feat(ocis): Add basic drive configuration
Add OwnCloud Infinity Scale as drive to the cluster. The current configuration only includes enough for a beta environment.
This commit is contained in:
parent
838ccaccf2
commit
802eef042e
@ -5,7 +5,7 @@
|
||||
| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | Awaiting configuration |
|
||||
| Traefik | Reverse proxy and load balancer | Public* | Socrates | - | - | - | Configured | Configured | Completed |
|
||||
| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Completed |
|
||||
| Owncloud Infinity Scale | File hosting webUI | Public | Plato | PostgreSQL | Drive files | Not configured | Not configured | Not configured | Awaiting configuration |
|
||||
| Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Managed by Longhorn | Configured | Not available | Completed |
|
||||
| Home assistant | Home automation and monitoring | Private | Pythagoras-a | PostgreSQL | - | Not configured | Not configured | Not configured | Awaiting configuration |
|
||||
| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Migrate to Gitlab |
|
||||
| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | Not configured | Not configured | Not configured | Awaiting configuration |
|
||||
@ -60,6 +60,7 @@ longhorn
|
||||
- ~~Setup DB container sidecars for automated backups to Longhorn volume~~
|
||||
- Setup secrets configuration through CI/CD variable injection
|
||||
- Explore permission issues when issuing OVH API keys (not working for wildcard and `beta.halia.dev` subdomain)
|
||||
- Setup default users for services
|
||||
- ~~Setup log and metric monitoring~~
|
||||
- ~~Define namespaces through yaml files~~
|
||||
- ~~Look into CockroachDB for redundant database~~ Judged too complicated, moving to a 1 to 1 relationship between services and databases
|
||||
|
@ -1,60 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: ocis-cfmap
|
||||
data:
|
||||
file-from-cfgmap: |
|
||||
token_manager:
|
||||
jwt_secret: FhiGf^OHYAZ7dG71ahYCKqijFwR!=0Ow
|
||||
machine_auth_api_key: ej1Z+nyhbBtnqxarIY4Tsy-2+HZtn77-
|
||||
system_user_api_key: O%n*G#ppGY7XkQZu4G9Ond11R$5^r0O0
|
||||
transfer_secret: J!V67qd*OzhxETqjemD9NM4.G0TtFUK3
|
||||
system_user_id: 22040a20-6a6e-4852-890f-4b75fc83fe16
|
||||
admin_user_id: 9daeabac-8bd1-4832-b901-2d8b9cbc0c9b
|
||||
graph:
|
||||
spaces:
|
||||
insecure: true
|
||||
identity:
|
||||
ldap:
|
||||
bind_password: '!m-jDVnCELY=aY%*b@DXPrm9axqZyaZ$'
|
||||
idp:
|
||||
ldap:
|
||||
bind_password: 8nH+VikJ$05P8+M!ZB#fW7R-.G3hE+xP
|
||||
idm:
|
||||
service_user_passwords:
|
||||
admin_password: qXY0%X8%DIIG5w3e8JbgVgaD*ac!bJkr
|
||||
idm_password: '!m-jDVnCELY=aY%*b@DXPrm9axqZyaZ$'
|
||||
reva_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p
|
||||
idp_password: 8nH+VikJ$05P8+M!ZB#fW7R-.G3hE+xP
|
||||
proxy:
|
||||
insecure_backends: true
|
||||
frontend:
|
||||
archiver:
|
||||
insecure: true
|
||||
auth_basic:
|
||||
auth_providers:
|
||||
ldap:
|
||||
bind_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p
|
||||
auth_bearer:
|
||||
auth_providers:
|
||||
oidc:
|
||||
insecure: true
|
||||
users:
|
||||
drivers:
|
||||
ldap:
|
||||
bind_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p
|
||||
groups:
|
||||
drivers:
|
||||
ldap:
|
||||
bind_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p
|
||||
storage_system:
|
||||
data_provider_insecure: true
|
||||
storage_users:
|
||||
data_provider_insecure: true
|
||||
ocdav:
|
||||
insecure: true
|
||||
thumbnails:
|
||||
thumbnail:
|
||||
transfer_secret: gOm2#L4V9DGJ=fdPrHwZ%CmBje#r9j@E
|
||||
webdav_allow_insecure: true
|
||||
cs3_allow_insecure: true
|
@ -1,38 +1,200 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ocis
|
||||
name: chart-owncloud-ocis
|
||||
namespace: drive
|
||||
labels:
|
||||
