From e94d6f78d7584b64115905d4d6f7959160dd1936 Mon Sep 17 00:00:00 2001 From: kaiyou Date: Sat, 29 Oct 2022 21:07:02 +0200 Subject: Enable daemonset deployment using the helm chart DaemonSet is a k8s resource that schedules one instance per node, which is useful for some garage deployment use cases, including managing garage nodes using k8s node labels --- script/helm/garage/values.yaml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'script/helm/garage/values.yaml') diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml index 608ee53c..52f1910a 100644 --- a/script/helm/garage/values.yaml +++ b/script/helm/garage/values.yaml @@ -29,12 +29,20 @@ persistence: meta: # storageClass: "fast-storage-class" size: 100Mi + # used only for daemon sets + hostPath: /var/lib/garage/meta data: # storageClass: "slow-storage-class" size: 100Mi + # used only for daemon sets + hostPath: /var/lib/garage/data -# Number of StatefulSet replicas/garage nodes to start -replicaCount: 3 +# Deployment configuration +deployment: + # Switchable to DaemonSet + kind: StatefulSet + # Number of StatefulSet replicas/garage nodes to start + replicaCount: 3 image: repository: dxflrs/amd64_garage -- cgit v1.2.3 From 88b66c69a5d596ab967dba192ebf7742152fdfcc Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Wed, 16 Nov 2022 20:23:10 +0100 Subject: feat(helm): allow to override the default configuration file Signed-off-by: Patrick Jahns --- script/helm/garage/values.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'script/helm/garage/values.yaml') diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml index 52f1910a..a60fa569 100644 --- a/script/helm/garage/values.yaml +++ b/script/helm/garage/values.yaml @@ -22,6 +22,35 @@ garage: web: rootDomain: ".web.garage.tld" index: "index.html" + # Template for the garage configuration + # Values can be templated + # ref: https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/ + garage.toml: |- + metadata_dir = "{{ .Values.garage.metadataDir }}" + data_dir = "{{ .Values.garage.dataDir }}" + + replication_mode = "{{ .Values.garage.replicationMode }}" + + rpc_bind_addr = "{{ .Values.garage.rpcBindAddr }}" + # rpc_secret will be populated by the init container from a k8s secret object + rpc_secret = "__RPC_SECRET_REPLACE__" + + bootstrap_peers = {{ .Values.garage.bootstrapPeers }} + + [kubernetes_discovery] + namespace = "{{ .Release.Namespace }}" + service_name = "{{ include "garage.fullname" . }}" + skip_crd = {{ .Values.garage.kubernetesSkipCrd }} + + [s3_api] + s3_region = "{{ .Values.garage.s3.api.region }}" + api_bind_addr = "[::]:3900" + root_domain = "{{ .Values.garage.s3.api.rootDomain }}" + + [s3_web] + bind_addr = "[::]:3902" + root_domain = "{{ .Values.garage.s3.web.rootDomain }}" + index = "{{ .Values.garage.s3.web.index }}" # Data persistence persistence: -- cgit v1.2.3 From e17970773a14fb455ee945f77586080a11fc3f34 Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Wed, 16 Nov 2022 20:36:20 +0100 Subject: refactor(helm): removed metadataDir and dataDir config variable The variables were only templated into the configuration file and did not change the pod mountpaths, so the variables were not necessary --- script/helm/garage/values.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'script/helm/garage/values.yaml') diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml index a60fa569..d7e7ddbf 100644 --- a/script/helm/garage/values.yaml +++ b/script/helm/garage/values.yaml @@ -4,8 +4,6 @@ # Garage configuration. These values go to garage.toml garage: - metadataDir: "/mnt/meta" - dataDir: "/mnt/data" # Default to 3 replicas, see the replication_mode section at # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/ replicationMode: "3" @@ -26,8 +24,8 @@ garage: # Values can be templated # ref: https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/ garage.toml: |- - metadata_dir = "{{ .Values.garage.metadataDir }}" - data_dir = "{{ .Values.garage.dataDir }}" + metadata_dir = "/mnt/meta" + data_dir = "/mnt/data" replication_mode = "{{ .Values.garage.replicationMode }}" -- cgit v1.2.3 From fd03b184b33337e3f1de06a5cadd3c5bcc0a3536 Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Wed, 16 Nov 2022 21:46:43 +0100 Subject: fix(helm): file permission issues when running as non-root user Specify the user group for the garage (and init) process and ensure that the persistent storage is mounted with the correct file system group --- script/helm/garage/values.