init

terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/secret.tf

@@ -0,0 +1,13 @@
+resource "kubernetes_secret_v1" "csi_rbd_secret" {
+  metadata {
+    name      = "csi-rbd-secret"
+    namespace = var.namespace
+  }
+
+  data = {
+    userID  = var.ceph_user_id
+    userKey = var.ceph_user_key
+  }
+
+  type = "Opaque"
+}

terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/storage_class.tf

@@ -0,0 +1,27 @@
+resource "kubernetes_storage_class_v1" "ceph_rbd" {
+  metadata {
+    name = "ceph-rbd"
+    # если хочешь сделать default:
+    # annotations = {
+    #   "storageclass.kubernetes.io/is-default-class" = "true"
+    # }
+  }
+
+  storage_provisioner    = "rbd.csi.ceph.com"
+  reclaim_policy         = "Delete"
+  volume_binding_mode    = "Immediate"
+  allow_volume_expansion = true
+
+  parameters = {
+    clusterID = var.ceph_cluster_id
+    pool      = var.ceph_rbd_pool
+
+    # ВАЖНО: это строки-ключи, строго без пробелов и без "/"
+    "csi.storage.k8s.io/provisioner-secret-name"      = kubernetes_secret_v1.csi_rbd_secret.metadata[0].name
+    "csi.storage.k8s.io/provisioner-secret-namespace" = kubernetes_secret_v1.csi_rbd_secret.metadata[0].namespace
+    "csi.storage.k8s.io/node-stage-secret-name"       = kubernetes_secret_v1.csi_rbd_secret.metadata[0].name
+    "csi.storage.k8s.io/node-stage-secret-namespace"  = kubernetes_secret_v1.csi_rbd_secret.metadata[0].namespace
+
+    imageFeatures = "layering"
+  }
+}

terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/variables.tf

@@ -0,0 +1,20 @@
+variable "namespace" {
+  type = string
+}
+
+variable "ceph_cluster_id" {
+  type = string
+}
+
+variable "ceph_rbd_pool" {
+  type = string
+}
+
+variable "ceph_user_id" {
+  type = string
+}
+
+variable "ceph_user_key" {
+  type      = string
+  sensitive = true
+}

terraform/modules/k8s/ceph/k8s-ceph-rbd-storage/versions.tf

@@ -0,0 +1,5 @@
+terraform {
+  required_providers {
+    kubernetes = { source = "hashicorp/kubernetes" }
+  }
+}