app.kubernetes.io/instance: chart
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: owncloud-ocis
|
||||
app.kubernetes.io/version: 2.0.0
|
||||
helm-revision: "1"
|
||||
helm.sh/chart: owncloud-ocis-8.1.1
|
||||
annotations:
|
||||
rollme: oHHac
|
||||
spec:
|
||||
revisionHistoryLimit: 3
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ocis
|
||||
app.kubernetes.io/name: owncloud-ocis
|
||||
app.kubernetes.io/instance: chart
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
|
||||
labels:
|
||||
app: ocis
|
||||
app.kubernetes.io/name: owncloud-ocis
|
||||
app.kubernetes.io/instance: chart
|
||||
spec:
|
||||
containers:
|
||||
- name: ocis
|
||||
image: owncloud/ocis
|
||||
ports:
|
||||
- containerPort: 9200
|
||||
|
||||
serviceAccountName: default
|
||||
securityContext:
|
||||
|
||||
fsGroup: 568
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
runAsGroup: 568
|
||||
runAsUser: 568
|
||||
supplementalGroups:
|
||||
- 568
|
||||
dnsPolicy: ClusterFirst
|
||||
dnsConfig:
|
||||
options:
|
||||
|
||||
- name: ndots
|
||||
value: "1"
|
||||
enableServiceLinks: false
|
||||
terminationGracePeriodSeconds: 10
|
||||
initContainers:
|
||||
|
||||
- name: prepare
|
||||
image: tccr.io/truecharts/multi-init:v0.0.1@sha256:4c2caebee117b055f379377fd0fd306f2ee0e6697fd47d9364073e0e9e6f2e02
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
resources:
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 8Gi
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 50Mi
|
||||
env:
|
||||
- name: IDM_CREATE_DEMO_USERS
|
||||
value: "true"
|
||||
- name: INSECURE
|
||||
value: "true"
|
||||
- name: OCIS_JWT_SECRET
|
||||
value: "Something_random_not_normal"
|
||||
- name: STORAGE_TRANSFER_SECRET
|
||||
value: "Something_very_secure"
|
||||
- name: OCIS_MACHINE_AUTH_API_KEY
|
||||
value: "A_very_random_api_key"
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-c"
|
||||
- |
|
||||
/bin/bash <<'EOF'
|
||||
echo "Automatically correcting permissions..."
|
||||
|
||||
EOF
|
||||
|
||||
volumeMounts:
|
||||
- name: mnt
|
||||
mountPath: /etc/ocis/ocis.yaml
|
||||
subPath: ocis-config
|
||||
- command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
if test -f /etc/ocis/ocis.yaml; then exit 0; fi &&
|
||||
/usr/bin/ocis init -f --insecure yes > /etc/ocis/password
|
||||
image: 'tccr.io/truecharts/ocis:2.0.0@sha256:208f181966b2ef710633e17c27d143e866f40e186c67dd1c3f78748f6f871e82'
|
||||
name: init
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ocis
|
||||
name: config
|
||||
nodeName: slave-1
|
||||
containers:
|
||||
- name: chart-owncloud-ocis
|
||||
image: tccr.io/truecharts/ocis:2.0.0@sha256:208f181966b2ef710633e17c27d143e866f40e186c67dd1c3f78748f6f871e82
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
add: []
|
||||
drop: []
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: true
|
||||
|
||||
env:
|
||||
- name: UMASK
|
||||
value: "2"
|
||||
- name: UMASK_SET
|
||||
value: "2"
|
||||
- name: S6_READ_ONLY_ROOT
|
||||
value: "1"
|
||||
- name: NVIDIA_VISIBLE_DEVICES
|
||||
value: "void"
|
||||
- name: TZ
|
||||
value: "Europe/Copenhagen"
|
||||
- name: "ACCOUNTS_DEMO_USERS_AND_GROUPS"
|
||||
value: "false"
|
||||
- name: "OCIS_INSECURE"
|
||||
value: "true"
|
||||
- name: "OCIS_JWT_SECRET"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: OCIS_JWT_SECRET
|
||||
name: ocis-secrets
|
||||
- name: "OCIS_LOG_COLOR"
|
||||
value: "true"
|
||||
- name: "OCIS_LOG_PRETTY"
|
||||
value: "true"
|
||||
- name: "OCIS_MACHINE_AUTH_API_KEY"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: OCIS_MACHINE_AUTH_API_KEY
|
||||
name: ocis-secrets
|
||||
- name: "OCIS_URL"
|
||||
value: "https://drive.beta.halia.dev"
|
||||
- name: "PROXY_HTTP_ADDR"
|
||||
value: "0.0.0.0:9200"
|
||||
- name: "PROXY_TLS"
|
||||
value: "false"
|
||||
