Skip to content

Commit

Permalink
refine cluster image(objectstorage-controller、minio-service) (#4512)
Browse files Browse the repository at this point in the history
* refine cluster image(objectstorage-controller、minio-service)

* fix

* fix env

* fix

* add env cloudDomain and use sed

* add copy entrypoint.sh

* fix ingress port number error

* fix env error

* add app cr

* update images

* add cloudPort

* remove cors config of ingress

* fix cloudPort env error
  • Loading branch information
nowinkeyy authored Feb 27, 2024
1 parent ff26b69 commit 21f2c3a
Show file tree
Hide file tree
Showing 11 changed files with 296 additions and 261 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/frontend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ jobs:
providers/terminal,
providers/dbprovider,
providers/costcenter,
# providers/objectstorage,
providers/objectstorage,
desktop,
]
steps:
Expand Down
8 changes: 3 additions & 5 deletions controllers/objectstorage/deploy/Kubefile
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,7 @@ USER 65532:65532
COPY registry registry
COPY manifests manifests

ENV DEFAULT_NAMESPACE objectstorage-system
ENV OSAdminSecret=""
ENV OSInternalEndpoint=""
ENV OSExternalEndpoint=""
ENV cloudDomain=${cloudDomain:-"127.0.0.1.nip.io"}
ENV cloudPort=${cloudPort:-"443"}

CMD ["kubectl apply -f manifests/deploy.yaml -n $DEFAULT_NAMESPACE"]
CMD ["kubectl apply -f manifests/deploy.yaml"]
Original file line number Diff line number Diff line change
@@ -1,17 +1,3 @@
# Copyright © 2023 sealos.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Namespace
metadata:
Expand Down Expand Up @@ -491,14 +477,14 @@ spec:
- name: OSNamespace
value: objectstorage-system
- name: OSAdminSecret
value: '{{ .OSAdminSecret }}'
value: object-storage-user-0
- name: OSInternalEndpoint
value: '{{ .OSInternalEndpoint }}'
value: object-storage.objectstorage-system.svc.cluster.local
- name: OSExternalEndpoint
value: '{{ .OSExternalEndpoint }}'
value: objectstorageapi.{{ .cloudDomain }}
- name: OSUDetectionCycleSeconds
value: "300"
- name: OSBDetectionCycleSeconds
- name: MinioBucketDetectionCycleSeconds
value: "300"
image: ghcr.io/labring/sealos-objectstorage-controller:latest
imagePullPolicy: Always
Expand All @@ -520,8 +506,8 @@ spec:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
cpu: 5m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
Expand All @@ -531,4 +517,4 @@ spec:
securityContext:
runAsNonRoot: true
serviceAccountName: objectstorage-controller-manager
terminationGracePeriodSeconds: 10
terminationGracePeriodSeconds: 10
9 changes: 3 additions & 6 deletions frontend/providers/objectstorage/deploy/Kubefile
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,7 @@ USER 65532:65532
COPY registry registry
COPY manifests manifests

ENV certSecretName="wildcard-cert"
ENV cloudDomain="127.0.0.1.nip.io"
ENV cloudPort=""
ENV transferEnabled="true"
ENV rechargeEnabled="true"
ENV cloudDomain=${cloudDomain:-"127.0.0.1.nip.io"}
ENV cloudPort=${cloudPort:-"443"}

CMD ["kubectl apply -f manifests"]
CMD ["kubectl apply -f manifests/deploy.yaml"]
21 changes: 0 additions & 21 deletions frontend/providers/objectstorage/deploy/manifests/appcr.yaml.tmpl

This file was deleted.

