feat(ocis): Add basic drive configuration
Add OwnCloud Infinity Scale as drive to the cluster. The current configuration only includes enough for a beta environment.
This commit is contained in:
parent
838ccaccf2
commit
802eef042e
@ -5,7 +5,7 @@
|
|||||||
| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | Awaiting configuration |
|
| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | Awaiting configuration |
|
||||||
| Traefik | Reverse proxy and load balancer | Public* | Socrates | - | - | - | Configured | Configured | Completed |
|
| Traefik | Reverse proxy and load balancer | Public* | Socrates | - | - | - | Configured | Configured | Completed |
|
||||||
| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Completed |
|
| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Completed |
|
||||||
| Owncloud Infinity Scale | File hosting webUI | Public | Plato | PostgreSQL | Drive files | Not configured | Not configured | Not configured | Awaiting configuration |
|
| Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Managed by Longhorn | Configured | Not available | Completed |
|
||||||
| Home assistant | Home automation and monitoring | Private | Pythagoras-a | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration |
|
| Home assistant | Home automation and monitoring | Private | Pythagoras-a | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration |
|
||||||
| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to Gitlab |
|
| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to Gitlab |
|
||||||
| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | Not configured | Not configured | Not configured | Awaiting configuration |
|
| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | Not configured | Not configured | Not configured | Awaiting configuration |
|
||||||
@ -60,6 +60,7 @@ longhorn
|
|||||||
- ~~Setup DB container sidecars for automated backups to Longhorn volume~~
|
- ~~Setup DB container sidecars for automated backups to Longhorn volume~~
|
||||||
- Setup secrets configuration through CI/CD variable injection
|
- Setup secrets configuration through CI/CD variable injection
|
||||||
- Explore permission issues when issuing OVH API keys (not working for wildcard and `beta.halia.dev` subdomain)
|
- Explore permission issues when issuing OVH API keys (not working for wildcard and `beta.halia.dev` subdomain)
|
||||||
|
- Setup default users for services
|
||||||
- ~~Setup log and metric monitoring~~
|
- ~~Setup log and metric monitoring~~
|
||||||
- ~~Define namespaces through yaml files~~
|
- ~~Define namespaces through yaml files~~
|
||||||
- ~~Look into CockroachDB for redundant database~~ Judged too complicated, moving to a 1 to 1 relationship between services and databases
|
- ~~Look into CockroachDB for redundant database~~ Judged too complicated, moving to a 1 to 1 relationship between services and databases
|
||||||
|
@ -1,60 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: ocis-cfmap
|
|
||||||
data:
|
|
||||||
file-from-cfgmap: |
|
|
||||||
token_manager:
|
|
||||||
jwt_secret: FhiGf^OHYAZ7dG71ahYCKqijFwR!=0Ow
|
|
||||||
machine_auth_api_key: ej1Z+nyhbBtnqxarIY4Tsy-2+HZtn77-
|
|
||||||
system_user_api_key: O%n*G#ppGY7XkQZu4G9Ond11R$5^r0O0
|
|
||||||
transfer_secret: J!V67qd*OzhxETqjemD9NM4.G0TtFUK3
|
|
||||||
system_user_id: 22040a20-6a6e-4852-890f-4b75fc83fe16
|
|
||||||
admin_user_id: 9daeabac-8bd1-4832-b901-2d8b9cbc0c9b
|
|
||||||
graph:
|
|
||||||
spaces:
|
|
||||||
insecure: true
|
|
||||||
identity:
|
|
||||||
ldap:
|
|
