Drive wipe script for rook.

Reset script to wipe crds rook intentionally leaves there.
Update command to include bgp
2024-02-16 14:28:14 -06:00 · 2024-02-16 14:27:59 -06:00 · 2024-02-16 14:27:34 -06:00 · 2024-02-16 14:27:12 -06:00 · 2024-02-16 14:26:15 -06:00
5 changed files with 139 additions and 8 deletions
--- a/.archive/cilium/app/helmrelease.yaml
+++ b/.archive/cilium/app/helmrelease.yaml
@ -43,12 +43,6 @@ spec:
        enabled: true
    ipam:
      mode: kubernetes
    policyEnforcementMode: always    # enforce network policies
    policyAuditMode: true            # do not block traffic
    hostFirewall:
      enabled: true                  # enable host policies
    extraConfig:
      allow-localhost: policy        # enable policies for localhost
    kubeProxyReplacement: true
    k8sServiceHost: 127.0.0.1
    k8sServicePort: 7445
--- a/kubernetes/apps/kube-system/rocky-nenya.yaml
+++ b/kubernetes/apps/kube-system/rocky-nenya.yaml
@ -2,9 +2,9 @@ apiVersion: v1
 kind: Pod
 metadata:
  name: rocky-nenya
-  namespace: default
+  namespace: kube-system 
 spec:
-  nodeName: nenya
+  #  nodeName: nenya
  containers:
    - name: rocky
      image: rockylinux:9
--- a/kubernetes/bootstrap/install-cilium.sh
+++ b/kubernetes/bootstrap/install-cilium.sh
@ -0,0 +1,15 @@
 #!/bin/bash
 cilium install \
    --helm-set=ipam.mode=kubernetes \
    --helm-set=kubeProxyReplacement=true \
    --helm-set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
    --helm-set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
    --helm-set=cgroup.autoMount.enabled=false \
    --helm-set=cgroup.hostRoot=/sys/fs/cgroup \
    --helm-set=k8sServiceHost=127.0.0.1 \
    --helm-set=k8sServicePort=7445 \
    --helm-set=bgpControlPlane.enabled=true \
    --helm-set=bgp.enabled=false \
    --helm-set=bgp.announce.loadbalancerIP=true \
    --helm-set=bgp.announce.podCIDR=false
--- a/kubernetes/tools/wipe-rook-resources.sh
+++ b/kubernetes/tools/wipe-rook-resources.sh
@ -0,0 +1,11 @@
 #!/bin/bash
 # remove all rook resources
 kubectl patch cephfilesystems ceph-filesystem -p '{"metadata":{"finalizers":null}}' --type=merge -n rook-ceph
 kubectl delete cephfilesystems ceph-filesystem -n rook-ceph
 kubectl patch cephblockpools ceph-blockpool -p '{"metadata":{"finalizers":null}}' --type=merge -n rook-ceph
 kubectl delete cephblockpools ceph-blockpool -n rook-ceph
 kubectl patch cephobjectstores ceph-objectstore -p '{"metadata":{"finalizers":null}}' --type=merge -n rook-ceph
 kubectl delete cephobjectstores ceph-objectstore -n rook-ceph
 kubectl patch CephFilesystemSubVolumeGroup ceph-filesystem-csi -p '{"metadata":{"finalizers":null}}' --type=merge -n rook-ceph
 kubectl delete CephFilesystemSubVolumeGroup ceph-filesystem-csi -n rook-ceph
--- a/kubernetes/tools/wiperook.yaml
+++ b/kubernetes/tools/wiperook.yaml
@ -0,0 +1,111 @@
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: disk-wipe-nessa
  namespace: rook-ceph
 spec:
  restartPolicy: Never
  nodeName: talos-nz9-4fz
  containers:
    - name: disk-wipe
      image: ghcr.io/onedr0p/alpine:3.19.0@sha256:51632d23e56ae28a34f8e90df6fe8d02730b5462697ae52e8b01ad6484497819
      securityContext:
        privileged: true
      resources: {}
      env:
        - name: CEPH_DISK
          value: "/dev/xvdb"
      command:
        [
          "/bin/sh",
          "-c"
        ]
      args:
        - apk add --no-cache sgdisk util-linux parted;
          sgdisk --zap-all $CEPH_DISK;
          blkdiscard $CEPH_DISK;
          dd if=/dev/zero bs=1M count=1000 oflag=direct of=$CEPH_DISK;
          partprobe $CEPH_DISK;
      volumeMounts:
        - mountPath: /mnt/host_var
          name: host-var
  volumes:
    - name: host-var
      hostPath:
        path: /var
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: disk-wipe-nienna
  namespace: rook-ceph
 spec:
  restartPolicy: Never
  nodeName: talos-9c9-dj0
  containers:
    - name: disk-wipe
      image: ghcr.io/onedr0p/alpine:3.19.0@sha256:51632d23e56ae28a34f8e90df6fe8d02730b5462697ae52e8b01ad6484497819
      securityContext:
        privileged: true
      resources: {}
      env:
        - name: CEPH_DISK
          value: "/dev/xvdb"
      command:
        [
          "/bin/sh",
          "-c"
        ]
      args:
        - apk add --no-cache sgdisk util-linux parted;
          sgdisk --zap-all $CEPH_DISK;
          blkdiscard $CEPH_DISK;
          dd if=/dev/zero bs=1M count=1000 oflag=direct of=$CEPH_DISK;
          partprobe $CEPH_DISK;
      volumeMounts:
        - mountPath: /mnt/host_var
          name: host-var
  volumes:
    - name: host-var
      hostPath:
        path: /var
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: disk-wipe-orome
  namespace: rook-ceph
 spec:
  restartPolicy: Never
  nodeName: talos-dz9-5ys
  containers:
    - name: disk-wipe
      image: ghcr.io/onedr0p/alpine:3.19.0@sha256:51632d23e56ae28a34f8e90df6fe8d02730b5462697ae52e8b01ad6484497819
      securityContext:
        privileged: true
      resources: {}
      env:
        - name: CEPH_DISK
          value: "/dev/xvdb"
      command:
        [
          "/bin/sh",
          "-c"
        ]
      args:
        - apk add --no-cache sgdisk util-linux parted;
          sgdisk --zap-all $CEPH_DISK;
          blkdiscard $CEPH_DISK;
          dd if=/dev/zero bs=1M count=1000 oflag=direct of=$CEPH_DISK;
          partprobe $CEPH_DISK;
      volumeMounts:
        - mountPath: /mnt/host_var
          name: host-var
  volumes:
    - name: host-var
      hostPath:
        path: /var
Author	SHA1	Message	Date
Joseph Hanson	0de1620630	Drive wipe script for rook.	2024-02-16 14:28:14 -06:00
Joseph Hanson	001f57e447	Reset script to wipe crds rook intentionally leaves there.	2024-02-16 14:27:59 -06:00
Joseph Hanson	edfe1db25c	Update command to include bgp	2024-02-16 14:27:34 -06:00
Joseph Hanson	dc27e58298	Move tool pod to priv namespace	2024-02-16 14:27:12 -06:00
Joseph Hanson	06157d2e09	Removed netpol/firewall mode for now.	2024-02-16 14:26:15 -06:00