adrien/ansible-role-k8s-storage
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Deploy local-path with helm
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Adrien Reslinger 2021-02-21 16:34:38 +01:00
parent fdbebb2d57
commit 74333953a8
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
18 changed files with 211 additions and 224 deletions
Download patch file Download diff file Expand all files Collapse all files

44
bin/update.sh
View file

@ -4,26 +4,6 @@
# Run from files directory # Run from files directory
# #
wget https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml
kubernetes-split-yaml local-path-storage.yaml > generated.log
mv files/local{,.old}
mv generated files/local
echo -e "---\nstorage_localpath_files_list:" > vars/local.yaml
cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> vars/local.yaml
sed 's|/opt/local-path-provisioner|/mnt/local|' -i files/local/local-path-config-ConfigMap.yaml
#mv local-path-storage.yaml local-path-storage_$(date +%Y%m%d).yaml
rm -fr files/local.old generated.log local-path-storage.yaml
wget https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/longhorn.yaml
kubernetes-split-yaml longhorn.yaml > generated.log
mv files/longhorn{,.old}
mv generated files/longhorn
echo -e "---\nstorage_longhorn_files_list:" > vars/longhorn.yaml
cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> vars/longhorn.yaml
sed '/numberOfReplicas/ s/3/2/' -i files/longhorn/longhorn-storageclass-ConfigMap.yaml
sed '/default-data-path/ s|:.*$|: "/var/lib/longhorn/"|' -i files/longhorn/longhorn-default-setting-ConfigMap.yaml
rm -fr files/longhorn.old generated.log longhorn.yaml
#git clone https://github.com/linode/linode-blockstorage-csi-driver.git #git clone https://github.com/linode/linode-blockstorage-csi-driver.git
#mv linode{,.old} #mv linode{,.old}
#mv linode-blockstorage-csi-driver/pkg/linode-bs/deploy/kubernetes linode #mv linode-blockstorage-csi-driver/pkg/linode-bs/deploy/kubernetes linode
@ -57,30 +37,6 @@ done
rm -fr files/digitalocean.old rm -fr files/digitalocean.old
# https://github.com/kubernetes-incubator/external-storage/tree/master/nfs
NFS_FILE=vars/nfs.yml
echo -e "---\nstore_nfs_files:" > "${NFS_FILE}"
mv files/nfs{,.old}
mkdir files/nfs
for FICHIER in psp.yaml rbac.yaml deployment.yaml class.yaml; do
wget https://github.com/kubernetes-incubator/external-storage/raw/master/nfs/deploy/kubernetes/$FICHIER
kubernetes-split-yaml $FICHIER >> generated.log
mv generated/* files/nfs/
cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "\2"|' >> "${NFS_FILE}"
rm -f $FICHIER generated.log
done
for i in nfs-provisioner-runner-ClusterRole.yaml run-nfs-provisioner-ClusterRoleBinding.yaml leader-locking-nfs-provisioner-Role.yaml leader-locking-nfs-provisioner-RoleBinding.yaml; do
sed "s/namespace:.*/namespace: nfs-provisioner/g" -i files/nfs/$i
done
sed 's|^\(apiVersion:\).*|\1 policy/v1beta1|' -i files/nfs/nfs-provisioner-PodSecurityPolicy.yaml
sed 's|\(.*-provisioner=\).*"|\1reslinger.net/nfs"|' -i files/nfs/nfs-provisioner-Deployment.yaml
sed 's/example-nfs-//' -i "${NFS_FILE}"
mv files/nfs/example-nfs-StorageClass.yaml files/nfs/StorageClass.yaml
sed 's|example-nfs|nfs|' -i files/nfs/StorageClass.yaml
sed 's|example.com/nfs|reslinger.net/nfs|' -i files/nfs/StorageClass.yaml
rm -fr files/nfs.old
#https://github.com/scaleway/scaleway-csi #https://github.com/scaleway/scaleway-csi
#https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver #https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver

8
defaults/main.yml
View file

@ -1,9 +1,17 @@
my_context: minikube my_context: minikube
storage_manual: true
storage_localpath: true storage_localpath: true
storage_localpath_default_path: "/mnt/local"
storage_localpath_namespace: "local-path-storage"
storage_longhorn: true storage_longhorn: true
storage_longhorn_namespace: "longhorn-system" storage_longhorn_namespace: "longhorn-system"
storage_nfs: false storage_nfs: false
storage_nfs_namespace: "nfs-client-provisioner"
storage_linode: false storage_linode: false
storage_digitalocean: false storage_digitalocean: false
storage_secrets_store: false storage_secrets_store: false

