# This manifest deploys the OpenEBS control plane components, with associated CRs & RBAC rules # NOTE: On GKE, deploy the openebs-operator.yaml in admin context # Create the OpenEBS namespace apiVersion: v1 kind: Namespace metadata: name: openebs --- # Create Maya Service Account apiVersion: v1 kind: ServiceAccount metadata: name: openebs-maya-operator namespace: openebs --- # Define Role that allows operations on K8s pods/deployments kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: openebs-maya-operator rules: - apiGroups: ["*"] resources: ["nodes","nodes/proxy"] verbs: ["get","list","watch","create","update"] - apiGroups: ["*"] resources: ["namespaces","services","pods","deployments", "events", "endpoints"] verbs: ["*"] - apiGroups: ["*"] resources: ["persistentvolumes","persistentvolumeclaims"] verbs: ["*"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["*"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: [ "get", "list", "create" ] - apiGroups: ["*"] resources: ["storagepools"] verbs: ["get", "list"] - apiGroups: ["volumesnapshot.external-storage.k8s.io"] resources: ["volumesnapshots","volumesnapshotdatas"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - nonResourceURLs: ["/metrics"] verbs: ["get"] --- # Bind the Service Account with the Role Privileges. # TODO: Check if default account also needs to be there kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: openebs-maya-operator namespace: openebs subjects: - kind: ServiceAccount name: openebs-maya-operator namespace: openebs - kind: User name: system:serviceaccount:default:default apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: openebs-maya-operator apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1beta1 kind: Deployment metadata: name: maya-apiserver namespace: openebs spec: replicas: 1 template: metadata: labels: name: maya-apiserver spec: serviceAccountName: openebs-maya-operator containers: - name: maya-apiserver imagePullPolicy: Always image: openebs/m-apiserver:0.6.0 ports: - containerPort: 5656 env: # OPENEBS_IO_KUBE_CONFIG enables maya api service to connect to K8s # based on this config. This is ignored if empty. # This is supported for maya api server version 0.5.2 onwards #- name: OPENEBS_IO_KUBE_CONFIG # value: "/home/ubuntu/.kube/config" # OPENEBS_IO_K8S_MASTER enables maya api service to connect to K8s # based on this address. This is ignored if empty. # This is supported for maya api server version 0.5.2 onwards #- name: OPENEBS_IO_K8S_MASTER # value: "http://172.28.128.3:8080" - name: OPENEBS_IO_JIVA_CONTROLLER_IMAGE value: "openebs/jiva:0.6.0" - name: OPENEBS_IO_JIVA_REPLICA_IMAGE value: "openebs/jiva:0.6.0" - name: OPENEBS_IO_VOLUME_MONITOR_IMAGE value: "openebs/m-exporter:0.6.0" - name: OPENEBS_IO_JIVA_REPLICA_COUNT value: "3" # DEFAULT_CONTROLLER_NODE_SELECTOR allows your to specify the nodes # on which openebs controller have to be scheduled. To use this feature, # the nodes should already be labeled with the key=value. For example: # `kubectl label nodes nodetype=storage # Note: It is recommended that node selector for controller be # same as that of the stateful apps. # This is supported for maya api server version 0.6.0-RC2 onwards #- name: DEFAULT_CONTROLLER_NODE_SELECTOR # value: "nodetype=storage" # DEFAULT_REPLICA_NODE_SELECTOR allows your to specify the nodes # on which openebs replicas have to be scheduled. To use this feature, # the nodes should already be labeled with the key=value. For example: # `kubectl label nodes nodetype=storage # Note: It is recommended that node selector for replica will specify # nodes that have disks/ssds attached to them. # This is supported for maya api server version 0.6.0-RC2 onwards #- name: DEFAULT_REPLICA_NODE_SELECTOR # value: "nodetype=storage" --- apiVersion: v1 kind: Service metadata: name: maya-apiserver-service namespace: openebs spec: ports: - name: api port: 5656 protocol: TCP targetPort: 5656 selector: name: maya-apiserver sessionAffinity: None --- apiVersion: apps/v1beta1 kind: Deployment metadata: name: openebs-provisioner namespace: openebs spec: replicas: 1 template: metadata: labels: name: openebs-provisioner