Merge pull request #9274 from subhamkrai/add-binary

build: add pv-migrator binary to rook image in 1.7.x branch
rook · Dec 1, 2021 · f95602b · f95602b
2 parents a9cda1e + 91a9ba6
commit f95602b
Show file tree

Hide file tree

Showing 2 changed files with 158 additions and 1 deletion.
diff --git a/cluster/examples/kubernetes/ceph/pv-migrator/migrator.yaml b/cluster/examples/kubernetes/ceph/pv-migrator/migrator.yaml
@@ -0,0 +1,154 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-migrator
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update", "delete", "create", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts"]
+    verbs: ["get"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-migrator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rook-ceph-migrator
+subjects:
+  - kind: ServiceAccount
+    name: rook-ceph-migrator
+    namespace: rook-ceph # namespace:cluster
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rook-ceph-migrator
+  namespace: rook-ceph # namespace:cluster
+# imagePullSecrets:
+# - name: my-registry-secret
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-migrator
+  namespace: rook-ceph # namespace:cluster
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "list", "watch", "create", "update", "delete"]
+  - apiGroups: ["ceph.rook.io"]
+    resources: ["cephclusters", "cephclusters/finalizers"]
+    verbs: ["get", "list", "create", "update", "delete"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-migrator
+  namespace: rook-ceph # namespace:cluster
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rook-ceph-migrator
+subjects:
+  - kind: ServiceAccount
+    name: rook-ceph-migrator
+    namespace: rook-ceph # namespace:cluster
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: rook-ceph-migrator-psp
+  namespace: rook-ceph # namespace:cluster
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: psp:rook
+subjects:
+  - kind: ServiceAccount
+    name: rook-ceph-migrator
+    namespace: rook-ceph # namespace:cluster
+---
+# source https://github.com/rook/rook
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rook-ceph-migrator
+  namespace: rook-ceph # namespace:cluster
+  labels:
+    app: rook-ceph-migrator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rook-ceph-migrator
+  template:
+    metadata:
+      labels:
+        app: rook-ceph-migrator
+    spec:
+      serviceAccountName: rook-ceph-migrator
+      dnsPolicy: ClusterFirstWithHostNet
+      containers:
+        - name: rook-ceph-migrator
+          image: rook/ceph:v1.7.8
+          command: ["/tini"]
+          args: ["-g", "--", "/usr/local/bin/toolbox.sh"]
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: ROOK_CEPH_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: rook-ceph-mon
+                  key: ceph-username
+            - name: ROOK_CEPH_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: rook-ceph-mon
+                  key: ceph-secret
+          volumeMounts:
+            - mountPath: /etc/ceph
+              name: ceph-config
+            - name: mon-endpoint-volume
+              mountPath: /etc/rook
+      volumes:
+        - name: mon-endpoint-volume
+          configMap:
+            name: rook-ceph-mon-endpoints
+            items:
+              - key: data
+                path: mon-endpoints
+        - name: ceph-config
+          emptyDir: {}
+      tolerations:
+        - key: "node.kubernetes.io/unreachable"
+          operator: "Exists"
+          effect: "NoExecute"
+          tolerationSeconds: 5
diff --git a/images/ceph/Dockerfile b/images/ceph/Dockerfile
@@ -20,7 +20,10 @@ ARG TINI_VERSION
 
 # Run tini as PID 1 and avoid signal handling issues
 RUN curl --fail -sSL -o /tini https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-${ARCH} && \
-    chmod +x /tini
+    chmod +x /tini && \
+    curl -LJO https://github.com/ceph/persistent-volume-migrator/releases/download/v0.1.0-alpha/pv-migrator && \
+    install pv-migrator /usr/local/bin/pv-migrator && \
+    rm -f pv-migrator
 
 COPY rook rookflex toolbox.sh set-ceph-debug-level /usr/local/bin/
 COPY ceph-csi /etc/ceph-csi