: absent
-        release_namespace: "{{ storage_longhorn.namespace }}"
+        release_namespace: "{{ storage_longhorn_namespace }}"
    - name: Remove Ingress for longhorn UI
      kubernetes.core.k8s:
        state: absent
        context: "{{ my_context }}"
-        namespace: "{{ storage_longhorn.namespace }}"
+        namespace: "{{ storage_longhorn_namespace }}"
        resource_definition: "{{ lookup('template', 'longhorn/' + item) | from_yaml }}"
      with_items:
 #        - "longhorn_ingressroute.yaml.j2"
        - "longhorn-namespace.yml.j2"
  when:
-    - not storage_longhorn.enabled
+    - not storage_longhorn_enabled
  tags:
    - longhorn
    - storage
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -13,7 +13,7 @@
          volumeBindingMode: WaitForFirstConsumer
          allowVolumeExpansion: true
      when:
-        - storage_manual.enabled
+        - storage_manual_enabled
      tags:
        - manual
        - storage
@ -38,6 +38,11 @@
      tags:
        - secrets-store
        - storage
    - name: include seaweedfs tasks
      ansible.builtin.include_tasks: "seaweedfs.yml"
      tags:
        - seaweedfs
        - storage
 # https://medium.com/asl19-developers/create-readwritemany-persistentvolumeclaims-on-your-kubernetes-cluster-3a8db51f98e3
 # https://github.com/ctrox/csi-s3
@ -56,16 +61,18 @@
          apiVersion: v1
          kind: StorageClass
          metadata:
-            name: "{{ storage.default_storageclass }}"
+            name: "{{ storage_default_storageclass }}"
            annotations:
              storageclass.kubernetes.io/is-default-class: "true"
      when:
-        - storage.default_storageclass is defined
+        - storage_default_storageclass is defined
      tags:
        - manual
        - local-path
        - nfs
        - longhorn
        - secrets-store
        - seaweedfs
        - storage
    - name: Select the default VolumeSnapshotClass
@ -76,9 +83,9 @@
          apiVersion: v1
          kind: VolumeSnapshotClass
          metadata:
-            name: "{{ storage.default_storageclass }}"
+            name: "{{ storage_default_storageclass }}"
            annotations:
              snapshot.storage.kubernetes.io/is-default-class: "true"
      when:
-        - storage.default_storageclass is defined
+        - storage_default_storageclass is defined
-        - storage.default_storageclass == "do-block-storage"
+        - storage_default_storageclass == "do-block-storage"
--- a/tasks/nfs.yml
+++ b/tasks/nfs.yml
@ -17,7 +17,7 @@
        name: nfs-subdir-external-provisioner
        chart_ref: nfs-subdir-external-provisioner/nfs-subdir-external-provisioner
        create_namespace: true
-        release_namespace: "{{ storage_nfs.namespace }}"
+        release_namespace: "{{ storage_nfs_namespace }}"
        values:
          nfs:
            server: x.x.x.x
@ -30,7 +30,7 @@
 #             provisionerName: ""
 #             accessModes: ReadWriteOnce
  when:
-    - storage_nfs.enabled
+    - storage_nfs_enabled
  tags:
    - nfs
    - storage
@ -42,9 +42,9 @@
        context: "{{ my_context }}"
        name: nfs-subdir-external-provisioner
        release_state: absent
-        release_namespace: "{{ storage_nfs.namespace }}"
+        release_namespace: "{{ storage_nfs_namespace }}"
  when:
-    - not storage_nfs.enabled
+    - not storage_nfs_enabled
  tags:
    - nfs
    - storage
--- a/tasks/seaweedfs.yml
+++ b/tasks/seaweedfs.yml
@ -0,0 +1,55 @@
 ---
 - name: seaweedfs
  block:
 # https://github.com/seaweedfs/seaweedfs-csi-driver
  - name: Install seaweedfs
    block:
      - name: Git clone stable repo on HEAD
        ansible.builtin.git:
          repo: "https://github.com/seaweedfs/seaweedfs-csi-driver.git"
          dest: tmp/seaweedfs-csi-driver
          version: "{{ storage_seaweedfs_version }}"
      - name: Deploy local-path chart from local path
        kubernetes.core.helm:
          state: "present"
          name: seaweedfs-csi-driver
          context: "{{ my_context }}"
          chart_ref: tmp/seaweedfs-csi-driver/deploy/helm/seaweedfs-csi-driver
          release_namespace: "{{ storage_seaweedfs_namespace }}"
          create_namespace: true
          values:
            seaweedfsFiler: <filerHost:port>
            storageClassName: seaweedfs
            isDefaultStorageClass: false
    when:
      - storage_seaweedfs_enabled
  - name: Uninstall seaweedfs
    block:
      - name: Uninstall seaweedfs
        kubernetes.core.helm:
          context: "{{ my_context }}"
          name: seaweedfs-csi-driver
          release_state: absent
