/
import-external-cluster.sh
313 lines (297 loc) · 10.7 KB
/
import-external-cluster.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
#!/bin/bash
set -e
##############
# VARIABLES #
#############
NAMESPACE=${NAMESPACE:="rook-ceph-external"}
MON_SECRET_NAME=rook-ceph-mon
RGW_ADMIN_OPS_USER_SECRET_NAME=rgw-admin-ops-user
MON_SECRET_CLUSTER_NAME_KEYNAME=cluster-name
MON_SECRET_FSID_KEYNAME=fsid
MON_SECRET_ADMIN_KEYRING_KEYNAME=admin-secret
MON_SECRET_MON_KEYRING_KEYNAME=mon-secret
MON_SECRET_CEPH_USERNAME_KEYNAME=ceph-username
MON_SECRET_CEPH_SECRET_KEYNAME=ceph-secret
MON_ENDPOINT_CONFIGMAP_NAME=rook-ceph-mon-endpoints
ROOK_EXTERNAL_CLUSTER_NAME=$NAMESPACE
ROOK_RBD_FEATURES=${ROOK_RBD_FEATURES:-"layering"}
ROOK_EXTERNAL_MAX_MON_ID=2
ROOK_EXTERNAL_MAPPING={}
RBD_STORAGE_CLASS_NAME=ceph-rbd
CEPHFS_STORAGE_CLASS_NAME=cephfs
ROOK_EXTERNAL_MONITOR_SECRET=mon-secret
OPERATOR_NAMESPACE=rook-ceph # default set to rook-ceph
RBD_PROVISIONER=$OPERATOR_NAMESPACE".rbd.csi.ceph.com" # driver:namespace:operator
CEPHFS_PROVISIONER=$OPERATOR_NAMESPACE".cephfs.csi.ceph.com" # driver:namespace:operator
CLUSTER_ID_RBD=$NAMESPACE
CLUSTER_ID_CEPHFS=$NAMESPACE
: "${ROOK_EXTERNAL_ADMIN_SECRET:=admin-secret}"
#############
# FUNCTIONS #
#############
function checkEnvVars() {
if [ -z "$NAMESPACE" ]; then
echo "Please populate the environment variable NAMESPACE"
exit 1
fi
if [ -z "$ROOK_RBD_FEATURES" ] || [[ ! "$ROOK_RBD_FEATURES" =~ .*"layering".* ]]; then
echo "Please populate the environment variable ROOK_RBD_FEATURES"
echo "For a kernel earlier than 5.4 use a value of 'layering'; for 5.4 or later"
echo "use 'layering,fast-diff,object-map,deep-flatten,exclusive-lock'"
exit 1
fi
if [ -z "$ROOK_EXTERNAL_FSID" ]; then
echo "Please populate the environment variable ROOK_EXTERNAL_FSID"
exit 1
fi
if [ -z "$ROOK_EXTERNAL_CEPH_MON_DATA" ]; then
echo "Please populate the environment variable ROOK_EXTERNAL_CEPH_MON_DATA"
exit 1
fi
if [[ "$ROOK_EXTERNAL_ADMIN_SECRET" == "admin-secret" ]]; then
if [ -z "$ROOK_EXTERNAL_USER_SECRET" ]; then
echo "Please populate the environment variable ROOK_EXTERNAL_USER_SECRET"
exit 1
fi
if [ -z "$ROOK_EXTERNAL_USERNAME" ]; then
echo "Please populate the environment variable ROOK_EXTERNAL_USERNAME"
exit 1
fi
fi
if [[ "$ROOK_EXTERNAL_ADMIN_SECRET" != "admin-secret" ]] && [ -n "$ROOK_EXTERNAL_USER_SECRET" ]; then
echo "Providing both ROOK_EXTERNAL_ADMIN_SECRET and ROOK_EXTERNAL_USER_SECRET is not supported, choose one only."