49
files/local-path/ClusterRole.yml Normal file
View file

@ -0,0 +1,49 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: local-path-provisioner
app.kubernetes.io/name: local-path-provisioner
name: local-path-provisioner
rules:
- apiGroups:
- policy
resourceNames:
- local-path-policy
resources:
- podsecuritypolicies
verbs:
- use
- apiGroups:
- ""
resources:
- nodes
- persistentvolumeclaims
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- endpoints
- persistentvolumes
- pods
verbs:
- '*'
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch

15
files/local-path/ClusterRoleBinding.yml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: local-path-provisioner
app.kubernetes.io/name: local-path-provisioner
name: local-path-provisioner
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: local-path-provisioner
subjects:
- kind: ServiceAccount
name: local-path-provisioner
namespace: local-path-storage

24
files/local-path/PodSecurityPolicy.yml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: local-path-policy
spec:
privileged: true
fsGroup:
rule: RunAsAny
allowedCapabilities:
- DAC_READ_SEARCH
- SYS_RESOURCE
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- secret
- hostPath

7
files/local-path/ServiceAccount.yml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/instance: local-path-provisioner
app.kubernetes.io/name: local-path-provisioner
name: local-path-provisioner

7
files/local/local-path-StorageClass.yaml
View file

@ -1,7 +0,0 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-path
provisioner: rancher.io/local-path
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete

62
files/local/local-path-config-ConfigMap.yaml
View file

@ -1,62 +0,0 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: local-path-config
namespace: local-path-storage
data:
config.json: |-
{
"nodePathMap":[
{
"node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
"paths":["/mnt/local"]
}
]
}
setup: |-
#!/bin/sh
while getopts "m:s:p:" opt
do
case $opt in
p)
absolutePath=$OPTARG
;;
s)
sizeInBytes=$OPTARG
;;
m)
volMode=$OPTARG
;;
esac
done
mkdir -m 0777 -p ${absolutePath}
teardown: |-
#!/bin/sh
while getopts "m:s:p:" opt
do
case $opt in
p)
absolutePath=$OPTARG
;;
s)
sizeInBytes=$OPTARG
;;
m)
volMode=$OPTARG
;;
esac
done
rm -rf ${absolutePath}
helperPod.yaml: |-
apiVersion: v1
kind: Pod
metadata:
name: helper-pod
spec:
containers:
- name: helper-pod
image: busybox

38
files/local/local-path-provisioner-Deployment.yaml
View file

@ -1,38 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: local-path-provisioner
namespace: local-path-storage
spec:
replicas: 1
selector:
matchLabels:
app: local-path-provisioner
template:
metadata:
labels:
app: local-path-provisioner
spec:
serviceAccountName: local-path-provisioner-service-account
containers:
- name: local-path-provisioner
image: rancher/local-path-provisioner:v0.0.19
imagePullPolicy: IfNotPresent
command:
- local-path-provisioner
- --debug
- start
- --config
- /etc/config/config.json
volumeMounts:
- name: config-volume
mountPath: /etc/config/
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumes:
- name: config-volume
configMap:
name: local-path-config

12
files/local/local-path-provisioner-bind-ClusterRoleBinding.yaml
View file

@ -1,12 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: local-path-provisioner-bind
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: local-path-provisioner-role
subjects:
- kind: ServiceAccount
name: local-path-provisioner-service-account
namespace: local-path-storage

17
files/local/local-path-provisioner-role-ClusterRole.yaml
View file

@ -1,17 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: local-path-provisioner-role
rules:
- apiGroups: [""]
resources: ["nodes", "persistentvolumeclaims", "configmaps"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["endpoints", "persistentvolumes", "pods"]
verbs: ["*"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]

5
files/local/local-path-provisioner-service-account-ServiceAccount.yaml
View file

@ -1,5 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: local-path-provisioner-service-account
namespace: local-path-storage