          release_namespace: "{{ storage_seaweedfs_namespace }}"
      - name: namespace
        kubernetes.core.k8s:
          state: absent
          context: "{{ my_context }}"
          namespace: "{{ storage_seaweedfs_namespace }}"
          definition:
            api_version: v1
            kind: Namespace
            metadata:
              name: '{{ storage_seaweedfs_namespace }}'
              labels:
                namespace: '{{ storage_seaweedfs_namespace }}'
    when:
      - not storage_seaweedfs_enabled
  tags:
    - storage
    - seaweedfs
--- a/tasks/secrets-store.yml
+++ b/tasks/secrets-store.yml
@ -12,7 +12,7 @@
        context: "{{ my_context }}"
        name: csi-secrets-store
        release_namespace: "kube-system"
-        chart_version: "{{ storage_secrets_store.version }}"
+        chart_version: "{{ storage_secrets_store_version }}"
        chart_ref: secrets-store-csi-driver/secrets-store-csi-driver
    # https://github.com/camptocamp/secrets-store-csi-driver-provider-gopass
@ -34,13 +34,13 @@
        context: "{{ my_context }}"
        name: csi-secrets-store-provider-azure
        release_namespace: "kube-system"
-        chart_version: "{{ storage_secrets_store_azure.version }}"
+        chart_version: "{{ storage_secrets_store_azure_version }}"
        chart_ref: csi-secrets-store-provider-azure/csi-secrets-store-provider-azure
        values:
          secrets-store-csi-driver:
            install: false
  when:
-    - storage_secrets_store.enabled
+    - storage_secrets_store_enabled
  tags:
    - storage
    - secrets-store
@ -58,7 +58,7 @@
      with_items:
        - "csi-secrets-store"
        - "csi-secrets-store-provider-azure"
-    - name: Remove Ingress for longhorn UI
+    - name: Remove Gopass provider
      kubernetes.core.k8s:
        state: absent
        context: "{{ my_context }}"
@ -68,7 +68,7 @@
        - "secrets-provider-gopass/provider-gopass-installer.yaml"
  when:
-    - not storage_secrets_store.enabled
+    - not storage_secrets_store_enabled
  tags:
    - secrets-store
    - storage
--- a/templates/longhorn/longhorn-values.yaml.j2
+++ b/templates/longhorn/longhorn-values.yaml.j2
@ -0,0 +1,47 @@
 persistence:
  defaultClass: true
 #   defaultClassReplicaCount: 3
 #   reclaimPolicy: Delete
  recurringJobSelector:
    enable: true
    jobList: '[
      {
        "name":"snapshot",
        "isGroup":true,
      },
      {
        "name":"backup-daily",
        "isGroup":true,
      }
    ]'
 defaultSettings:
  defaultDataPath: "/var/lib/longhorn/"
  backupTarget: "nfs://longhorn-test-nfs-svc.default:/opt/backupstore"
  allowRecurringJobWhileVolumeDetached: true
  createDefaultDiskLabeledNodes: true
  replicaSoftAntiAffinity: false
 #  defaultReplicaCount: 2
  defaultDataLocality: best-effort
 #   defaultLonghornStaticStorageClass: longhorn
 #   disableSchedulingOnCordonedNode: false
  replicaZoneSoftAntiAffinity: false
  guaranteed-engine-manager-cpu: 6
  guaranteed-replica-manager-cpu: 6
 ingress:
  enabled: true
  host: "longhorn.{{ cluster_domain }}"
 #  tls: false
 #  tlsSecret: longhorn.local-tls
  annotations:
    kubernetes.io/ingress.class: traefik
 #    cert-manager.io/cluster-issuer: letsencrypt-prod
 {% if ingress_whitelist is defined %}
    ingress.kubernetes.io/whitelist-source-range: "{% for acl_whitelist in ingress_whitelist %}{{ acl_whitelist }}{% if not loop.last %}, {% endif %}{% endfor %}"
 {% endif %}
    traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
 {% if basic_auth is defined %}
 #    traefik.ingress.kubernetes.io/router.middlewares: {{ traefik_namespace }}-traefik-dashboard-basicauth@kubernetescrd
    traefik.ingress.kubernetes.io/router.middlewares: basic-auth@file
 #    #traefik.ingress.kubernetes.io/router.middlewares: tools-traefik-ipwhitelist@kubernetescrd,tools-basic-auth@kubernetescrd
 {% endif %}
 #enablePSP: true
`@ -6,3 +6,5 @@ Deploy storage class to kubernetes cluster`


	`for KUBENODE in node1 node2 node3; do kubectl --context my_context label node ${KUBENODE} node.longhorn.io/create-default-disk=config; kubectl --context my_context annotate node ${KUBENODE} node.longhorn.io/default-disks-config='[{"path":"/var/lib/longhorn","allowScheduling":true}]'; done`	`for KUBENODE in node1 node2 node3; do kubectl --context my_context label node ${KUBENODE} node.longhorn.io/create-default-disk=config; kubectl --context my_context annotate node ${KUBENODE} node.longhorn.io/default-disks-config='[{"path":"/var/lib/longhorn","allowScheduling":true}]'; done`

		`For some idea, you can open [this page](https://kubernetes-csi.github.io/docs/drivers.html)`