exit 1
fi
}
function createClusterNamespace() {
if ! kubectl get namespace "$NAMESPACE" &>/dev/null; then
kubectl \
create \
namespace \
"$NAMESPACE"
else
echo "cluster namespace $NAMESPACE already exists"
fi
}
function importClusterID() {
if [ -n "$RADOS_NAMESPACE" ]; then
CLUSTER_ID_RBD=$(kubectl -n "$NAMESPACE" get cephblockpoolradosnamespace.ceph.rook.io/"$RADOS_NAMESPACE" -o jsonpath='{.status.info.clusterID}')
fi
if [ -n "$SUBVOLUME_GROUP" ]; then
CLUSTER_ID_CEPHFS=$(kubectl -n "$NAMESPACE" get cephfilesystemsubvolumegroup.ceph.rook.io/"$SUBVOLUME_GROUP" -o jsonpath='{.status.info.clusterID}')
fi
}
function importSecret() {
if ! kubectl -n "$NAMESPACE" get secret "$MON_SECRET_NAME" &>/dev/null; then
kubectl -n "$NAMESPACE" \
create \
secret \
generic \
--type="kubernetes.io/rook" \
"$MON_SECRET_NAME" \
--from-literal="$MON_SECRET_CLUSTER_NAME_KEYNAME"="$ROOK_EXTERNAL_CLUSTER_NAME" \
--from-literal="$MON_SECRET_FSID_KEYNAME"="$ROOK_EXTERNAL_FSID" \
--from-literal="$MON_SECRET_ADMIN_KEYRING_KEYNAME"="$ROOK_EXTERNAL_ADMIN_SECRET" \
--from-literal="$MON_SECRET_MON_KEYRING_KEYNAME"="$ROOK_EXTERNAL_MONITOR_SECRET" \
--from-literal="$MON_SECRET_CEPH_USERNAME_KEYNAME"="$ROOK_EXTERNAL_USERNAME" \
--from-literal="$MON_SECRET_CEPH_SECRET_KEYNAME"="$ROOK_EXTERNAL_USER_SECRET"
else
echo "secret $MON_SECRET_NAME already exists"
fi
}
function importConfigMap() {
if ! kubectl -n "$NAMESPACE" get configmap "$MON_ENDPOINT_CONFIGMAP_NAME" &>/dev/null; then
kubectl -n "$NAMESPACE" \
create \
configmap \
"$MON_ENDPOINT_CONFIGMAP_NAME" \
--from-literal=data="$ROOK_EXTERNAL_CEPH_MON_DATA" \
--from-literal=mapping="$ROOK_EXTERNAL_MAPPING" \
--from-literal=maxMonId="$ROOK_EXTERNAL_MAX_MON_ID"
else
echo "configmap $MON_ENDPOINT_CONFIGMAP_NAME already exists"
fi
}
function importCsiRBDNodeSecret() {
if ! kubectl -n "$NAMESPACE" get secret "rook-$CSI_RBD_NODE_SECRET_NAME" &>/dev/null; then
kubectl -n "$NAMESPACE" \
create \
secret \
generic \
--type="kubernetes.io/rook" \
"rook-""$CSI_RBD_NODE_SECRET_NAME" \
--from-literal=userID="$CSI_RBD_NODE_SECRET_NAME" \
--from-literal=userKey="$CSI_RBD_NODE_SECRET"
else
echo "secret rook-$CSI_RBD_NODE_SECRET_NAME already exists"
fi
}
function importCsiRBDProvisionerSecret() {
if ! kubectl -n "$NAMESPACE" get secret "rook-$CSI_RBD_PROVISIONER_SECRET_NAME" &>/dev/null; then
kubectl -n "$NAMESPACE" \
create \
secret \
generic \
--type="kubernetes.io/rook" \
"rook-""$CSI_RBD_PROVISIONER_SECRET_NAME" \
--from-literal=userID="$CSI_RBD_PROVISIONER_SECRET_NAME" \
--from-literal=userKey="$CSI_RBD_PROVISIONER_SECRET"
else