||||||
bind_password: '!m-jDVnCELY=aY%*b@DXPrm9axqZyaZ$'
|
|
||||||
idp:
|
|
||||||
ldap:
|
|
||||||
bind_password: 8nH+VikJ$05P8+M!ZB#fW7R-.G3hE+xP
|
|
||||||
idm:
|
|
||||||
service_user_passwords:
|
|
||||||
admin_password: qXY0%X8%DIIG5w3e8JbgVgaD*ac!bJkr
|
|
||||||
idm_password: '!m-jDVnCELY=aY%*b@DXPrm9axqZyaZ$'
|
|
||||||
reva_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p
|
|
||||||
idp_password: 8nH+VikJ$05P8+M!ZB#fW7R-.G3hE+xP
|
|
||||||
proxy:
|
|
||||||
insecure_backends: true
|
|
||||||
frontend:
|
|
||||||
archiver:
|
|
||||||
insecure: true
|
|
||||||
auth_basic:
|
|
||||||
auth_providers:
|
|
||||||
ldap:
|
|
||||||
bind_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p
|
|
||||||
auth_bearer:
|
|
||||||
auth_providers:
|
|
||||||
oidc:
|
|
||||||
insecure: true
|
|
||||||
users:
|
|
||||||
drivers:
|
|
||||||
ldap:
|
|
||||||
bind_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p
|
|
||||||
groups:
|
|
||||||
drivers:
|
|
||||||
ldap:
|
|
||||||
bind_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p
|
|
||||||
storage_system:
|
|
||||||
data_provider_insecure: true
|
|
||||||
storage_users:
|
|
||||||
data_provider_insecure: true
|
|
||||||
ocdav:
|
|
||||||
insecure: true
|
|
||||||
thumbnails:
|
|
||||||
thumbnail:
|
|
||||||
transfer_secret: gOm2#L4V9DGJ=fdPrHwZ%CmBje#r9j@E
|
|
||||||
webdav_allow_insecure: true
|
|
||||||
cs3_allow_insecure: true
|
|
@ -1,38 +1,200 @@
|
|||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: ocis
|
name: chart-owncloud-ocis
|
||||||
|
namespace: drive
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/instance: chart
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/name: owncloud-ocis
|
||||||
|
app.kubernetes.io/version: 2.0.0
|
||||||
|
helm-revision: "1"
|
||||||
|
helm.sh/chart: owncloud-ocis-8.1.1
|
||||||
|
annotations:
|
||||||
|
rollme: oHHac
|
||||||
spec:
|
spec:
|
||||||
|
revisionHistoryLimit: 3
|
||||||
replicas: 1
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app: ocis
|
app.kubernetes.io/name: owncloud-ocis
|
||||||
|
app.kubernetes.io/instance: chart
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
|
annotations:
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
app: ocis
|
app.kubernetes.io/name: owncloud-ocis
|
||||||
|
app.kubernetes.io/instance: chart
|
||||||
spec:
|
spec:
|
||||||
containers:
|
|
||||||
- name: ocis
|
serviceAccountName: default
|
||||||
image: owncloud/ocis
|
securityContext:
|
||||||
ports:
|
|
||||||
- containerPort: 9200
|
fsGroup: 568
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
runAsGroup: 568
|
||||||
|
runAsUser: 568
|
||||||
|
supplementalGroups:
|
||||||
|
- 568
|
||||||
|
dnsPolicy: ClusterFirst
|
||||||
|
dnsConfig:
|
||||||
|
options:
|
||||||
|
|
||||||
|
- name: ndots
|
||||||
|
value: "1"
|
||||||
|
enableServiceLinks: false
|
||||||
|
terminationGracePeriodSeconds: 10
|
||||||
|
initContainers:
|
||||||
|
|
||||||
|
- name: prepare
|
||||||
|
image: tccr.io/truecharts/multi-init:v0.0.1@sha256:4c2caebee117b055f379377fd0fd306f2ee0e6697fd47d9364073e0e9e6f2e02
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 4000m
|
||||||
|
memory: 8Gi
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 50Mi
|
||||||
env:
|
env:
|
||||||
- name: IDM_CREATE_DEMO_USERS
|
command:
|
||||||
value: "true"
|
- "/bin/sh"
|
||||||
- name: INSECURE
|
- "-c"
|
||||||
value: "true"
|
- |
|
||||||
- name: OCIS_JWT_SECRET
|
/bin/bash <<'EOF'
|
||||||
value: "Something_random_not_normal"
|
echo "Automatically correcting permissions..."
