diff --git a/cluster/apps/data/bitwardenrs/volume.yaml b/cluster/apps/data/bitwardenrs/volume.yaml index 69f2b77f1..ed862bd0e 100644 --- a/cluster/apps/data/bitwardenrs/volume.yaml +++ b/cluster/apps/data/bitwardenrs/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/data/bookstack/volume.yaml b/cluster/apps/data/bookstack/volume.yaml index 520512a13..78b0bd9af 100644 --- a/cluster/apps/data/bookstack/volume.yaml +++ b/cluster/apps/data/bookstack/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/data/freshrss/volume.yaml b/cluster/apps/data/freshrss/volume.yaml index 284f5dda5..e5d71dee8 100644 --- a/cluster/apps/data/freshrss/volume.yaml +++ b/cluster/apps/data/freshrss/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/data/pgadmin/volume.yaml b/cluster/apps/data/pgadmin/volume.yaml index 9fc369ed4..359300950 100644 --- a/cluster/apps/data/pgadmin/volume.yaml +++ b/cluster/apps/data/pgadmin/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/data/recipes/helm-release.yaml b/cluster/apps/data/recipes/helm-release.yaml index 403133dbd..3a0a9d9b3 100644 --- a/cluster/apps/data/recipes/helm-release.yaml +++ b/cluster/apps/data/recipes/helm-release.yaml @@ -58,17 +58,22 @@ spec: tls: - hosts: - "recipes.${SECRET_CLUSTER_DOMAIN}" - persistence: - config: - enabled: false - media: - enabled: true + + additionalVolumes: + - name: files + persistentVolumeClaim: + claimName: recipes-files + - name: recipes-config + configMap: + name: recipes-config + additionalVolumeMounts: + - name: files mountPath: /opt/recipes/mediafiles - existingClaim: recipes-media - static: - enabled: true + subPath: media + - name: files mountPath: /opt/recipes/staticfiles - existingClaim: recipes-static + subPath: static + additionalContainers: - name: nginx image: nginx:1.19.10 @@ -76,10 +81,12 @@ spec: - containerPort: 80 name: http volumeMounts: - - name: media + - name: files mountPath: "/media" - - name: static + subPath: media + - name: files mountPath: "/static" + subPath: static - name: recipes-config mountPath: /etc/nginx/nginx.conf subPath: nginx-config diff --git a/cluster/apps/data/recipes/kustomization.yaml b/cluster/apps/data/recipes/kustomization.yaml index a71d36f14..21f1d9e05 100644 --- a/cluster/apps/data/recipes/kustomization.yaml +++ b/cluster/apps/data/recipes/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - helm-release.yaml - - volumes.yaml + - volume.yaml diff --git a/cluster/apps/data/recipes/volume.yaml b/cluster/apps/data/recipes/volume.yaml new file mode 100644 index 000000000..70e99abb3 --- /dev/null +++ b/cluster/apps/data/recipes/volume.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: recipes-files + namespace: data +spec: + accessModes: + - ReadWriteOnce + storageClassName: rook-ceph-block + resources: + requests: + storage: 1Gi diff --git a/cluster/apps/data/recipes/volumes.yaml b/cluster/apps/data/recipes/volumes.yaml deleted file mode 100644 index a12033b6e..000000000 --- a/cluster/apps/data/recipes/volumes.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: recipes-media - namespace: data -spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn-backups - resources: - requests: - storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: recipes-static - namespace: data -spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn-backups - resources: - requests: - storage: 1Gi diff --git a/cluster/apps/data/resilio-sync/kustomization.yaml b/cluster/apps/data/resilio-sync/kustomization.yaml index 12e8af5bf..c6a5fa7c7 100644 --- a/cluster/apps/data/resilio-sync/kustomization.yaml +++ b/cluster/apps/data/resilio-sync/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - statefulset.yaml - - volumes.yaml + - volume.yaml diff --git a/cluster/apps/data/resilio-sync/statefulset.yaml b/cluster/apps/data/resilio-sync/statefulset.yaml index cba856bd9..8afc97220 100644 --- a/cluster/apps/data/resilio-sync/statefulset.yaml +++ b/cluster/apps/data/resilio-sync/statefulset.yaml @@ -39,8 +39,9 @@ spec: - containerPort: 55555 name: com-claude volumeMounts: - - name: config-claude + - name: config mountPath: /config + subPath: claude - name: sync-conf-claude mountPath: /config/sync.conf subPath: sync.conf @@ -72,8 +73,9 @@ spec: - containerPort: 55556 name: com-helene volumeMounts: - - name: config-helene + - name: config mountPath: /config + subPath: helene - name: sync-conf-helene mountPath: /config/sync.conf subPath: sync.conf @@ -82,18 +84,15 @@ spec: - name: nfs-backups-data mountPath: /sync/backup volumes: + - name: config + persistentVolumeClaim: + claimName: resilio-sync-config - name: sync-conf-claude configMap: name: resilio-sync-claude-conf - name: sync-conf-helene configMap: name: resilio-sync-helene-conf - - name: config-claude - persistentVolumeClaim: - claimName: resilio-sync-config-claude - - name: config-helene - persistentVolumeClaim: - claimName: resilio-sync-config-helene - name: home-claude-data persistentVolumeClaim: claimName: nfs-home-claude-data diff --git a/cluster/apps/data/resilio-sync/volume.yaml b/cluster/apps/data/resilio-sync/volume.yaml new file mode 100644 index 000000000..cb2259478 --- /dev/null +++ b/cluster/apps/data/resilio-sync/volume.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: resilio-sync-config + namespace: data +spec: + accessModes: + - ReadWriteOnce + storageClassName: rook-ceph-block + resources: + requests: + storage: 1Gi \ No newline at end of file diff --git a/cluster/apps/data/resilio-sync/volumes.yaml b/cluster/apps/data/resilio-sync/volumes.yaml deleted file mode 100644 index 421c793ad..000000000 --- a/cluster/apps/data/resilio-sync/volumes.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: resilio-sync-config-claude - namespace: data -spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn-backups - resources: - requests: - storage: 1Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: resilio-sync-config-helene - namespace: data -spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn-backups - resources: - requests: - storage: 1Gi diff --git a/cluster/apps/data/vikunja/volume.yaml b/cluster/apps/data/vikunja/volume.yaml index 6267c2d4d..97813c533 100644 --- a/cluster/apps/data/vikunja/volume.yaml +++ b/cluster/apps/data/vikunja/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/development/gitea/volume.yaml b/cluster/apps/development/gitea/volume.yaml index 3555d4b8b..9a0a2fb58 100644 --- a/cluster/apps/development/gitea/volume.yaml +++ b/cluster/apps/development/gitea/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: - storage: 15Gi + storage: 10Gi diff --git a/cluster/apps/home/esphome/volume.yaml b/cluster/apps/home/esphome/volume.yaml index 21db02586..efa455f90 100644 --- a/cluster/apps/home/esphome/volume.yaml +++ b/cluster/apps/home/esphome/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 10Gi diff --git a/cluster/apps/home/home-assistant/volume.yaml b/cluster/apps/home/home-assistant/volume.yaml index ac0c28cd4..77a312277 100644 --- a/cluster/apps/home/home-assistant/volume.yaml +++ b/cluster/apps/home/home-assistant/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 10Gi diff --git a/cluster/apps/home/node-red/volume.yaml b/cluster/apps/home/node-red/volume.yaml index 7c2873e45..278c36cc3 100644 --- a/cluster/apps/home/node-red/volume.yaml +++ b/cluster/apps/home/node-red/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 10Gi diff --git a/cluster/apps/home/zigbee2mqtt/helm-release.yaml b/cluster/apps/home/zigbee2mqtt/helm-release.yaml index 13ee6a376..1b0308a1e 100644 --- a/cluster/apps/home/zigbee2mqtt/helm-release.yaml +++ b/cluster/apps/home/zigbee2mqtt/helm-release.yaml @@ -27,7 +27,7 @@ spec: homeassistant: true device_options: retain: true - permit_join: false + permit_join: true mqtt: base_topic: zigbee2mqtt server: "mqtt://vernemq" diff --git a/cluster/apps/home/zigbee2mqtt/volume.yaml b/cluster/apps/home/zigbee2mqtt/volume.yaml index f121e89d4..c42559b03 100644 --- a/cluster/apps/home/zigbee2mqtt/volume.yaml +++ b/cluster/apps/home/zigbee2mqtt/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: - storage: 10Gi + storage: 1Gi diff --git a/cluster/apps/home/zwavejs2mqtt/volume.yaml b/cluster/apps/home/zwavejs2mqtt/volume.yaml index 5e9278026..a3d9a3002 100644 --- a/cluster/apps/home/zwavejs2mqtt/volume.yaml +++ b/cluster/apps/home/zwavejs2mqtt/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 10Gi diff --git a/cluster/apps/kasten-io/k10/helm-release.yaml b/cluster/apps/kasten-io/k10/helm-release.yaml index b1190c55a..18ae81c41 100644 --- a/cluster/apps/kasten-io/k10/helm-release.yaml +++ b/cluster/apps/kasten-io/k10/helm-release.yaml @@ -24,7 +24,7 @@ spec: email: "${SECRET_CLUSTER_DOMAIN_EMAIL}" global: persistence: - storageClass: longhorn + storageClass: rook-ceph-block auth: tokenAuth: enabled: true diff --git a/cluster/apps/media/bazarr/volume.yaml b/cluster/apps/media/bazarr/volume.yaml index e9064606c..584dde8af 100644 --- a/cluster/apps/media/bazarr/volume.yaml +++ b/cluster/apps/media/bazarr/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: - storage: 20Gi + storage: 1Gi diff --git a/cluster/apps/media/flood/volume.yaml b/cluster/apps/media/flood/volume.yaml index dcc598ea5..429d6fc25 100644 --- a/cluster/apps/media/flood/volume.yaml +++ b/cluster/apps/media/flood/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/media/jackett/volume.yaml b/cluster/apps/media/jackett/volume.yaml index 97aaab152..cfcd1cd67 100644 --- a/cluster/apps/media/jackett/volume.yaml +++ b/cluster/apps/media/jackett/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/media/jellyfin/volume.yaml b/cluster/apps/media/jellyfin/volume.yaml index bf693620a..81f553992 100644 --- a/cluster/apps/media/jellyfin/volume.yaml +++ b/cluster/apps/media/jellyfin/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: - storage: 20Gi + storage: 30Gi diff --git a/cluster/apps/media/lidarr/volume.yaml b/cluster/apps/media/lidarr/volume.yaml index 6e354ebf5..a85d4f0cd 100644 --- a/cluster/apps/media/lidarr/volume.yaml +++ b/cluster/apps/media/lidarr/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 20Gi diff --git a/cluster/apps/media/lychee/helm-release.yaml b/cluster/apps/media/lychee/helm-release.yaml index b89e5d473..8e5ae5316 100644 --- a/cluster/apps/media/lychee/helm-release.yaml +++ b/cluster/apps/media/lychee/helm-release.yaml @@ -21,14 +21,17 @@ spec: repository: lycheeorg/lychee-laravel pullPolicy: IfNotPresent tag: v4.2.2 + strategy: type: Recreate + service: port: port: 80 annotations: prometheus.io/probe: "true" prometheus.io/protocol: http + ingress: enabled: true annotations: @@ -44,6 +47,7 @@ spec: tls: - hosts: - "lychee.${SECRET_CLUSTER_DOMAIN}" + env: PHP_TZ: Europe/Paris DB_CONNECTION: pgsql @@ -52,20 +56,22 @@ spec: DB_DATABASE: lychee DB_USERNAME: lychee DB_PASSWORD: ${SECRET_LYCHEE_DB_PASSWORD} + persistence: - config: - enabled: true - mountPath: /conf - existingClaim: lychee-config - uploads: - enabled: true - mountPath: /uploads - existingClaim: lychee-uploads - sym: - enabled: true - mountPath: /sym - existingClaim: lychee-sym photo: enabled: true mountPath: /mnt/storage/photo existingClaim: nfs-photo-media + readOnly: true + + additionalVolumes: + - name: files + persistentVolumeClaim: + claimName: lychee-files + additionalVolumeMounts: + - name: files + mountPath: /uploads + subPath: uploads + - name: files + mountPath: /sym + subPath: sym diff --git a/cluster/apps/media/lychee/kustomization.yaml b/cluster/apps/media/lychee/kustomization.yaml index a71d36f14..21f1d9e05 100644 --- a/cluster/apps/media/lychee/kustomization.yaml +++ b/cluster/apps/media/lychee/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - helm-release.yaml - - volumes.yaml + - volume.yaml diff --git a/cluster/apps/media/lychee/volume.yaml b/cluster/apps/media/lychee/volume.yaml new file mode 100644 index 000000000..21ad4bd74 --- /dev/null +++ b/cluster/apps/media/lychee/volume.