From d60ff633142c3c2203185c172c00a4d0e65d1722 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 13 Jan 2026 23:51:06 +0000 Subject: [PATCH] refactor(storage): replace minio with rook-ceph, remove minio files --- apps/minio-app.yaml | 22 ----- apps/minio/deployment.yaml | 95 ---------------------- apps/minio/external-secret.yaml | 22 ----- apps/minio/ingress.yaml | 38 --------- infrastructure/rook-ceph-cluster-app.yaml | 91 +++++++++++++++++++++ infrastructure/rook-ceph-operator-app.yaml | 34 ++++++++ infrastructure/rook-ceph/ingress-s3.yaml | 25 ++++++ 7 files changed, 150 insertions(+), 177 deletions(-) delete mode 100644 apps/minio-app.yaml delete mode 100644 apps/minio/deployment.yaml delete mode 100644 apps/minio/external-secret.yaml delete mode 100644 apps/minio/ingress.yaml create mode 100644 infrastructure/rook-ceph-cluster-app.yaml create mode 100644 infrastructure/rook-ceph-operator-app.yaml create mode 100644 infrastructure/rook-ceph/ingress-s3.yaml diff --git a/apps/minio-app.yaml b/apps/minio-app.yaml deleted file mode 100644 index 3a33654..0000000 --- a/apps/minio-app.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: minio - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "3" -spec: - project: default - source: - repoURL: https://git.cloud-infra.prod.openmailserver.de/stabify/gitops.git - targetRevision: HEAD - path: apps/minio - destination: - server: https://kubernetes.default.svc - namespace: minio - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true diff --git a/apps/minio/deployment.yaml b/apps/minio/deployment.yaml deleted file mode 100644 index d2e2d17..0000000 --- a/apps/minio/deployment.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: minio - namespace: minio - labels: - app: minio -spec: - replicas: 1 - strategy: - type: Recreate # Wichtig für PVCs (ReadWriteOnce) - selector: - matchLabels: - app: minio - template: - metadata: - labels: - app: minio - spec: - containers: - - name: minio - image: minio/minio:latest - args: - - server - - /data - - --console-address - - :9001 - ports: - - containerPort: 9000 - name: api - - containerPort: 9001 - name: console - env: - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: minio-secrets - key: root_user - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: minio-secrets - key: root_password - # Setze die Browser Redirect URL korrekt für Public Access - - name: MINIO_BROWSER_REDIRECT_URL - value: "https://minio.apps.k3s.stabify.de" - volumeMounts: - - name: data - mountPath: /data - livenessProbe: - httpGet: - path: /minio/health/live - port: 9000 - initialDelaySeconds: 30 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /minio/health/ready - port: 9000 - initialDelaySeconds: 30 - periodSeconds: 20 - volumes: - - name: data - persistentVolumeClaim: - claimName: minio-pvc ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: minio-pvc - namespace: minio -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 50Gi # Kannst du später vergrößern (Requires VM disk space) ---- -apiVersion: v1 -kind: Service -metadata: - name: minio - namespace: minio -spec: - ports: - - port: 9000 - targetPort: 9000 - protocol: TCP - name: api - - port: 9001 - targetPort: 9001 - protocol: TCP - name: console - selector: - app: minio diff --git a/apps/minio/external-secret.yaml b/apps/minio/external-secret.yaml deleted file mode 100644 index b6d04af..0000000 --- a/apps/minio/external-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: minio-external-secret - namespace: minio -spec: - refreshInterval: "1m" - secretStoreRef: - name: vault-backend - kind: ClusterSecretStore - target: - name: minio-secrets - creationPolicy: Owner - data: - - secretKey: root_user - remoteRef: - key: secret/apps/minio - property: root_user - - secretKey: root_password - remoteRef: - key: secret/apps/minio - property: root_password diff --git a/apps/minio/ingress.yaml b/apps/minio/ingress.yaml deleted file mode 100644 index 9714d6b..0000000 --- a/apps/minio/ingress.