stabify/gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(storage): replace minio with rook-ceph, remove minio files

Browse Source
This commit is contained in:
Ubuntu
2026-01-13 23:51:06 +00:00
parent 625cb4f168
commit d60ff63314
7 changed files with 150 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
apps/minio-app.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: minio
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "3"
spec:
project: default
source:
repoURL: https://git.cloud-infra.prod.openmailserver.de/stabify/gitops.git
targetRevision: HEAD
path: apps/minio
destination:
server: https://kubernetes.default.svc
namespace: minio
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

95
apps/minio/deployment.yaml
View File

@@ -1,95 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
namespace: minio
labels:
app: minio
spec:
replicas: 1
strategy:
type: Recreate # Wichtig für PVCs (ReadWriteOnce)
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
spec:
containers:
- name: minio
image: minio/minio:latest
args:
- server
- /data
- --console-address
- :9001
ports:
- containerPort: 9000
name: api
- containerPort: 9001
name: console
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: minio-secrets
key: root_user
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: minio-secrets
key: root_password
# Setze die Browser Redirect URL korrekt für Public Access
- name: MINIO_BROWSER_REDIRECT_URL
value: "https://minio.apps.k3s.stabify.de"
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
httpGet:
path: /minio/health/live
port: 9000
initialDelaySeconds: 30
periodSeconds: 20
readinessProbe:
httpGet:
path: /minio/health/ready
port: 9000
initialDelaySeconds: 30
periodSeconds: 20
volumes:
- name: data
persistentVolumeClaim:
claimName: minio-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio-pvc
namespace: minio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi # Kannst du später vergrößern (Requires VM disk space)
---
apiVersion: v1
kind: Service
metadata:
name: minio
namespace: minio
spec:
ports:
- port: 9000
targetPort: 9000
protocol: TCP
name: api
- port: 9001
targetPort: 9001
protocol: TCP
name: console
selector:
app: minio

22
apps/minio/external-secret.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: minio-external-secret
namespace: minio
spec:
refreshInterval: "1m"
secretStoreRef:
name: vault-backend
kind: ClusterSecretStore
target:
name: minio-secrets
creationPolicy: Owner
data:
- secretKey: root_user
remoteRef:
key: secret/apps/minio
property: root_user
- secretKey: root_password
remoteRef:
key: secret/apps/minio
property: root_password

38
apps/minio/ingress.yaml
View File

@@ -1,38 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minio-ingress
namespace: minio
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- minio.apps.k3s.stabify.de
- s3.apps.k3s.stabify.de
secretName: minio-tls
rules:
# Console Access (Browser UI)
- host: minio.apps.k3s.stabify.de
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: minio
port:
number: 9001
# API Access (Apps like Outline, etc.)
- host: s3.apps.k3s.stabify.de
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: minio
port:
number: 9000

91
infrastructure/rook-ceph-cluster-app.yaml Normal file
View File

@@ -0,0 +1,91 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: rook-ceph-cluster
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "2"
spec:
project: default
source:
chart: rook-ceph-cluster
repoURL: https://charts.rook.io/release
targetRevision: v1.13.3
helm:
values: |
operatorNamespace: rook-ceph
toolbox:
enabled: true # Nützlich für Debugging (ceph CLI)
# Monitoring Dashboard
dashboard:
enabled: true
ssl: false
# Single Node Config (WICHTIG für dein Setup)
cephClusterSpec:
dataDirHostPath: /var/lib/rook
mon:
count: 1
allowMultiplePerNode: true
mgr:
count: 1
allowMultiplePerNode: true
# Wir nutzen PVCs statt Raw Disks (einfacher in VM)
storage:
useAllNodes: false
useAllDevices: false
storageClassDeviceSets:
- name: set1
count: 1 # Anzahl der OSDs
portable: false
tuneDeviceClass: true
volumeClaimTemplates:
- metadata:
name: data
spec:
resources:
requests:
storage: 50Gi
storageClassName: local-path
accessModes:
- ReadWriteOnce
# S3 Object Store (RadosGW)
cephObjectStores:
- name: ceph-objectstore
spec:
metadataPool:
failureDomain: host
replicated:
size: 1 # Keine Replikation (Single Node)
dataPool:
failureDomain: host
replicated:
size: 1
preservePoolsOnDelete: true
gateway:
port: 80
instances: 1
healthCheck:
bucket:
enabled: true
interval: 60s
# StorageClass für S3 Buckets (damit wir Buckets via K8s Yaml anlegen können)
cephObjectStoreUser:
enabled: false # Wir legen User manuell oder via CRD an
ingress:
dashboard:
ingressClassName: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.entrypoints: websecure
host:
name: ceph.apps.internal.k3s.stabify.de
tls:
- hosts:
- ceph.apps.internal.k3s.stabify.de
secretName: ceph-dashboard-tls

34
infrastructure/rook-ceph-operator-app.yaml Normal file
View File

@@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: rook-ceph-operator
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "1"
spec:
project: default
source:
chart: rook-ceph
repoURL: https://charts.rook.io/release
targetRevision: v1.13.3 # Nutze eine feste Version für Stabilität
helm:
values: |
crds:
enabled: true
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
destination:
server: https://kubernetes.default.svc
namespace: rook-ceph
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ServerSideApply=true # Wichtig für große CRDs

25
infrastructure/rook-ceph/ingress-s3.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ceph-s3-ingress
namespace: rook-ceph
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- s3.apps.internal.k3s.stabify.de
secretName: ceph-s3-tls
rules:
- host: s3.apps.internal.k3s.stabify.de
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: rook-ceph-rgw-ceph-objectstore
port:
number: 80