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lychee-files + namespace: media +spec: + accessModes: + - ReadWriteOnce + storageClassName: rook-ceph-block + resources: + requests: + storage: 100Gi diff --git a/cluster/apps/media/lychee/volumes.yaml b/cluster/apps/media/lychee/volumes.yaml deleted file mode 100644 index 935a82512..000000000 --- a/cluster/apps/media/lychee/volumes.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: lychee-config - namespace: media -spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn-backups - resources: - requests: - storage: 1Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: lychee-uploads - namespace: media -spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn-backups - resources: - requests: - storage: 50Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: lychee-sym - namespace: media -spec: - accessModes: - - ReadWriteOnce - storageClassName: longhorn-backups - resources: - requests: - storage: 1Gi diff --git a/cluster/apps/media/navidrome/volume.yaml b/cluster/apps/media/navidrome/volume.yaml index 8c4c0f3b9..a7a3318ec 100644 --- a/cluster/apps/media/navidrome/volume.yaml +++ b/cluster/apps/media/navidrome/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/media/prowlarr/volume.yaml b/cluster/apps/media/prowlarr/volume.yaml index a1830871c..3e203d8cc 100644 --- a/cluster/apps/media/prowlarr/volume.yaml +++ b/cluster/apps/media/prowlarr/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/media/pyload/volume.yaml b/cluster/apps/media/pyload/volume.yaml index 5c4978dfc..af87ec304 100644 --- a/cluster/apps/media/pyload/volume.yaml +++ b/cluster/apps/media/pyload/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/media/qbittorrent/volumes.yaml b/cluster/apps/media/qbittorrent/volumes.yaml index 7ee104d25..7a17e0d35 100644 --- a/cluster/apps/media/qbittorrent/volumes.yaml +++ b/cluster/apps/media/qbittorrent/volumes.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 1Gi diff --git a/cluster/apps/media/radarr/helm-release.yaml b/cluster/apps/media/radarr/helm-release.yaml index fe1167122..c7c8e8c3c 100644 --- a/cluster/apps/media/radarr/helm-release.yaml +++ b/cluster/apps/media/radarr/helm-release.yaml @@ -66,6 +66,11 @@ spec: forecastle.stakater.com/appName: "Radarr" forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Radarr/Radarr/develop/Logo/256.png" forecastle.stakater.com/network-restricted: "true" + # -- Nginx client Body Buffer Size + nginx.ingress.kubernetes.io/client-body-buffer-size: "20m" + # -- Nginx Proxy Body Size + nginx.ingress.kubernetes.io/proxy-body-size: "20m" + nginx.ingress.kubernetes.io/proxy-buffering: "off" hosts: - host: radarr.${SECRET_CLUSTER_DOMAIN} paths: diff --git a/cluster/apps/media/radarr/volume.yaml b/cluster/apps/media/radarr/volume.yaml index 0233bb0f9..3620dfdd8 100644 --- a/cluster/apps/media/radarr/volume.yaml +++ b/cluster/apps/media/radarr/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 20Gi diff --git a/cluster/apps/media/sonarr/helm-release.yaml b/cluster/apps/media/sonarr/helm-release.yaml index a86789225..4b3350aab 100644 --- a/cluster/apps/media/sonarr/helm-release.yaml +++ b/cluster/apps/media/sonarr/helm-release.yaml @@ -46,6 +46,11 @@ spec: forecastle.stakater.com/appName: "Sonarr" forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Sonarr/Sonarr/develop/Logo/256.png" forecastle.stakater.com/network-restricted: "true" + # -- Nginx client Body Buffer Size + nginx.ingress.kubernetes.io/client-body-buffer-size: "20m" + # -- Nginx Proxy Body Size + nginx.ingress.kubernetes.io/proxy-body-size: "20m" + nginx.ingress.kubernetes.io/proxy-buffering: "off" hosts: - host: sonarr.