diff --git a/bin/update.sh b/bin/update.sh index 0156196..6851401 100755 --- a/bin/update.sh +++ b/bin/update.sh @@ -4,26 +4,6 @@ # Run from files directory # -wget https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml -kubernetes-split-yaml local-path-storage.yaml > generated.log -mv files/local{,.old} -mv generated files/local -echo -e "---\nstorage_localpath_files_list:" > vars/local.yaml -cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> vars/local.yaml -sed 's|/opt/local-path-provisioner|/mnt/local|' -i files/local/local-path-config-ConfigMap.yaml -#mv local-path-storage.yaml local-path-storage_$(date +%Y%m%d).yaml -rm -fr files/local.old generated.log local-path-storage.yaml - -wget https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/longhorn.yaml -kubernetes-split-yaml longhorn.yaml > generated.log -mv files/longhorn{,.old} -mv generated files/longhorn -echo -e "---\nstorage_longhorn_files_list:" > vars/longhorn.yaml -cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> vars/longhorn.yaml -sed '/numberOfReplicas/ s/3/2/' -i files/longhorn/longhorn-storageclass-ConfigMap.yaml -sed '/default-data-path/ s|:.*$|: "/var/lib/longhorn/"|' -i files/longhorn/longhorn-default-setting-ConfigMap.yaml -rm -fr files/longhorn.old generated.log longhorn.yaml - #git clone https://github.com/linode/linode-blockstorage-csi-driver.git #mv linode{,.old} #mv linode-blockstorage-csi-driver/pkg/linode-bs/deploy/kubernetes linode @@ -57,30 +37,6 @@ done rm -fr files/digitalocean.old -# https://github.com/kubernetes-incubator/external-storage/tree/master/nfs -NFS_FILE=vars/nfs.yml -echo -e "---\nstore_nfs_files:" > "${NFS_FILE}" -mv files/nfs{,.old} -mkdir files/nfs -for FICHIER in psp.yaml rbac.yaml deployment.yaml class.yaml; do - wget https://github.com/kubernetes-incubator/external-storage/raw/master/nfs/deploy/kubernetes/$FICHIER - kubernetes-split-yaml $FICHIER >> generated.log - mv generated/* files/nfs/ - cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> "${NFS_FILE}" - rm -f $FICHIER generated.log -done -for i in nfs-provisioner-runner-ClusterRole.yaml run-nfs-provisioner-ClusterRoleBinding.yaml leader-locking-nfs-provisioner-Role.yaml leader-locking-nfs-provisioner-RoleBinding.yaml; do - sed "s/namespace:.*/namespace: nfs-provisioner/g" -i files/nfs/$i -done -sed 's|^\(apiVersion:\).*|\1 policy/v1beta1|' -i files/nfs/nfs-provisioner-PodSecurityPolicy.yaml -sed 's|\(.*-provisioner=\).*"|\1reslinger.net/nfs"|' -i files/nfs/nfs-provisioner-Deployment.yaml -sed 's/example-nfs-//' -i "${NFS_FILE}" -mv files/nfs/example-nfs-StorageClass.yaml files/nfs/StorageClass.yaml -sed 's|example-nfs|nfs|' -i files/nfs/StorageClass.yaml -sed 's|example.com/nfs|reslinger.net/nfs|' -i files/nfs/StorageClass.yaml -rm -fr files/nfs.old - - #https://github.com/scaleway/scaleway-csi #https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver diff --git a/defaults/main.yml b/defaults/main.yml index 7d93bfd..36426b8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,9 +1,17 @@ my_context: minikube + +storage_manual: true + storage_localpath: true +storage_localpath_default_path: "/mnt/local" +storage_localpath_namespace: "local-path-storage" + storage_longhorn: true storage_longhorn_namespace: "longhorn-system" storage_nfs: false +storage_nfs_namespace: "nfs-client-provisioner" + storage_linode: false storage_digitalocean: false storage_secrets_store: false diff --git a/files/local-path/ClusterRole.yml b/files/local-path/ClusterRole.yml new file mode 100644 index 0000000..c57e674 --- /dev/null +++ b/files/local-path/ClusterRole.yml @@ -0,0 +1,49 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: local-path-provisioner + app.kubernetes.io/name: local-path-provisioner + name: local-path-provisioner +rules: +- apiGroups: + - policy + resourceNames: + - local-path-policy + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - "" + resources: + - nodes + - persistentvolumeclaims + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - endpoints + - persistentvolumes + - pods + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/files/local-path/ClusterRoleBinding.yml b/files/local-path/ClusterRoleBinding.yml new file mode 100644 index 0000000..580fc80 --- /dev/null +++ b/files/local-path/ClusterRoleBinding.yml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: local-path-provisioner + app.kubernetes.io/name: local-path-provisioner + name: local-path-provisioner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: local-path-provisioner +subjects: +- kind: ServiceAccount + name: local-path-provisioner + namespace: local-path-storage diff --git a/files/local-path/PodSecurityPolicy.yml b/files/local-path/PodSecurityPolicy.yml new file mode 100644 index 0000000..4e4c0ca --- /dev/null +++ b/files/local-path/PodSecurityPolicy.yml @@ -0,0 +1,24 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: local-path-policy +spec: + privileged: true + fsGroup: + rule: RunAsAny + allowedCapabilities: + - DAC_READ_SEARCH + - SYS_RESOURCE + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - secret + - hostPath diff --git a/files/local-path/ServiceAccount.yml b/files/local-path/ServiceAccount.yml new file mode 100644 index 0000000..3a44d92 --- /dev/null +++ b/files/local-path/ServiceAccount.