shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

rook-ceph

Browse Source
This commit is contained in:
auricom
2021-04-18 16:31:34 +02:00
parent 1cd0f3a16a
commit 593e9b1d4d
63 changed files with 583 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/apps/data/bitwardenrs/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

2
cluster/apps/data/bookstack/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

2
cluster/apps/data/freshrss/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

2
cluster/apps/data/pgadmin/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

29
cluster/apps/data/recipes/helm-release.yaml
View File

@@ -58,17 +58,22 @@ spec:
tls: tls:
- hosts: - hosts:
- "recipes.${SECRET_CLUSTER_DOMAIN}" - "recipes.${SECRET_CLUSTER_DOMAIN}"
persistence:
config: additionalVolumes:
enabled: false - name: files
media: persistentVolumeClaim:
enabled: true claimName: recipes-files
- name: recipes-config
configMap:
name: recipes-config
additionalVolumeMounts:
- name: files
mountPath: /opt/recipes/mediafiles mountPath: /opt/recipes/mediafiles
existingClaim: recipes-media subPath: media
static: - name: files
enabled: true
mountPath: /opt/recipes/staticfiles mountPath: /opt/recipes/staticfiles
existingClaim: recipes-static subPath: static
additionalContainers: additionalContainers:
- name: nginx - name: nginx
image: nginx:1.19.10 image: nginx:1.19.10
@@ -76,10 +81,12 @@ spec:
- containerPort: 80 - containerPort: 80
name: http name: http
volumeMounts: volumeMounts:
- name: media - name: files
mountPath: "/media" mountPath: "/media"
- name: static subPath: media
- name: files
mountPath: "/static" mountPath: "/static"
subPath: static
- name: recipes-config - name: recipes-config
mountPath: /etc/nginx/nginx.conf mountPath: /etc/nginx/nginx.conf
subPath: nginx-config subPath: nginx-config

2
cluster/apps/data/recipes/kustomization.yaml
View File

@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- helm-release.yaml - helm-release.yaml
- volumes.yaml - volume.yaml

13
cluster/apps/data/recipes/volume.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: recipes-files
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

26
cluster/apps/data/recipes/volumes.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: recipes-media
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: recipes-static
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 1Gi

2
cluster/apps/data/resilio-sync/kustomization.yaml
View File

@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- statefulset.yaml - statefulset.yaml
- volumes.yaml - volume.yaml

15
cluster/apps/data/resilio-sync/statefulset.yaml
View File

@@ -39,8 +39,9 @@ spec:
- containerPort: 55555 - containerPort: 55555
name: com-claude name: com-claude
volumeMounts: volumeMounts:
- name: config-claude - name: config
mountPath: /config mountPath: /config
subPath: claude
- name: sync-conf-claude - name: sync-conf-claude
mountPath: /config/sync.conf mountPath: /config/sync.conf
subPath: sync.conf subPath: sync.conf
@@ -72,8 +73,9 @@ spec:
- containerPort: 55556 - containerPort: 55556
name: com-helene name: com-helene
volumeMounts: volumeMounts:
- name: config-helene - name: config
mountPath: /config mountPath: /config
subPath: helene
- name: sync-conf-helene - name: sync-conf-helene
mountPath: /config/sync.conf mountPath: /config/sync.conf
subPath: sync.conf subPath: sync.conf
@@ -82,18 +84,15 @@ spec:
- name: nfs-backups-data - name: nfs-backups-data
mountPath: /sync/backup mountPath: /sync/backup
volumes: volumes:
- name: config
persistentVolumeClaim:
claimName: resilio-sync-config
- name: sync-conf-claude - name: sync-conf-claude
configMap: configMap:
name: resilio-sync-claude-conf name: resilio-sync-claude-conf
- name: sync-conf-helene - name: sync-conf-helene
configMap: configMap:
name: resilio-sync-helene-conf name: resilio-sync-helene-conf
- name: config-claude
persistentVolumeClaim:
claimName: resilio-sync-config-claude
- name: config-helene
persistentVolumeClaim:
claimName: resilio-sync-config-helene
- name: home-claude-data - name: home-claude-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: nfs-home-claude-data claimName: nfs-home-claude-data

13
cluster/apps/data/resilio-sync/volume.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: resilio-sync-config
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 1Gi

26
cluster/apps/data/resilio-sync/volumes.yaml
View File

@@ -1,26 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: resilio-sync-config-claude
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: resilio-sync-config-helene
namespace: data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 1Gi

