# Define the Service Account # Define the RBAC rules for the Service Account # Launch the maya-apiserver ( deployment ) # Launch the maya-storagemanager ( deameon set ) # Create Maya Service Account apiVersion: v1 kind: ServiceAccount metadata: name: openebs-maya-operator namespace: default --- # Define Role that allows operations on K8s pods/deployments # in "default" namespace # TODO : change to new namespace, for isolated data network # TODO : the rules should be updated with required group/resources/verb kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: namespace: default name: openebs-maya-operator rules: - apiGroups: ["*"] resources: ["nodes","nodes/proxy"] verbs: ["get","list","watch","create","update"] - apiGroups: ["*"] resources: ["namespaces","services","pods","deployments", "events", "endpoints"] verbs: ["*"] - apiGroups: ["*"] resources: ["persistentvolumes","persistentvolumeclaims"] verbs: ["*"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["*"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: [ "get", "list", "create" ] - apiGroups: ["*"] resources: ["storagepools"] verbs: ["get", "list"] - apiGroups: ["volumesnapshot.external-storage.k8s.io"] resources: ["volumesnapshots","volumesnapshotdatas"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - nonResourceURLs: ["/metrics"] verbs: ["get"] --- # Bind the Service Account with the Role Privileges. # TODO: Check if default account also needs to be there kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: openebs-maya-operator namespace: default subjects: - kind: ServiceAccount name: openebs-maya-operator namespace: default - kind: User name: system:serviceaccount:default:default apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: openebs-maya-operator apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1beta1 kind: Deployment metadata: name: maya-apiserver namespace: default spec: replicas: 1 template: metadata: labels: name: maya-apiserver spec: serviceAccountName: openebs-maya-operator containers: - name: maya-apiserver imagePullPolicy: Always image: openebs/m-apiserver:0.5.4 ports: - containerPort: 5656 env: # OPENEBS_IO_KUBE_CONFIG enables maya api service to connect to K8s # based on this config. This is ignored if empty. # This is supported for maya api server version 0.5.2 onwards #- name: OPENEBS_IO_KUBE_CONFIG # value: "/home/ubuntu/.kube/config" # OPENEBS_IO_K8S_MASTER enables maya api service to connect to K8s # based on this address. This is ignored if empty. # This is supported for maya api server version 0.5.2 onwards #- name: OPENEBS_IO_K8S_MASTER # value: "http://172.28.128.3:8080" - name: OPENEBS_IO_JIVA_CONTROLLER_IMAGE value: "openebs/jiva:0.5.4" - name: OPENEBS_IO_JIVA_REPLICA_IMAGE value: "openebs/jiva:0.5.4" - name: OPENEBS_IO_VOLUME_MONITOR_IMAGE value: "openebs/m-exporter:0.5.4" - name: OPENEBS_IO_JIVA_REPLICA_COUNT value: "3" --- apiVersion: v1 kind: Service metadata: name: maya-apiserver-service spec: ports: - name: api port: 5656 protocol: TCP targetPort: 5656 selector: name: maya-apiserver sessionAffinity: None --- apiVersion: apps/v1beta1 kind: Deployment metadata: name: openebs-provisioner namespace: default spec: replicas: 1 template: metadata: labels: name: openebs-provisioner spec: serviceAccountName: openebs-maya-operator containers: - name: openebs-provisioner imagePullPolicy: Always image: openebs/openebs-k8s-provisioner:0.5.4 env: # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s # based on this address. This is ignored if empty. # This is supported for openebs provisioner version 0.5.2 onwards #- name: OPENEBS_IO_K8S_MASTER # value: "http://10.128.0.12:8080" # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s # based on this config. This is ignored if empty. # This is supported for openebs provisioner version 0.5.2 onwards #- name: OPENEBS_IO_KUBE_CONFIG # value: "/home/ubuntu/.kube/config" # OPENEBS_VALID_FSTYPE enables openebs provisioner to provision openebs # volume other then ext4(default fstype). After adding "openebs.io/fstype" # parameters in StorageClasse will provision the volume with specified fstype. # This is ignored if empty. # This is supported for openebs provisioner version 0.5.4 onwards #- name: OPENEBS_VALID_FSTYPE # value: "ext4,xfs" - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: OPENEBS_MONITOR_URL value: "http://127.0.0.1:32515/dashboard/db/openebs-volume-stats?orgId=1" - name: OPENEBS_MONITOR_VOLKEY value: "&var-OpenEBS" - name: MAYA_PORTAL_URL value: "https://mayaonline.io/" --- apiVersion: apps/v1beta1 kind: Deployment metadata: name: openebs-snapshot-controller namespace: default spec: replicas: 1 strategy: type: Recreate template: metadata: labels: app: openebs-snapshot-controller spec: serviceAccountName: openebs-maya-operator containers: - name: snapshot-controller image: openebs/k8s-snapshot-controller:ci imagePullPolicy: "IfNotPresent" - name: snapshot-provisioner image: openebs/k8s-snapshot-provisioner:ci imagePullPolicy: "IfNotPresent" --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . name: storagepoolclaims.openebs.io spec: # group name to use for REST API: /apis// group: openebs.io # version name to use for REST API: /apis// version: v1alpha1 # either Namespaced or Cluster scope: Cluster names: # plural name to be used in the URL: /apis/// plural: storagepoolclaims # singular name to be used as an alias on the CLI and for display singular: storagepoolclaim # kind is normally the CamelCased singular type. Your resource manifests use this. kind: StoragePoolClaim # shortNames allow shorter string to match your resource on the CLI shortNames: - spc --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . name: storagepools.openebs.io spec: # group name to use for REST API: /apis// group: openebs.io # version name to use for REST API: /apis// version: v1alpha1 # either Namespaced or Cluster scope: Cluster names: # plural name to be used in the URL: /apis/// plural: storagepools # singular name to be used as an alias on the CLI and for display singular: storagepool # kind is normally the CamelCased singular type. Your resource manifests use this. kind: StoragePool # shortNames allow shorter string to match your resource on the CLI shortNames: - sp --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: openebs-standard provisioner: openebs.io/provisioner-iscsi parameters: openebs.io/storage-pool: "default" openebs.io/jiva-replica-count: "3" openebs.io/volume-monitor: "true" openebs.io/capacity: 5G --- kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: snapshot-promoter provisioner: volumesnapshot.external-storage.k8s.io/snapshot-promoter --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . name: volumepolicies.openebs.io spec: # group name to use for REST API: /apis// group: openebs.io # version name to use for REST API: /apis// version: v1alpha1 # either Namespaced or Cluster scope: Cluster names: # plural name to be used in the URL: /apis/// plural: volumepolicies # singular name to be used as an alias on the CLI and for display singular: volumepolicy # kind is normally the CamelCased singular type. Your resource manifests use this. kind: VolumePolicy # shortNames allow shorter string to match your resource on the CLI shortNames: - vp