${SECRET_CLUSTER_DOMAIN} paths: diff --git a/cluster/apps/media/sonarr/volume.yaml b/cluster/apps/media/sonarr/volume.yaml index 681903743..f561af77b 100644 --- a/cluster/apps/media/sonarr/volume.yaml +++ b/cluster/apps/media/sonarr/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 20Gi diff --git a/cluster/apps/media/tdarr/volume.yaml b/cluster/apps/media/tdarr/volume.yaml index e8d857bc0..243a9e148 100644 --- a/cluster/apps/media/tdarr/volume.yaml +++ b/cluster/apps/media/tdarr/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: - storage: 2Gi + storage: 5Gi diff --git a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml b/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml index b20dddb5f..4e8d97ea7 100644 --- a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml +++ b/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml @@ -65,7 +65,7 @@ spec: storage: volumeClaimTemplate: spec: - storageClassName: longhorn + storageClassName: rook-ceph-block resources: requests: storage: 10Gi @@ -92,9 +92,6 @@ spec: kubernetes-custom: url: https://raw.githubusercontent.com/auricom/home-cluster/main/cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/kubernetes-custom.json datasource: Prometheus - longhorn: - url: https://raw.githubusercontent.com/auricom/home-cluster/main/cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/longhorn.json - datasource: Prometheus deploymentStrategy: type: Recreate persistence: @@ -198,7 +195,7 @@ spec: storageSpec: volumeClaimTemplate: spec: - storageClassName: longhorn + storageClassName: rook-ceph-block resources: requests: storage: 10Gi diff --git a/cluster/apps/networking/unifi/volume.yaml b/cluster/apps/networking/unifi/volume.yaml index cadf71224..524ac7c1e 100644 --- a/cluster/apps/networking/unifi/volume.yaml +++ b/cluster/apps/networking/unifi/volume.yaml @@ -7,7 +7,7 @@ metadata: spec: accessModes: - ReadWriteOnce - storageClassName: longhorn-backups + storageClassName: rook-ceph-block resources: requests: storage: 10Gi diff --git a/cluster/base/flux-system/charts/kustomization.yaml b/cluster/base/flux-system/charts/kustomization.yaml index a98c7bb6d..d7e18067f 100644 --- a/cluster/base/flux-system/charts/kustomization.yaml +++ b/cluster/base/flux-system/charts/kustomization.yaml @@ -21,6 +21,7 @@ resources: - nicholaswilde.yaml - node-feature-discovery.yaml - prometheus-community-charts.yaml + - rook-ceph-charts.yaml - runix-charts.yaml - stakater-charts.yaml - twuni-charts.yaml diff --git a/cluster/base/flux-system/charts/rook-ceph-charts.yaml b/cluster/base/flux-system/charts/rook-ceph-charts.yaml new file mode 100644 index 000000000..65f2521e5 --- /dev/null +++ b/cluster/base/flux-system/charts/rook-ceph-charts.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: rook-ceph-charts + namespace: flux-system +spec: + interval: 10m + url: https://charts.rook.io/release + timeout: 3m diff --git a/cluster/core/infrastructure/kustomization.yaml b/cluster/core/infrastructure/kustomization.yaml index 6791ee0e1..d4b829208 100644 --- a/cluster/core/infrastructure/kustomization.yaml +++ b/cluster/core/infrastructure/kustomization.yaml @@ -7,4 +7,5 @@ resources: - intel-gpu-plugin - longhorn-system - node-feature-discovery + - rook-ceph - system-upgrade diff --git a/cluster/core/infrastructure/rook-ceph/dashboard/ingress.yaml b/cluster/core/infrastructure/rook-ceph/dashboard/ingress.yaml new file mode 100644 index 000000000..03f111b87 --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/dashboard/ingress.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: rook-ceph-mgr-dashboard + namespace: rook-ceph + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify" + nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/" + labels: + app.kubernetes.io/instance: rook-ceph-mgr-dashboard + app.kubernetes.io/name: rook-ceph-mgr-dashboard +spec: + rules: + - host: "rook.${SECRET_CLUSTER_DOMAIN}" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: rook-ceph-mgr-dashboard + port: + name: http-dashboard + tls: + - hosts: + - "rook.${SECRET_CLUSTER_DOMAIN}" diff --git a/cluster/core/infrastructure/rook-ceph/dashboard/kustomization.yaml b/cluster/core/infrastructure/rook-ceph/dashboard/kustomization.yaml new file mode 100644 index 000000000..972f3ed06 --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/dashboard/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ingress.yaml diff --git a/cluster/core/infrastructure/rook-ceph/helm-release.yaml b/cluster/core/infrastructure/rook-ceph/helm-release.yaml new file mode 100644 index 000000000..e67888c5d --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/helm-release.