infrastructure/apps
1
0
Fork 0
Code Issues Pull requests 5 Projects Releases Packages Wiki Activity Actions

feat(garage): initial deployment
All checks were successful
Renovate / renovate (push) Successful in 20s
Details

Browse source
This commit is contained in:
Peter 2024-05-04 18:02:47 +02:00
parent 8a6cb17034
commit 9e43341646
Signed by: prskr
GPG key ID: F56BED6903BC5E37
9 changed files with 221 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
garage/.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
secret.*.yaml filter=age diff=age merge=age -text

28
garage/config/garage.toml Normal file
View file

@ -0,0 +1,28 @@
metadata_dir = "/srv/garage/meta"
data_dir = "/srv/garage/data"
db_engine = "lmdb"
block_size = "1M"
replication_factor = 2
compression_level = 1
rpc_bind_addr = "[::]:3901"
bootstrap_peers = []
[kubernetes_discovery]
namespace = "garage"
service_name = "garage"
skip_crd = false
[s3_api]
s3_region = "hel1"
api_bind_addr = "[::]:3900"
root_domain = ".s3.icb4dc0.de"
[s3_web]
bind_addr = "[::]:3902"
root_domain = ".icb4dc0.de"
index = "index.html"
[admin]
api_bind_addr = "[::]:3903"

29
garage/kustomization.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: garage
images:
- name: garage
newName: dxflrs/garage
newTag: v1.0.0
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/name: garage
app.kubernetes.io/instance: icb4dc0de
app.kubernetes.io/managed-by: kustomize
resources:
- resources/namespace.yaml
- resources/rbac/serviceaccount.yaml
- resources/rbac/clusterrole.yaml
- resources/secret.rpc.yaml
- resources/workload.yaml
- resources/services.yaml
configMapGenerator:
- name: garage-config
files:
- config/garage.toml

7
garage/resources/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: garage
labels:
prometheus: default

23
garage/resources/rbac/clusterrole.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: garage-manage-crds
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch", "create", "patch"]
- apiGroups: ["deuxfleurs.fr"]
resources: ["garagenodes"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: garage-allow-crds
subjects:
- kind: ServiceAccount
name: garage
roleRef:
kind: ClusterRole
name: garage-manage-crds
apiGroup: rbac.authorization.k8s.io

4
garage/resources/rbac/serviceaccount.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: garage

9
garage/resources/secret.rpc.yaml Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> X25519 +v0WONmpnyS82wmlmZBQ/FgyLM4QMv/TIFMKpNTPnU8
RXWB8IRMcJq1DxVnq9XNE6GhTvjDGfXnLNwd9l+v35M
-> X25519 lz82FQUw4eQo1Zaw3HdHUWp32aHl0g7VSo1Jjj4XVy0
plUefQK9CeHNtUJbrQWL045CVrBo2GpTiH8TPpSc/KQ
--- cTjjtuwy7VDxgObDIOzNKz/8iLf3sz3vLsiaiYHQFpE
*eI¥X`ÕµâÛk`{µ<6˜ƒ…yΔbc'ðÇXo»zoì/†4O„h3¬\7¸æÐ~ÎEŸ·Ï<C2B7><á[ÛÁ©Ù™Â91E1Jµà^UÕ –Í[ã…0„Œ0fŸ€iÕ2Ç„oTewN ¡™;á´ê<C2B4>ã€=QËZŠÜö„KrÌ7=è˜Yó¡vÑ»>¦í‚Æž¿¯‡à)p;µ©HóÿN ñ’$
é®X{äÃt^1Bœª<C593>ÁD(3ý´[°ª¹7ü<37><C3BC>
 Aeq×±@uá¥'Ï’õ¶C$ÿ?*à+QŸú𡸎cÝ“ '…G@)ÓJKì È¥ß)Å¿”3(Œ¨ˆ2dŽWC

27
garage/resources/services.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: v1
kind: Service
metadata:
name: garage
spec:
ports:
- port: 3900
targetPort: 3900
protocol: TCP
name: s3-api
- port: 3902
targetPort: 3902
protocol: TCP
name: s3-web
---
apiVersion: v1
kind: Service
metadata:
name: garage-metrics
spec:
type: ClusterIP
clusterIP: None
ports:
- port: 3903
targetPort: 3903
protocol: TCP
name: metrics

93
garage/resources/workload.yaml Normal file
View file

@ -0,0 +1,93 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: garage
spec:
selector:
matchLabels:
app.kubernetes.io/name: garage
serviceName: garage
replicas: 3
template:
metadata:
labels:
app.kubernetes.io/name: garage
spec:
serviceAccountName: garage
containers:
- name: garage
image: garage
env:
- name: GARAGE_ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: garage-secrets
key: admin-token
- name: GARAGE_RPC_SECRET
valueFrom:
secretKeyRef:
name: garage-secrets
key: rpc-secret
ports:
- containerPort: 3900
name: s3-api
- containerPort: 3902
name: s3-web
- containerPort: 3903
name: metrics
volumeMounts:
- name: garage-data
mountPath: /srv/garage
- name: garage-config
mountPath: /etc/garage.toml
subPath: garage.toml
readOnly: true
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
nodeSelector:
k8s.icb4dc0.de/storage-node: "true"
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- fider
topologyKey: topology.kubernetes.io/zone
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
volumes:
- name: garage-config
configMap:
name: garage-config
items:
- key: garage.toml
path: garage.toml
volumeClaimTemplates:
- metadata:
name: garage-data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: hcloud-volumes
resources:
requests:
storage: 20Gi