aboutsummaryrefslogtreecommitdiff
path: root/script/helm/garage
diff options
context:
space:
mode:
Diffstat (limited to 'script/helm/garage')
-rw-r--r--script/helm/garage/Chart.yaml4
-rw-r--r--script/helm/garage/templates/configmap.yaml26
-rw-r--r--script/helm/garage/templates/service.yaml21
-rw-r--r--script/helm/garage/templates/servicemonitor.yaml44
-rw-r--r--script/helm/garage/templates/workload.yaml (renamed from script/helm/garage/templates/statefulset.yaml)36
-rw-r--r--script/helm/garage/values.yaml85
6 files changed, 175 insertions, 41 deletions
diff --git a/script/helm/garage/Chart.yaml b/script/helm/garage/Chart.yaml
index 7fb4c531..82b2e106 100644
--- a/script/helm/garage/Chart.yaml
+++ b/script/helm/garage/Chart.yaml
@@ -15,10 +15,10 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.4.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
-appVersion: "v0.7.2.1"
+appVersion: "v0.8.2"
diff --git a/script/helm/garage/templates/configmap.yaml b/script/helm/garage/templates/configmap.yaml
index bfcd5d8c..5cc7a45e 100644
--- a/script/helm/garage/templates/configmap.yaml
+++ b/script/helm/garage/templates/configmap.yaml
@@ -4,28 +4,4 @@ metadata:
name: {{ include "garage.fullname" . }}-config
data:
garage.toml: |-
- metadata_dir = "{{ .Values.garage.metadataDir }}"
- data_dir = "{{ .Values.garage.dataDir }}"
-
- replication_mode = "{{ .Values.garage.replicationMode }}"
-
- rpc_bind_addr = "{{ .Values.garage.rpcBindAddr }}"
- # rpc_secret will be populated by the init container from a k8s secret object
- rpc_secret = "__RPC_SECRET_REPLACE__"
-
- bootstrap_peers = {{ .Values.garage.bootstrapPeers }}
-
- [kubernetes_discovery]
- namespace = "{{ .Release.Namespace }}"
- service_name = "{{ include "garage.fullname" . }}"
- skip_crd = {{ .Values.garage.kubernetesSkipCrd }}
-
- [s3_api]
- s3_region = "{{ .Values.garage.s3.api.region }}"
- api_bind_addr = "[::]:3900"
- root_domain = "{{ .Values.garage.s3.api.rootDomain }}"
-
- [s3_web]
- bind_addr = "[::]:3902"
- root_domain = "{{ .Values.garage.s3.web.rootDomain }}"
- index = "{{ .Values.garage.s3.web.index }}"
+ {{- tpl (index (index .Values.garage) "garage.toml") $ | nindent 4 }}
diff --git a/script/helm/garage/templates/service.yaml b/script/helm/garage/templates/service.yaml
index 2bfff99d..37218872 100644
--- a/script/helm/garage/templates/service.yaml
+++ b/script/helm/garage/templates/service.yaml
@@ -17,3 +17,24 @@ spec:
name: s3-web
selector:
{{- include "garage.selectorLabels" . | nindent 4 }}
+{{- if .Values.monitoring.metrics.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "garage.fullname" . }}-metrics
+ labels:
+ {{- include "garage.labels" . | nindent 4 }}
+ annotations:
+ prometheus.io/scrape: "true"
+spec:
+ type: ClusterIP
+ clusterIP: None
+ ports:
+ - port: 3903
+ targetPort: 3903
+ protocol: TCP
+ name: metrics
+ selector:
+ {{- include "garage.selectorLabels" . | nindent 4 }}
+{{- end }} \ No newline at end of file
diff --git a/script/helm/garage/templates/servicemonitor.yaml b/script/helm/garage/templates/servicemonitor.yaml
new file mode 100644
index 00000000..6838d09f
--- /dev/null
+++ b/script/helm/garage/templates/servicemonitor.yaml
@@ -0,0 +1,44 @@
+{{- if .Values.monitoring.metrics.serviceMonitor.enabled }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "garage.fullname" . }}
+ {{- if .Values.monitoring.metrics.serviceMonitor.namespace }}
+ namespace: {{ tpl .Values.monitoring.metrics.serviceMonitor.namespace . }}
+ {{- else }}
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ labels:
