[ceph-provisioners] Update ceph_mon config as per new ceph clients

As new ceph clients expecting the ceph_mon config as shown below , this
ps will update the configmap.

mon_host = [v1:172.29.1.139:6789/0,v2:172.29.1.139:3300/0],
[v1:172.29.1.140:6789/0,v2:172.29.1.140:3300/0],
[v1:172.29.1.145:6789/0,v2:172.29.1.145:3300/0]

Change-Id: I6b96bf5bd4fb29bf1e004fc2ce8514979da706ed

ceph-provisioners/Chart.yaml

@@ -15,6 +15,6 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceph Provisioner
 name: ceph-provisioners
-version: 0.1.5
+version: 0.1.6
 home: https://github.com/ceph/ceph
 ...

ceph-provisioners/templates/bin/provisioner/rbd/_namespace-client-ceph-config-manager.sh.tpl

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http:https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+{{- $envAll := . }}
+
+
+ENDPOINT=$(kubectl get endpoints ceph-mon-discovery -n ${PVC_CEPH_RBD_STORAGECLASS_DEPLOYED_NAMESPACE} -o json | awk -F'"' -v port=${MON_PORT} \
+ -v version=v1 -v msgr_version=v2 \
+ -v msgr2_port=${MON_PORT_V2} \
+ '/"ip"/{print "["version":"$4":"port"/"0","msgr_version":"$4":"msgr2_port"/"0"]"}' | paste -sd',')
+
+echo $ENDPOINT
+
+kubectl get cm ${CEPH_CONF_ETC} -n ${DEPLOYMENT_NAMESPACE} -o yaml | \
+ sed "s#mon_host.*#mon_host = ${ENDPOINT}#g" | \
+ kubectl apply -f -
+
+kubectl get cm ${CEPH_CONF_ETC} -n ${DEPLOYMENT_NAMESPACE} -o yaml

ceph-provisioners/templates/configmap-bin-provisioner.yaml

@@ -20,6 +20,8 @@ kind: ConfigMap
 metadata:
  name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }}
 data:
+ provisioner-rbd-namespace-client-ceph-config-manager.sh: |
+{{ tuple "bin/provisioner/rbd/_namespace-client-ceph-config-manager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  provisioner-rbd-namespace-client-key-manager.sh: |
 {{ tuple "bin/provisioner/rbd/_namespace-client-key-manager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  provisioner-rbd-namespace-client-key-cleaner.sh: |

ceph-provisioners/templates/job-namespace-client-ceph-config.yaml

@@ -0,0 +1,137 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http:https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.job_namespace_client_ceph_config .Values.deployment.client_secrets }}
+{{- $envAll := . }}
+
+{{- $randStringSuffix := randAlphaNum 5 | lower }}
+
+{{- $serviceAccountName := print $envAll.Release.Name "-ceph-ns-ceph-config-generator" }}
+{{ tuple $envAll "namespace_client_ceph_config_generator" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ $serviceAccountName }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - create
+ - update
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ $serviceAccountName }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $serviceAccountName }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $envAll.Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }}
+ namespace: {{ .Values.storageclass.rbd.parameters.adminSecretNamespace }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - endpoints
+ verbs:
+ - get
+ - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }}
+ namespace: {{ .Values.storageclass.rbd.parameters.adminSecretNamespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $envAll.Release.Namespace }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ $serviceAccountName }}
+spec:
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "ceph" "client-ceph-config-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ annotations:
+{{ dict "envAll" $envAll "podName" $serviceAccountName "containerNames" (list "ceph-storage-keys-generator" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+{{ dict "envAll" $envAll "application" "client_ceph_config_generator" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ $envAll.Values.labels.job.node_selector_key }}: {{ $envAll.Values.labels.job.node_selector_value }}
+ initContainers:
+{{ tuple $envAll "namespace_client_ceph_config_generator" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ containers:
+ - name: ceph-storage-keys-generator
+{{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.secret_provisioning | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "client_ceph_config_generator" "container" "ceph_storage_keys_generator" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ env:
+ - name: CEPH_CONF_ETC
+ value: {{ .Values.storageclass.rbd.ceph_configmap_name }}
+ - name: DEPLOYMENT_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: PVC_CEPH_RBD_STORAGECLASS_DEPLOYED_NAMESPACE
+ value: {{ .Values.storageclass.rbd.parameters.adminSecretNamespace }}
+ - name: MON_PORT
+ value: {{ tuple "ceph_mon" "internal" "mon" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
+ - name: MON_PORT_V2
+ value: {{ tuple "ceph_mon" "internal" "mon_msgr2" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
+
+ command:
+ - /tmp/provisioner-rbd-namespace-client-ceph-config-manager.sh
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: pod-etc-ceph
+ mountPath: /etc/ceph
+ - name: ceph-provisioners-bin-clients
+ mountPath: /tmp/provisioner-rbd-namespace-client-ceph-config-manager.sh
+ subPath: provisioner-rbd-namespace-client-ceph-config-manager.sh
+ readOnly: true
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: pod-etc-ceph
+ emptyDir: {}
+ - name: ceph-provisioners-bin-clients
+ configMap:
+ name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }}
+ defaultMode: 0555
+{{- end }}

ceph-provisioners/values.yaml

@@ -418,6 +418,7 @@ manifests:
  job_image_repo_sync: true
  job_namespace_client_key_cleaner: true
  job_namespace_client_key: true
+ job_namespace_client_ceph_config: true
  storageclass: true
  helm_tests: true
 ...

releasenotes/notes/ceph-provisioners.yaml

@@ -6,4 +6,5 @@ ceph-provisioners:
  - 0.1.3 Uplift from Nautilus to Octopus release
  - 0.1.4 Add Ceph CSI plugin
  - 0.1.5 Fix Helm tests for the Ceph provisioners
+ - 0.1.6 Update ceph_mon config as per new ceph clients
 ...