diff --git a/camtiler/application.yml b/camtiler/application.yml index 05f5304..dc31e09 100644 --- a/camtiler/application.yml +++ b/camtiler/application.yml @@ -1,4 +1,12 @@ --- +apiVersion: codemowers.cloud/v1beta1 +kind: MinioBucketClaim +metadata: + name: camtiler +spec: + capacity: 1Ti + class: external +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -105,10 +113,6 @@ spec: kind: Deployment metadata: name: camera-foobar - # Make sure keel.sh pulls updates for this deployment - annotations: - keel.sh/policy: force - keel.sh/trigger: poll spec: revisionHistoryLimit: 0 replicas: 1 @@ -166,9 +170,25 @@ spec: - name: SOURCE_NAME value: foobar - name: S3_BUCKET_NAME - value: application + valueFrom: + secretKeyRef: + name: miniobucket-camtiler-owner-secrets + key: BUCKET_NAME - name: S3_ENDPOINT_URL - value: http://minio + valueFrom: + secretKeyRef: + name: miniobucket-camtiler-owner-secrets + key: AWS_S3_ENDPOINT_URL + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: miniobucket-camtiler-owner-secrets + key: AWS_SECRET_ACCESS_KEY + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: miniobucket-camtiler-owner-secrets + key: AWS_ACCESS_KEY_ID - name: BASIC_AUTH_PASSWORD valueFrom: secretKeyRef: @@ -179,16 +199,6 @@ spec: secretKeyRef: name: mongodb-application-readwrite key: connectionString.standard - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: minio-secrets - key: MINIO_ROOT_PASSWORD - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: minio-secrets - key: MINIO_ROOT_USER # Make sure 2+ pods of same camera are scheduled on different hosts affinity: diff --git a/camtiler/minio.yml b/camtiler/minio.yml deleted file mode 100644 index 1645724..0000000 --- a/camtiler/minio.yml +++ /dev/null @@ -1,199 +0,0 @@ ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: minio - labels: - app.kubernetes.io/name: minio -spec: - selector: - matchLabels: - app.kubernetes.io/name: minio - serviceName: minio-svc - replicas: 4 - podManagementPolicy: Parallel - template: - metadata: - labels: - app.kubernetes.io/name: minio - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - minio - topologyKey: topology.kubernetes.io/zone - nodeSelector: - dedicated: storage - tolerations: - - key: dedicated - operator: Equal - value: storage - effect: NoSchedule - containers: - - name: minio - env: - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: public - envFrom: - - secretRef: - name: minio-secrets - image: minio/minio:RELEASE.2022-12-12T19-27-27Z - args: - - server - - http://minio-{0...3}.minio-svc.camtiler.svc.cluster.local/data - - --address - - 0.0.0.0:9000 - - --console-address - - 0.0.0.0:9001 - ports: - - containerPort: 9000 - name: http - - containerPort: 9001 - name: console - readinessProbe: - httpGet: - path: /minio/health/ready - port: 9000 - initialDelaySeconds: 2 - periodSeconds: 5 - resources: - requests: - cpu: 300m - memory: 1Gi - limits: - cpu: 4000m - memory: 2Gi - volumeMounts: - - name: minio-data - mountPath: /data - volumeClaimTemplates: - - metadata: - name: minio-data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: '30Gi' - storageClassName: minio ---- -apiVersion: v1 -kind: Service -metadata: - name: minio -spec: - sessionAffinity: ClientIP - type: ClusterIP - ports: - - port: 80 - targetPort: 9000 - protocol: TCP - name: http - selector: - app.kubernetes.io/name: minio ---- -kind: Service -apiVersion: v1 -metadata: - name: minio-svc -spec: - selector: - app.kubernetes.io/name: minio - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: http - port: 9000 - - name: console - port: 9001 ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: minio -spec: - selector: - matchLabels: - app.kubernetes.io/name: minio - podMetricsEndpoints: - - port: http - path: /minio/v2/metrics/node - podTargetLabels: - - app.kubernetes.io/name ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: minio -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - honorLabels: true - port: minio - path: /minio/v2/metrics/cluster - selector: - matchLabels: - app.kubernetes.io/name: minio ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: minio - annotations: - kubernetes.io/ingress.class: traefik - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - external-dns.alpha.kubernetes.io/target: traefik.k-space.ee -spec: - rules: - - host: cams-s3.k-space.ee - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: minio-svc - port: - name: http - tls: - - hosts: - - "*.k-space.ee" ---- -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: minio -spec: - groups: - - name: minio - rules: - - alert: MinioClusterDiskOffline - expr: minio_cluster_disk_offline_total > 0 - for: 0m - labels: - severity: critical - annotations: - summary: Minio cluster disk offline (instance {{ $labels.instance }}) - description: "Minio cluster disk is offline" - - alert: MinioNodeDiskOffline - expr: minio_cluster_nodes_offline_total > 0 - for: 0m - labels: - severity: critical - annotations: - summary: Minio node disk offline (instance {{ $labels.instance }}) - description: "Minio cluster node disk is offline" - - alert: MinioDiskSpaceUsage - expr: disk_storage_available / disk_storage_total * 100 < 10 - for: 0m - labels: - severity: warning - annotations: - summary: Minio disk space usage (instance {{ $labels.instance }}) - description: "Minio available free space is low (< 10%)"