minio is dead, external is dead, some envs are dead

2025-12-29 00:13:35 +02:00
parent d05b92cc92
commit 5920222e89
12 changed files with 4 additions and 185 deletions
--- a/CLUSTER.md
+++ b/CLUSTER.md
@@ -128,7 +128,7 @@ Our self-hosted Kubernetes stack compared to AWS based deployments:
 | AWS NLB           | MetalLB                             | L2/L3 level load balancing                                          |
 | AWS RDS for MySQL | MySQL Operator                      | Provision highly available relational databases                     |
 | AWS Route53       | Bind and RFC2136                    | DNS records and Let's Encrypt DNS validation                        |
-| AWS S3            | Minio Operator                      | Highly available object storage                                     |
+| AWS S3            | Garage                              | Highly available object storage                                     |
 | AWS VPC           | Calico                              | Overlay network                                                     |
 | Dex               | Passmower                           | ACL mapping and OIDC provider which integrates with GitHub/Samba    |
 | GitHub Actions    | Woodpecker                          | Build Docker images                                                 |
--- a/README.md
+++ b/README.md
@@ -37,7 +37,7 @@ Static routes for 193.40.103.36/30 have been added in pve nodes to make them com
 - Dragonfly: `kind: Dragonfly` (replaces Redis[^redisdead])
 - Longhorn: `storageClassName: longhorn` (filesystem storage)
 - Mongo[^mongoproblems]: `kind: MongoDBCommunity` (NAS* `inventory-mongodb`)
- Minio S3: `kind: MinioBucketClaim` with `class: dedicated` (NAS*: `class: external`)
+- Garage S3[^nominio]: buckets/credentials created with CLI and usually stored in secretspace/kube #TODO: link to docs, kube claim instead?
 - MariaDB*: search for `mysql`, `mariadb`[^mariadb] (replaces MySQL)
 - Postgres*: hardcoded to [harbor/application.yml](harbor/application.yml)
 - Seeded secrets: `kind: SecretClaim` (generates random secret in templated format)
@@ -51,22 +51,7 @@ Static routes for 193.40.103.36/30 have been added in pve nodes to make them com

 [^mongoproblems]: Mongo problems: Incompatible with rawfile csi (wiredtiger.wt corrupts), complicated resizing (PVCs from statefulset PVC template).

