From 470c08c37ab42cb1ef8f60d9724779ab6e4b0957 Mon Sep 17 00:00:00 2001
From: subhamkrai <srai@redhat.com>
Date: Tue, 30 Nov 2021 08:25:29 +0530
Subject: [PATCH] core: adding migrator.yaml for pv-migrator tool

Adding migrator.yaml file which will required
to run migrator pod.

Signed-off-by: subhamkrai <srai@redhat.com>
---
 .../kubernetes/ceph/pv-migrator/migrator.yaml | 168 ++++++++++++++++++
 1 file changed, 168 insertions(+)
 create mode 100644 cluster/examples/kubernetes/ceph/pv-migrator/migrator.yaml

diff --git a/cluster/examples/kubernetes/ceph/pv-migrator/migrator.yaml b/cluster/examples/kubernetes/ceph/pv-migrator/migrator.yaml
new file mode 100644
index 0000000000000..b365a26bccba1
--- /dev/null
+++ b/cluster/examples/kubernetes/ceph/pv-migrator/migrator.yaml
@@ -0,0 +1,168 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-migrator
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update", "delete", "create","patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts"]
+    verbs: ["get"]
+---
+
+# Allow the ceph osd to access cluster-wide resources necessary for determining their topology location
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-migrator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rook-ceph-migrator
+subjects:
+  - kind: ServiceAccount
+    name: rook-ceph-migrator
+    namespace: rook-ceph # namespace:cluster
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rook-ceph-migrator
+  namespace: rook-ceph # namespace:cluster
+# imagePullSecrets:
+# - name: my-registry-secret
+
+# OLM: END SERVICE ACCOUNT OSD
+# OLM: BEGIN SERVICE ACCOUNT MGR
+---
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-migrator
+  namespace: rook-ceph # namespace:cluster
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "list", "watch", "create", "update", "delete"]
+  - apiGroups: ["ceph.rook.io"]
+    resources: ["cephclusters", "cephclusters/finalizers"]
+    verbs: ["get", "list", "create", "update", "delete"]
+---
+
+
+# Allow the osd pods in this namespace to work with configmaps
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-migrator
+  namespace: rook-ceph # namespace:cluster
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rook-ceph-migrator
+subjects:
+  - kind: ServiceAccount
+    name: rook-ceph-migrator
+    namespace: rook-ceph # namespace:cluster
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: rook-ceph-migrator-psp
+  namespace: rook-ceph # namespace:cluster
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: psp:rook
+subjects:
+  - kind: ServiceAccount
+    name: rook-ceph-migrator
+    namespace: rook-ceph # namespace:cluster
+---
+
+---
+# source https://github.com/rook/rook
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rook-ceph-migrator
+  namespace: rook-ceph # namespace:cluster
+  labels:
+    app: rook-ceph-migrator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rook-ceph-migrator
+  template:
+    metadata:
+      labels:
+        app: rook-ceph-migrator
+    spec:
+      serviceAccountName: rook-ceph-migrator # only this field was newly added
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+        - name: rook-ceph-migrator
+          image: rook/ceph:v1.7.x
+          command: ["/tini"]
+          args: ["-g", "--", "/usr/local/bin/toolbox.sh"]
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: ROOK_CEPH_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: rook-ceph-mon
+                  key: ceph-username
+            - name: ROOK_CEPH_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: rook-ceph-mon
+                  key: ceph-secret
+          volumeMounts:
+            - mountPath: /etc/ceph
+              name: ceph-config
+            - name: mon-endpoint-volume
+              mountPath: /etc/rook
+      volumes:
+        - name: mon-endpoint-volume
+          configMap:
+            name: rook-ceph-mon-endpoints
+            items:
+              - key: data
+                path: mon-endpoints
+        - name: ceph-config
+          emptyDir: {}
+      tolerations:
+        - key: "node.kubernetes.io/unreachable"
+          operator: "Exists"
+          effect: "NoExecute"
+          tolerationSeconds: 5
+---