From 5920222e8992d6c59d637dca71d5bfa5cd5c5e72 Mon Sep 17 00:00:00 2001 From: rasmus Date: Mon, 29 Dec 2025 00:13:35 +0200 Subject: [PATCH] minio is dead, external is dead, some envs are dead --- CLUSTER.md | 2 +- README.md | 21 +----- argocd/applications/minio-clusters.yaml | 20 ------ freescout/application.yml | 9 --- hackerspace/inventory-extras.yaml | 9 --- hackerspace/inventory.yaml | 2 - harbor-operator/application-extras.yml | 9 --- minio-clusters/README.md | 11 ---- minio-clusters/cert.yaml | 15 ----- minio-clusters/external.yaml | 88 ------------------------- monitoring/README.md | 1 - monitoring/blackbox-exporter.yaml | 2 - 12 files changed, 4 insertions(+), 185 deletions(-) delete mode 100644 argocd/applications/minio-clusters.yaml delete mode 100644 minio-clusters/README.md delete mode 100644 minio-clusters/cert.yaml delete mode 100644 minio-clusters/external.yaml diff --git a/CLUSTER.md b/CLUSTER.md index 2e01c0c..c7698dd 100644 --- a/CLUSTER.md +++ b/CLUSTER.md @@ -128,7 +128,7 @@ Our self-hosted Kubernetes stack compared to AWS based deployments: | AWS NLB | MetalLB | L2/L3 level load balancing | | AWS RDS for MySQL | MySQL Operator | Provision highly available relational databases | | AWS Route53 | Bind and RFC2136 | DNS records and Let's Encrypt DNS validation | -| AWS S3 | Minio Operator | Highly available object storage | +| AWS S3 | Garage | Highly available object storage | | AWS VPC | Calico | Overlay network | | Dex | Passmower | ACL mapping and OIDC provider which integrates with GitHub/Samba | | GitHub Actions | Woodpecker | Build Docker images | diff --git a/README.md b/README.md index c161013..7dcfc9b 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ Static routes for 193.40.103.36/30 have been added in pve nodes to make them com - Dragonfly: `kind: Dragonfly` (replaces Redis[^redisdead]) - Longhorn: `storageClassName: longhorn` (filesystem storage) - Mongo[^mongoproblems]: `kind: MongoDBCommunity` (NAS* `inventory-mongodb`) -- Minio S3: `kind: MinioBucketClaim` with `class: dedicated` (NAS*: `class: external`) +- Garage S3[^nominio]: buckets/credentials created with CLI and usually stored in secretspace/kube #TODO: link to docs, kube claim instead? - MariaDB*: search for `mysql`, `mariadb`[^mariadb] (replaces MySQL) - Postgres*: hardcoded to [harbor/application.yml](harbor/application.yml) - Seeded secrets: `kind: SecretClaim` (generates random secret in templated format) @@ -51,22 +51,7 @@ Static routes for 193.40.103.36/30 have been added in pve nodes to make them com [^mongoproblems]: Mongo problems: Incompatible with rawfile csi (wiredtiger.wt corrupts), complicated resizing (PVCs from statefulset PVC template). +[^nominio]: Replaces Minio S3. + *** _This page is referenced by wiki [front page](https://wiki.k-space.ee) as **the** technical documentation for infra._ - -## nas.k-space.ee pre-migration whouses listing -- S3: [minio-clusters](minio-clusters/README.md) -- postgres: only harbor, 172.20.43.1 - -### mongodb -- inventory -- wildduck - -### mariadb.infra.k-space.ee (DNS from ns1 to 172.20.36.1) -- freescout -- gitea nb! MYSQL_ROOT_PASSWORD seems to be invalid, might be ok to reset it upstream -- wiki -- nextcloud -- etherpad NB! probably NOT using kspace_etherpad_kube NB! does not take DNS likely due to netpol, hardcoded to 172.20.36.1 -- grafana -- woodpecker diff --git a/argocd/applications/minio-clusters.yaml b/argocd/applications/minio-clusters.yaml deleted file mode 100644 index 9fa6bab..0000000 --- a/argocd/applications/minio-clusters.