minio is dead, external is dead, some envs are dead

2025-12-29 00:13:35 +02:00
parent d05b92cc92
commit 5920222e89
12 changed files with 4 additions and 185 deletions
--- a/CLUSTER.md
+++ b/CLUSTER.md
@@ -128,7 +128,7 @@ Our self-hosted Kubernetes stack compared to AWS based deployments:
 | AWS NLB           | MetalLB                             | L2/L3 level load balancing                                          |
 | AWS RDS for MySQL | MySQL Operator                      | Provision highly available relational databases                     |
 | AWS Route53       | Bind and RFC2136                    | DNS records and Let's Encrypt DNS validation                        |
-| AWS S3            | Minio Operator                      | Highly available object storage                                     |
+| AWS S3            | Garage                              | Highly available object storage                                     |
 | AWS VPC           | Calico                              | Overlay network                                                     |
 | Dex               | Passmower                           | ACL mapping and OIDC provider which integrates with GitHub/Samba    |
 | GitHub Actions    | Woodpecker                          | Build Docker images                                                 |
--- a/README.md
+++ b/README.md
@@ -37,7 +37,7 @@ Static routes for 193.40.103.36/30 have been added in pve nodes to make them com
 - Dragonfly: `kind: Dragonfly` (replaces Redis[^redisdead])
 - Longhorn: `storageClassName: longhorn` (filesystem storage)
 - Mongo[^mongoproblems]: `kind: MongoDBCommunity` (NAS* `inventory-mongodb`)
- Minio S3: `kind: MinioBucketClaim` with `class: dedicated` (NAS*: `class: external`)
+- Garage S3[^nominio]: buckets/credentials created with CLI and usually stored in secretspace/kube #TODO: link to docs, kube claim instead?
 - MariaDB*: search for `mysql`, `mariadb`[^mariadb] (replaces MySQL)
 - Postgres*: hardcoded to [harbor/application.yml](harbor/application.yml)
 - Seeded secrets: `kind: SecretClaim` (generates random secret in templated format)
@@ -51,22 +51,7 @@ Static routes for 193.40.103.36/30 have been added in pve nodes to make them com
 [^mongoproblems]: Mongo problems: Incompatible with rawfile csi (wiredtiger.wt corrupts), complicated resizing (PVCs from statefulset PVC template).
 [^nominio]: Replaces Minio S3.
 ***
 _This page is referenced by wiki [front page](https://wiki.k-space.ee) as **the** technical documentation for infra._
 ## nas.k-space.ee pre-migration whouses listing
 - S3: [minio-clusters](minio-clusters/README.md)
 - postgres: only harbor, 172.20.43.1
 ### mongodb
 - inventory
 - wildduck
 ### mariadb.infra.k-space.ee (DNS from ns1 to 172.20.36.1)
 - freescout
 - gitea nb! MYSQL_ROOT_PASSWORD seems to be invalid, might be ok to reset it upstream
 - wiki
 - nextcloud
 - etherpad NB! probably NOT using kspace_etherpad_kube NB! does not take DNS likely due to netpol, hardcoded to 172.20.36.1
 - grafana
 - woodpecker
--- a/argocd/applications/minio-clusters.yaml
+++ b/argocd/applications/minio-clusters.yaml
@@ -1,20 +0,0 @@
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: minio-clusters
  namespace: argocd
 spec:
  project: k-space.ee
  source:
    repoURL: 'git@git.k-space.ee:k-space/kube.git'
    path: minio-clusters
    targetRevision: HEAD
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: minio-clusters
  syncPolicy:
    automated:
      prune: true
    syncOptions:
    - CreateNamespace=true
--- a/freescout/application.yml
+++ b/freescout/application.yml
@@ -215,15 +215,6 @@ spec:
    requests:
      storage: 10Gi 
 ---
 apiVersion: codemowers.cloud/v1beta1
 kind: MinioBucketClaim
 metadata:
  name: attachments
  namespace: freescout
 spec:
  capacity: 10Gi
  class: external
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
--- a/hackerspace/inventory-extras.yaml
+++ b/hackerspace/inventory-extras.yaml
@@ -19,12 +19,3 @@ spec:
    - 'offline_access'
  tokenEndpointAuthMethod: 'client_secret_basic'
  pkce: false
 ---
 apiVersion: codemowers.cloud/v1beta1
 kind: MinioBucketClaim
 metadata:
  name: inventory-external
  namespace: hackerspace
 spec:
  capacity: 10Gi
  class: external
--- a/hackerspace/inventory.yaml
+++ b/hackerspace/inventory.yaml
@@ -20,8 +20,6 @@ spec:
      - image: harbor.k-space.ee/k-space/inventory-app:latest
        imagePullPolicy: Always
        env:
        - name: INVENTORY_ASSETS_BASE_URL
          value: https://external.minio-clusters.k-space.ee/hackerspace-701d9303-0f27-4829-a2be-b1084021ad91/
        - name: MACADDRESS_OUTLINK_BASEURL
          value: https://grafana.k-space.ee/d/ddwyidbtbc16oa/ip-usage?orgId=1&from=now-2y&to=now&timezone=browser&var-Filters=mac%7C%3D%7C
        - name: OIDC_USERS_NAMESPACE
--- a/harbor-operator/application-extras.yml
+++ b/harbor-operator/application-extras.yml
@@ -22,15 +22,6 @@ spec:
  pkce: false
 ---
 apiVersion: codemowers.cloud/v1beta1
 kind: MinioBucketClaim
 metadata:
  name: harbor
  namespace: harbor-operator
 spec:
  capacity: 1Ti
  class: external
 ---
 apiVersion: codemowers.cloud/v1beta1
 kind: SecretClaim
 metadata:
  name: dragonfly-auth
--- a/minio-clusters/README.md
+++ b/minio-clusters/README.md
@@ -1,11 +0,0 @@
 # minio-clusters
 external.minio-clusters.k-space.ee terminates here and forwards to 172.20.9.2.