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: local-path-provisioner + app.kubernetes.io/name: local-path-provisioner + name: local-path-provisioner diff --git a/files/local/local-path-StorageClass.yaml b/files/local/local-path-StorageClass.yaml deleted file mode 100644 index be90ae1..0000000 --- a/files/local/local-path-StorageClass.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: local-path -provisioner: rancher.io/local-path -volumeBindingMode: WaitForFirstConsumer -reclaimPolicy: Delete diff --git a/files/local/local-path-config-ConfigMap.yaml b/files/local/local-path-config-ConfigMap.yaml deleted file mode 100644 index ba4a2d0..0000000 --- a/files/local/local-path-config-ConfigMap.yaml +++ /dev/null @@ -1,62 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: local-path-config - namespace: local-path-storage -data: - config.json: |- - { - "nodePathMap":[ - { - "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES", - "paths":["/mnt/local"] - } - ] - } - setup: |- - #!/bin/sh - while getopts "m:s:p:" opt - do - case $opt in - p) - absolutePath=$OPTARG - ;; - s) - sizeInBytes=$OPTARG - ;; - m) - volMode=$OPTARG - ;; - esac - done - - mkdir -m 0777 -p ${absolutePath} - teardown: |- - #!/bin/sh - while getopts "m:s:p:" opt - do - case $opt in - p) - absolutePath=$OPTARG - ;; - s) - sizeInBytes=$OPTARG - ;; - m) - volMode=$OPTARG - ;; - esac - done - - rm -rf ${absolutePath} - helperPod.yaml: |- - apiVersion: v1 - kind: Pod - metadata: - name: helper-pod - spec: - containers: - - name: helper-pod - image: busybox - - diff --git a/files/local/local-path-provisioner-Deployment.yaml b/files/local/local-path-provisioner-Deployment.yaml deleted file mode 100644 index 380df72..0000000 --- a/files/local/local-path-provisioner-Deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: local-path-provisioner - namespace: local-path-storage -spec: - replicas: 1 - selector: - matchLabels: - app: local-path-provisioner - template: - metadata: - labels: - app: local-path-provisioner - spec: - serviceAccountName: local-path-provisioner-service-account - containers: - - name: local-path-provisioner - image: rancher/local-path-provisioner:v0.0.19 - imagePullPolicy: IfNotPresent - command: - - local-path-provisioner - - --debug - - start - - --config - - /etc/config/config.json - volumeMounts: - - name: config-volume - mountPath: /etc/config/ - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumes: - - name: config-volume - configMap: - name: local-path-config diff --git a/files/local/local-path-provisioner-bind-ClusterRoleBinding.yaml b/files/local/local-path-provisioner-bind-ClusterRoleBinding.yaml deleted file mode 100644 index cd52d87..0000000 --- a/files/local/local-path-provisioner-bind-ClusterRoleBinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: local-path-provisioner-bind -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: local-path-provisioner-role -subjects: -- kind: ServiceAccount - name: local-path-provisioner-service-account - namespace: local-path-storage diff --git a/files/local/local-path-provisioner-role-ClusterRole.yaml b/files/local/local-path-provisioner-role-ClusterRole.yaml deleted file mode 100644 index 35f4e83..0000000 --- a/files/local/local-path-provisioner-role-ClusterRole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: local-path-provisioner-role -rules: -- apiGroups: [""] - resources: ["nodes", "persistentvolumeclaims", "configmaps"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["endpoints", "persistentvolumes", "pods"] - verbs: ["*"] -- apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] -- apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] diff --git a/files/local/local-path-provisioner-service-account-ServiceAccount.yaml b/files/local/local-path-provisioner-service-account-ServiceAccount.yaml deleted file mode 100644 index 61efd57..0000000 --- a/files/local/local-path-provisioner-service-account-ServiceAccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: local-path-provisioner-service-account - namespace: local-path-storage diff --git a/files/local/local-path-storage-Namespace.yaml b/files/local/local-path-storage-Namespace.yaml deleted file mode 100644 index b1222ff..0000000 --- a/files/local/local-path-storage-Namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: local-path-storage diff --git a/tasks/local-path.yml b/tasks/local-path.yml new file mode 100644 index 0000000..68aea8c --- /dev/null +++ b/tasks/local-path.yml @@ -0,0 +1,71 @@ +--- +- name: Local-path + block: + - name: Include file list + include_vars: "local-path.yaml" + + - name: Defined local-path-storage state to present + set_fact: + storage_localpath_state: present + when: + - storage_localpath|bool + + - name: find state of local-path-storage + set_fact: + storage_localpath_state: absent + when: + - not storage_localpath|bool + + - name: namespace + k8s: + state: present + context: "{{ my_context }}" + merge_type: merge + definition: + api_version: v1 + kind: Namespace + metadata: + name: "{{ storage_localpath_namespace }}" + labels: + namespace: '{{ storage_localpath_namespace }}' + when: + - storage_localpath|bool + + - name: local-path-storage need to be {{ storage_localpath_state }} + k8s: + state: "{{ storage_localpath_state }}" + context: "{{ my_context }}" + namespace: "{{ storage_localpath_namespace }}" + merge_type: merge + resource_definition: "{{ lookup('file', 'local-path/' + item) | from_yaml }}" + with_items: + - "{{ storage_localpath_files_list }}" + +# https://github.com/rancher/local-path-provisioner/tree/master/deploy/chart + - name: Downloal Local-path repository + block: + - name: Git clone stable repo on HEAD + ansible.builtin.git: + repo: "https://github.com/rancher/local-path-provisioner.git" + dest: tmp/local-path-provisioner + + - name: Deploy local-path chart from local path + community.kubernetes.helm: + state: "{{ storage_localpath_state }}" + name: local-path-provisioner + context: "{{ my_context }}" + chart_ref: tmp/local-path-provisioner/deploy/chart + release_namespace: "{{ storage_localpath_namespace }}" + create_namespace: true + values: + rbac: + create: false + serviceAccount: + create: false + name: local-path-provisioner + nodePathMap: + - node: DEFAULT_PATH_FOR_NON_LISTED_NODES + paths: [/mnt/local] + tags: + - storage + - local-path diff --git a/tasks/local.yml b/tasks/local.yml deleted file mode 100644 index 7d4cc37..0000000 --- a/tasks/local.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - - name: Include file list - include_vars: "local.yaml" - - - name: Defined local-path-storage state to present - set_fact: - storage_localpath_state: present - when: - - storage_localpath|bool - - - name: find state of local-path-storage - set_fact: - storage_localpath_state: absent - when: - - not storage_localpath|bool - - - name: local-path-storage need to be {{ storage_localpath_state }} - k8s: - state: "{{ storage_localpath_state }}" - context: "{{ my_context }}" - merge_type: merge - resource_definition: "{{ lookup('file', 'local/' + item) | from_yaml }}" - with_items: - - "{{ storage_localpath_files_list }}" diff --git a/tasks/main.yml b/tasks/main.yml index 8399f5a..72e028d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,12 +1,41 @@ - name: Local Path setup block: -# - include_tasks: "manual.yml" - - include_tasks: "local.yml" + - name: Define Manual StorageClass + k8s: + state: present + context: "{{ my_context }}" + definition: + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: manual + provisioner: kubernetes.io/no-provisioner + volumeBindingMode: WaitForFirstConsumer + when: + - storage_manual|bool + tags: + - manual + - storage + + - include_tasks: "local-path.yml" + tags: + - local-path + - storage - include_tasks: "longhorn.yml" tags: - longhorn - storage - include_tasks: "nfs.yml" + tags: + - nfs + - storage + +# https://medium.com/asl19-developers/create-readwritemany-persistentvolumeclaims-on-your-kubernetes-cluster-3a8db51f98e3 +# https://github.com/ctrox/csi-s3 +# https://github.com/kahing/goofys +# https://github.com/reactr-io/gocachefs + + - include_tasks: "digital_ocean.yml" - include_tasks: "linode.yml" - include_tasks: "secrets-store.yml" diff --git a/vars/local-path.yaml b/vars/local-path.yaml new file mode 100644 index 0000000..92f7d10 --- /dev/null +++ b/vars/local-path.yaml @@ -0,0 +1,6 @@ +--- +storage_localpath_files_list: + - "PodSecurityPolicy.yml" + - "ClusterRole.yml" + - "ClusterRoleBinding.yml" + - "ServiceAccount.yml" diff --git a/vars/local.yaml b/vars/local.yaml deleted file mode 100644 index e76f536..0000000 --- a/vars/local.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -storage_localpath_files_list: - - "local-path-storage-Namespace.yaml" - - "local-path-provisioner-service-account-ServiceAccount.yaml" - - "local-path-provisioner-role-ClusterRole.yaml" - - "local-path-provisioner-bind-ClusterRoleBinding.yaml" - - "local-path-provisioner-Deployment.yaml" - - "local-path-StorageClass.yaml" - - "local-path-config-ConfigMap.yaml"