feat(garage): initial deployment
All checks were successful
Renovate / renovate (push) Successful in 20s
All checks were successful
Renovate / renovate (push) Successful in 20s
This commit is contained in:
parent
8a6cb17034
commit
9e43341646
9 changed files with 221 additions and 0 deletions
1
garage/.gitattributes
vendored
Normal file
1
garage/.gitattributes
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
secret.*.yaml filter=age diff=age merge=age -text
|
28
garage/config/garage.toml
Normal file
28
garage/config/garage.toml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
metadata_dir = "/srv/garage/meta"
|
||||||
|
data_dir = "/srv/garage/data"
|
||||||
|
|
||||||
|
db_engine = "lmdb"
|
||||||
|
block_size = "1M"
|
||||||
|
replication_factor = 2
|
||||||
|
compression_level = 1
|
||||||
|
|
||||||
|
rpc_bind_addr = "[::]:3901"
|
||||||
|
bootstrap_peers = []
|
||||||
|
|
||||||
|
[kubernetes_discovery]
|
||||||
|
namespace = "garage"
|
||||||
|
service_name = "garage"
|
||||||
|
skip_crd = false
|
||||||
|
|
||||||
|
[s3_api]
|
||||||
|
s3_region = "hel1"
|
||||||
|
api_bind_addr = "[::]:3900"
|
||||||
|
root_domain = ".s3.icb4dc0.de"
|
||||||
|
|
||||||
|
[s3_web]
|
||||||
|
bind_addr = "[::]:3902"
|
||||||
|
root_domain = ".icb4dc0.de"
|
||||||
|
index = "index.html"
|
||||||
|
|
||||||
|
[admin]
|
||||||
|
api_bind_addr = "[::]:3903"
|
29
garage/kustomization.yaml
Normal file
29
garage/kustomization.yaml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: garage
|
||||||
|
|
||||||
|
images:
|
||||||
|
- name: garage
|
||||||
|
newName: dxflrs/garage
|
||||||
|
newTag: v1.0.0
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/name: garage
|
||||||
|
app.kubernetes.io/instance: icb4dc0de
|
||||||
|
app.kubernetes.io/managed-by: kustomize
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- resources/namespace.yaml
|
||||||
|
- resources/rbac/serviceaccount.yaml
|
||||||
|
- resources/rbac/clusterrole.yaml
|
||||||
|
- resources/secret.rpc.yaml
|
||||||
|
- resources/workload.yaml
|
||||||
|
- resources/services.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: garage-config
|
||||||
|
files:
|
||||||
|
- config/garage.toml
|
7
garage/resources/namespace.yaml
Normal file
7
garage/resources/namespace.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: garage
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
23
garage/resources/rbac/clusterrole.yaml
Normal file
23
garage/resources/rbac/clusterrole.yaml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: garage-manage-crds
|
||||||
|
rules:
|
||||||
|
- apiGroups: ["apiextensions.k8s.io"]
|
||||||
|
resources: ["customresourcedefinitions"]
|
||||||
|
verbs: ["get", "list", "watch", "create", "patch"]
|
||||||
|
- apiGroups: ["deuxfleurs.fr"]
|
||||||
|
resources: ["garagenodes"]
|
||||||
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: garage-allow-crds
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: garage
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: garage-manage-crds
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
4
garage/resources/rbac/serviceaccount.yaml
Normal file
4
garage/resources/rbac/serviceaccount.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: garage
|
9
garage/resources/secret.rpc.yaml
Normal file
9
garage/resources/secret.rpc.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> X25519 +v0WONmpnyS82wmlmZBQ/FgyLM4QMv/TIFMKpNTPnU8
|
||||||
|
RXWB8IRMcJq1DxVnq9XNE6GhTvjDGfXnLNwd9l+v35M
|
||||||
|
