cluster/kube: refactor rook.io object store configuration

2019-04-09 21:45:32 +02:00 · 2019-04-09 21:45:32 +02:00 · 5ac85c6e73
parent 6da3b288dc
commit 5ac85c6e73
2 changed files with 51 additions and 9 deletions
--- a/cluster/kube/cluster.jsonnet
+++ b/cluster/kube/cluster.jsonnet
@ -122,8 +122,7 @@ local Cluster(fqdn) = {
            },
        },
    },
-    cephWaw1Object: kube._Object("ceph.rook.io/v1", "CephObjectStore", "waw-hdd-redundant-1-object") {
-        metadata+: cluster.cephWaw1.metadata,
+    cephWaw1Object: rook.S3ObjectStore(cluster.cephWaw1, "waw-hdd-redundant-1-object") {
        spec: {
            metadataPool: {
                failureDomain: "host",
@ -136,13 +135,6 @@ local Cluster(fqdn) = {
                    codingChunks: 1,
                },
            },
-            gateway: {
-                type: "s3",
-                port: 80,
-                #securePort:
-                instances: 1,
-                allNodes: false,
-            },
        },
    },
 };
--- a/cluster/kube/lib/rook.libsonnet
+++ b/cluster/kube/lib/rook.libsonnet
@ -495,4 +495,54 @@ local kube = import "../../../kube/kube.libsonnet";
            reclaimPolicy: "Retain",
        },
    },
+
+    S3ObjectStore(cluster, name):: {
+        local store = self,
+        spec:: error "spec must be specified",
+        objectStore: kube._Object("ceph.rook.io/v1", "CephObjectStore", name) {
+            metadata+: cluster.metadata,
+            spec: store.spec {
+                gateway: {
+                    type: "s3",
+                    port: 80,
+                    instances: 1,
+                    allNodes: false,
+                },
+            },
+        },
+
+        objectIngress: kube.Ingress(name) {
+            metadata+: cluster.metadata {
+                annotations+: {
+                    "kubernetes.io/tls-acme": "true",
+                    "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
+                    "nginx.ingress.kubernetes.io/proxy-body-size": "0",
+                },
+            },
+            spec+: {
+                tls: [
+                    {
+                        hosts: ["object.%s.hswaw.net" % [cluster.metadata.namespace]],
+                        secretName: "%s-tls" % [name],
+                    },
+                ],
+                rules: [
+                    {
+                        host: "object.%s.hswaw.net" % [cluster.metadata.namespace],
+                        http: {
+                            paths: [
+                                {
+                                    path: "/",
+                                    backend: {
+                                        serviceName: "rook-ceph-rgw-%s" % [name],
+                                        servicePort: 80,
+                                    },
+                                },
+                            ]
+                        },
+                    }
+                ],
+            },
+        },
+    },
 }