WIP: app/registry: ceph object storage
diff --git a/app/registry/prod.jsonnet b/app/registry/prod.jsonnet
index 28d706d..5fc2172 100644
--- a/app/registry/prod.jsonnet
+++ b/app/registry/prod.jsonnet
@@ -11,6 +11,7 @@
cfg:: {
namespace: "registry",
domain: "k0.hswaw.net",
+ storageClassName: "waw-hdd-redundant-1",
},
metadata(component):: {
@@ -100,6 +101,19 @@
},
},
+ authVolumeClaim: kube.PersistentVolumeClaim("auth-token-storage") {
+ metadata+: app.metadata("auth-token-storage"),
+ spec+: {
+ storageClassName: cfg.storageClassName,
+ accessModes: [ "ReadWriteOnce" ],
+ resources: {
+ requests: {
+ storage: "1Gi",
+ },
+ },
+ },
+ },
+
authConfig: kube.ConfigMap("auth-config") {
metadata+: app.metadata("auth-config"),
data: {
@@ -121,7 +135,7 @@
profile_url: "https://sso.hackerspace.pl/api/1/profile",
redirect_url: "https://registry.k0.hswaw.net/oauth2",
username_key: "username",
- token_db: "/tmp/oauth2_tokens.ldb",
+ token_db: "/data/oauth2_tokens.ldb",
registry_url: "https://registry.k0.hswaw.net",
},
acl: [
@@ -152,6 +166,7 @@
template+: {
spec+: {
volumes_: {
+ data: kube.PersistentVolumeClaimVolume(app.authVolumeClaim),
config: kube.ConfigMapVolume(app.authConfig),
certs: {
secret: { secretName: app.authCertificate.spec.secretName },
@@ -167,6 +182,7 @@
config: { mountPath: "/config" },
certs: { mountPath: "/certs" },
secrets: { mountPath: "/secrets" },
+ data: { mountPath: "/data" },
},
},
},
@@ -254,4 +270,14 @@
],
},
},
+
+ registryStorageUser: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "registry") {
+ metadata+: {
+ namespace: "ceph-waw1",
+ },
+ spec: {
+ store: "waw-hdd-redundant-1-object",
+ displayName: "docker-registry user",
+ },
+ },
}
diff --git a/cluster/kube/cluster.jsonnet b/cluster/kube/cluster.jsonnet
index 4ee3d8f..a57c897 100644
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet
@@ -122,6 +122,29 @@
},
},
},
+ cephWaw1Object: kube._Object("ceph.rook.io/v1", "CephObjectStore", "waw-hdd-redundant-1-object") {
+ metadata+: cluster.cephWaw1.metadata,
+ spec: {
+ metadataPool: {
+ failureDomain: "host",
+ replicated: { size: 3 },
+ },
+ dataPool: {
+ failureDomain: "host",
+ erasureCoded: {
+ dataChunks: 2,
+ codingChunks: 1,
+ },
+ },
+ gateway: {
+ type: "s3",
+ port: 80,
+ #securePort:
+ instances: 1,
+ allNodes: false,
+ },
+ },
+ },
};