WIP: app/registry: ceph object storage

commit: 6da3b288dc5015909228232ca7da8fe5633c57a4 [log] [tgz]
author: Piotr Dobrowolski <admin@tastycode.pl> Sun Apr 07 18:49:41 2019 +0200
committer: Piotr Dobrowolski <admin@tastycode.pl> Tue Apr 09 13:48:21 2019 +0200
tree: dc8ac45ca27137962289a42798fe41e2a028515d
parent: e24ccd678c3fffd3f7e2ce61e910c215c5adcdf2 [diff] [blame]
diff --git a/app/registry/prod.jsonnet b/app/registry/prod.jsonnet
index 28d706d..5fc2172 100644
--- a/app/registry/prod.jsonnet
+++ b/app/registry/prod.jsonnet

@@ -11,6 +11,7 @@
     cfg:: {
         namespace: "registry",
         domain: "k0.hswaw.net",
+        storageClassName: "waw-hdd-redundant-1",
     },
 
     metadata(component):: {
@@ -100,6 +101,19 @@
         },
     },
 
+    authVolumeClaim: kube.PersistentVolumeClaim("auth-token-storage") {
+        metadata+: app.metadata("auth-token-storage"),
+        spec+: {
+            storageClassName: cfg.storageClassName,
+            accessModes: [ "ReadWriteOnce" ],
+            resources: {
+                requests: {
+                    storage: "1Gi",
+                },
+            },
+        },
+    },
+
     authConfig: kube.ConfigMap("auth-config") {
         metadata+: app.metadata("auth-config"),
         data: {
@@ -121,7 +135,7 @@
                     profile_url: "https://sso.hackerspace.pl/api/1/profile",
                     redirect_url: "https://registry.k0.hswaw.net/oauth2",
                     username_key: "username",
-                    token_db: "/tmp/oauth2_tokens.ldb",
+                    token_db: "/data/oauth2_tokens.ldb",
                     registry_url: "https://registry.k0.hswaw.net",
                 },
                 acl: [
@@ -152,6 +166,7 @@
             template+: {
                 spec+: {
                     volumes_: {
+                        data: kube.PersistentVolumeClaimVolume(app.authVolumeClaim),
                         config: kube.ConfigMapVolume(app.authConfig),
                         certs: {
                             secret: { secretName: app.authCertificate.spec.secretName },
@@ -167,6 +182,7 @@
                                 config: { mountPath: "/config" },
                                 certs: { mountPath: "/certs" },
                                 secrets: { mountPath: "/secrets" },
+                                data: { mountPath: "/data" },
                             },
                         },
                     },
@@ -254,4 +270,14 @@
             ],
         },
     },
+
+    registryStorageUser: kube._Object("ceph.rook.io/v1", "CephObjectStoreUser", "registry") {
+        metadata+: {
+            namespace: "ceph-waw1",
+        },
+        spec: {
+            store: "waw-hdd-redundant-1-object",
+            displayName: "docker-registry user",
+        },
+    },
 }
commit	6da3b288dc5015909228232ca7da8fe5633c57a4	[log] [tgz]
author	Piotr Dobrowolski <admin@tastycode.pl>	Sun Apr 07 18:49:41 2019 +0200
committer	Piotr Dobrowolski <admin@tastycode.pl>	Tue Apr 09 13:48:21 2019 +0200
tree	dc8ac45ca27137962289a42798fe41e2a028515d
parent	e24ccd678c3fffd3f7e2ce61e910c215c5adcdf2 [diff] [blame]