camtiler: Use external bucket

camtiler/application.yml

@@ -1,4 +1,12 @@
 ---
+apiVersion: codemowers.cloud/v1beta1
+kind: MinioBucketClaim
+metadata:
+  name: camtiler
+spec:
+  capacity: 1Ti
+  class: external
+---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
@@ -105,10 +113,6 @@ spec:
       kind: Deployment
       metadata:
         name: camera-foobar
-        # Make sure keel.sh pulls updates for this deployment
-        annotations:
-          keel.sh/policy: force
-          keel.sh/trigger: poll
       spec:
         revisionHistoryLimit: 0
         replicas: 1
@@ -166,9 +170,25 @@ spec:
                   - name: SOURCE_NAME
                     value: foobar
                   - name: S3_BUCKET_NAME
-                    value: application
+                    valueFrom:
+                      secretKeyRef:
+                        name: miniobucket-camtiler-owner-secrets
+                        key: BUCKET_NAME
                   - name: S3_ENDPOINT_URL
-                    value: http://minio
+                    valueFrom:
+                      secretKeyRef:
+                        name: miniobucket-camtiler-owner-secrets
+                        key: AWS_S3_ENDPOINT_URL
+                  - name: AWS_SECRET_ACCESS_KEY
+                    valueFrom:
+                      secretKeyRef:
+                        name: miniobucket-camtiler-owner-secrets
+                        key: AWS_SECRET_ACCESS_KEY
+                  - name: AWS_ACCESS_KEY_ID
+                    valueFrom:
+                      secretKeyRef:
+                        name: miniobucket-camtiler-owner-secrets
+                        key: AWS_ACCESS_KEY_ID
                   - name: BASIC_AUTH_PASSWORD
                     valueFrom:
                       secretKeyRef:
@@ -179,16 +199,6 @@ spec:
                       secretKeyRef:
                         name: mongodb-application-readwrite
                         key: connectionString.standard
-                  - name: AWS_SECRET_ACCESS_KEY
-                    valueFrom:
-                      secretKeyRef:
-                        name: minio-secrets
-                        key: MINIO_ROOT_PASSWORD
-                  - name: AWS_ACCESS_KEY_ID
-                    valueFrom:
-                      secretKeyRef:
-                        name: minio-secrets
-                        key: MINIO_ROOT_USER
 
             # Make sure 2+ pods of same camera are scheduled on different hosts
             affinity:

camtiler/minio.yml

@@ -1,199 +0,0 @@
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: minio
-  labels:
-     app.kubernetes.io/name: minio
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: minio
-  serviceName: minio-svc
-  replicas: 4
-  podManagementPolicy: Parallel
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: minio
-    spec:
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app.kubernetes.io/name
-                    operator: In
-                    values:
-                      - minio
-              topologyKey: topology.kubernetes.io/zone
-      nodeSelector:
-        dedicated: storage
-      tolerations:
-        - key: dedicated
-          operator: Equal
-          value: storage
-          effect: NoSchedule
-      containers:
-        - name: minio
-          env:
-            - name: MINIO_PROMETHEUS_AUTH_TYPE
-              value: public
-          envFrom:
-            - secretRef:
-                name: minio-secrets
-          image: minio/minio:RELEASE.2022-12-12T19-27-27Z
-          args:
-            - server
-            - http://minio-{0...3}.minio-svc.camtiler.svc.cluster.local/data
-            - --address
-            - 0.0.0.0:9000
-            - --console-address
-            - 0.0.0.0:9001
-          ports:
-            - containerPort: 9000
-              name: http
-            - containerPort: 9001
-              name: console
-          readinessProbe:
-            httpGet:
-              path: /minio/health/ready
-              port: 9000
-            initialDelaySeconds: 2
-            periodSeconds: 5
-          resources:
-            requests:
-              cpu: 300m
-              memory: 1Gi
-            limits:
-              cpu: 4000m
-              memory: 2Gi
-          volumeMounts:
-            - name: minio-data
-              mountPath: /data
-  volumeClaimTemplates:
-    - metadata:
-        name: minio-data
-      spec:
-        accessModes:
-          - ReadWriteOnce
-        resources:
-          requests:
-            storage: '30Gi'
-        storageClassName: minio
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: minio
-spec:
-  sessionAffinity: ClientIP
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 9000
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: minio
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: minio-svc
-spec:
-  selector:
-    app.kubernetes.io/name: minio
-  clusterIP: None
-  publishNotReadyAddresses: true
-  ports:
-    - name: http
-      port: 9000
-    - name: console
-      port: 9001
----
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
-  name: minio
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: minio
-  podMetricsEndpoints:
-    - port: http
-      path: /minio/v2/metrics/node
-  podTargetLabels:
-    - app.kubernetes.io/name
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: minio
-spec:
-  endpoints:
-  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
-    honorLabels: true
-    port: minio
-    path: /minio/v2/metrics/cluster
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: minio
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: minio
-  annotations:
-    kubernetes.io/ingress.class: traefik
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
-spec:
-  rules:
-    - host: cams-s3.k-space.ee
-      http:
-        paths:
-          - pathType: Prefix
-            path: "/"
-            backend:
-              service:
-                name: minio-svc
-                port:
-                  name: http
-  tls:
-    - hosts:
-        - "*.k-space.ee"
----
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: minio
-spec:
-  groups:
-    - name: minio
-      rules:
-        - alert: MinioClusterDiskOffline
-          expr: minio_cluster_disk_offline_total > 0
-          for: 0m
-          labels:
-            severity: critical
-          annotations:
-            summary: Minio cluster disk offline (instance {{ $labels.instance }})
-            description: "Minio cluster disk is offline"
-        - alert: MinioNodeDiskOffline
-          expr: minio_cluster_nodes_offline_total > 0
-          for: 0m
-          labels:
-            severity: critical
-          annotations:
-            summary: Minio node disk offline (instance {{ $labels.instance }})
-            description: "Minio cluster node disk is offline"
-        - alert: MinioDiskSpaceUsage
-          expr: disk_storage_available / disk_storage_total * 100 < 10
-          for: 0m
-          labels:
-            severity: warning
-          annotations:
-            summary: Minio disk space usage (instance {{ $labels.instance }})
-            description: "Minio available free space is low (< 10%)"