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'script/helm/garage/values.yaml') diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml index d7e7ddbf..701a5680 100644 --- a/script/helm/garage/values.yaml +++ b/script/helm/garage/values.yaml @@ -92,18 +92,19 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} - # fsGroup: 2000 +podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + runAsNonRoot: true securityContext: # The default security context is heavily restricted # feel free to tune it to your requirements capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 service: # You can rely on any service to expose your cluster -- cgit v1.2.3 From d20e8c92564843e8c9abdf573db5ce7f6c58f482 Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Wed, 16 Nov 2022 21:53:28 +0100 Subject: feat(helm): allow to override the init container image --- script/helm/garage/values.yaml | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'script/helm/garage/values.yaml') diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml index 701a5680..5900033b 100644 --- a/script/helm/garage/values.yaml +++ b/script/helm/garage/values.yaml @@ -77,6 +77,11 @@ image: tag: "" pullPolicy: IfNotPresent +initImage: + repository: busybox + tag: 1.28 + pullPolicy: IfNotPresent + imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -- cgit v1.2.3 From b999bb36af59de899c2426c0ad35e4e04abc317d Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Thu, 17 Nov 2022 23:33:00 +0100 Subject: feat(helm): ability to monitor garage via prometheus --- script/helm/garage/values.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'script/helm/garage/values.yaml') diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml index 5900033b..69999e67 100644 --- a/script/helm/garage/values.yaml +++ b/script/helm/garage/values.yaml @@ -49,6 +49,12 @@ garage: bind_addr = "[::]:3902" root_domain = "{{ .Values.garage.s3.web.rootDomain }}" index = "{{ .Values.garage.s3.web.index }}" + + [admin] + api_bind_addr = "[::]:3903" + {{- if .Values.monitoring.tracing.sink }} + trace_sink = "{{ .Values.monitoring.tracing.sink }}" + {{- end }} # Data persistence persistence: @@ -123,6 +129,7 @@ service: web: port: 3902 # NOTE: the admin API is excluded for now as it is not consistent across nodes + ingress: s3: api: @@ -186,3 +193,23 @@ nodeSelector: {} tolerations: [] affinity: {} + +monitoring: + metrics: + # If true, a service for monitoring is created with a prometheus.io/scrape annotation + enabled: false + serviceMonitor: + # If true, a ServiceMonitor CRD is created for a prometheus operator + # https://github.com/coreos/prometheus-operator + # + enabled: false + path: /metrics + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + labels: {} + interval: 15s + scheme: http + tlsConfig: {} + scrapeTimeout: 10s + relabelings: [] + tracing: + sink: "" \ No newline at end of file -- cgit v1.2.3 From ac6751f5099ba1be032665f616951280ced36e09 Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Wed, 28 Dec 2022 18:27:07 +0100 Subject: doc(helm): removed extra line --- script/helm/garage/values.yaml | 1 - 1 file changed, 1 deletion(-) (limited to 'script/helm/garage/values.yaml') diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml index 69999e67..ca77c097 100644 --- a/script/helm/garage/values.yaml +++ b/script/helm/garage/values.yaml @@ -201,7 +201,6 @@ monitoring: serviceMonitor: # If true, a ServiceMonitor CRD is created for a prometheus operator # https://github.com/coreos/prometheus-operator - # enabled: false path: /metrics # namespace: monitoring (defaults to use the namespace this chart is deployed to) -- cgit v1.2.3 From 50bce43f25574d168f015f31fb7f8a69dafac072 Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Wed, 28 Dec 2022 18:28:03 +0100 Subject: refactor(helm): use stable as image tag for init container --- script/helm/garage/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'script/helm/garage/values.yaml') diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml index ca77c097..3a1e41b9 100644 --- a/script/helm/garage/values.yaml +++ b/script/helm/garage/values.yaml @@ -85,7 +85,7 @@ image: initImage: repository: busybox - tag: 1.28 + tag: stable pullPolicy: IfNotPresent imagePullSecrets: [] -- cgit v1.2.3