all repos — infra @ a14f6c932906e5b9007c071a4b07ed9edc32a023

infrastructure manifests and setup notes

apps: setup garage for internal s3
Anirudh Oppiliappan x@icyphox.sh
Tue, 09 Jul 2024 23:19:13 +0300
commit

a14f6c932906e5b9007c071a4b07ed9edc32a023

parent

b85819ffb34ecd9220ba68d2bdbe797773028aa9

2 files changed, 194 insertions(+), 0 deletions(-)

jump to
A apps/garage/garage.yaml

@@ -0,0 +1,145 @@

+apiVersion: v1 +kind: ConfigMap +metadata: + name: garage-config +data: + garage.toml: |- + metadata_dir = "/mnt/meta" + data_dir = "/mnt/data" + + db_engine = "lmdb" + + block_size = 1048576 + + replication_mode = "1" + + compression_level = 1 + + rpc_bind_addr = "[::]:3901" + + bootstrap_peers = [] + + [kubernetes_discovery] + namespace = "default" + service_name = "garage" + skip_crd = false + + [s3_api] + s3_region = "garage" + api_bind_addr = "[::]:3900" + root_domain = "garage.default.svc.koti.lan" + + [s3_web] + bind_addr = "[::]:3902" + root_domain = "garage.koti.lan" + index = "index.html" + + [admin] + api_bind_addr = "[::]:3903" +--- +apiVersion: v1 +kind: Service +metadata: + name: garage + labels: + app.kubernetes.io/name: garage + app.kubernetes.io/instance: garage + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3903" + prometheus.io/path: "/metrics" +spec: + type: ClusterIP + ports: + - port: 3900 + targetPort: 3900 + protocol: TCP + name: s3-api + - port: 80 + targetPort: 3902 + protocol: TCP + name: s3-web + - port: 3903 + targetPort: 3903 + protocol: TCP + name: admin + selector: + app.kubernetes.io/name: garage + app.kubernetes.io/instance: garage +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: garage + labels: + app.kubernetes.io/name: garage + app.kubernetes.io/instance: garage +spec: + selector: + matchLabels: + app.kubernetes.io/name: garage + app.kubernetes.io/instance: garage + replicas: 1 + serviceName: garage + podManagementPolicy: OrderedReady + template: + metadata: + labels: + app.kubernetes.io/name: garage + app.kubernetes.io/instance: garage + spec: + serviceAccountName: garage + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + containers: + - name: garage + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + image: "dxflrs/amd64_garage:v1.0.0" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3900 + name: s3-api + - containerPort: 3902 + name: web-api + - containerPort: 3903 + name: admin + volumeMounts: + - name: meta + mountPath: /mnt/meta + - name: data + mountPath: /mnt/data + - name: config + mountPath: /etc/garage.toml + subPath: garage.toml + env: + - name: GARAGE_RPC_SECRET + valueFrom: + secretKeyRef: + name: garage-rpc-secret + key: rpcSecret + volumes: + - name: config + configMap: + name: garage-config + volumeClaimTemplates: + - metadata: + name: meta + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: "100Mi" + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: "30Gi"
A apps/garage/rbac.yaml

@@ -0,0 +1,49 @@

+--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: garage + labels: + helm.sh/chart: garage-0.5.0 + app.kubernetes.io/name: garage + app.kubernetes.io/instance: garage + app.kubernetes.io/version: "v1.0.0" + app.kubernetes.io/managed-by: Helm +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manage-crds-default-garage + labels: + helm.sh/chart: garage-0.5.0 + app.kubernetes.io/name: garage + app.kubernetes.io/instance: garage + app.kubernetes.io/version: "v1.0.0" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "create", "patch"] +- apiGroups: ["deuxfleurs.fr"] + resources: ["garagenodes"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: allow-crds-for-default-garage + labels: + helm.sh/chart: garage-0.5.0 + app.kubernetes.io/name: garage + app.kubernetes.io/instance: garage + app.kubernetes.io/version: "v1.0.0" + app.kubernetes.io/managed-by: Helm +subjects: +- kind: ServiceAccount + name: garage + namespace: default +roleRef: + kind: ClusterRole + name: manage-crds-default-garage + apiGroup: rbac.authorization.k8s.io +