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: minio-ingress - namespace: minio - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - traefik.ingress.kubernetes.io/router.entrypoints: websecure -spec: - ingressClassName: traefik - tls: - - hosts: - - minio.apps.k3s.stabify.de - - s3.apps.k3s.stabify.de - secretName: minio-tls - rules: - # Console Access (Browser UI) - - host: minio.apps.k3s.stabify.de - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: minio - port: - number: 9001 - # API Access (Apps like Outline, etc.) - - host: s3.apps.k3s.stabify.de - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: minio - port: - number: 9000 diff --git a/infrastructure/rook-ceph-cluster-app.yaml b/infrastructure/rook-ceph-cluster-app.yaml new file mode 100644 index 0000000..a13ab79 --- /dev/null +++ b/infrastructure/rook-ceph-cluster-app.yaml @@ -0,0 +1,91 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: rook-ceph-cluster + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "2" +spec: + project: default + source: + chart: rook-ceph-cluster + repoURL: https://charts.rook.io/release + targetRevision: v1.13.3 + helm: + values: | + operatorNamespace: rook-ceph + toolbox: + enabled: true # Nützlich für Debugging (ceph CLI) + + # Monitoring Dashboard + dashboard: + enabled: true + ssl: false + + # Single Node Config (WICHTIG für dein Setup) + cephClusterSpec: + dataDirHostPath: /var/lib/rook + mon: + count: 1 + allowMultiplePerNode: true + mgr: + count: 1 + allowMultiplePerNode: true + + # Wir nutzen PVCs statt Raw Disks (einfacher in VM) + storage: + useAllNodes: false + useAllDevices: false + storageClassDeviceSets: + - name: set1 + count: 1 # Anzahl der OSDs + portable: false + tuneDeviceClass: true + volumeClaimTemplates: + - metadata: + name: data + spec: + resources: + requests: + storage: 50Gi + storageClassName: local-path + accessModes: + - ReadWriteOnce + + # S3 Object Store (RadosGW) + cephObjectStores: + - name: ceph-objectstore + spec: + metadataPool: + failureDomain: host + replicated: + size: 1 # Keine Replikation (Single Node) + dataPool: + failureDomain: host + replicated: + size: 1 + preservePoolsOnDelete: true + gateway: + port: 80 + instances: 1 + healthCheck: + bucket: + enabled: true + interval: 60s + + # StorageClass für S3 Buckets (damit wir Buckets via K8s Yaml anlegen können) + cephObjectStoreUser: + enabled: false # Wir legen User manuell oder via CRD an + + ingress: + dashboard: + ingressClassName: traefik + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + traefik.ingress.kubernetes.io/router.entrypoints: websecure + host: + name: ceph.apps.internal.k3s.stabify.de + tls: + - hosts: + - ceph.apps.internal.k3s.stabify.de + secretName: ceph-dashboard-tls diff --git a/infrastructure/rook-ceph-operator-app.yaml b/infrastructure/rook-ceph-operator-app.yaml new file mode 100644 index 0000000..4c77a60 --- /dev/null +++ b/infrastructure/rook-ceph-operator-app.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: rook-ceph-operator + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "1" +spec: + project: default + source: + chart: rook-ceph + repoURL: https://charts.rook.io/release + targetRevision: v1.13.3 # Nutze eine feste Version für Stabilität + helm: + values: | + crds: + enabled: true + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi + destination: + server: https://kubernetes.default.svc + namespace: rook-ceph + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true # Wichtig für große CRDs diff --git a/infrastructure/rook-ceph/ingress-s3.yaml b/infrastructure/rook-ceph/ingress-s3.yaml new file mode 100644 index 0000000..bfdcbc4 --- /dev/null +++ b/infrastructure/rook-ceph/ingress-s3.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ceph-s3-ingress + namespace: rook-ceph + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + tls: + - hosts: + - s3.apps.internal.k3s.stabify.de + secretName: ceph-s3-tls + rules: + - host: s3.apps.internal.k3s.stabify.de + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: rook-ceph-rgw-ceph-objectstore + port: + number: 80