4
files/local/local-path-storage-Namespace.yaml
View file

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: local-path-storage

71
tasks/local-path.yml Normal file
View file

@ -0,0 +1,71 @@
---
- name: Local-path
block:
- name: Include file list
include_vars: "local-path.yaml"
- name: Defined local-path-storage state to present
set_fact:
storage_localpath_state: present
when:
- storage_localpath|bool
- name: find state of local-path-storage
set_fact:
storage_localpath_state: absent
when:
- not storage_localpath|bool
- name: namespace
k8s:
state: present
context: "{{ my_context }}"
merge_type: merge
definition:
api_version: v1
kind: Namespace
metadata:
name: "{{ storage_localpath_namespace }}"
labels:
namespace: '{{ storage_localpath_namespace }}'
when:
- storage_localpath|bool
- name: local-path-storage need to be {{ storage_localpath_state }}
k8s:
state: "{{ storage_localpath_state }}"
context: "{{ my_context }}"
namespace: "{{ storage_localpath_namespace }}"
merge_type: merge
resource_definition: "{{ lookup('file', 'local-path/' + item) | from_yaml }}"
with_items:
- "{{ storage_localpath_files_list }}"
# https://github.com/rancher/local-path-provisioner/tree/master/deploy/chart
- name: Downloal Local-path repository
block:
- name: Git clone stable repo on HEAD
ansible.builtin.git:
repo: "https://github.com/rancher/local-path-provisioner.git"
dest: tmp/local-path-provisioner
- name: Deploy local-path chart from local path
community.kubernetes.helm:
state: "{{ storage_localpath_state }}"
name: local-path-provisioner
context: "{{ my_context }}"
chart_ref: tmp/local-path-provisioner/deploy/chart
release_namespace: "{{ storage_localpath_namespace }}"
create_namespace: true
values:
rbac:
create: false
serviceAccount:
create: false
name: local-path-provisioner
nodePathMap:
- node: DEFAULT_PATH_FOR_NON_LISTED_NODES
paths: [/mnt/local]
tags:
- storage
- local-path

24
tasks/local.yml
View file

@ -1,24 +0,0 @@
---
- name: Include file list
include_vars: "local.yaml"
- name: Defined local-path-storage state to present
set_fact:
storage_localpath_state: present
when:
- storage_localpath|bool
- name: find state of local-path-storage
set_fact:
storage_localpath_state: absent
when:
- not storage_localpath|bool
- name: local-path-storage need to be {{ storage_localpath_state }}
k8s:
state: "{{ storage_localpath_state }}"
context: "{{ my_context }}"
merge_type: merge
resource_definition: "{{ lookup('file', 'local/' + item) | from_yaml }}"
with_items:
- "{{ storage_localpath_files_list }}"

33
tasks/main.yml
View file

@ -1,12 +1,41 @@
- name: Local Path setup - name: Local Path setup
block: block:
# - include_tasks: "manual.yml" - name: Define Manual StorageClass
- include_tasks: "local.yml" k8s:
state: present
context: "{{ my_context }}"
definition:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: manual
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
when:
- storage_manual|bool
tags:
- manual
- storage
- include_tasks: "local-path.yml"
tags:
- local-path
- storage
- include_tasks: "longhorn.yml" - include_tasks: "longhorn.yml"
tags: tags:
- longhorn - longhorn
- storage - storage
- include_tasks: "nfs.yml" - include_tasks: "nfs.yml"
tags:
- nfs
- storage
# https://medium.com/asl19-developers/create-readwritemany-persistentvolumeclaims-on-your-kubernetes-cluster-3a8db51f98e3
# https://github.com/ctrox/csi-s3
# https://github.com/kahing/goofys
# https://github.com/reactr-io/gocachefs
- include_tasks: "digital_ocean.yml" - include_tasks: "digital_ocean.yml"
- include_tasks: "linode.yml" - include_tasks: "linode.yml"
- include_tasks: "secrets-store.yml" - include_tasks: "secrets-store.yml"

6
vars/local-path.yaml Normal file
View file

@ -0,0 +1,6 @@
---
storage_localpath_files_list:
- "PodSecurityPolicy.yml"
- "ClusterRole.yml"
- "ClusterRoleBinding.yml"
- "ServiceAccount.yml"

9
vars/local.yaml
View file

@ -1,9 +0,0 @@
---
storage_localpath_files_list:
- "local-path-storage-Namespace.yaml"
- "local-path-provisioner-service-account-ServiceAccount.yaml"
- "local-path-provisioner-role-ClusterRole.yaml"
- "local-path-provisioner-bind-ClusterRoleBinding.yaml"
- "local-path-provisioner-Deployment.yaml"
- "local-path-StorageClass.yaml"
- "local-path-config-ConfigMap.yaml"