new rook

infrastructure/rook-ceph-app.yaml

@@ -1,10 +1,10 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: rook-ceph-config
+  name: rook-ceph-cluster
   namespace: argocd
   annotations:
-    argocd.argoproj.io/sync-wave: "3" # Nach dem Cluster deployen
+    argocd.argoproj.io/sync-wave: "2"
 spec:
   project: default
   source:

infrastructure/rook-ceph-cluster-app.yaml

@@ -1,95 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: rook-ceph-cluster
-  namespace: argocd
-  annotations:
-    argocd.argoproj.io/sync-wave: "2"
-spec:
-  project: default
-  source:
-    chart: rook-ceph-cluster
-    repoURL: https://charts.rook.io/release
-    targetRevision: v1.13.3
-    helm:
-      values: |
-        operatorNamespace: rook-ceph
-        toolbox:
-          enabled: true
-        
-        dashboard:
-          enabled: true
-          ssl: false
-        
-        cephClusterSpec:
-          dataDirHostPath: /var/lib/rook
-          mon:
-            count: 1
-            allowMultiplePerNode: true
-          mgr:
-            count: 1
-            allowMultiplePerNode: true
-          
-          resources:
-            mgr:
-              limits:
-                cpu: "1000m"
-                memory: "1Gi"
-              requests:
-                cpu: "100m"
-                memory: "512Mi"
-            mon:
-              limits:
-                cpu: "1000m"
-                memory: "2Gi"
-              requests:
-                cpu: "100m"
-                memory: "512Mi"
-            osd:
-              limits:
-                cpu: "1000m"
-                memory: "2Gi"
-              requests:
-                cpu: "100m"
-                memory: "1Gi"
-          
-          storage:
-            useAllNodes: true
-            useAllDevices: true
-                        
-        cephObjectStores:
-          - name: ceph-objectstore
-            storageClass:
-              enabled: true
-              name: ceph-bucket
-              reclaimPolicy: Delete
-            spec:
-              metadataPool:
-                failureDomain: host
-                replicated:
-                  size: 1
-              dataPool:
-                failureDomain: host
-                replicated:
-                  size: 1
-              preservePoolsOnDelete: true
-              gateway:
-                port: 80
-                instances: 1
-        
-        cephObjectStoreUser:
-          enabled: false
-
-        ingress:
-          dashboard:
-            enabled: false
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: rook-ceph
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-      - ServerSideApply=true

infrastructure/rook-ceph/cluster.yaml

@@ -0,0 +1,44 @@
+apiVersion: ceph.rook.io/v1
+kind: CephCluster
+metadata:
+  name: rook-ceph
+  namespace: rook-ceph
+spec:
+  cephVersion:
+    image: quay.io/ceph/ceph:v18.2.1
+    allowUnsupported: false
+  dataDirHostPath: /var/lib/rook
+  mon:
+    count: 1
+    allowMultiplePerNode: true
+  mgr:
+    count: 1
+    allowMultiplePerNode: true
+  dashboard:
+    enabled: true
+    ssl: false
+  resources:
+    mgr:
+      limits:
+        cpu: "1000m"
+        memory: "1Gi"
+      requests:
+        cpu: "100m"
+        memory: "512Mi"
+    mon:
+      limits:
+        cpu: "1000m"
+        memory: "2Gi"
+      requests:
+        cpu: "100m"
+        memory: "512Mi"
+    osd:
+      limits:
+        cpu: "1000m"
+        memory: "2Gi"
+      requests:
+        cpu: "100m"
+        memory: "1Gi"
+  storage:
+    useAllNodes: true
+    useAllDevices: true

infrastructure/rook-ceph/ingress-dashboard.yaml

@@ -6,7 +6,6 @@ metadata:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/service.serverstransport: rook-ceph-insecure-transport
 spec:
   ingressClassName: traefik
   tls:
@@ -23,4 +22,4 @@ spec:
               service:
                 name: rook-ceph-mgr-dashboard
                 port:
-                  number: 8443 # Service bietet nur 8443 (HTTPS) an
+                  number: 8443

infrastructure/rook-ceph/ingress-s3.yaml

@@ -1,25 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: ceph-s3-ingress
-  namespace: rook-ceph
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-spec:
-  ingressClassName: traefik
-  tls:
-    - hosts:
-        - s3.apps.internal.k3s.stabify.de
-      secretName: ceph-s3-tls
-  rules:
-    - host: s3.apps.internal.k3s.stabify.de
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: rook-ceph-rgw-ceph-objectstore
-                port:
-                  number: 80

infrastructure/rook-ceph/objectstore-user.yaml

@@ -0,0 +1,8 @@
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStoreUser
+metadata:
+  name: ceph-objectstore-user
+  namespace: rook-ceph
+spec:
+  store: ceph-objectstore
+  displayName: "Ceph Object Store User"

infrastructure/rook-ceph/objectstore.yaml

@@ -0,0 +1,19 @@
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStore
+metadata:
+  name: ceph-objectstore
+  namespace: rook-ceph
+spec:
+  metadataPool:
+    failureDomain: host
+    replicated:
+      size: 1
+  dataPool:
+    failureDomain: host
+    replicated:
+      size: 1
+  preservePoolsOnDelete: true
+  gateway:
+    type: s3
+    port: 80
+    instances: 1

infrastructure/rook-ceph/transport.yaml

@@ -1,7 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: ServersTransport
-metadata:
-  name: rook-ceph-insecure-transport
-  namespace: rook-ceph
-spec:
-  insecureSkipVerify: true