2
cluster/apps/data/vikunja/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

4
cluster/apps/development/gitea/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 15Gi storage: 10Gi

2
cluster/apps/home/esphome/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi

2
cluster/apps/home/home-assistant/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi

2
cluster/apps/home/node-red/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi

2
cluster/apps/home/zigbee2mqtt/helm-release.yaml
View File

@@ -27,7 +27,7 @@ spec:
homeassistant: true homeassistant: true
device_options: device_options:
retain: true retain: true
permit_join: false permit_join: true
mqtt: mqtt:
base_topic: zigbee2mqtt base_topic: zigbee2mqtt
server: "mqtt://vernemq" server: "mqtt://vernemq"

4
cluster/apps/home/zigbee2mqtt/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 10Gi storage: 1Gi

2
cluster/apps/home/zwavejs2mqtt/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi

2
cluster/apps/kasten-io/k10/helm-release.yaml
View File

@@ -24,7 +24,7 @@ spec:
email: "${SECRET_CLUSTER_DOMAIN_EMAIL}" email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
global: global:
persistence: persistence:
storageClass: longhorn storageClass: rook-ceph-block
auth: auth:
tokenAuth: tokenAuth:
enabled: true enabled: true

4
cluster/apps/media/bazarr/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 20Gi storage: 1Gi

2
cluster/apps/media/flood/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

2
cluster/apps/media/jackett/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

4
cluster/apps/media/jellyfin/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 20Gi storage: 30Gi

2
cluster/apps/media/lidarr/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 20Gi storage: 20Gi

30
cluster/apps/media/lychee/helm-release.yaml
View File

@@ -21,14 +21,17 @@ spec:
repository: lycheeorg/lychee-laravel repository: lycheeorg/lychee-laravel
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: v4.2.2 tag: v4.2.2
strategy: strategy:
type: Recreate type: Recreate
service: service:
port: port:
port: 80 port: 80
annotations: annotations:
prometheus.io/probe: "true" prometheus.io/probe: "true"
prometheus.io/protocol: http prometheus.io/protocol: http
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
@@ -44,6 +47,7 @@ spec:
tls: tls:
- hosts: - hosts:
- "lychee.${SECRET_CLUSTER_DOMAIN}" - "lychee.${SECRET_CLUSTER_DOMAIN}"
env: env:
PHP_TZ: Europe/Paris PHP_TZ: Europe/Paris
DB_CONNECTION: pgsql DB_CONNECTION: pgsql
@@ -52,20 +56,22 @@ spec:
DB_DATABASE: lychee DB_DATABASE: lychee
DB_USERNAME: lychee DB_USERNAME: lychee
DB_PASSWORD: ${SECRET_LYCHEE_DB_PASSWORD} DB_PASSWORD: ${SECRET_LYCHEE_DB_PASSWORD}
persistence: persistence:
config:
enabled: true
mountPath: /conf
existingClaim: lychee-config
uploads:
enabled: true
mountPath: /uploads
existingClaim: lychee-uploads
sym:
enabled: true
mountPath: /sym
existingClaim: lychee-sym
photo: photo:
enabled: true enabled: true
mountPath: /mnt/storage/photo mountPath: /mnt/storage/photo
existingClaim: nfs-photo-media existingClaim: nfs-photo-media
readOnly: true
additionalVolumes:
- name: files
persistentVolumeClaim:
claimName: lychee-files
additionalVolumeMounts:
- name: files
mountPath: /uploads
subPath: uploads
- name: files
mountPath: /sym
subPath: sym

2
cluster/apps/media/lychee/kustomization.yaml
View File

@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- helm-release.yaml - helm-release.yaml
- volumes.yaml - volume.yaml

13
cluster/apps/media/lychee/volume.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lychee-files
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: rook-ceph-block
resources:
requests:
storage: 100Gi

39
cluster/apps/media/lychee/volumes.yaml
View File

@@ -1,39 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lychee-config
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lychee-uploads
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: lychee-sym
namespace: media
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-backups
resources:
requests:
storage: 1Gi

2
cluster/apps/media/navidrome/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

2
cluster/apps/media/prowlarr/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

2
cluster/apps/media/pyload/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

2
cluster/apps/media/qbittorrent/volumes.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi

5
cluster/apps/media/radarr/helm-release.yaml
View File

@@ -66,6 +66,11 @@ spec:
forecastle.stakater.com/appName: "Radarr" forecastle.stakater.com/appName: "Radarr"
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Radarr/Radarr/develop/Logo/256.png" forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Radarr/Radarr/develop/Logo/256.png"
forecastle.stakater.com/network-restricted: "true" forecastle.stakater.com/network-restricted: "true"
# -- Nginx client Body Buffer Size
nginx.ingress.kubernetes.io/client-body-buffer-size: "20m"
# -- Nginx Proxy Body Size
nginx.ingress.kubernetes.io/proxy-body-size: "20m"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
hosts: hosts:
- host: radarr.${SECRET_CLUSTER_DOMAIN} - host: radarr.${SECRET_CLUSTER_DOMAIN}
paths: paths:

2
cluster/apps/media/radarr/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 20Gi storage: 20Gi

5
cluster/apps/media/sonarr/helm-release.yaml
View File

@@ -46,6 +46,11 @@ spec:
forecastle.stakater.com/appName: "Sonarr" forecastle.stakater.com/appName: "Sonarr"
forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Sonarr/Sonarr/develop/Logo/256.png" forecastle.stakater.com/icon: "https://raw.githubusercontent.com/Sonarr/Sonarr/develop/Logo/256.png"
forecastle.stakater.com/network-restricted: "true" forecastle.stakater.com/network-restricted: "true"
# -- Nginx client Body Buffer Size
nginx.ingress.kubernetes.io/client-body-buffer-size: "20m"
# -- Nginx Proxy Body Size
nginx.ingress.kubernetes.io/proxy-body-size: "20m"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
hosts: hosts:
- host: sonarr.${SECRET_CLUSTER_DOMAIN} - host: sonarr.${SECRET_CLUSTER_DOMAIN}
paths: paths:

2
cluster/apps/media/sonarr/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 20Gi storage: 20Gi

4
cluster/apps/media/tdarr/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 2Gi storage: 5Gi

7
cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml
View File

@@ -65,7 +65,7 @@ spec:
storage: storage:
volumeClaimTemplate: volumeClaimTemplate:
spec: spec:
storageClassName: longhorn storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi
@@ -92,9 +92,6 @@ spec:
kubernetes-custom: kubernetes-custom:
url: https://raw.githubusercontent.com/auricom/home-cluster/main/cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/kubernetes-custom.json url: https://raw.githubusercontent.com/auricom/home-cluster/main/cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/kubernetes-custom.json
datasource: Prometheus datasource: Prometheus
longhorn:
url: https://raw.githubusercontent.com/auricom/home-cluster/main/cluster/apps/monitoring/kube-prometheus-stack/grafana-dashboards/longhorn.json
datasource: Prometheus
deploymentStrategy: deploymentStrategy:
type: Recreate type: Recreate
persistence: persistence:
@@ -198,7 +195,7 @@ spec:
storageSpec: storageSpec:
volumeClaimTemplate: volumeClaimTemplate:
spec: spec:
storageClassName: longhorn storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi

2
cluster/apps/networking/unifi/volume.yaml
View File

@@ -7,7 +7,7 @@ metadata:
spec: spec:
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
storageClassName: longhorn-backups storageClassName: rook-ceph-block
resources: resources:
requests: requests:
storage: 10Gi storage: 10Gi

1
cluster/base/flux-system/charts/kustomization.yaml
View File

@@ -21,6 +21,7 @@ resources:
- nicholaswilde.yaml - nicholaswilde.yaml
- node-feature-discovery.yaml - node-feature-discovery.yaml
- prometheus-community-charts.yaml - prometheus-community-charts.yaml
- rook-ceph-charts.yaml
- runix-charts.yaml - runix-charts.yaml
- stakater-charts.yaml - stakater-charts.yaml
- twuni-charts.yaml - twuni-charts.yaml

10
cluster/base/flux-system/charts/rook-ceph-charts.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: rook-ceph-charts
namespace: flux-system
spec:
interval: 10m
url: https://charts.rook.io/release
timeout: 3m

1
cluster/core/infrastructure/kustomization.yaml
View File

@@ -7,4 +7,5 @@ resources:
- intel-gpu-plugin - intel-gpu-plugin
- longhorn-system - longhorn-system
- node-feature-discovery - node-feature-discovery
- rook-ceph
- system-upgrade - system-upgrade

