Jugandoc on ceph

2025-09-24 20:01:10 -03:00
parent 94188f3249
commit eb2ab36dc3
10 changed files with 147 additions and 13 deletions
--- a/manifest/04-ceph/storage/cephfs/filesystem.yaml
+++ b/manifest/04-ceph/storage/cephfs/filesystem.yaml
--- a/manifest/04-ceph/storage/cephfs/storageclass.yaml
+++ b/manifest/04-ceph/storage/cephfs/storageclass.yaml
@@ -40,5 +40,5 @@ parameters:
 reclaimPolicy: Delete
 allowVolumeExpansion: true
 mountOptions:
-  # uncomment the following line for debugging
-  #- debug
+# uncomment the following line for debugging
+#- debug
--- a/manifest/04-ceph/storage/rbd/blockstorage.yaml
+++ b/manifest/04-ceph/storage/rbd/blockstorage.yaml
--- a/manifest/04-ceph/storage/rgw/bucket-claim.yaml
+++ b/manifest/04-ceph/storage/rgw/bucket-claim.yaml
@@ -0,0 +1,7 @@
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+    name: ceph-bucket
+spec:
+    generateBucketName: ceph-bkt
+    storageClassName: rook-ceph-bucket
--- a/manifest/04-ceph/storage/rgw/bucket-external-access.yaml
+++ b/manifest/04-ceph/storage/rgw/bucket-external-access.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+    name: rook-ceph-rgw-my-store-external
+    namespace: rook-ceph
+    labels:
+        app: rook-ceph-rgw
+        rook_cluster: rook-ceph
+        rook_object_store: my-store
+spec:
+    ports:
+        - name: rgw
+          port: 80
+          protocol: TCP
+          targetPort: 80
+    selector:
+        app: rook-ceph-rgw
+        rook_cluster: rook-ceph
+        rook_object_store: my-store
+    sessionAffinity: None
+    type: NodePort
--- a/manifest/04-ceph/storage/rgw/bucket.yaml
+++ b/manifest/04-ceph/storage/rgw/bucket.yaml
@@ -0,0 +1,9 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+    name: rook-ceph-bucket
+provisioner: rook-ceph.ceph.rook.io/bucket
+reclaimPolicy: Delete
+parameters:
+    objectStoreName: my-store
+    objectStoreNamespace: rook-ceph
--- a/manifest/04-ceph/storage/rgw/ingress.yaml
+++ b/manifest/04-ceph/storage/rgw/ingress.yaml
@@ -0,0 +1,52 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+    name: cors
+    namespace: rook-ceph
+spec:
+    headers:
+        accessControlAllowMethods:
+            - "GET"
+            - "POST"
+            - "OPTIONS"
+            - "PUT"
+        accessControlAllowHeaders:
+            - "*"
+        accessControlAllowOriginList:
+            - "*"
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+    name: talos-s3-certificate
+    namespace: rook-ceph
+spec:
+    secretName: talos-s3-skrd-fun-tls
+    dnsNames:
+        - "talos-s3.skrd.fun"
+    issuerRef:
+        name: letsencrypt-prod
+        kind: ClusterIssuer
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+    name: bucket-access
+    namespace: rook-ceph
+    annotations:
+        traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd, rook-ceph-cors@kubernetescrd
+spec:
+    ingressClassName: traefik
+    rules:
+        - host: talos-s3.skrd.fun
+          http:
+              paths:
+                  - path: /
+                    pathType: Prefix
+                    backend:
+                        service:
+                            name: rook-ceph-rgw-my-store
+                            port:
+                                number: 80
+    tls:
+        - secretName: talos-s3-skrd-fun-tls
--- a/manifest/04-ceph/storage/rgw/objectstore.yaml
+++ b/manifest/04-ceph/storage/rgw/objectstore.yaml
@@ -0,0 +1,19 @@
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStore
+metadata:
+  name: my-store
+  namespace: rook-ceph
+spec:
+  metadataPool:
+    failureDomain: host
+    replicated:
+      size: 3
+  dataPool:
+    failureDomain: host
+    erasureCoded:
+      dataChunks: 2
+      codingChunks: 1
+  preservePoolsOnDelete: true
+  gateway:
+    port: 80
+    instances: 1
--- a/manifest/06-external-ingress/sites/gametabs.yml
+++ b/manifest/06-external-ingress/sites/gametabs.yml
@@ -32,15 +32,15 @@ metadata:
 spec:
  ingressClassName: traefik
  rules:
-  - host: gametabs.skrd.fun
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: gametabs
-            port:
-              number: 80
+    - host: gametabs.skrd.fun
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: gametabs
+                port:
+                  number: 80
  tls:
-  - secretName: gametabs-skrd-fun-tls
+    - secretName: gametabs-skrd-fun-tls
--- a/manifest/99-tubearchivist/storage.yml
+++ b/manifest/99-tubearchivist/storage.yml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Pod
+metadata:
+    name: ubuntu
+    labels:
+        app: ubuntu
+spec:
+    containers:
+        - image: ubuntu
+          command:
+              - "sleep"
+              - "604800"
+          imagePullPolicy: IfNotPresent
+          name: ubuntu
+          volumeMounts:
+              - mountPath: /my-nfs-data
+                name: test-volume
+    restartPolicy: Always
+    volumes:
+        - name: test-volume
+          nfs:
+              server: 192.168.1.102
+              path: /1582b800/docker/tubearchivist
+              readOnly: true
+              mountOptions:
+                  - nfsvers=4.1