fix(rook-ceph): rm rbac, rm PVC encryption for now

2026-03-22 06:39:47 +00:00 · 2023-11-17 09:02:39 +08:00
parent 296c104f0b
commit e5dff7dd37
3 changed files with 2 additions and 92 deletions
--- a/kube/deploy/core/storage/rook-ceph/app/hr.yaml
+++ b/kube/deploy/core/storage/rook-ceph/app/hr.yaml
@@ -32,7 +32,8 @@ spec:
      enableOBCs: true
    csi:
      enableCSIHostNetwork: true
-      enableCSIEncryption: true
+      # enableCSIEncryption: true
+      enableCSIEncryption: false # TODO: disable for now till needed, and key management is decided
      enableMetadata: true # I love my verbosity
      csiAddons: # for RBD NodeLoss failover
        enabled: true
--- a/kube/deploy/core/storage/rook-ceph/app/kustomization.yaml
+++ b/kube/deploy/core/storage/rook-ceph/app/kustomization.yaml
@@ -1,8 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - hr.yaml
-  - rbac.yaml
-  - netpol.yaml
-#  - volumesnapshotclass.yaml
--- a/kube/deploy/core/storage/rook-ceph/app/rbac.yaml
+++ b/kube/deploy/core/storage/rook-ceph/app/rbac.yaml
@@ -1,83 +0,0 @@
---
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rook-ceph-monitoring
-  namespace: rook-ceph
-rules:
-  - apiGroups:
-      - "monitoring.coreos.com"
-    resources:
-      - servicemonitors
-      - prometheusrules
-    verbs:
-      - get
-      - list
-      - watch
-      - create
-      - update
-      - delete
---
-# Allow management of monitoring resources in the mgr
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rook-ceph-monitoring-mgr
-  namespace: rook-ceph
-rules:
-  - apiGroups:
-      - monitoring.coreos.com
-    resources:
-      - servicemonitors
-    verbs:
-      - get
-      - list
-      - create
-      - update
---
-# Allow the operator to get ServiceMonitors in this cluster's namespace
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rook-ceph-monitoring
-  namespace: rook-ceph
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: rook-ceph-monitoring
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-system
-    namespace: rook-ceph
---
-# Allow creation of monitoring resources in the mgr
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: rook-ceph-monitoring-mgr
-  namespace: rook-ceph
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: rook-ceph-monitoring-mgr
-subjects:
-  - kind: ServiceAccount
-    name: rook-ceph-mgr
-    namespace: rook-ceph
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: 'rook-ceph-system-psp-user'
-  labels:
-    operator: rook
-    storage-backend: ceph
-rules:
-  - apiGroups:
-      - policy
-    resources:
-      - podsecuritypolicies
-    resourceNames:
-      - 00-rook-ceph-operator
-    verbs:
-      - use