echo "secret $CSI_RBD_PROVISIONER_SECRET_NAME already exists"
fi
}
function importCsiCephFSNodeSecret() {
if ! kubectl -n "$NAMESPACE" get secret "rook-$CSI_CEPHFS_NODE_SECRET_NAME" &>/dev/null; then
kubectl -n "$NAMESPACE" \
create \
secret \
generic \
--type="kubernetes.io/rook" \
"rook-""$CSI_CEPHFS_NODE_SECRET_NAME" \
--from-literal=adminID="$CSI_CEPHFS_NODE_SECRET_NAME" \
--from-literal=adminKey="$CSI_CEPHFS_NODE_SECRET"
else
echo "secret $CSI_CEPHFS_NODE_SECRET_NAME already exists"
fi
}
function importCsiCephFSProvisionerSecret() {
if ! kubectl -n "$NAMESPACE" get secret "rook-$CSI_CEPHFS_PROVISIONER_SECRET_NAME" &>/dev/null; then
kubectl -n "$NAMESPACE" \
create \
secret \
generic \
--type="kubernetes.io/rook" \
"rook-""$CSI_CEPHFS_PROVISIONER_SECRET_NAME" \
--from-literal=adminID="$CSI_CEPHFS_PROVISIONER_SECRET_NAME" \
--from-literal=adminKey="$CSI_CEPHFS_PROVISIONER_SECRET"
else
echo "secret $CSI_CEPHFS_PROVISIONER_SECRET_NAME already exists"
fi
}
function importRGWAdminOpsUser() {
if ! kubectl -n "$NAMESPACE" get secret "$RGW_ADMIN_OPS_USER_SECRET_NAME" &>/dev/null; then
kubectl -n "$NAMESPACE" \
create \
secret \
generic \
--type="kubernetes.io/rook" \
"$RGW_ADMIN_OPS_USER_SECRET_NAME" \
--from-literal=accessKey="$RGW_ADMIN_OPS_USER_ACCESS_KEY" \
--from-literal=secretKey="$RGW_ADMIN_OPS_USER_SECRET_KEY"
else
echo "secret $RGW_ADMIN_OPS_USER_SECRET_NAME already exists"
fi
}
function createECRBDStorageClass() {
if ! kubectl -n "$NAMESPACE" get storageclass $RBD_STORAGE_CLASS_NAME &>/dev/null; then
cat <<eof | kubectl create -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: $RBD_STORAGE_CLASS_NAME
provisioner: $RBD_PROVISIONER
parameters:
clusterID: $CLUSTER_ID_RBD
pool: $RBD_METADATA_EC_POOL_NAME
dataPool: $RBD_POOL_NAME
imageFormat: "2"
imageFeatures: $ROOK_RBD_FEATURES
csi.storage.k8s.io/provisioner-secret-name: "rook-$CSI_RBD_PROVISIONER_SECRET_NAME"
csi.storage.k8s.io/provisioner-secret-namespace: $NAMESPACE
csi.storage.k8s.io/controller-expand-secret-name: "rook-$CSI_RBD_PROVISIONER_SECRET_NAME"
csi.storage.k8s.io/controller-expand-secret-namespace: $NAMESPACE
csi.storage.k8s.io/node-stage-secret-name: "rook-$CSI_RBD_NODE_SECRET_NAME"
csi.storage.k8s.io/node-stage-secret-namespace: $NAMESPACE
csi.storage.k8s.io/fstype: ext4
allowVolumeExpansion: true
reclaimPolicy: Delete
eof
else
echo "storageclass $RBD_STORAGE_CLASS_NAME already exists"
fi
}
function createRBDStorageClass() {
if ! kubectl -n "$NAMESPACE" get storageclass $RBD_STORAGE_CLASS_NAME &>/dev/null; then
cat <<eof | kubectl create -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: $RBD_STORAGE_CLASS_NAME
