From 5a416b27708f141d0b1dfdf13885783d0d0b486a Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 29 Dec 2023 21:02:38 +0100 Subject: [PATCH] WIP: configure rook --- badhouseplants/helmfile.yaml | 40 ++-- .../values.istio-gateway-resources.yaml | 2 +- .../values/values.istio-ingressgateway.yaml | 6 +- .../values/values.rook-ceph-cluster.yaml | 96 ++++++++ badhouseplants/values/values.rook-ceph.yaml | 215 ++++++++++++++++++ environments.yaml | 2 +- helmfile.yaml | 14 +- releases.yaml | 14 ++ repositories.yaml | 2 + test/test.yaml | 30 +++ 10 files changed, 387 insertions(+), 34 deletions(-) create mode 100644 badhouseplants/values/values.rook-ceph-cluster.yaml create mode 100644 badhouseplants/values/values.rook-ceph.yaml create mode 100644 test/test.yaml diff --git a/badhouseplants/helmfile.yaml b/badhouseplants/helmfile.yaml index 450d7b0..4789c8f 100644 --- a/badhouseplants/helmfile.yaml +++ b/badhouseplants/helmfile.yaml @@ -5,42 +5,42 @@ releases: - <<: *drone installed: true namespace: drone-service - createNamespace: false + createNamespace: true - <<: *drone-runner-docker installed: true namespace: drone-service - createNamespace: false + createNamespace: true - <<: *longhorn installed: true namespace: longhorn-system - createNamespace: false + createNamespace: true - <<: *argocd installed: true namespace: argo-system - createNamespace: false + createNamespace: true - <<: *nrodionov installed: true namespace: nrodionov-application - createNamespace: false + createNamespace: true - <<: *minecraft installed: true namespace: minecraft-application - createNamespace: false + createNamespace: true - <<: *gitea installed: true namespace: gitea-service - createNamespace: false + createNamespace: true - <<: *funkwhale installed: true namespace: funkwhale-application - createNamespace: false + createNamespace: true - <<: *prometheus installed: true @@ -50,16 +50,11 @@ releases: - <<: *loki installed: true namespace: monitoring-system - createNamespace: false + createNamespace: true - <<: *promtail installed: true namespace: monitoring-system - createNamespace: false - - - <<: *bitwarden - installed: false - namespace: bitwarden-application createNamespace: true - <<: *redis @@ -82,11 +77,6 @@ releases: namespace: database-service createNamespace: true - - <<: *mysql - installed: false - namespace: database-service - createNamespace: true - - <<: *docker-mailserver installed: true namespace: mail-service @@ -95,7 +85,7 @@ releases: - <<: *istio-gateway-resources installed: true namespace: istio-system - createNamespace: false + createNamespace: true - <<: *vaultwarden createNamespace: true @@ -107,6 +97,16 @@ releases: namespace: woodpecker-ci createNamespace: true + - <<: *rook-ceph + installed: true + namespace: rook-ceph + createNamespace: true + + - <<: *rook-ceph-cluster + installed: true + namespace: rook-ceph-cluster + createNamespace: true + bases: - ../environments.yaml - ../repositories.yaml diff --git a/badhouseplants/values/values.istio-gateway-resources.yaml b/badhouseplants/values/values.istio-gateway-resources.yaml index 9349206..faa5a31 100644 --- a/badhouseplants/values/values.istio-gateway-resources.yaml +++ b/badhouseplants/values/values.istio-gateway-resources.yaml @@ -76,7 +76,7 @@ istio-gateway: - '*' port: name: ssh - number: 22 + number: 2022 protocol: TCP - name: badhouseplants-minecraft servers: diff --git a/badhouseplants/values/values.istio-ingressgateway.yaml b/badhouseplants/values/values.istio-ingressgateway.yaml index a5d2656..223b76f 100644 --- a/badhouseplants/values/values.istio-ingressgateway.yaml +++ b/badhouseplants/values/values.istio-ingressgateway.yaml @@ -6,7 +6,7 @@ service: protocol: TCP targetPort: 25565 - name: ssh-gitea - port: 22 + port: 2222 protocol: TCP targetPort: 22 - name: http2 @@ -21,10 +21,6 @@ service: port: 1194 protocol: TCP targetPort: 1194 - - name: tcp - port: 25 - protocol: TCP - targetPort: 25 # ----------- # -- Email # ----------- diff --git a/badhouseplants/values/values.rook-ceph-cluster.yaml b/badhouseplants/values/values.rook-ceph-cluster.yaml new file mode 100644 index 0000000..0b5c52f --- /dev/null +++ b/badhouseplants/values/values.rook-ceph-cluster.yaml @@ -0,0 +1,96 @@ +cephFileSystems: + - name: ceph-filesystem + spec: + metadataPool: + replicated: + size: 3 + dataPools: + - failureDomain: host + replicated: + size: 3 + name: data0 + metadataServer: + activeCount: 1 + activeStandby: true + resources: + limits: + cpu: "200m" + memory: "256Mi" + requests: + cpu: "50m" + memory: "128Mi" + priorityClassName: system-cluster-critical + storageClass: + enabled: true + isDefault: false + name: ceph-filesystem + pool: data0 + reclaimPolicy: Delete + allowVolumeExpansion: true + volumeBindingMode: "Immediate" + mountOptions: [] + parameters: + csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}" + csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner + csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}" + csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node + csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}" + csi.storage.k8s.io/fstype: ext4 + +cephObjectStores: [] + # - name: ceph-objectstore + # spec: + # metadataPool: + # failureDomain: host + # replicated: + # size: 3 + # dataPool: + # failureDomain: host + # erasureCoded: + # dataChunks: 2 + # codingChunks: 1 + # preservePoolsOnDelete: true + # gateway: + # port: 80 + # resources: + # limits: + # cpu: "150m" + # memory: "256Mi" + # requests: + # cpu: "50m" + # memory: "128Mi" + # instances: 1 + # priorityClassName: system-cluster-critical + # storageClass: + # enabled: true + # name: ceph-bucket + # reclaimPolicy: Delete + # volumeBindingMode: "Immediate" + # parameters: + # region: us-east-1 + # ingress: + # enabled: false +cephClusterSpec: + resources: + mgr: + limits: + cpu: "200m" + memory: "512Mi" + requests: + cpu: "100m" + memory: "128Mi" + mon: + limits: + cpu: "200m" + memory: "512Mi" + requests: + cpu: "100m" + memory: "128Mi" + osd: + limits: + cpu: "200m" + memory: "2Gi" + requests: + cpu: "100m" + memory: "256Mi" diff --git a/badhouseplants/values/values.rook-ceph.yaml b/badhouseplants/values/values.rook-ceph.yaml new file mode 100644 index 0000000..40f0e99 --- /dev/null +++ b/badhouseplants/values/values.rook-ceph.yaml @@ -0,0 +1,215 @@ +--- +csi: + csiRBDProvisionerResource: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-resizer + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-attacher + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-snapshotter + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-rbdplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-omap-generator + resource: + requests: + memory: 12Mi + cpu: 250m + limits: + memory: 1Gi + cpu: 500m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + + # -- CEPH CSI RBD plugin resource requirement list + # @default -- see values.yaml + csiRBDPluginResource: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : csi-rbdplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + + # -- CEPH CSI CephFS provisioner resource requirement list + # @default -- see values.yaml + csiCephFSProvisionerResource: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-resizer + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-attacher + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-snapshotter + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-cephfsplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + + # -- CEPH CSI CephFS plugin resource requirement list + # @default -- see values.yaml + csiCephFSPluginResource: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : csi-cephfsplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : liveness-prometheus + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + + # -- CEPH CSI NFS provisioner resource requirement list + # @default -- see values.yaml + csiNFSProvisionerResource: | + - name : csi-provisioner + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 200m + - name : csi-nfsplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : csi-attacher + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + + # -- CEPH CSI NFS plugin resource requirement list + # @default -- see values.yaml + csiNFSPluginResource: | + - name : driver-registrar + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m + - name : csi-nfsplugin + resource: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 256Mi + cpu: 50m diff --git a/environments.yaml b/environments.yaml index 13a3ca2..d7c7497 100644 --- a/environments.yaml +++ b/environments.yaml @@ -1,5 +1,5 @@ environments: badhouseplants: - kubeContext: badhouseplants + kubeContext: badhouseplants-arm etersoft: kubeContext: etersoft diff --git a/helmfile.yaml b/helmfile.yaml index 97375c2..3fb3964 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -9,37 +9,37 @@ releases: - <<: *metrics-server installed: true namespace: kube-system - createNamespace: false + createNamespace: true - <<: *istio-base installed: true namespace: istio-system - createNamespace: false + createNamespace: true - <<: *istio-gateway installed: true namespace: istio-system - createNamespace: false + createNamespace: true - <<: *istiod installed: true namespace: istio-system - createNamespace: false + createNamespace: true - <<: *cert-manager installed: true namespace: cert-manager - createNamespace: false + createNamespace: true - <<: *minio installed: true namespace: minio-service - createNamespace: false + createNamespace: true - <<: *openvpn installed: true namespace: openvpn-service - createNamespace: false + createNamespace: true - <<: *metallb installed: true diff --git a/releases.yaml b/releases.yaml index 0cca357..2f6dd3f 100644 --- a/releases.yaml +++ b/releases.yaml @@ -357,3 +357,17 @@ templates: name: reflector chart: emberstack/reflector version: 7.1.216 + + rook-ceph: &rook-ceph + name: rook-ceph + chart: rook/rook-ceph + version: v1.13.1 + inherit: + - template: default-env-values + + rook-ceph-cluster: &rook-ceph-cluster + name: rook-ceph-cluster + chart: rook/rook-ceph-cluster + version: v1.13.1 + inherit: + - template: default-env-values diff --git a/repositories.yaml b/repositories.yaml index 6c63ec0..29bc632 100644 --- a/repositories.yaml +++ b/repositories.yaml @@ -43,3 +43,5 @@ repositories: url: https://firefly-iii.github.io/kubernetes/ - name: emberstack url: https://emberstack.github.io/helm-charts + - name: rook + url: https://charts.rook.io/release diff --git a/test/test.yaml b/test/test.yaml new file mode 100644 index 0000000..f462b2f --- /dev/null +++ b/test/test.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pvc-test +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + +--- +apiVersion: v1 +kind: Pod +metadata: + name: pvc-test +spec: + restartPolicy: Never + volumes: + - name: vol + persistentVolumeClaim: + claimName: pvc-test + containers: + - name: pv-recycler + image: ubuntu + command: ["/bin/sh", "-c", "sleep 10000"] + volumeMounts: + - name: vol + mountPath: /data