169 changes: 102 additions & 67 deletions frontend/providers/objectstorage/deploy/manifests/deploy.yaml.tmpl
Original file line number Diff line number Diff line change
@@ -1,81 +1,116 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
app: objectstorage
name: objectstorage
---
apiVersion: v1
kind: ConfigMap
metadata:
name: objectstorage-config
namespace: objectstorage
data:
config.yaml: |-
addr: :3000
name: objectstorage-frontend
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: objectstorage
namespace: objectstorage
name: object-storage-frontend
namespace: objectstorage-frontend
labels:
app: object-storage-frontend
spec:
selector:
matchLabels:
app: objectstorage
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
template:
metadata:
labels:
app: objectstorage
spec:
containers:
- name: objectstorage
env:
- name: MONITOR_URL
value: '{{ .MONITOR_URL }}'
resources:
limits:
cpu: 100m
memory: 1000Mi
requests:
cpu: 10m
memory: 128Mi
securityContext:
runAsNonRoot: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
# do not modify this image, it is used for CI/CD
image: ghcr.io/labring/sealos-objectstorage:latest
imagePullPolicy: Always
volumeMounts:
- name: objectstorage-volume
mountPath: /config.yaml
subPath: config.yaml
volumes:
- name: objectstorage-volume
configMap:
name: objectstorage-config
replicas: 1
revisionHistoryLimit: 1
selector:
matchLabels:
app: object-storage-frontend
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
template:
metadata:
labels:
app: object-storage-frontend
spec:
containers:
- name: object-storage-frontend
image: ghcr.io/labring/sealos-objectstorage-frontend:latest
ports:
- containerPort: 3000
protocol: TCP
env:
- name: MONITOR_URL
value: https://object-storage-monitor.{{ .cloudDomain }}/q
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 5m
memory: 64Mi
imagePullPolicy: Always
volumeMounts: []
volumes: []
---
apiVersion: v1
kind: Service
metadata:
labels:
app: objectstorage
name: object-storage-frontend
namespace: objectstorage-frontend
labels:
app: object-storage-frontend
spec:
ports:
- port: 3000
targetPort: 3000
protocol: TCP
selector:
app: object-storage-frontend
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
if ($request_uri ~* \.(js|css|gif|jpe?g|png)) {
expires 30d;
add_header Cache-Control "public";
}
nginx.ingress.kubernetes.io/proxy-body-size: 3g
nginx.ingress.kubernetes.io/proxy-next-upstream-timeout: '180'
nginx.ingress.kubernetes.io/proxy-send-timeout: '180'
name: object-storage-frontend
namespace: objectstorage-frontend
spec:
rules:
- host: objectstorage.{{ .cloudDomain }}
http:
paths:
- backend:
service:
name: object-storage-frontend
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- objectstorage.{{ .cloudDomain }}
secretName: wildcard-cert
---
apiVersion: app.sealos.io/v1
kind: App
metadata:
name: objectstorage
namespace: objectstorage
namespace: app-system
spec:
ports:
- name: http
port: 3000
protocol: TCP
targetPort: 3000
selector:
app: objectstorage
data:
desc: object storage
url: https://objectstorage.{{ .cloudDomain }}:{{ .cloudPort }}
displayType: normal
i18n:
zh:
name: 对象存储
zh-Hans:
name: 对象存储
icon: https://objectstorage.{{ .cloudDomain }}:{{ .cloudPort }}/logo.svg
menuData:
helpDropDown: false
nameColor: text-black
name: Object Storage
type: iframe

This file was deleted.

5 changes: 4 additions & 1 deletion service/minio/deploy/Kubefile
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
FROM scratch
COPY registry registry
COPY manifests manifests
COPY entrypoint.sh entrypoint.sh

CMD ["kubectl apply -f manifests/deploy.yaml"]
ENV cloudDomain=${cloudDomain:-"127.0.0.1.nip.io"}

CMD ["bash entrypoint.sh"]
20 changes: 20 additions & 0 deletions service/minio/deploy/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -e

MINIO_CONFIG_ENV=$(kubectl -n objectstorage-system get secret object-storage-env-configuration -o jsonpath="{.data.config\.env}" | base64 --decode)
MINIO_ROOT_USER=$(echo "$MINIO_CONFIG_ENV" | tr ' ' '\n' | grep '^MINIO_ROOT_USER=' | cut -d '=' -f 2); MINIO_ROOT_USER=${MINIO_ROOT_USER//\"}
MINIO_ROOT_PASSWORD=$(echo "$MINIO_CONFIG_ENV" | tr ' ' '\n' | grep '^MINIO_ROOT_PASSWORD=' | cut -d '=' -f 2); MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD//\"}

SYMMETRIC_KEY=$MINIO_ROOT_PASSWORD; HEADER='{"alg":"HS256","typ":"JWT"}'; PAYLOAD='{"exp":4833872336,"iss":"prometheus","sub":"'"$MINIO_ROOT_USER"'"}'

BASE64_HEADER=$(echo -n "$HEADER" | base64 | tr -d '\n=' | tr '/+' '_-'); BASE64_PAYLOAD=$(echo -n "$PAYLOAD" | base64 | tr -d '\n=' | tr '/+' '_-')

BASE64_SIGNATURE=$(echo -n "$BASE64_HEADER.$BASE64_PAYLOAD" | openssl dgst -binary -sha256 -hmac "$SYMMETRIC_KEY" | base64 | tr -d '\n=' | tr '/+' '_-')

TOKEN="$BASE64_HEADER.$BASE64_PAYLOAD.$BASE64_SIGNATURE"

BASE64_TOKEN=$(echo -n "$TOKEN" | base64 -w 0)

sed -i 's/{BASE64_TOKEN}/'${BASE64_TOKEN}'/g' manifests/deploy.yaml

kubectl apply -f manifests/deploy.yaml
Loading

0 comments on commit 21f2c3a

Please sign in to comment.