29
cluster/core/infrastructure/rook-ceph/dashboard/ingress.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rook-ceph-mgr-dashboard
namespace: rook-ceph
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
labels:
app.kubernetes.io/instance: rook-ceph-mgr-dashboard
app.kubernetes.io/name: rook-ceph-mgr-dashboard
spec:
rules:
- host: "rook.${SECRET_CLUSTER_DOMAIN}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: rook-ceph-mgr-dashboard
port:
name: http-dashboard
tls:
- hosts:
- "rook.${SECRET_CLUSTER_DOMAIN}"

4
cluster/core/infrastructure/rook-ceph/dashboard/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ingress.yaml

35
cluster/core/infrastructure/rook-ceph/helm-release.yaml Normal file
View File

@@ -0,0 +1,35 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: rook-ceph
namespace: rook-ceph
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://charts.rook.io/release
chart: rook-ceph
version: v1.5.10
sourceRef:
kind: HelmRepository
name: rook-ceph-charts
namespace: flux-system
values:
crds:
enabled: false
csi:
kubeletDirPath: /var/lib/kubelet
pluginTolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1000m

10
cluster/core/infrastructure/rook-ceph/kustomization.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rbac.yaml
- helm-release.yaml
- storage
- rook-direct-mount
- servicemonitor
- snapshot-controller
- dashboard

17
cluster/core/infrastructure/rook-ceph/rbac.yaml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: "rook-ceph-system-psp-user"
labels:
operator: rook
storage-backend: ceph
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
resourceNames:
- 00-rook-ceph-operator
verbs:
- use

65
cluster/core/infrastructure/rook-ceph/rook-direct-mount/deployment.yaml Normal file
View File

@@ -0,0 +1,65 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rook-direct-mount
namespace: rook-ceph
labels:
app: rook-direct-mount
spec:
replicas: 1
selector:
matchLabels:
app: rook-direct-mount
template:
metadata:
labels:
app: rook-direct-mount
spec:
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: rook-direct-mount
image: rook/ceph:v1.6.0
command: ["/tini"]
args: ["-g", "--", "/usr/local/bin/toolbox.sh"]
imagePullPolicy: IfNotPresent
env:
- name: ROOK_CEPH_USERNAME
valueFrom:
secretKeyRef:
name: rook-ceph-mon
key: ceph-username
- name: ROOK_CEPH_SECRET
valueFrom:
secretKeyRef:
name: rook-ceph-mon
key: ceph-secret
securityContext:
privileged: true
volumeMounts:
- mountPath: /dev
name: dev
- mountPath: /sys/bus
name: sysbus
- mountPath: /lib/modules
name: libmodules
- name: mon-endpoint-volume
mountPath: /etc/rook
# if hostNetwork: false, the "rbd map" command hangs, see https://github.com/rook/rook/issues/2021
hostNetwork: true
volumes:
- name: dev
hostPath:
path: /dev
- name: sysbus
hostPath:
path: /sys/bus
- name: libmodules
hostPath:
path: /lib/modules
- name: mon-endpoint-volume
configMap:
name: rook-ceph-mon-endpoints
items:
- key: data
path: mon-endpoints

4
cluster/core/infrastructure/rook-ceph/rook-direct-mount/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml

19
cluster/core/infrastructure/rook-ceph/servicemonitor/csi-metrics.yaml Normal file
View File

@@ -0,0 +1,19 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: csi-metrics
namespace: rook-ceph
labels:
team: rook
spec:
namespaceSelector:
matchNames:
- rook-ceph
selector:
matchLabels:
app: csi-metrics
endpoints:
- port: csi-http-metrics
path: /metrics
interval: 5s

5
cluster/core/infrastructure/rook-ceph/servicemonitor/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- csi-metrics.yaml
- rook-ceph-mgr.yaml

20
cluster/core/infrastructure/rook-ceph/servicemonitor/rook-ceph-mgr.yaml Normal file
View File

@@ -0,0 +1,20 @@
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: rook-ceph-mgr
namespace: rook-ceph
labels:
team: rook
spec:
namespaceSelector:
matchNames:
- rook-ceph
selector:
matchLabels:
app: rook-ceph-mgr
rook_cluster: rook-ceph
endpoints:
- port: http-metrics
path: /metrics
interval: 5s

5
cluster/core/infrastructure/rook-ceph/snapshot-controller/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rbac.yaml
- statefulset.yaml

73
cluster/core/infrastructure/rook-ceph/snapshot-controller/rbac.yaml Normal file
View File