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: minio-clusters - namespace: argocd -spec: - project: k-space.ee - source: - repoURL: 'git@git.k-space.ee:k-space/kube.git' - path: minio-clusters - targetRevision: HEAD - destination: - server: 'https://kubernetes.default.svc' - namespace: minio-clusters - syncPolicy: - automated: - prune: true - syncOptions: - - CreateNamespace=true diff --git a/freescout/application.yml b/freescout/application.yml index 5116711..60b4c7a 100644 --- a/freescout/application.yml +++ b/freescout/application.yml @@ -215,15 +215,6 @@ spec: requests: storage: 10Gi --- -apiVersion: codemowers.cloud/v1beta1 -kind: MinioBucketClaim -metadata: - name: attachments - namespace: freescout -spec: - capacity: 10Gi - class: external ---- apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: diff --git a/hackerspace/inventory-extras.yaml b/hackerspace/inventory-extras.yaml index 9b35e68..16820ba 100644 --- a/hackerspace/inventory-extras.yaml +++ b/hackerspace/inventory-extras.yaml @@ -19,12 +19,3 @@ spec: - 'offline_access' tokenEndpointAuthMethod: 'client_secret_basic' pkce: false ---- -apiVersion: codemowers.cloud/v1beta1 -kind: MinioBucketClaim -metadata: - name: inventory-external - namespace: hackerspace -spec: - capacity: 10Gi - class: external diff --git a/hackerspace/inventory.yaml b/hackerspace/inventory.yaml index 3d1be42..eda6157 100644 --- a/hackerspace/inventory.yaml +++ b/hackerspace/inventory.yaml @@ -20,8 +20,6 @@ spec: - image: harbor.k-space.ee/k-space/inventory-app:latest imagePullPolicy: Always env: - - name: INVENTORY_ASSETS_BASE_URL - value: https://external.minio-clusters.k-space.ee/hackerspace-701d9303-0f27-4829-a2be-b1084021ad91/ - name: MACADDRESS_OUTLINK_BASEURL value: https://grafana.k-space.ee/d/ddwyidbtbc16oa/ip-usage?orgId=1&from=now-2y&to=now&timezone=browser&var-Filters=mac%7C%3D%7C - name: OIDC_USERS_NAMESPACE diff --git a/harbor-operator/application-extras.yml b/harbor-operator/application-extras.yml index f906749..8bb8a66 100644 --- a/harbor-operator/application-extras.yml +++ b/harbor-operator/application-extras.yml @@ -22,15 +22,6 @@ spec: pkce: false --- apiVersion: codemowers.cloud/v1beta1 -kind: MinioBucketClaim -metadata: - name: harbor - namespace: harbor-operator -spec: - capacity: 1Ti - class: external ---- -apiVersion: codemowers.cloud/v1beta1 kind: SecretClaim metadata: name: dragonfly-auth diff --git a/minio-clusters/README.md b/minio-clusters/README.md deleted file mode 100644 index 28bb2e1..0000000 --- a/minio-clusters/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# minio-clusters - -external.minio-clusters.k-space.ee terminates here and forwards to 172.20.9.2. -172.20.9.2 is directly attached to docker on nas.k-space.ee - -pre-migra listing of applications and how they consume: -- nextcloud 172.20.9.2 -- freescout https://external.minio-clusters.k-space.ee -- hackerspace/inventory https://external.minio-clusters.k-space.ee -- harbor https://external.minio-clusters.k-space.ee -- longhorn backups: 172.20.9.2 diff --git a/minio-clusters/cert.yaml b/minio-clusters/cert.yaml deleted file mode 100644 index 229f4ed..0000000 --- a/minio-clusters/cert.