|
||||||
- name: STORAGE_TRANSFER_SECRET
|
|
||||||
value: "Something_very_secure"
|
EOF
|
||||||
- name: OCIS_MACHINE_AUTH_API_KEY
|
|
||||||
value: "A_very_random_api_key"
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: mnt
|
- command:
|
||||||
mountPath: /etc/ocis/ocis.yaml
|
- /bin/sh
|
||||||
subPath: ocis-config
|
- -c
|
||||||
|
- |
|
||||||
|
if test -f /etc/ocis/ocis.yaml; then exit 0; fi &&
|
||||||
|
/usr/bin/ocis init -f --insecure yes > /etc/ocis/password
|
||||||
|
image: 'tccr.io/truecharts/ocis:2.0.0@sha256:208f181966b2ef710633e17c27d143e866f40e186c67dd1c3f78748f6f871e82'
|
||||||
|
name: init
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/ocis
|
||||||
|
name: config
|
||||||
|
nodeName: slave-1
|
||||||
|
containers:
|
||||||
|
- name: chart-owncloud-ocis
|
||||||
|
image: tccr.io/truecharts/ocis:2.0.0@sha256:208f181966b2ef710633e17c27d143e866f40e186c67dd1c3f78748f6f871e82
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
add: []
|
||||||
|
drop: []
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
runAsNonRoot: true
|
||||||
|
|
||||||
|
env:
|
||||||
|
- name: UMASK
|
||||||
|
value: "2"
|
||||||
|
- name: UMASK_SET
|
||||||
|
value: "2"
|
||||||
|
- name: S6_READ_ONLY_ROOT
|
||||||
|
value: "1"
|
||||||
|
- name: NVIDIA_VISIBLE_DEVICES
|
||||||
|
value: "void"
|
||||||
|
- name: TZ
|
||||||
|
value: "Europe/Copenhagen"
|
||||||
|
- name: "ACCOUNTS_DEMO_USERS_AND_GROUPS"
|
||||||
|
value: "false"
|
||||||
|
- name: "OCIS_INSECURE"
|
||||||
|
value: "true"
|
||||||
|
- name: "OCIS_JWT_SECRET"
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: OCIS_JWT_SECRET
|
||||||
|
name: ocis-secrets
|
||||||
|
- name: "OCIS_LOG_COLOR"
|
||||||
|
value: "true"
|
||||||
|
- name: "OCIS_LOG_PRETTY"
|
||||||
|
value: "true"
|
||||||
|
- name: "OCIS_MACHINE_AUTH_API_KEY"
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: OCIS_MACHINE_AUTH_API_KEY
|
||||||
|
name: ocis-secrets
|
||||||
|
- name: "OCIS_URL"
|
||||||
|
value: "https://drive.beta.halia.dev"
|
||||||
|
- name: "PROXY_HTTP_ADDR"
|
||||||
|
value: "0.0.0.0:9200"
|
||||||
|
- name: "PROXY_TLS"
|
||||||
|
value: "false"
|
||||||
|
- name: "STORAGE_TRANSFER_SECRET"
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: STORAGE_TRANSFER_SECRET
|
||||||
|
name: ocis-secrets
|
||||||
|
envFrom:
|
||||||
|
ports:
|
||||||
|
- name: main
|
||||||
|
containerPort: 9200
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
|
||||||
|
- mountPath: /etc/ocis
|
||||||
|
name: config
|
||||||
|
- mountPath: /var/lib/ocis
|
||||||
|
name: data
|
||||||
|
- mountPath: /shared
|
||||||
|
name: shared
|
||||||
|
- mountPath: /tmp
|
||||||
|
name: temp
|
||||||
|
- mountPath: /var/logs
|
||||||
|
name: varlogs
|
||||||
|
livenessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 9200
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
failureThreshold: 5
|
||||||
|
timeoutSeconds: 5
|
||||||
|
periodSeconds: 10
|
||||||
|
readinessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 9200
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
failureThreshold: 5
|
||||||
|
timeoutSeconds: 5
|
||||||
|
periodSeconds: 10
|
||||||
|
startupProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: 9200
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
failureThreshold: 60
|
||||||
|
timeoutSeconds: 2
|
||||||
|
periodSeconds: 5
|
||||||
|
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 4000m