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: rook-ceph + namespace: rook-ceph +spec: + interval: 5m + chart: + spec: + # renovate: registryUrl=https://charts.rook.io/release + chart: rook-ceph + version: v1.5.10 + sourceRef: + kind: HelmRepository + name: rook-ceph-charts + namespace: flux-system + values: + crds: + enabled: false + csi: + kubeletDirPath: /var/lib/kubelet + pluginTolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 1000m diff --git a/cluster/core/infrastructure/rook-ceph/kustomization.yaml b/cluster/core/infrastructure/rook-ceph/kustomization.yaml new file mode 100644 index 000000000..12388693f --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - rbac.yaml + - helm-release.yaml + - storage + - rook-direct-mount + - servicemonitor + - snapshot-controller + - dashboard diff --git a/cluster/core/infrastructure/rook-ceph/rbac.yaml b/cluster/core/infrastructure/rook-ceph/rbac.yaml new file mode 100644 index 000000000..6b6cb978e --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/rbac.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: "rook-ceph-system-psp-user" + labels: + operator: rook + storage-backend: ceph +rules: + - apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - 00-rook-ceph-operator + verbs: + - use diff --git a/cluster/core/infrastructure/rook-ceph/rook-direct-mount/deployment.yaml b/cluster/core/infrastructure/rook-ceph/rook-direct-mount/deployment.yaml new file mode 100644 index 000000000..a0747f588 --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/rook-direct-mount/deployment.yaml @@ -0,0 +1,65 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rook-direct-mount + namespace: rook-ceph + labels: + app: rook-direct-mount +spec: + replicas: 1 + selector: + matchLabels: + app: rook-direct-mount + template: + metadata: + labels: + app: rook-direct-mount + spec: + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: rook-direct-mount + image: rook/ceph:v1.6.0 + command: ["/tini"] + args: ["-g", "--", "/usr/local/bin/toolbox.sh"] + imagePullPolicy: IfNotPresent + env: + - name: ROOK_CEPH_USERNAME + valueFrom: + secretKeyRef: + name: rook-ceph-mon + key: ceph-username + - name: ROOK_CEPH_SECRET + valueFrom: + secretKeyRef: + name: rook-ceph-mon + key: ceph-secret + securityContext: + privileged: true + volumeMounts: + - mountPath: /dev + name: dev + - mountPath: /sys/bus + name: sysbus + - mountPath: /lib/modules + name: libmodules + - name: mon-endpoint-volume + mountPath: /etc/rook + # if hostNetwork: false, the "rbd map" command hangs, see https://github.com/rook/rook/issues/2021 + hostNetwork: true + volumes: + - name: dev + hostPath: + path: /dev + - name: sysbus + hostPath: + path: /sys/bus + - name: libmodules + hostPath: + path: /lib/modules + - name: mon-endpoint-volume + configMap: + name: rook-ceph-mon-endpoints + items: + - key: data + path: mon-endpoints diff --git a/cluster/core/infrastructure/rook-ceph/rook-direct-mount/kustomization.yaml b/cluster/core/infrastructure/rook-ceph/rook-direct-mount/kustomization.yaml new file mode 100644 index 000000000..9c2d28b0c --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/rook-direct-mount/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - deployment.yaml diff --git a/cluster/core/infrastructure/rook-ceph/servicemonitor/csi-metrics.yaml b/cluster/core/infrastructure/rook-ceph/servicemonitor/csi-metrics.yaml new file mode 100644 index 000000000..f1f2675f9 --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/servicemonitor/csi-metrics.