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: wildcard-tls - namespace: minio-clusters -spec: - dnsNames: - - "*.minio-clusters.k-space.ee" - issuerRef: - group: cert-manager.io - kind: ClusterIssuer - name: default - secretName: wildcard-tls - revisionHistoryLimit: 1 diff --git a/minio-clusters/external.yaml b/minio-clusters/external.yaml deleted file mode 100644 index e8c2e2e..0000000 --- a/minio-clusters/external.yaml +++ /dev/null @@ -1,88 +0,0 @@ ---- -apiVersion: codemowers.cloud/v1beta1 -kind: MinioBucketClass -metadata: - name: external - annotations: - kubernetes.io/description: "External Minio cluster" -spec: - reclaimPolicy: Retain - shared: true ---- -apiVersion: v1 -kind: Service -metadata: - name: external - namespace: minio-clusters -spec: - externalName: 172.20.9.2 - ports: - - name: http - protocol: TCP - port: 9000 - type: ExternalName ---- -apiVersion: v1 -kind: Service -metadata: - name: external-console - namespace: minio-clusters -spec: - externalName: 172.20.9.2 - ports: - - name: http - protocol: TCP - port: 9001 - type: ExternalName ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: external - namespace: minio-clusters - annotations: - kubernetes.io/ingress.class: traefik - traefik.ingress.kubernetes.io/router.entrypoints: websecure - external-dns.alpha.kubernetes.io/target: traefik.k-space.ee -spec: - rules: - - host: external.minio-clusters.k-space.ee - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: external - port: - name: http - tls: - - hosts: - - "*.k-space.ee" - secretName: wildcard-tls ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: external-console - namespace: minio-clusters - annotations: - kubernetes.io/ingress.class: traefik - traefik.ingress.kubernetes.io/router.entrypoints: websecure - external-dns.alpha.kubernetes.io/target: traefik.k-space.ee -spec: - rules: - - host: external-console.minio-clusters.k-space.ee - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: external-console - port: - name: http - tls: - - hosts: - - "*.k-space.ee" - secretName: wildcard-tls diff --git a/monitoring/README.md b/monitoring/README.md index 3644497..743e4a9 100644 --- a/monitoring/README.md +++ b/monitoring/README.md @@ -30,7 +30,6 @@ Sample queries: * [HDD power on hours](https://prom.k-space.ee/graph?g0.range_input=30m&g0.expr=smartmon_power_on_hours_raw_value&g0.tab=0), 8760 hours per year * [CPU/NB temperatures](https://prom.k-space.ee/graph?g0.range_input=1h&g0.expr=node_hwmon_temp_celsius&g0.tab=0) * [Disk space left](https://prom.k-space.ee/graph?g0.range_input=1h&g0.expr=node_filesystem_avail_bytes&g0.tab=1) -* Minio [s3 egress](https://prom.k-space.ee/graph?g0.expr=rate(minio_s3_traffic_sent_bytes%5B3m%5D)&g0.tab=0&g0.display_mode=lines&g0.show_exemplars=0&g0.range_input=6h), [internode egress](https://prom.k-space.ee/graph?g0.expr=rate(minio_inter_node_traffic_sent_bytes%5B2m%5D)&g0.tab=0&g0.display_mode=lines&g0.show_exemplars=0&g0.range_input=6h), [storage used](https://prom.k-space.ee/graph?g0.expr=minio_node_disk_used_bytes&g0.tab=0&g0.display_mode=lines&g0.show_exemplars=0&g0.range_input=6h) Another useful tool for exploring Prometheus operator custom resources is [doc.crds.dev/github.com/prometheus-operator/prometheus-operator](https://doc.crds.dev/github.com/prometheus-operator/prometheus-operator@v0.75.0) diff --git a/monitoring/blackbox-exporter.yaml b/monitoring/blackbox-exporter.yaml index 30c70d6..c6de4e5 100644 --- a/monitoring/blackbox-exporter.yaml +++ b/monitoring/blackbox-exporter.yaml @@ -16,8 +16,6 @@ spec: - https://wiki.k-space.ee/ - https://pad.k-space.ee/ - https://nextcloud.k-space.ee/ - - http://external-console.minio-clusters.k-space.ee/login - - http://shared-console.minio-clusters.k-space.ee/login --- apiVersion: monitoring.coreos.com/v1 kind: Probe