API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 22nd, 2019
63
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.19 KB | None | 0 0
raw download clone embed print report
  1. #################################################################################
  2. # This example first defines some necessary namespace and RBAC security objects.
  3. # The actual Ceph Cluster CRD example can be found at the bottom of this example.
  4. #################################################################################
  5. apiVersion: v1
  6. kind: Namespace
  7. metadata:
  8. name: rook-ceph
  9. ---
  10. apiVersion: v1
  11. kind: ServiceAccount
  12. metadata:
  13. name: rook-ceph-osd
  14. namespace: rook-ceph
  15. ---
  16. apiVersion: v1
  17. kind: ServiceAccount
  18. metadata:
  19. name: rook-ceph-mgr
  20. namespace: rook-ceph
  21. ---
  22. kind: Role
  23. apiVersion: rbac.authorization.k8s.io/v1beta1
  24. metadata:
  25. name: rook-ceph-osd
  26. namespace: rook-ceph
  27. rules:
  28. - apiGroups: [""]
  29. resources: ["configmaps"]
  30. verbs: [ "get", "list", "watch", "create", "update", "delete" ]
  31. ---
  32. # Aspects of ceph-mgr that require access to the system namespace
  33. kind: ClusterRole
  34. apiVersion: rbac.authorization.k8s.io/v1beta1
  35. metadata:
  36. name: rook-ceph-mgr-system
  37. namespace: rook-ceph
  38. rules:
  39. - apiGroups:
  40. - ""
  41. resources:
  42. - configmaps
  43. verbs:
  44. - get
  45. - list
  46. - watch
  47. ---
  48. # Aspects of ceph-mgr that operate within the cluster's namespace
  49. kind: Role
  50. apiVersion: rbac.authorization.k8s.io/v1beta1
  51. metadata:
  52. name: rook-ceph-mgr
  53. namespace: rook-ceph
  54. rules:
  55. - apiGroups:
  56. - ""
  57. resources:
  58. - pods
  59. - services
  60. verbs:
  61. - get
  62. - list
  63. - watch
  64. - apiGroups:
  65. - batch
  66. resources:
  67. - jobs
  68. verbs:
  69. - get
  70. - list
  71. - watch
  72. - create
  73. - update
  74. - delete
  75. - apiGroups:
  76. - ceph.rook.io
  77. resources:
  78. - "*"
  79. verbs:
  80. - "*"
  81. ---
  82. # Allow the operator to create resources in this cluster's namespace
  83. kind: RoleBinding
  84. apiVersion: rbac.authorization.k8s.io/v1beta1
  85. metadata:
  86. name: rook-ceph-cluster-mgmt
  87. namespace: rook-ceph
  88. roleRef:
  89. apiGroup: rbac.authorization.k8s.io
  90. kind: ClusterRole
  91. name: rook-ceph-cluster-mgmt
  92. subjects:
  93. - kind: ServiceAccount
  94. name: rook-ceph-system
  95. namespace: rook-ceph-system
  96. ---
  97. # Allow the osd pods in this namespace to work with configmaps
  98. kind: RoleBinding
  99. apiVersion: rbac.authorization.k8s.io/v1beta1
  100. metadata:
  101. name: rook-ceph-osd
  102. namespace: rook-ceph
  103. roleRef:
  104. apiGroup: rbac.authorization.k8s.io
  105. kind: Role
  106. name: rook-ceph-osd
  107. subjects:
  108. - kind: ServiceAccount
  109. name: rook-ceph-osd
  110. namespace: rook-ceph
  111. ---
  112. # Allow the ceph mgr to access the cluster-specific resources necessary for the mgr modules
  113. kind: RoleBinding
  114. apiVersion: rbac.authorization.k8s.io/v1beta1
  115. metadata:
  116. name: rook-ceph-mgr
  117. namespace: rook-ceph
  118. roleRef:
  119. apiGroup: rbac.authorization.k8s.io
  120. kind: Role
  121. name: rook-ceph-mgr
  122. subjects:
  123. - kind: ServiceAccount
  124. name: rook-ceph-mgr
  125. namespace: rook-ceph
  126. ---
  127. # Allow the ceph mgr to access the rook system resources necessary for the mgr modules
  128. kind: RoleBinding
  129. apiVersion: rbac.authorization.k8s.io/v1beta1
  130. metadata:
  131. name: rook-ceph-mgr-system
  132. namespace: rook-ceph-system
  133. roleRef:
  134. apiGroup: rbac.authorization.k8s.io
  135. kind: ClusterRole
  136. name: rook-ceph-mgr-system
  137. subjects:
  138. - kind: ServiceAccount
  139. name: rook-ceph-mgr
  140. namespace: rook-ceph
  141. ---
  142. # Allow the ceph mgr to access cluster-wide resources necessary for the mgr modules
  143. kind: ClusterRoleBinding
  144. apiVersion: rbac.authorization.k8s.io/v1beta1
  145. metadata:
  146. name: rook-ceph-mgr-cluster
  147. roleRef:
  148. apiGroup: rbac.authorization.k8s.io
  149. kind: ClusterRole
  150. name: rook-ceph-mgr-cluster
  151. subjects:
  152. - kind: ServiceAccount
  153. name: rook-ceph-mgr
  154. namespace: rook-ceph
  155. ---
  156. #################################################################################
  157. # The Ceph Cluster CRD example
  158. #################################################################################
  159. apiVersion: ceph.rook.io/v1
  160. kind: CephCluster
  161. metadata:
  162. name: rook-ceph
  163. namespace: rook-ceph
  164. spec:
  165. cephVersion:
  166. # For the latest ceph images, see https://hub.docker.com/r/ceph/ceph/tags
  167. image: ceph/ceph:v13.2.2-20181023
  168. dataDirHostPath: /var/lib/rook
  169. mon:
  170. count: 3
  171. allowMultiplePerNode: true
  172. dashboard:
  173. enabled: true
  174. storage:
  175. useAllNodes: true
  176. useAllDevices: false
  177. config:
  178. databaseSizeMB: "1024"
  179. journalSizeMB: "1024"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!