@@ -0,0 +1,73 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: snapshot-controller
namespace: rook-ceph
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-role
subjects:
- kind: ServiceAccount
name: snapshot-controller
namespace: rook-ceph
roleRef:
kind: ClusterRole
name: snapshot-controller-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: rook-ceph
name: snapshot-controller-leaderelection
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-leaderelection
namespace: rook-ceph
subjects:
- kind: ServiceAccount
name: snapshot-controller
namespace: rook-ceph
roleRef:
kind: Role
name: snapshot-controller-leaderelection
apiGroup: rbac.authorization.k8s.io

25
cluster/core/infrastructure/rook-ceph/snapshot-controller/statefulset.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: snapshot-controller
namespace: rook-ceph
spec:
serviceName: "snapshot-controller"
replicas: 1
selector:
matchLabels:
app: snapshot-controller
template:
metadata:
labels:
app: snapshot-controller
spec:
serviceAccount: snapshot-controller
containers:
- name: snapshot-controller
image: k8s.gcr.io/sig-storage/snapshot-controller:v4.0.0
args:
- "--v=5"
- "--leader-election=false"
imagePullPolicy: IfNotPresent

11
cluster/core/infrastructure/rook-ceph/storage/cephblockpool.yaml Normal file
View File

@@ -0,0 +1,11 @@
---
apiVersion: ceph.rook.io/v1
kind: CephBlockPool
metadata:
name: replicapool
namespace: rook-ceph
spec:
failureDomain: host
replicated:
size: 3
requireSafeReplicaSize: true

71
cluster/core/infrastructure/rook-ceph/storage/cephcluster.yaml Normal file
View File

@@ -0,0 +1,71 @@
---
apiVersion: ceph.rook.io/v1
kind: CephCluster
metadata:
name: rook-ceph
namespace: rook-ceph
spec:
cephVersion:
image: ceph/ceph:v15.2.10
allowUnsupported: false
dataDirHostPath: /var/lib/rook
skipUpgradeChecks: false
continueUpgradeAfterChecksEvenIfNotHealthy: false
removeOSDsIfOutAndSafeToRemove: false
mon:
count: 3
allowMultiplePerNode: false
monitoring:
enabled: true
rulesNamespace: rook-ceph
network:
crashCollector:
disable: false
cleanupPolicy:
confirmation: ""
sanitizeDisks:
method: quick
dataSource: zero
iteration: 1
mgr:
modules:
- name: pg_autoscaler
enabled: true
dashboard:
enabled: true
port: 7000
ssl: false
disruptionManagement:
managePodBudgets: false
osdMaintenanceTimeout: 30
manageMachineDisruptionBudgets: false
machineDisruptionBudgetNamespace: openshift-machine-api
resources:
mon:
requests:
cpu: 35m
memory: 800Mi
limits:
memory: 1024Mi
osd:
requests:
cpu: 35m
memory: 2048Mi
limits:
memory: 4096Mi
storage:
useAllNodes: false
useAllDevices: false
config:
metadataDevice:
osdsPerDevice: "1"
nodes:
- name: "k3s-worker1"
devices:
- name: "nvme0n1"
- name: "k3s-worker2"
devices:
- name: "nvme0n1"
- name: "k3s-worker3"
devices:
- name: "nvme0n1"

7
cluster/core/infrastructure/rook-ceph/storage/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cephblockpool.yaml
- cephcluster.yaml
- storageclass.yaml
- volumesnapshotclass.yaml

22
cluster/core/infrastructure/rook-ceph/storage/storageclass.yaml Normal file
View File

@@ -0,0 +1,22 @@
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: rook-ceph-block
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: rook-ceph.rbd.csi.ceph.com
parameters:
clusterID: rook-ceph
pool: replicapool
imageFormat: "2"
imageFeatures: layering
csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/fstype: ext4
reclaimPolicy: Delete
allowVolumeExpansion: true

16
cluster/core/infrastructure/rook-ceph/storage/volumesnapshotclass.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: snapshot.storage.k8s.io/v1beta1
kind: VolumeSnapshotClass
metadata:
name: csi-rbdplugin-snapclass
annotations:
k10.kasten.io/is-snapshot-class: "true"
driver: rook-ceph.rbd.csi.ceph.com
parameters:
# Specify a string that identifies your cluster. Ceph CSI supports any
# unique string. When Ceph CSI is deployed by Rook use the Rook namespace,
# for example "rook-ceph".
clusterID: rook-ceph
csi.storage.k8s.io/snapshotter-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/snapshotter-secret-namespace: rook-ceph
deletionPolicy: Delete

5
cluster/core/namespaces/rook-ceph.yaml
View File

@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: rook-ceph