+[^nominio]: Replaces Minio S3.
+
 ***
 _This page is referenced by wiki [front page](https://wiki.k-space.ee) as **the** technical documentation for infra._
-
-## nas.k-space.ee pre-migration whouses listing
- S3: [minio-clusters](minio-clusters/README.md)
- postgres: only harbor, 172.20.43.1
-
-### mongodb
- inventory
- wildduck
-
-### mariadb.infra.k-space.ee (DNS from ns1 to 172.20.36.1)
- freescout
- gitea nb! MYSQL_ROOT_PASSWORD seems to be invalid, might be ok to reset it upstream
- wiki
- nextcloud
- etherpad NB! probably NOT using kspace_etherpad_kube NB! does not take DNS likely due to netpol, hardcoded to 172.20.36.1
- grafana
- woodpecker
--- a/argocd/applications/minio-clusters.yaml
+++ b/argocd/applications/minio-clusters.yaml
@@ -1,20 +0,0 @@
---
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: minio-clusters
-  namespace: argocd
-spec:
-  project: k-space.ee
-  source:
-    repoURL: 'git@git.k-space.ee:k-space/kube.git'
-    path: minio-clusters
-    targetRevision: HEAD
-  destination:
-    server: 'https://kubernetes.default.svc'
-    namespace: minio-clusters
-  syncPolicy:
-    automated:
-      prune: true
-    syncOptions:
-    - CreateNamespace=true
--- a/freescout/application.yml
+++ b/freescout/application.yml
@@ -215,15 +215,6 @@ spec:
    requests:
      storage: 10Gi 
 ---
-apiVersion: codemowers.cloud/v1beta1
-kind: MinioBucketClaim
-metadata:
-  name: attachments
-  namespace: freescout
-spec:
-  capacity: 10Gi
-  class: external
---
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
--- a/hackerspace/inventory-extras.yaml
+++ b/hackerspace/inventory-extras.yaml
@@ -19,12 +19,3 @@ spec:
    - 'offline_access'
  tokenEndpointAuthMethod: 'client_secret_basic'
  pkce: false
---
-apiVersion: codemowers.cloud/v1beta1
-kind: MinioBucketClaim
-metadata:
-  name: inventory-external
-  namespace: hackerspace
-spec:
-  capacity: 10Gi
-  class: external
--- a/hackerspace/inventory.yaml
+++ b/hackerspace/inventory.yaml
@@ -20,8 +20,6 @@ spec:
      - image: harbor.k-space.ee/k-space/inventory-app:latest
        imagePullPolicy: Always
        env:
-        - name: INVENTORY_ASSETS_BASE_URL
-          value: https://external.minio-clusters.k-space.ee/hackerspace-701d9303-0f27-4829-a2be-b1084021ad91/
        - name: MACADDRESS_OUTLINK_BASEURL
          value: https://grafana.k-space.ee/d/ddwyidbtbc16oa/ip-usage?orgId=1&from=now-2y&to=now&timezone=browser&var-Filters=mac%7C%3D%7C
        - name: OIDC_USERS_NAMESPACE
--- a/harbor-operator/application-extras.yml
+++ b/harbor-operator/application-extras.yml
@@ -22,15 +22,6 @@ spec:
  pkce: false
 ---
 apiVersion: codemowers.cloud/v1beta1
-kind: MinioBucketClaim
-metadata:
-  name: harbor
-  namespace: harbor-operator
-spec:
-  capacity: 1Ti
-  class: external
---
-apiVersion: codemowers.cloud/v1beta1
 kind: SecretClaim
 metadata:
  name: dragonfly-auth
--- a/minio-clusters/README.md
+++ b/minio-clusters/README.md
@@ -1,11 +0,0 @@
-# minio-clusters
-
-external.minio-clusters.k-space.ee terminates here and forwards to 172.20.9.2.
-172.20.9.2 is directly attached to docker on nas.k-space.ee
-
-pre-migra listing of applications and how they consume:
- nextcloud 172.20.9.2
- freescout https://external.minio-clusters.k-space.ee
- hackerspace/inventory https://external.minio-clusters.k-space.ee
- harbor https://external.minio-clusters.k-space.ee
- longhorn backups: 172.20.9.2
--- a/minio-clusters/cert.yaml
+++ b/minio-clusters/cert.yaml
@@ -1,15 +0,0 @@
---
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: wildcard-tls
-  namespace: minio-clusters
-spec:
-  dnsNames:
-    - "*.minio-clusters.k-space.ee"
-  issuerRef:
-    group: cert-manager.io
-    kind: ClusterIssuer
-    name: default
-  secretName: wildcard-tls
-  revisionHistoryLimit: 1
--- a/minio-clusters/external.yaml
+++ b/minio-clusters/external.yaml
@@ -1,88 +0,0 @@
---
-apiVersion: codemowers.cloud/v1beta1
-kind: MinioBucketClass
-metadata:
-  name: external
-  annotations:
-    kubernetes.io/description: "External Minio cluster"
-spec:
-  reclaimPolicy: Retain
-  shared: true
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: external
-  namespace: minio-clusters
-spec:
-  externalName: 172.20.9.2
-  ports:
-    - name: http
-      protocol: TCP
-      port: 9000
-  type: ExternalName
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: external-console
-  namespace: minio-clusters
-spec:
-  externalName: 172.20.9.2
-  ports:
-    - name: http
-      protocol: TCP
-      port: 9001
-  type: ExternalName
---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: external
-  namespace: minio-clusters
-  annotations:
-    kubernetes.io/ingress.class: traefik
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
-spec:
-  rules:
-    - host: external.minio-clusters.k-space.ee
-      http:
-        paths:
-          - pathType: Prefix
-            path: "/"
-            backend:
-              service:
-                name: external
-                port:
-                  name: http
-  tls:
-    - hosts:
-        - "*.k-space.ee"
-      secretName: wildcard-tls
---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: external-console
-  namespace: minio-clusters
-  annotations:
-    kubernetes.io/ingress.class: traefik
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
-spec:
-  rules:
-    - host: external-console.minio-clusters.k-space.ee
-      http:
-        paths:
-          - pathType: Prefix
-            path: "/"
-            backend:
-              service:
-                name: external-console
-                port:
-                  name: http
-  tls:
-    - hosts:
-        - "*.k-space.ee"
-      secretName: wildcard-tls
--- a/monitoring/README.md
+++ b/monitoring/README.md
@@ -30,7 +30,6 @@ Sample queries:
 * [HDD power on hours](https://prom.k-space.ee/graph?g0.range_input=30m&g0.expr=smartmon_power_on_hours_raw_value&g0.tab=0), 8760 hours per year
 * [CPU/NB temperatures](https://prom.k-space.ee/graph?g0.range_input=1h&g0.expr=node_hwmon_temp_celsius&g0.tab=0)
 * [Disk space left](https://prom.k-space.ee/graph?g0.range_input=1h&g0.expr=node_filesystem_avail_bytes&g0.tab=1)
-* Minio [s3 egress](https://prom.k-space.ee/graph?g0.expr=rate(minio_s3_traffic_sent_bytes%5B3m%5D)&g0.tab=0&g0.display_mode=lines&g0.show_exemplars=0&g0.range_input=6h), [internode egress](https://prom.k-space.ee/graph?g0.expr=rate(minio_inter_node_traffic_sent_bytes%5B2m%5D)&g0.tab=0&g0.display_mode=lines&g0.show_exemplars=0&g0.range_input=6h), [storage used](https://prom.k-space.ee/graph?g0.expr=minio_node_disk_used_bytes&g0.tab=0&g0.display_mode=lines&g0.show_exemplars=0&g0.range_input=6h)

 Another useful tool for exploring Prometheus operator custom resources is
 [doc.crds.dev/github.com/prometheus-operator/prometheus-operator](https://doc.crds.dev/github.com/prometheus-operator/prometheus-operator@v0.75.0)
--- a/monitoring/blackbox-exporter.yaml
+++ b/monitoring/blackbox-exporter.yaml
@@ -16,8 +16,6 @@ spec:
        - https://wiki.k-space.ee/
        - https://pad.k-space.ee/
        - https://nextcloud.k-space.ee/
-        - http://external-console.minio-clusters.k-space.ee/login
-        - http://shared-console.minio-clusters.k-space.ee/login
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: Probe