- name: "STORAGE_TRANSFER_SECRET"
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: STORAGE_TRANSFER_SECRET
|
||||
name: ocis-secrets
|
||||
envFrom:
|
||||
ports:
|
||||
- name: main
|
||||
containerPort: 9200
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
|
||||
- mountPath: /etc/ocis
|
||||
name: config
|
||||
- mountPath: /var/lib/ocis
|
||||
name: data
|
||||
- mountPath: /shared
|
||||
name: shared
|
||||
- mountPath: /tmp
|
||||
name: temp
|
||||
- mountPath: /var/logs
|
||||
name: varlogs
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: 9200
|
||||
initialDelaySeconds: 10
|
||||
failureThreshold: 5
|
||||
timeoutSeconds: 5
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: 9200
|
||||
initialDelaySeconds: 10
|
||||
failureThreshold: 5
|
||||
timeoutSeconds: 5
|
||||
periodSeconds: 10
|
||||
startupProbe:
|
||||
tcpSocket:
|
||||
port: 9200
|
||||
initialDelaySeconds: 10
|
||||
failureThreshold: 60
|
||||
timeoutSeconds: 2
|
||||
periodSeconds: 5
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 8Gi
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 50Mi
|
||||
volumes:
|
||||
- name: mnt
|
||||
configMap:
|
||||
name: ocis-cfmap
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: chart-owncloud-ocis-config
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: chart-owncloud-ocis-data
|
||||
- name: shared
|
||||
emptyDir:
|
||||
{}
|
||||
- name: temp
|
||||
emptyDir:
|
||||
{}
|
||||
- name: varlogs
|
||||
emptyDir:
|
||||
{}
|
||||
|
@ -1,14 +1,23 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ocis-ingress
|
||||
|
||||
namespace: drive
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "traefik"
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`drive.diogenes.halia`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: ocis-svc
|
||||
port: 9200
|
||||
tls:
|
||||
- secretName: ocis-beta-tls
|
||||
hosts:
|
||||
- drive.beta.halia.dev
|
||||
rules:
|
||||
- host: drive.beta.halia.dev
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: chart-owncloud-ocis
|
||||
port:
|
||||
number: 9200
|
||||
|
4
ocis/namespace.yaml
Normal file
4
ocis/namespace.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: drive
|
19
ocis/pvc-config.yaml
Normal file
19
ocis/pvc-config.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: chart-owncloud-ocis-config
|
||||
namespace: drive
|
||||
labels:
|
||||
helm.sh/chart: owncloud-ocis-8.1.1
|
||||
app.kubernetes.io/name: owncloud-ocis
|
||||
app.kubernetes.io/instance: chart
|
||||
helm-revision: "1"
|
||||
app.kubernetes.io/version: "2.0.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
resources:
|
||||
requests:
|
||||
storage: "200Mi"
|
||||
storageClassName: flat-storage-class
|
19
ocis/pvc-data.yaml
Normal file
19
ocis/pvc-data.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: chart-owncloud-ocis-data
|
||||
namespace: drive
|
||||
labels:
|
||||
helm.sh/chart: owncloud-ocis-8.1.1
|
||||
app.kubernetes.io/name: owncloud-ocis
|
||||
app.kubernetes.io/instance: chart
|
||||
helm-revision: "1"
|
||||
app.kubernetes.io/version: "2.0.0"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
resources:
|
||||
requests:
|
||||
storage: "10Gi"
|
||||
storageClassName: flat-storage-class
|
@ -1,13 +1,17 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ocis-svc
|
||||
name: chart-owncloud-ocis
|
||||
namespace: drive
|
||||
labels:
|
||||
app: ocis
|
||||
app.kubernetes.io/instance: chart
|
||||
app.kubernetes.io/name: owncloud-ocis
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: http
|
||||
port: 9200
|
||||
- port: 9200
|
||||
targetPort: 9200
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app: ocis
|
||||
app.kubernetes.io/name: owncloud-ocis
|
||||
app.kubernetes.io/instance: chart
|
||||
|
Loading…
Reference in New Issue
Block a user