Skip to content

Commit

Permalink
build: create resources with k8s recommended labels
Browse files Browse the repository at this point in the history 
Adding Recommended Labels on the rook resources,
for better visuals and management of k8s object

Closes: rook#8400
Signed-off-by: parth-gr <paarora@redhat.com>

Signed-off-by: parth-gr <paarora@redhat.com>
  • Loading branch information
@parth-gr
parth-gr committed Oct 8, 2021
1 parent c45fee8 commit 4ad6b06
Show file tree
Hide file tree
Showing 11 changed files with 289 additions and 10 deletions.
136 changes: 136 additions & 0 deletions build/rbac/rbac.yaml
View file
Expand Up @@ -74,6 +74,12 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
helm.sh/chart: rook-ceph-0.0.1
rules:
- apiGroups:
- policy
Expand Down Expand Up @@ -177,6 +183,29 @@ rules:
resources: [serviceaccounts]
verbs: [get]
---
<<<<<<< HEAD
=======
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rook-ceph-agent-mount
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
---
>>>>>>> c1e54f5ad (build: create resources with k8s recommended labels)
# The cluster role for managing all the cluster-specific resources in a namespace
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand All @@ -185,6 +214,11 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
rules:
- apiGroups:
- ''
Expand Down Expand Up @@ -217,6 +251,11 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
rules:
- apiGroups:
- ''
Expand Down Expand Up @@ -342,6 +381,11 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
rules:
- apiGroups:
- ''
Expand Down Expand Up @@ -398,6 +442,11 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
rules:
- apiGroups: ['']
resources: [secrets, configmaps]
Expand Down Expand Up @@ -463,6 +512,11 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
rules:
# Most resources are represented by a string representation of their name, such as “pods”, just as it appears in the URL for the relevant API endpoint.
# However, some Kubernetes APIs involve a “subresource”, such as the logs for a pod. [...]
Expand Down Expand Up @@ -535,6 +589,12 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
helm.sh/chart: rook-ceph-0.0.1
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand Down Expand Up @@ -593,6 +653,11 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand All @@ -609,6 +674,12 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
helm.sh/chart: rook-ceph-0.0.1
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand All @@ -621,6 +692,31 @@ subjects:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
<<<<<<< HEAD
=======
name: rook-ceph-system-psp-users
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
helm.sh/chart: rook-ceph-0.0.1
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rook-ceph-system-psp-user
subjects:
- kind: ServiceAccount
name: rook-ceph-system
namespace: rook-ceph
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
>>>>>>> c1e54f5ad (build: create resources with k8s recommended labels)
name: rook-csi-cephfs-plugin-sa-psp
roleRef:
apiGroup: rbac.authorization.k8s.io
Expand Down Expand Up @@ -892,6 +988,11 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
rules:
- apiGroups:
- ''
Expand Down Expand Up @@ -1019,6 +1120,12 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
helm.sh/chart: rook-ceph-0.0.1
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand Down Expand Up @@ -1123,6 +1230,11 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
Expand All @@ -1140,6 +1252,12 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
helm.sh/chart: rook-ceph-0.0.1
---
# Service account for the Ceph Mgr. Must exist and cannot be renamed.
apiVersion: v1
Expand All @@ -1150,6 +1268,12 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
helm.sh/chart: rook-ceph-0.0.1
---
# Service account for the Ceph OSDs. Must exist and cannot be renamed.
apiVersion: v1
Expand All @@ -1160,6 +1284,12 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
helm.sh/chart: rook-ceph-0.0.1
---
# Service account for the purge osd job
apiVersion: v1
Expand All @@ -1177,6 +1307,12 @@ metadata:
labels:
operator: rook
storage-backend: ceph
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/created-by: rook-ceph-operator
helm.sh/chart: rook-ceph-0.0.1
---
# Service account for the cephfs csi driver
apiVersion: v1
Expand Down
11 changes: 11 additions & 0 deletions cluster/charts/rook-ceph/templates/_helpers.tpl
View file
Expand Up @@ -24,3 +24,14 @@ imagePullSecrets:
{{ toYaml .Values.imagePullSecrets }}
{{- end -}}
{{- end -}}

{{/*
Common labels
*/}}
{{- define "rook-ceph.labels" -}}
app.kubernetes.io/name: rook-ceph
app.kubernetes.io/component: csi
app.kubernetes.io/part-of: rook-ceph
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/created-by: rook-ceph-operator
{{- end -}}
30 changes: 29 additions & 1 deletion cluster/charts/rook-ceph/templates/clusterrole.yaml
View file
Expand Up @@ -6,6 +6,7 @@ metadata:
labels:
operator: rook
storage-backend: ceph
{{- include "rook-ceph.labels" . | nindent 4 }}
rules:
# Most resources are represented by a string representation of their name, such as “pods”, just as it appears in the URL for the relevant API endpoint.
# However, some Kubernetes APIs involve a “subresource”, such as the logs for a pod. [...]
Expand All @@ -26,6 +27,7 @@ metadata:
labels:
operator: rook
storage-backend: ceph
{{- include "rook-ceph.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
Expand Down Expand Up @@ -58,6 +60,7 @@ metadata:
labels:
operator: rook
storage-backend: ceph
{{- include "rook-ceph.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
Expand Down Expand Up @@ -183,6 +186,7 @@ metadata:
labels:
operator: rook
storage-backend: ceph
{{- include "rook-ceph.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
Expand Down Expand Up @@ -239,6 +243,7 @@ metadata:
labels:
operator: rook
storage-backend: ceph
{{- include "rook-ceph.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["secrets", "configmaps"]
Expand Down Expand Up @@ -296,6 +301,28 @@ rules:
verbs:
- get
- list
<<<<<<< HEAD
=======
# Use a default dict to avoid 'can't give argument to non-function' errors from text/template
{{- if ne ((.Values.agent | default (dict "mountSecurityMode" "")).mountSecurityMode | default "") "Any" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rook-ceph-agent-mount
labels:
operator: rook
storage-backend: ceph
{{- include "rook-ceph.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
{{- end }}
>>>>>>> c1e54f5ad (build: create resources with k8s recommended labels)
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
Expand Down Expand Up @@ -468,7 +495,8 @@ metadata:
labels:
operator: rook
storage-backend: ceph
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
{{- include "rook-ceph.labels" . | nindent 4 }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
rules:
- apiGroups:
- policy
Expand Down

0 comments on commit 4ad6b06

Please sign in to comment.