github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-05 15:37:24 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #49502 from rootfs/cephfs-pv-ns

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 50213, 50707, 49502, 51230, 50848)

Refactor CephFS PV spec

**What this PR does / why we need it**:
refactor CephFS Volume Persistent Volume Spec so CephFS PV's SecretRef allows referencing a secret from a persistent volume in any namespace. This allows locating credentials for persistent volumes in namespaces other than the one containing the PVC.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes-incubator/external-storage/issues/309

**Special notes for your reviewer**:
@kubernetes/sig-storage-api-reviews 

**Release note**:

```release-note
Allow CephFS PV to specify a namespace for secret
```
This commit is contained in:
Kubernetes Submit Queue
2017-08-25 01:10:33 -07:00
committed by GitHub
parent b9425ded2e 9f0aad32b0
commit ed6efbc0b5
19 changed files with 3451 additions and 1543 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
api/openapi-spec/swagger.json
View File

@@ -58230,6 +58230,41 @@
}
}
},
"io.k8s.api.core.v1.CephFSPersistentVolumeSource": {
"description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.",
"required": [
"monitors"
],
"properties": {
"monitors": {
"description": "Required: Monitors is a collection of Ceph monitors More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it",
"type": "array",
"items": {
"type": "string"
}
},
"path": {
"description": "Optional: Used as the mounted root, rather than the full Ceph tree, default is /",
"type": "string"
},
"readOnly": {
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it",
"type": "boolean"
},
"secretFile": {
"description": "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it",
"type": "string"
},
"secretRef": {
"description": "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it",
"$ref": "#/definitions/io.k8s.api.core.v1.SecretReference"
},
"user": {
"description": "Optional: User is the rados user name, default is admin More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it",
"type": "string"
}
}
},
"io.k8s.api.core.v1.CephFSVolumeSource": {
"description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.",
"required": [
@@ -60465,7 +60500,7 @@
},
"cephfs": {
"description": "CephFS represents a Ceph FS mount on the host that shares a pod's lifetime",
"$ref": "#/definitions/io.k8s.api.core.v1.CephFSVolumeSource"
"$ref": "#/definitions/io.k8s.api.core.v1.CephFSPersistentVolumeSource"
},
"cinder": {
"description": "Cinder represents a cinder volume attached and mounted on kubelets host machine More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md",
@@ -61723,6 +61758,19 @@
}
}
},
"io.k8s.api.core.v1.SecretReference": {
"description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace",
"properties": {
"name": {
"description": "Name is unique within a namespace to reference a secret resource.",
"type": "string"
},
"namespace": {
"description": "Namespace defines the space within which the secret name must be unique.",
"type": "string"
}
}
},
"io.k8s.api.core.v1.SecretVolumeSource": {
"description": "Adapts a Secret into a volume.\n\nThe contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.",
"properties": {

58
api/swagger-spec/v1.json
View File

@@ -18865,7 +18865,7 @@
"description": "Cinder represents a cinder volume attached and mounted on kubelets host machine More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"cephfs": {
"$ref": "v1.CephFSVolumeSource",
"$ref": "v1.CephFSPersistentVolumeSource",
"description": "CephFS represents a Ceph FS mount on the host that shares a pod's lifetime"
},
"fc": {
@@ -19189,8 +19189,8 @@
}
}
},
"v1.CephFSVolumeSource": {
"id": "v1.CephFSVolumeSource",
"v1.CephFSPersistentVolumeSource": {
"id": "v1.CephFSPersistentVolumeSource",
"description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.",
"required": [
"monitors"
@@ -19216,7 +19216,7 @@
"description": "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"$ref": "v1.SecretReference",
"description": "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it"
},
"readOnly": {
@@ -19225,6 +19225,20 @@
}
}
},
"v1.SecretReference": {
"id": "v1.SecretReference",
"description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace",
"properties": {
"name": {
"type": "string",
"description": "Name is unique within a namespace to reference a secret resource."
},
"namespace": {
"type": "string",
"description": "Namespace defines the space within which the secret name must be unique."
}
}
},
"v1.FCVolumeSource": {
"id": "v1.FCVolumeSource",
"description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.",
@@ -19977,6 +19991,42 @@
}
}
},
"v1.CephFSVolumeSource": {
"id": "v1.CephFSVolumeSource",
"description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.",
"required": [
"monitors"
],
"properties": {
"monitors": {
"type": "array",
"items": {
"type": "string"
},
"description": "Required: Monitors is a collection of Ceph monitors More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it"
},
"path": {
"type": "string",
"description": "Optional: Used as the mounted root, rather than the full Ceph tree, default is /"
},
"user": {
"type": "string",
"description": "Optional: User is the rados user name, default is admin More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it"
},
"secretFile": {
"type": "string",
"description": "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it"
},
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it"
}
}
},
"v1.DownwardAPIVolumeSource": {
"id": "v1.DownwardAPIVolumeSource",
"description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.",