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: csi-metrics + namespace: rook-ceph + labels: + team: rook +spec: + namespaceSelector: + matchNames: + - rook-ceph + selector: + matchLabels: + app: csi-metrics + endpoints: + - port: csi-http-metrics + path: /metrics + interval: 5s diff --git a/cluster/core/infrastructure/rook-ceph/servicemonitor/kustomization.yaml b/cluster/core/infrastructure/rook-ceph/servicemonitor/kustomization.yaml new file mode 100644 index 000000000..0f81bb0b7 --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/servicemonitor/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - csi-metrics.yaml + - rook-ceph-mgr.yaml diff --git a/cluster/core/infrastructure/rook-ceph/servicemonitor/rook-ceph-mgr.yaml b/cluster/core/infrastructure/rook-ceph/servicemonitor/rook-ceph-mgr.yaml new file mode 100644 index 000000000..3f4ef49bb --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/servicemonitor/rook-ceph-mgr.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: rook-ceph-mgr + namespace: rook-ceph + labels: + team: rook +spec: + namespaceSelector: + matchNames: + - rook-ceph + selector: + matchLabels: + app: rook-ceph-mgr + rook_cluster: rook-ceph + endpoints: + - port: http-metrics + path: /metrics + interval: 5s diff --git a/cluster/core/infrastructure/rook-ceph/snapshot-controller/kustomization.yaml b/cluster/core/infrastructure/rook-ceph/snapshot-controller/kustomization.yaml new file mode 100644 index 000000000..3f976d130 --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/snapshot-controller/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - rbac.yaml + - statefulset.yaml diff --git a/cluster/core/infrastructure/rook-ceph/snapshot-controller/rbac.yaml b/cluster/core/infrastructure/rook-ceph/snapshot-controller/rbac.yaml new file mode 100644 index 000000000..16a660530 --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/snapshot-controller/rbac.yaml @@ -0,0 +1,73 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: snapshot-controller + namespace: rook-ceph +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: snapshot-controller-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: snapshot-controller-role +subjects: + - kind: ServiceAccount + name: snapshot-controller + namespace: rook-ceph +roleRef: + kind: ClusterRole + name: snapshot-controller-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: rook-ceph + name: snapshot-controller-leaderelection +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: snapshot-controller-leaderelection + namespace: rook-ceph +subjects: + - kind: ServiceAccount + name: snapshot-controller + namespace: rook-ceph +roleRef: + kind: Role + name: snapshot-controller-leaderelection + apiGroup: rbac.authorization.k8s.io diff --git a/cluster/core/infrastructure/rook-ceph/snapshot-controller/statefulset.yaml b/cluster/core/infrastructure/rook-ceph/snapshot-controller/statefulset.yaml new file mode 100644 index 000000000..d8e9a8a61 --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/snapshot-controller/statefulset.yaml @@ -0,0 +1,25 @@ +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: snapshot-controller + namespace: rook-ceph +spec: + serviceName: "snapshot-controller" + replicas: 1 + selector: + matchLabels: + app: snapshot-controller + template: + metadata: + labels: + app: snapshot-controller + spec: + serviceAccount: snapshot-controller + containers: + - name: snapshot-controller + image: k8s.gcr.io/sig-storage/snapshot-controller:v4.0.0 + args: + - "--v=5" + - "--leader-election=false" + imagePullPolicy: IfNotPresent diff --git a/cluster/core/infrastructure/rook-ceph/storage/cephblockpool.yaml b/cluster/core/infrastructure/rook-ceph/storage/cephblockpool.yaml new file mode 100644 index 000000000..4c0921083 --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/storage/cephblockpool.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephBlockPool +metadata: + name: replicapool + namespace: rook-ceph +spec: + failureDomain: host + replicated: + size: 3 + requireSafeReplicaSize: true diff --git a/cluster/core/infrastructure/rook-ceph/storage/cephcluster.yaml b/cluster/core/infrastructure/rook-ceph/storage/cephcluster.yaml new file mode 100644 index 000000000..e099741da --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/storage/cephcluster.