+ {{- include "garage.labels" . | nindent 4 }}
+ {{- with .Values.monitoring.metrics.serviceMonitor.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ endpoints:
+ - port: metrics
+ {{- with .Values.monitoring.metrics.serviceMonitor.interval }}
+ interval: {{ . }}
+ {{- end }}
+ {{- with .Values.monitoring.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ . }}
+ {{- end }}
+ honorLabels: true
+ path: {{ .Values.monitoring.metrics.serviceMonitor.path }}
+ scheme: {{ .Values.monitoring.metrics.serviceMonitor.scheme }}
+ {{- with .Values.monitoring.metrics.serviceMonitor.tlsConfig }}
+ tlsConfig:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.monitoring.metrics.serviceMonitor.relabelings }}
+ relabelings:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ jobLabel: "{{ .Release.Name }}"
+ selector:
+ matchLabels:
+ {{- include "garage.selectorLabels" . | nindent 6 }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+{{- end }} \ No newline at end of file
diff --git a/script/helm/garage/templates/statefulset.yaml b/script/helm/garage/templates/workload.yaml
index bda40117..340c0054 100644
--- a/script/helm/garage/templates/statefulset.yaml
+++ b/script/helm/garage/templates/workload.yaml
@@ -1,19 +1,23 @@
apiVersion: apps/v1
-kind: StatefulSet
+kind: {{ .Values.deployment.kind }}
metadata:
name: {{ include "garage.fullname" . }}
labels:
{{- include "garage.labels" . | nindent 4 }}
spec:
- replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "garage.selectorLabels" . | nindent 6 }}
+ {{- if eq .Values.deployment.kind "StatefulSet" }}
+ replicas: {{ .Values.deployment.replicaCount }}
serviceName: {{ include "garage.fullname" . }}
+ {{- end }}
template:
metadata:
- {{- with .Values.podAnnotations }}
+
annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
@@ -29,7 +33,8 @@ spec:
initContainers:
# Copies garage.toml from configmap to temporary etc volume and replaces RPC secret placeholder
- name: {{ .Chart.Name }}-init
- image: busybox:1.28
+ image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
+ imagePullPolicy: {{ .Values.initImage.pullPolicy }}
command: ["sh", "-c", "sed \"s/__RPC_SECRET_REPLACE__/$RPC_SECRET/\" /mnt/garage.toml > /mnt/etc/garage.toml"]
env:
- name: RPC_SECRET
@@ -37,6 +42,8 @@ spec:
secretKeyRef:
name: {{ include "garage.rpcSecretName" . }}
key: rpcSecret
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
volumeMounts:
- name: configmap
mountPath: /mnt/garage.toml
@@ -54,6 +61,8 @@ spec:
name: s3-api
- containerPort: 3902
name: web-api
+ - containerPort: 3903
+ name: admin
volumeMounts:
- name: meta
mountPath: /mnt/meta
@@ -79,6 +88,23 @@ spec:
name: {{ include "garage.fullname" . }}-config
- name: etc
emptyDir: {}
+ {{- if .Values.persistence.enabled }}
+ {{- if eq .Values.deployment.kind "DaemonSet" }}
+ - name: meta
+ hostPath:
+ path: {{ .Values.persistence.meta.hostPath }}
+ type: DirectoryOrCreate
+ - name: data
+ hostPath:
+ path: {{ .Values.persistence.data.hostPath }}
+ type: DirectoryOrCreate
+ {{- end }}
+ {{- else }}
+ - name: meta
+ emptyDir: {}
+ - name: data
+ emptyDir: {}
+ {{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@@ -91,7 +117,7 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
- {{- if .Values.persistence.enabled }}
+ {{- if and .Values.persistence.enabled (eq .Values.deployment.kind "StatefulSet") }}
volumeClaimTemplates:
- metadata:
name: meta
diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml
index 608ee53c..3a1e41b9 100644
