github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #54302 from sbezverk/refactor_rbd_volume

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 54229, 54380, 54302, 54454). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Refactor RBD volume

Refactor RBD Volume Persistent Volume Spec so RBD PV's SecretRef
allows referencing a secret from a persistent volume in any namespace.
This allows locating credentials for persistent volumes in namespaces
other than the one containing the PVC.
Closes #54432
```release-note
RBD Persistent Volume Sources can now reference User's Secret in namespaces other than the namespace of the bound Persistent Volume Claim
```
This commit is contained in:
Kubernetes Submit Queue
2017-10-24 08:35:11 -07:00
committed by GitHub
parent 9d6739c5a8 ab32196ffd
commit 16cdda003c
23 changed files with 2115 additions and 1074 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
api/openapi-spec/swagger.json
View File

@@ -68781,7 +68781,7 @@
},
"rbd": {
"description": "RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md",
"$ref": "#/definitions/io.k8s.api.core.v1.RBDVolumeSource"
"$ref": "#/definitions/io.k8s.api.core.v1.RBDPersistentVolumeSource"
},
"scaleIO": {
"description": "ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.",
@@ -69424,6 +69424,50 @@
}
}
},
"io.k8s.api.core.v1.RBDPersistentVolumeSource": {
"description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.",
"required": [
"monitors",
"image"
],
"properties": {
"fsType": {
"description": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd",
"type": "string"
},
"image": {
"description": "The rados image name. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it",
"type": "string"
},
"keyring": {
"description": "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it",
"type": "string"
},
"monitors": {
"description": "A collection of Ceph monitors. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it",
"type": "array",
"items": {
"type": "string"
}
},
"pool": {
"description": "The rados pool name. Default is rbd. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it",
"type": "string"
},
"readOnly": {
"description": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it",
"type": "boolean"
},
"secretRef": {
"description": "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it",
"$ref": "#/definitions/io.k8s.api.core.v1.SecretReference"
},
"user": {
"description": "The rados user name. Default is admin. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it",
"type": "string"
}
}
},
"io.k8s.api.core.v1.RBDVolumeSource": {
"description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.",
"required": [

89
api/swagger-spec/v1.json
View File

@@ -20529,7 +20529,7 @@
"description": "NFS represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs"
},
"rbd": {
"$ref": "v1.RBDVolumeSource",
"$ref": "v1.RBDPersistentVolumeSource",
"description": "RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md"
},
"iscsi": {
@@ -20737,8 +20737,8 @@
}
}
},
"v1.RBDVolumeSource": {
"id": "v1.RBDVolumeSource",
"v1.RBDPersistentVolumeSource": {
"id": "v1.RBDPersistentVolumeSource",
"description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.",
"required": [
"monitors",
@@ -20773,7 +20773,7 @@
"description": "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"$ref": "v1.SecretReference",
"description": "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it"
},
"readOnly": {
@@ -20782,13 +20782,17 @@
}
}
},
"v1.LocalObjectReference": {
"id": "v1.LocalObjectReference",
"description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.",
"v1.SecretReference": {
"id": "v1.SecretReference",
"description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace",
"properties": {
"name": {
"type": "string",
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
"description": "Name is unique within a namespace to reference a secret resource."
},
"namespace": {
"type": "string",
"description": "Namespace defines the space within which the secret name must be unique."
}
}
},
@@ -20851,6 +20855,16 @@
}
}
},
"v1.LocalObjectReference": {
"id": "v1.LocalObjectReference",
"description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.",
"properties": {
"name": {
"type": "string",
"description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names"
}
}
},
"v1.CinderVolumeSource": {
"id": "v1.CinderVolumeSource",
"description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.",
@@ -20908,20 +20922,6 @@
}
}
},
"v1.SecretReference": {
"id": "v1.SecretReference",
"description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace",
"properties": {
"name": {
"type": "string",
"description": "Name is unique within a namespace to reference a secret resource."
},
"namespace": {
"type": "string",
"description": "Namespace defines the space within which the secret name must be unique."
}
}
},
"v1.FCVolumeSource": {
"id": "v1.FCVolumeSource",
"description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.",
@@ -21674,6 +21674,51 @@
}
}
},
"v1.RBDVolumeSource": {
"id": "v1.RBDVolumeSource",
"description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.",
"required": [
"monitors",
"image"
],
"properties": {
"monitors": {
"type": "array",
"items": {
"type": "string"
},
"description": "A collection of Ceph monitors. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it"
},
"image": {
"type": "string",
"description": "The rados image name. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it"
},
"fsType": {
"type": "string",
"description": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd"
},
"pool": {
"type": "string",
"description": "The rados pool name. Default is rbd. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it"
},
"user": {
"type": "string",
"description": "The rados user name. Default is admin. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it"
},
"keyring": {
"type": "string",
"description": "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it"
},
"readOnly": {
"type": "boolean",
"description": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it"
}
}
},
"v1.CephFSVolumeSource": {
"id": "v1.CephFSVolumeSource",
"description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.",