|
||||||
|
memory: 8Gi
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 50Mi
|
||||||
volumes:
|
volumes:
|
||||||
- name: mnt
|
- name: config
|
||||||
configMap:
|
persistentVolumeClaim:
|
||||||
name: ocis-cfmap
|
claimName: chart-owncloud-ocis-config
|
||||||
|
- name: data
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: chart-owncloud-ocis-data
|
||||||
|
- name: shared
|
||||||
|
emptyDir:
|
||||||
|
{}
|
||||||
|
- name: temp
|
||||||
|
emptyDir:
|
||||||
|
{}
|
||||||
|
- name: varlogs
|
||||||
|
emptyDir:
|
||||||
|
{}
|
||||||
|
@ -1,14 +1,23 @@
|
|||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: IngressRoute
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: ocis-ingress
|
name: ocis-ingress
|
||||||
|
namespace: drive
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: "traefik"
|
||||||
spec:
|
spec:
|
||||||
entryPoints:
|
tls:
|
||||||
- web
|
- secretName: ocis-beta-tls
|
||||||
routes:
|
hosts:
|
||||||
- match: Host(`drive.diogenes.halia`)
|
- drive.beta.halia.dev
|
||||||
kind: Rule
|
rules:
|
||||||
services:
|
- host: drive.beta.halia.dev
|
||||||
- name: ocis-svc
|
http:
|
||||||
port: 9200
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: chart-owncloud-ocis
|
||||||
|
port:
|
||||||
|
number: 9200
|
||||||
|
4
ocis/namespace.yaml
Normal file
4
ocis/namespace.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: drive
|
19
ocis/pvc-config.yaml
Normal file
19
ocis/pvc-config.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
kind: PersistentVolumeClaim
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: chart-owncloud-ocis-config
|
||||||
|
namespace: drive
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: owncloud-ocis-8.1.1
|
||||||
|
app.kubernetes.io/name: owncloud-ocis
|
||||||
|
app.kubernetes.io/instance: chart
|
||||||
|
helm-revision: "1"
|
||||||
|
app.kubernetes.io/version: "2.0.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- "ReadWriteOnce"
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: "200Mi"
|
||||||
|
storageClassName: flat-storage-class
|
19
ocis/pvc-data.yaml
Normal file
19
ocis/pvc-data.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
kind: PersistentVolumeClaim
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: chart-owncloud-ocis-data
|
||||||
|
namespace: drive
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: owncloud-ocis-8.1.1
|
||||||
|
app.kubernetes.io/name: owncloud-ocis
|
||||||
|
app.kubernetes.io/instance: chart
|
||||||
|
helm-revision: "1"
|
||||||
|
app.kubernetes.io/version: "2.0.0"
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- "ReadWriteOnce"
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: "10Gi"
|
||||||
|
storageClassName: flat-storage-class
|
@ -1,13 +1,17 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: ocis-svc
|
name: chart-owncloud-ocis
|
||||||
|
namespace: drive
|
||||||
labels:
|
labels:
|
||||||
app: ocis
|
app.kubernetes.io/instance: chart
|
||||||
|
app.kubernetes.io/name: owncloud-ocis
|
||||||
spec:
|
spec:
|
||||||
type: ClusterIP
|
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- port: 9200
|
||||||
port: 9200
|
targetPort: 9200
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
selector:
|
selector:
|
||||||
app: ocis
|
app.kubernetes.io/name: owncloud-ocis
|
||||||
|
app.kubernetes.io/instance: chart
|
||||||
|
Loading…
Reference in New Issue
Block a user