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: ceph.rook.io/v1 +kind: CephCluster +metadata: + name: rook-ceph + namespace: rook-ceph +spec: + cephVersion: + image: ceph/ceph:v15.2.10 + allowUnsupported: false + dataDirHostPath: /var/lib/rook + skipUpgradeChecks: false + continueUpgradeAfterChecksEvenIfNotHealthy: false + removeOSDsIfOutAndSafeToRemove: false + mon: + count: 3 + allowMultiplePerNode: false + monitoring: + enabled: true + rulesNamespace: rook-ceph + network: + crashCollector: + disable: false + cleanupPolicy: + confirmation: "" + sanitizeDisks: + method: quick + dataSource: zero + iteration: 1 + mgr: + modules: + - name: pg_autoscaler + enabled: true + dashboard: + enabled: true + port: 7000 + ssl: false + disruptionManagement: + managePodBudgets: false + osdMaintenanceTimeout: 30 + manageMachineDisruptionBudgets: false + machineDisruptionBudgetNamespace: openshift-machine-api + resources: + mon: + requests: + cpu: 35m + memory: 800Mi + limits: + memory: 1024Mi + osd: + requests: + cpu: 35m + memory: 2048Mi + limits: + memory: 4096Mi + storage: + useAllNodes: false + useAllDevices: false + config: + metadataDevice: + osdsPerDevice: "1" + nodes: + - name: "k3s-worker1" + devices: + - name: "nvme0n1" + - name: "k3s-worker2" + devices: + - name: "nvme0n1" + - name: "k3s-worker3" + devices: + - name: "nvme0n1" diff --git a/cluster/core/infrastructure/rook-ceph/storage/kustomization.yaml b/cluster/core/infrastructure/rook-ceph/storage/kustomization.yaml new file mode 100644 index 000000000..bd6af62ef --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/storage/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cephblockpool.yaml + - cephcluster.yaml + - storageclass.yaml + - volumesnapshotclass.yaml diff --git a/cluster/core/infrastructure/rook-ceph/storage/storageclass.yaml b/cluster/core/infrastructure/rook-ceph/storage/storageclass.yaml new file mode 100644 index 000000000..016cd4e32 --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/storage/storageclass.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: rook-ceph-block + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: rook-ceph.rbd.csi.ceph.com +parameters: + clusterID: rook-ceph + pool: replicapool + imageFormat: "2" + imageFeatures: layering + csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner + csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph + csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node + csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph + csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner + csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph + csi.storage.k8s.io/fstype: ext4 +reclaimPolicy: Delete +allowVolumeExpansion: true diff --git a/cluster/core/infrastructure/rook-ceph/storage/volumesnapshotclass.yaml b/cluster/core/infrastructure/rook-ceph/storage/volumesnapshotclass.yaml new file mode 100644 index 000000000..42cab7a9c --- /dev/null +++ b/cluster/core/infrastructure/rook-ceph/storage/volumesnapshotclass.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: snapshot.storage.k8s.io/v1beta1 +kind: VolumeSnapshotClass +metadata: + name: csi-rbdplugin-snapclass + annotations: + k10.kasten.io/is-snapshot-class: "true" +driver: rook-ceph.rbd.csi.ceph.com +parameters: + # Specify a string that identifies your cluster. Ceph CSI supports any + # unique string. When Ceph CSI is deployed by Rook use the Rook namespace, + # for example "rook-ceph". + clusterID: rook-ceph + csi.storage.k8s.io/snapshotter-secret-name: rook-csi-rbd-provisioner + csi.storage.k8s.io/snapshotter-secret-namespace: rook-ceph +deletionPolicy: Delete diff --git a/cluster/core/namespaces/rook-ceph.yaml b/cluster/core/namespaces/rook-ceph.yaml index e69de29bb..1696c56ee 100644 --- a/cluster/core/namespaces/rook-ceph.yaml +++ b/cluster/core/namespaces/rook-ceph.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: rook-ceph