provisioner: $RBD_PROVISIONER
parameters:
clusterID: $CLUSTER_ID_RBD
pool: $RBD_POOL_NAME
imageFormat: "2"
imageFeatures: $ROOK_RBD_FEATURES
csi.storage.k8s.io/provisioner-secret-name: "rook-$CSI_RBD_PROVISIONER_SECRET_NAME"
csi.storage.k8s.io/provisioner-secret-namespace: $NAMESPACE
csi.storage.k8s.io/controller-expand-secret-name: "rook-$CSI_RBD_PROVISIONER_SECRET_NAME"
csi.storage.k8s.io/controller-expand-secret-namespace: $NAMESPACE
csi.storage.k8s.io/node-stage-secret-name: "rook-$CSI_RBD_NODE_SECRET_NAME"
csi.storage.k8s.io/node-stage-secret-namespace: $NAMESPACE
csi.storage.k8s.io/fstype: ext4
allowVolumeExpansion: true
reclaimPolicy: Delete
eof
else
echo "storageclass $RBD_STORAGE_CLASS_NAME already exists"
fi
}
function createCephFSStorageClass() {
if ! kubectl -n "$NAMESPACE" get storageclass $CEPHFS_STORAGE_CLASS_NAME &>/dev/null; then
cat <<eof | kubectl create -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: $CEPHFS_STORAGE_CLASS_NAME
provisioner: $CEPHFS_PROVISIONER
parameters:
clusterID: $CLUSTER_ID_CEPHFS
fsName: $CEPHFS_FS_NAME
pool: $CEPHFS_POOL_NAME
csi.storage.k8s.io/provisioner-secret-name: "rook-$CSI_CEPHFS_PROVISIONER_SECRET_NAME"
csi.storage.k8s.io/provisioner-secret-namespace: $NAMESPACE
csi.storage.k8s.io/controller-expand-secret-name: "rook-$CSI_CEPHFS_PROVISIONER_SECRET_NAME"
csi.storage.k8s.io/controller-expand-secret-namespace: $NAMESPACE
csi.storage.k8s.io/node-stage-secret-name: "rook-$CSI_CEPHFS_NODE_SECRET_NAME"
csi.storage.k8s.io/node-stage-secret-namespace: $NAMESPACE
allowVolumeExpansion: true
reclaimPolicy: Delete
eof
else
echo "storageclass $CEPHFS_STORAGE_CLASS_NAME already exists"
fi
}
########
# MAIN #
########
checkEnvVars
createClusterNamespace
importClusterID
importSecret
importConfigMap
if [ -n "$CSI_RBD_NODE_SECRET_NAME" ] && [ -n "$CSI_RBD_NODE_SECRET" ]; then
importCsiRBDNodeSecret
fi
if [ -n "$CSI_RBD_PROVISIONER_SECRET_NAME" ] && [ -n "$CSI_RBD_PROVISIONER_SECRET" ]; then
importCsiRBDProvisionerSecret
fi
if [ -n "$RGW_ADMIN_OPS_USER_ACCESS_KEY" ] && [ -n "$RGW_ADMIN_OPS_USER_SECRET_KEY" ]; then
importRGWAdminOpsUser
fi
if [ -n "$CSI_CEPHFS_NODE_SECRET_NAME" ] && [ -n "$CSI_CEPHFS_NODE_SECRET" ]; then
importCsiCephFSNodeSecret
fi
if [ -n "$CSI_CEPHFS_PROVISIONER_SECRET_NAME" ] && [ -n "$CSI_CEPHFS_PROVISIONER_SECRET" ]; then
importCsiCephFSProvisionerSecret
fi
if [ -n "$RBD_POOL_NAME" ]; then
if [ -n "$RBD_METADATA_EC_POOL_NAME" ]; then
createECRBDStorageClass
else
createRBDStorageClass
fi
fi
if [ -n "$CEPHFS_FS_NAME" ] && [ -n "$CEPHFS_POOL_NAME" ]; then
createCephFSStorageClass
fi