spec: serviceAccountName: openebs-maya-operator containers: - name: openebs-provisioner imagePullPolicy: Always image: openebs/openebs-k8s-provisioner:0.6.0 env: # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s # based on this address. This is ignored if empty. # This is supported for openebs provisioner version 0.5.2 onwards #- name: OPENEBS_IO_K8S_MASTER # value: "http://10.128.0.12:8080" # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s # based on this config. This is ignored if empty. # This is supported for openebs provisioner version 0.5.2 onwards #- name: OPENEBS_IO_KUBE_CONFIG # value: "/home/ubuntu/.kube/config" # OPENEBS_VALID_FSTYPE enables openebs provisioner to provision openebs # volume other then ext4(default fstype). After adding "openebs.io/fstype" # parameters in StorageClasse will provision the volume with specified fstype. # This is ignored if empty. # This is supported for openebs provisioner version 0.5.4 onwards #- name: OPENEBS_VALID_FSTYPE # value: "ext4,xfs" - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: OPENEBS_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: OPENEBS_MONITOR_URL value: "http://127.0.0.1:32515/dashboard/db/openebs-volume-stats?orgId=1" - name: OPENEBS_MONITOR_VOLKEY value: "&var-OpenEBS" - name: MAYA_PORTAL_URL value: "https://mayaonline.io/" --- apiVersion: apps/v1beta1 kind: Deployment metadata: name: openebs-snapshot-operator namespace: openebs spec: replicas: 1 strategy: type: Recreate template: metadata: labels: name: openebs-snapshot-operator spec: serviceAccountName: openebs-maya-operator containers: - name: snapshot-controller image: openebs/snapshot-controller:0.6.0 imagePullPolicy: Always env: - name: OPENEBS_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: snapshot-provisioner image: openebs/snapshot-provisioner:0.6.0 imagePullPolicy: Always env: - name: OPENEBS_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . name: storagepoolclaims.openebs.io spec: # group name to use for REST API: /apis// group: openebs.io # version name to use for REST API: /apis// version: v1alpha1 # either Namespaced or Cluster scope: Cluster names: # plural name to be used in the URL: /apis/// plural: storagepoolclaims # singular name to be used as an alias on the CLI and for display singular: storagepoolclaim # kind is normally the CamelCased singular type. Your resource manifests use this. kind: StoragePoolClaim # shortNames allow shorter string to match your resource on the CLI shortNames: - spc --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . name: storagepools.openebs.io spec: # group name to use for REST API: /apis// group: openebs.io # version name to use for REST API: /apis// version: v1alpha1 # either Namespaced or Cluster scope: Cluster names: # plural name to be used in the URL: /apis/// plural: storagepools # singular name to be used as an alias on the CLI and for display singular: storagepool # kind is normally the CamelCased singular type. Your resource manifests use this. kind: StoragePool # shortNames allow shorter string to match your resource on the CLI shortNames: - sp --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: openebs-standard provisioner: openebs.io/provisioner-iscsi parameters: openebs.io/storage-pool: "default" openebs.io/jiva-replica-count: "3" openebs.io/volume-monitor: "true" openebs.io/capacity: 5G --- kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: openebs-snapshot-promoter provisioner: volumesnapshot.external-storage.k8s.io/snapshot-promoter --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . name: volumepolicies.openebs.io spec: # group name to use for REST API: /apis// group: openebs.io # version name to use for REST API: /apis// version: v1alpha1 # either Namespaced or Cluster scope: Cluster names: # plural name to be used in the URL: /apis/// plural: volumepolicies # singular name to be used as an alias on the CLI and for display singular: volumepolicy # kind is normally the CamelCased singular type. Your resource manifests use this. kind: VolumePolicy # shortNames allow shorter string to match your resource on the CLI shortNames: - vp