all repos — infra @ a14f6c932906e5b9007c071a4b07ed9edc32a023

infrastructure manifests and setup notes 

apps: setup garage for internal s3
Anirudh Oppiliappan x@icyphox.sh
Tue, 09 Jul 2024 23:19:13 +0300
commit

a14f6c932906e5b9007c071a4b07ed9edc32a023

parent

b85819ffb34ecd9220ba68d2bdbe797773028aa9

2 files changed, 194 insertions(+), 0 deletions(-)

jump to
A apps/garage/garage.yaml 
@@ -0,0 +1,145 @@ 
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: garage-config
+data:
+  garage.toml: |-
+    metadata_dir = "/mnt/meta"
+    data_dir = "/mnt/data"
+    
+    db_engine = "lmdb"
+    
+    block_size = 1048576
+    
+    replication_mode = "1"
+    
+    compression_level = 1
+    
+    rpc_bind_addr = "[::]:3901"
+    
+    bootstrap_peers = []
+    
+    [kubernetes_discovery]
+    namespace = "default"
+    service_name = "garage"
+    skip_crd = false
+    
+    [s3_api]
+    s3_region = "garage"
+    api_bind_addr = "[::]:3900"
+    root_domain = "garage.default.svc.koti.lan"
+    
+    [s3_web]
+    bind_addr = "[::]:3902"
+    root_domain = "garage.koti.lan"
+    index = "index.html"
+    
+    [admin]
+    api_bind_addr = "[::]:3903"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: garage
+  labels:
+    app.kubernetes.io/name: garage
+    app.kubernetes.io/instance: garage
+  annotations:
+    prometheus.io/scrape: "true"
+    prometheus.io/port: "3903"
+    prometheus.io/path: "/metrics"
+spec:
+  type: ClusterIP
+  ports:
+    - port: 3900
+      targetPort: 3900
+      protocol: TCP
+      name: s3-api
+    - port: 80
+      targetPort: 3902
+      protocol: TCP
+      name: s3-web
+    - port: 3903
+      targetPort: 3903
+      protocol: TCP
+      name: admin
+  selector:
+    app.kubernetes.io/name: garage
+    app.kubernetes.io/instance: garage
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: garage
+  labels:
+    app.kubernetes.io/name: garage
+    app.kubernetes.io/instance: garage
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: garage
+      app.kubernetes.io/instance: garage
+  replicas: 1
+  serviceName: garage
+  podManagementPolicy: OrderedReady
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: garage
+        app.kubernetes.io/instance: garage
+    spec:
+      serviceAccountName: garage
+      securityContext:
+        fsGroup: 1000
+        runAsGroup: 1000
+        runAsNonRoot: true
+        runAsUser: 1000
+      containers:
+        - name: garage
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+            readOnlyRootFilesystem: true
+          image: "dxflrs/amd64_garage:v1.0.0"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 3900
+              name: s3-api
+            - containerPort: 3902
+              name: web-api
+            - containerPort: 3903
+              name: admin
+          volumeMounts:
+            - name: meta
+              mountPath: /mnt/meta
+            - name: data
+              mountPath: /mnt/data
+            - name: config
+              mountPath: /etc/garage.toml
+              subPath: garage.toml
+          env:
+            - name: GARAGE_RPC_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: garage-rpc-secret
+                  key: rpcSecret
+      volumes:
+        - name: config
+          configMap:
+            name: garage-config
+  volumeClaimTemplates:
+  - metadata:
+      name: meta
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: "100Mi"
+  - metadata:
+      name: data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: "30Gi"
A apps/garage/rbac.yaml 
@@ -0,0 +1,49 @@ 
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: garage
+  labels:
+    helm.sh/chart: garage-0.5.0
+    app.kubernetes.io/name: garage
+    app.kubernetes.io/instance: garage
+    app.kubernetes.io/version: "v1.0.0"
+    app.kubernetes.io/managed-by: Helm
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: manage-crds-default-garage
+  labels:
+    helm.sh/chart: garage-0.5.0
+    app.kubernetes.io/name: garage
+    app.kubernetes.io/instance: garage
+    app.kubernetes.io/version: "v1.0.0"
+    app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups: ["apiextensions.k8s.io"]
+  resources: ["customresourcedefinitions"]
+  verbs: ["get", "list", "watch", "create", "patch"]
+- apiGroups: ["deuxfleurs.fr"]
+  resources: ["garagenodes"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: allow-crds-for-default-garage
+  labels:
+    helm.sh/chart: garage-0.5.0
+    app.kubernetes.io/name: garage
+    app.kubernetes.io/instance: garage
+    app.kubernetes.io/version: "v1.0.0"
+    app.kubernetes.io/managed-by: Helm
+subjects:
+- kind: ServiceAccount
+  name: garage
+  namespace: default
+roleRef:
+  kind: ClusterRole
+  name: manage-crds-default-garage
+  apiGroup: rbac.authorization.k8s.io
+