--- a/script/helm/garage/values.yaml
+++ b/script/helm/garage/values.yaml
@@ -4,8 +4,6 @@
# Garage configuration. These values go to garage.toml
garage:
- metadataDir: "/mnt/meta"
- dataDir: "/mnt/data"
# Default to 3 replicas, see the replication_mode section at
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
replicationMode: "3"
@@ -22,6 +20,41 @@ garage:
web:
rootDomain: ".web.garage.tld"
index: "index.html"
+ # Template for the garage configuration
+ # Values can be templated
+ # ref: https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
+ garage.toml: |-
+ metadata_dir = "/mnt/meta"
+ data_dir = "/mnt/data"
+
+ replication_mode = "{{ .Values.garage.replicationMode }}"
+
+ rpc_bind_addr = "{{ .Values.garage.rpcBindAddr }}"
+ # rpc_secret will be populated by the init container from a k8s secret object
+ rpc_secret = "__RPC_SECRET_REPLACE__"
+
+ bootstrap_peers = {{ .Values.garage.bootstrapPeers }}
+
+ [kubernetes_discovery]
+ namespace = "{{ .Release.Namespace }}"
+ service_name = "{{ include "garage.fullname" . }}"
+ skip_crd = {{ .Values.garage.kubernetesSkipCrd }}
+
+ [s3_api]
+ s3_region = "{{ .Values.garage.s3.api.region }}"
+ api_bind_addr = "[::]:3900"
+ root_domain = "{{ .Values.garage.s3.api.rootDomain }}"
+
+ [s3_web]
+ bind_addr = "[::]:3902"
+ root_domain = "{{ .Values.garage.s3.web.rootDomain }}"
+ index = "{{ .Values.garage.s3.web.index }}"
+
+ [admin]
+ api_bind_addr = "[::]:3903"
+ {{- if .Values.monitoring.tracing.sink }}
+ trace_sink = "{{ .Values.monitoring.tracing.sink }}"
+ {{- end }}
# Data persistence
persistence:
@@ -29,12 +62,20 @@ persistence:
meta:
# storageClass: "fast-storage-class"
size: 100Mi
+ # used only for daemon sets
+ hostPath: /var/lib/garage/meta
data:
# storageClass: "slow-storage-class"
size: 100Mi
+ # used only for daemon sets
+ hostPath: /var/lib/garage/data
-# Number of StatefulSet replicas/garage nodes to start
-replicaCount: 3
+# Deployment configuration
+deployment:
+ # Switchable to DaemonSet
+ kind: StatefulSet
+ # Number of StatefulSet replicas/garage nodes to start
+ replicaCount: 3
image:
repository: dxflrs/amd64_garage
@@ -42,6 +83,11 @@ image:
tag: ""
pullPolicy: IfNotPresent
+initImage:
+ repository: busybox
+ tag: stable
+ pullPolicy: IfNotPresent
+
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
@@ -57,18 +103,19 @@ serviceAccount:
podAnnotations: {}
-podSecurityContext: {}
- # fsGroup: 2000
+podSecurityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ fsGroup: 1000
+ runAsNonRoot: true
securityContext:
# The default security context is heavily restricted
# feel free to tune it to your requirements
capabilities:
drop:
- - ALL
+ - ALL
readOnlyRootFilesystem: true
- runAsNonRoot: true
- runAsUser: 1000
service:
# You can rely on any service to expose your cluster
@@ -82,6 +129,7 @@ service:
web:
port: 3902
# NOTE: the admin API is excluded for now as it is not consistent across nodes
+
ingress:
s3:
api:
@@ -145,3 +193,22 @@ nodeSelector: {}
tolerations: []
affinity: {}
+
+monitoring:
+ metrics:
+ # If true, a service for monitoring is created with a prometheus.io/scrape annotation
+ enabled: false
+ serviceMonitor:
+ # If true, a ServiceMonitor CRD is created for a prometheus operator
+ # https://github.com/coreos/prometheus-operator
+ enabled: false
+ path: /metrics
+ # namespace: monitoring (defaults to use the namespace this chart is deployed to)
+ labels: {}
+ interval: 15s
+ scheme: http
+ tlsConfig: {}
+ scrapeTimeout: 10s
+ relabelings: []
+ tracing:
+ sink: "" \ No newline at end of file