Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
core: adding migrator.yaml for pv-migrator tool
Adding migrator.yaml file which will required to run migrator pod. Signed-off-by: subhamkrai <srai@redhat.com>
- Loading branch information
1 parent
c54854d
commit 470c08c
Showing
1 changed file
with
168 additions
and
0 deletions.
There are no files selected for viewing
168 changes: 168 additions & 0 deletions
168
cluster/examples/kubernetes/ceph/pv-migrator/migrator.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,168 @@ | ||
| --- | ||
| kind: ClusterRole | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: rook-ceph-migrator | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: ["namespaces"] | ||
| verbs: ["get", "list"] | ||
| - apiGroups: | ||
| - "" | ||
| resources: | ||
| - nodes | ||
| verbs: | ||
| - get | ||
| - list | ||
| - apiGroups: [""] | ||
| resources: ["secrets"] | ||
| verbs: ["get", "list", "watch"] | ||
| - apiGroups: [""] | ||
| resources: ["persistentvolumes"] | ||
| verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] | ||
| - apiGroups: [""] | ||
| resources: ["persistentvolumeclaims"] | ||
| verbs: ["get", "list", "watch", "update", "delete", "create","patch"] | ||
| - apiGroups: ["storage.k8s.io"] | ||
| resources: ["storageclasses"] | ||
| verbs: ["get", "list", "watch"] | ||
| - apiGroups: [""] | ||
| resources: ["configmaps"] | ||
| verbs: ["get"] | ||
| - apiGroups: [""] | ||
| resources: ["serviceaccounts"] | ||
| verbs: ["get"] | ||
| --- | ||
|
|
||
| # Allow the ceph osd to access cluster-wide resources necessary for determining their topology location | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: rook-ceph-migrator | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: rook-ceph-migrator | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: rook-ceph-migrator | ||
| namespace: rook-ceph # namespace:cluster | ||
|
|
||
| --- | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: rook-ceph-migrator | ||
| namespace: rook-ceph # namespace:cluster | ||
| # imagePullSecrets: | ||
| # - name: my-registry-secret | ||
|
|
||
| # OLM: END SERVICE ACCOUNT OSD | ||
| # OLM: BEGIN SERVICE ACCOUNT MGR | ||
| --- | ||
|
|
||
| kind: Role | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: rook-ceph-migrator | ||
| namespace: rook-ceph # namespace:cluster | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: ["configmaps"] | ||
| verbs: ["get", "list", "watch", "create", "update", "delete"] | ||
| - apiGroups: ["ceph.rook.io"] | ||
| resources: ["cephclusters", "cephclusters/finalizers"] | ||
| verbs: ["get", "list", "create", "update", "delete"] | ||
| --- | ||
|
|
||
|
|
||
| # Allow the osd pods in this namespace to work with configmaps | ||
| kind: RoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: rook-ceph-migrator | ||
| namespace: rook-ceph # namespace:cluster | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: Role | ||
| name: rook-ceph-migrator | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: rook-ceph-migrator | ||
| namespace: rook-ceph # namespace:cluster | ||
|
|
||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: RoleBinding | ||
| metadata: | ||
| name: rook-ceph-migrator-psp | ||
| namespace: rook-ceph # namespace:cluster | ||
| roleRef: | ||
| apiGroup: rbac.authorization.k8s.io | ||
| kind: ClusterRole | ||
| name: psp:rook | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: rook-ceph-migrator | ||
| namespace: rook-ceph # namespace:cluster | ||
| --- | ||
|
|
||
| --- | ||
| # source https://github.com/rook/rook | ||
|
|
||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: rook-ceph-migrator | ||
| namespace: rook-ceph # namespace:cluster | ||
| labels: | ||
| app: rook-ceph-migrator | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: rook-ceph-migrator | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: rook-ceph-migrator | ||
| spec: | ||
| serviceAccountName: rook-ceph-migrator # only this field was newly added | ||
| dnsPolicy: ClusterFirstWithHostNet | ||
| containers: | ||
| - name: rook-ceph-migrator | ||
| image: rook/ceph:v1.7.x | ||
| command: ["/tini"] | ||
| args: ["-g", "--", "/usr/local/bin/toolbox.sh"] | ||
| imagePullPolicy: IfNotPresent | ||
| env: | ||
| - name: ROOK_CEPH_USERNAME | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: rook-ceph-mon | ||
| key: ceph-username | ||
| - name: ROOK_CEPH_SECRET | ||
| valueFrom: | ||
| secretKeyRef: | ||
| name: rook-ceph-mon | ||
| key: ceph-secret | ||
| volumeMounts: | ||
| - mountPath: /etc/ceph | ||
| name: ceph-config | ||
| - name: mon-endpoint-volume | ||
| mountPath: /etc/rook | ||
| volumes: | ||
| - name: mon-endpoint-volume | ||
| configMap: | ||
| name: rook-ceph-mon-endpoints | ||
| items: | ||
| - key: data | ||
| path: mon-endpoints | ||
| - name: ceph-config | ||
| emptyDir: {} | ||
| tolerations: | ||
| - key: "node.kubernetes.io/unreachable" | ||
| operator: "Exists" | ||
| effect: "NoExecute" | ||
| tolerationSeconds: 5 | ||
| --- |