 172.20.9.2 is directly attached to docker on nas.k-space.ee
 pre-migra listing of applications and how they consume:
 - nextcloud 172.20.9.2
 - freescout https://external.minio-clusters.k-space.ee
 - hackerspace/inventory https://external.minio-clusters.k-space.ee
 - harbor https://external.minio-clusters.k-space.ee
 - longhorn backups: 172.20.9.2
--- a/minio-clusters/cert.yaml
+++ b/minio-clusters/cert.yaml
@@ -1,15 +0,0 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: wildcard-tls
  namespace: minio-clusters
 spec:
  dnsNames:
    - "*.minio-clusters.k-space.ee"
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
    name: default
  secretName: wildcard-tls
  revisionHistoryLimit: 1
--- a/minio-clusters/external.yaml
+++ b/minio-clusters/external.yaml
@@ -1,88 +0,0 @@
 ---
 apiVersion: codemowers.cloud/v1beta1
 kind: MinioBucketClass
 metadata:
  name: external
  annotations:
    kubernetes.io/description: "External Minio cluster"
 spec:
  reclaimPolicy: Retain
  shared: true
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: external
  namespace: minio-clusters
 spec:
  externalName: 172.20.9.2
  ports:
    - name: http
      protocol: TCP
      port: 9000
  type: ExternalName
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: external-console
  namespace: minio-clusters
 spec:
  externalName: 172.20.9.2
  ports:
    - name: http
      protocol: TCP
      port: 9001
  type: ExternalName
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: external
  namespace: minio-clusters
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
 spec:
  rules:
    - host: external.minio-clusters.k-space.ee
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: external
                port:
                  name: http
  tls:
    - hosts:
        - "*.k-space.ee"
      secretName: wildcard-tls
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: external-console
  namespace: minio-clusters
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
 spec:
  rules:
    - host: external-console.minio-clusters.k-space.ee
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: external-console
                port:
                  name: http
  tls:
    - hosts:
        - "*.k-space.ee"
      secretName: wildcard-tls
--- a/monitoring/README.md
+++ b/monitoring/README.md
@@ -30,7 +30,6 @@ Sample queries:
 * [HDD power on hours](https://prom.k-space.ee/graph?g0.range_input=30m&g0.expr=smartmon_power_on_hours_raw_value&g0.tab=0), 8760 hours per year
 * [CPU/NB temperatures](https://prom.k-space.ee/graph?g0.range_input=1h&g0.expr=node_hwmon_temp_celsius&g0.tab=0)
 * [Disk space left](https://prom.k-space.ee/graph?g0.range_input=1h&g0.expr=node_filesystem_avail_bytes&g0.tab=1)
 * Minio [s3 egress](https://prom.k-space.ee/graph?g0.expr=rate(minio_s3_traffic_sent_bytes%5B3m%5D)&g0.tab=0&g0.display_mode=lines&g0.show_exemplars=0&g0.range_input=6h), [internode egress](https://prom.k-space.ee/graph?g0.expr=rate(minio_inter_node_traffic_sent_bytes%5B2m%5D)&g0.tab=0&g0.display_mode=lines&g0.show_exemplars=0&g0.range_input=6h), [storage used](https://prom.k-space.ee/graph?g0.expr=minio_node_disk_used_bytes&g0.tab=0&g0.display_mode=lines&g0.show_exemplars=0&g0.range_input=6h)
 Another useful tool for exploring Prometheus operator custom resources is
 [doc.crds.dev/github.com/prometheus-operator/prometheus-operator](https://doc.crds.dev/github.com/prometheus-operator/prometheus-operator@v0.75.0)
--- a/monitoring/blackbox-exporter.yaml
+++ b/monitoring/blackbox-exporter.yaml
@@ -16,8 +16,6 @@ spec:
        - https://wiki.k-space.ee/
        - https://pad.k-space.ee/
        - https://nextcloud.k-space.ee/
        - http://external-console.minio-clusters.k-space.ee/login
        - http://shared-console.minio-clusters.k-space.ee/login
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: Probe