diff options
| author |   Dileep Ranganathan <dileep.ranganathan@intel.com> | 2019-04-10 15:29:23 -0700 |
|---|---|---|
| committer | Dileep Ranganathan <dileep.ranganathan@intel.com> | 2019-04-10 15:33:20 -0700 |
| commit | e339330753f696f21c13f1ef70087a474a85308d (patch) | |
| tree | a4a5f2cf99644808300d0a2def9e00e5c60b5047 /vnfs/DAaaS/00-init/rook-ceph/templates/cluster.yml | |
| parent | 6fca0bf437c0917096a0105292514633c0ec3db3 (diff) | |
Init package for Distributed Analytics
Init package consists of Rook/Ceph, Istio Helm charts
Change-Id: Ifcf9b838231937035d55d4b78f7e3c387af5fe92
Issue-ID: ONAPARC-366
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
Diffstat (limited to 'vnfs/DAaaS/00-init/rook-ceph/templates/cluster.yml')
| -rw-r--r-- | vnfs/DAaaS/00-init/rook-ceph/templates/cluster.yml | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/vnfs/DAaaS/00-init/rook-ceph/templates/cluster.yml b/vnfs/DAaaS/00-init/rook-ceph/templates/cluster.yml new file mode 100644 index 00000000..1cd33e8c --- /dev/null +++ b/vnfs/DAaaS/00-init/rook-ceph/templates/cluster.yml @@ -0,0 +1,180 @@ +################################################################################# +# This example first defines some necessary namespace and RBAC security objects. +# The actual Ceph Cluster CRD example can be found at the bottom of this example. +################################################################################# +apiVersion: v1 +kind: Namespace +metadata: + name: rook-ceph +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rook-ceph-osd + namespace: rook-ceph +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rook-ceph-mgr + namespace: rook-ceph +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rook-ceph-osd + namespace: rook-ceph +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: [ "get", "list", "watch", "create", "update", "delete" ] +--- +# Aspects of ceph-mgr that require access to the system namespace +kind: Role +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rook-ceph-mgr-system + namespace: rook-ceph +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +--- +# Aspects of ceph-mgr that operate within the cluster's namespace +kind: Role +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rook-ceph-mgr + namespace: rook-ceph +rules: +- apiGroups: + - "" + resources: + - pods + - services + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - ceph.rook.io + resources: + - "*" + verbs: + - "*" +--- +# Allow the operator to create resources in this cluster's namespace +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rook-ceph-cluster-mgmt + namespace: rook-ceph +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-cluster-mgmt +subjects: +- kind: ServiceAccount + name: rook-ceph-system + namespace: rook-ceph-system +--- +# Allow the osd pods in this namespace to work with configmaps +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rook-ceph-osd + namespace: rook-ceph +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-osd +subjects: +- kind: ServiceAccount + name: rook-ceph-osd + namespace: rook-ceph +--- +# Allow the ceph mgr to access the cluster-specific resources necessary for the mgr modules +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rook-ceph-mgr + namespace: rook-ceph +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-mgr +subjects: +- kind: ServiceAccount + name: rook-ceph-mgr + namespace: rook-ceph +--- +# Allow the ceph mgr to access the rook system resources necessary for the mgr modules +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rook-ceph-mgr-system + namespace: rook-ceph-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rook-ceph-mgr-system +subjects: +- kind: ServiceAccount + name: rook-ceph-mgr + namespace: rook-ceph +--- +# Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: rook-ceph-mgr-cluster + namespace: rook-ceph +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-ceph-mgr-cluster +subjects: +- kind: ServiceAccount + name: rook-ceph-mgr + namespace: rook-ceph +--- +################################################################################# +# The Ceph Cluster CRD example +################################################################################# +apiVersion: ceph.rook.io/v1 +kind: CephCluster +metadata: + name: rook-ceph + namespace: rook-ceph +spec: + cephVersion: + # For the latest ceph images, see https://hub.docker.com/r/ceph/ceph/tags + image: ceph/ceph:v13.2.2-20181023 + dataDirHostPath: /var/lib/rook + dashboard: + enabled: true + mon: + count: 3 + allowMultiplePerNode: true + storage: + useAllNodes: true + useAllDevices: false + config: + databaseSizeMB: "1024" + journalSizeMB: "1024"
\ No newline at end of file |