-> X25519 lz82FQUw4eQo1Zaw3HdHUWp32aHl0g7VSo1Jjj4XVy0
|
||||||
|
plUefQK9CeHNtUJbrQWL045CVrBo2GpTiH8TPpSc/KQ
|
||||||
|
--- cTjjtuwy7VDxgObDIOzNKz/8iLf3sz3vLsiaiYHQFpE
|
||||||
|
*eI¥X`ÕµâÛk`{µ<6˜ƒ…yΔbc'ðÇXo»zoì/†4O„h3¬\7¸æÐ~ÎEŸ·Ï<C2B7>–<á[ÛÁ©Ù™Â91E1Jµà^UÕ–Í[ã…0„Œ0fŸ‚€iÕlÑ2Ç„oTewN¡™;á´ê<C2B4>ã€=QËZŠÜö„KrÌ7=è˜Yó¡vÑ»>¦í‚Æž¿¯‡à)p;µ©HóÿN ñ’$
|
||||||
|
醮X{äÃt^‚1Bœª<C593>ÁD(3ý´[°ª’¹7ü<37><C3BC>
|
||||||
|
‰
Aeq×±@uá¥'Ï’õ‚¶C$ÿ?*à+‘QŸú𡸎cÝ“'…G@)ÓJKìÈ¥ß)Å¿”3(Œ¨ˆ2dŽWC
|
27
garage/resources/services.yaml
Normal file
27
garage/resources/services.yaml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: garage
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: 3900
|
||||||
|
targetPort: 3900
|
||||||
|
protocol: TCP
|
||||||
|
name: s3-api
|
||||||
|
- port: 3902
|
||||||
|
targetPort: 3902
|
||||||
|
protocol: TCP
|
||||||
|
name: s3-web
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: garage-metrics
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
clusterIP: None
|
||||||
|
ports:
|
||||||
|
- port: 3903
|
||||||
|
targetPort: 3903
|
||||||
|
protocol: TCP
|
||||||
|
name: metrics
|
93
garage/resources/workload.yaml
Normal file
93
garage/resources/workload.yaml
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: garage
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: garage
|
||||||
|
serviceName: garage
|
||||||
|
replicas: 3
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: garage
|
||||||
|
spec:
|
||||||
|
serviceAccountName: garage
|
||||||
|
containers:
|
||||||
|
- name: garage
|
||||||
|
image: garage
|
||||||
|
env:
|
||||||
|
- name: GARAGE_ADMIN_TOKEN
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: garage-secrets
|
||||||
|
key: admin-token
|
||||||
|
- name: GARAGE_RPC_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: garage-secrets
|
||||||
|
key: rpc-secret
|
||||||
|
ports:
|
||||||
|
- containerPort: 3900
|
||||||
|
name: s3-api
|
||||||
|
- containerPort: 3902
|
||||||
|
name: s3-web
|
||||||
|
- containerPort: 3903
|
||||||
|
name: metrics
|
||||||
|
volumeMounts:
|
||||||
|
- name: garage-data
|
||||||
|
mountPath: /srv/garage
|
||||||
|
- name: garage-config
|
||||||
|
mountPath: /etc/garage.toml
|
||||||
|
subPath: garage.toml
|
||||||
|
readOnly: true
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
nodeSelector:
|
||||||
|
k8s.icb4dc0.de/storage-node: "true"
|
||||||
|
affinity:
|
||||||
|
nodeAffinity:
|
||||||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- weight: 100
|
||||||
|
preference:
|
||||||
|
matchExpressions:
|
||||||
|
- key: kubernetes.io/arch
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- arm64
|
||||||
|
podAntiAffinity:
|
||||||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- weight: 100
|
||||||
|
podAffinityTerm:
|
||||||
|
labelSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: app.kubernetes.io/name
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- fider
|
||||||
|
topologyKey: topology.kubernetes.io/zone
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
fsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
volumes:
|
||||||
|
- name: garage-config
|
||||||
|
configMap:
|
||||||
|
name: garage-config
|
||||||
|
items:
|
||||||
|
- key: garage.toml
|
||||||
|
path: garage.toml
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: garage-data
|
||||||
|
spec:
|
||||||
|
accessModes: [ "ReadWriteOnce" ]
|
||||||
|
storageClassName: hcloud-volumes
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 20Gi
|
Loading…
Reference in a new issue