Jugandoc on ceph

manifest/04-ceph/storage/rgw/bucket-claim.yaml

@@ -0,0 +1,7 @@
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+    name: ceph-bucket
+spec:
+    generateBucketName: ceph-bkt
+    storageClassName: rook-ceph-bucket

manifest/04-ceph/storage/rgw/bucket-external-access.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+    name: rook-ceph-rgw-my-store-external
+    namespace: rook-ceph
+    labels:
+        app: rook-ceph-rgw
+        rook_cluster: rook-ceph
+        rook_object_store: my-store
+spec:
+    ports:
+        - name: rgw
+          port: 80
+          protocol: TCP
+          targetPort: 80
+    selector:
+        app: rook-ceph-rgw
+        rook_cluster: rook-ceph
+        rook_object_store: my-store
+    sessionAffinity: None
+    type: NodePort

manifest/04-ceph/storage/rgw/bucket.yaml

@@ -0,0 +1,9 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+    name: rook-ceph-bucket
+provisioner: rook-ceph.ceph.rook.io/bucket
+reclaimPolicy: Delete
+parameters:
+    objectStoreName: my-store
+    objectStoreNamespace: rook-ceph

manifest/04-ceph/storage/rgw/ingress.yaml

@@ -0,0 +1,52 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+    name: cors
+    namespace: rook-ceph
+spec:
+    headers:
+        accessControlAllowMethods:
+            - "GET"
+            - "POST"
+            - "OPTIONS"
+            - "PUT"
+        accessControlAllowHeaders:
+            - "*"
+        accessControlAllowOriginList:
+            - "*"
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+    name: talos-s3-certificate
+    namespace: rook-ceph
+spec:
+    secretName: talos-s3-skrd-fun-tls
+    dnsNames:
+        - "talos-s3.skrd.fun"
+    issuerRef:
+        name: letsencrypt-prod
+        kind: ClusterIssuer
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+    name: bucket-access
+    namespace: rook-ceph
+    annotations:
+        traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd, rook-ceph-cors@kubernetescrd
+spec:
+    ingressClassName: traefik
+    rules:
+        - host: talos-s3.skrd.fun
+          http:
+              paths:
+                  - path: /
+                    pathType: Prefix
+                    backend:
+                        service:
+                            name: rook-ceph-rgw-my-store
+                            port:
+                                number: 80
+    tls:
+        - secretName: talos-s3-skrd-fun-tls

manifest/04-ceph/storage/rgw/objectstore.yaml

@@ -0,0 +1,19 @@
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStore
+metadata:
+  name: my-store
+  namespace: rook-ceph
+spec:
+  metadataPool:
+    failureDomain: host
+    replicated:
+      size: 3
+  dataPool:
+    failureDomain: host
+    erasureCoded:
+      dataChunks: 2
+      codingChunks: 1
+  preservePoolsOnDelete: true
+  gateway:
+    port: 80
+    instances: 1