-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refine cluster image(objectstorage-controller、minio-service) (#4512)
* refine cluster image(objectstorage-controller、minio-service) * fix * fix env * fix * add env cloudDomain and use sed * add copy entrypoint.sh * fix ingress port number error * fix env error * add app cr * update images * add cloudPort * remove cors config of ingress * fix cloudPort env error
- Loading branch information
Showing
11 changed files
with
296 additions
and
261 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 0 additions & 21 deletions
21
frontend/providers/objectstorage/deploy/manifests/appcr.yaml.tmpl
This file was deleted.
Oops, something went wrong.
169 changes: 102 additions & 67 deletions
169
frontend/providers/objectstorage/deploy/manifests/deploy.yaml.tmpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,81 +1,116 @@ | ||
apiVersion: v1 | ||
kind: Namespace | ||
metadata: | ||
labels: | ||
app: objectstorage | ||
name: objectstorage | ||
--- | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: objectstorage-config | ||
namespace: objectstorage | ||
data: | ||
config.yaml: |- | ||
addr: :3000 | ||
name: objectstorage-frontend | ||
--- | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: objectstorage | ||
namespace: objectstorage | ||
name: object-storage-frontend | ||
namespace: objectstorage-frontend | ||
labels: | ||
app: object-storage-frontend | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: objectstorage | ||
strategy: | ||
type: RollingUpdate | ||
rollingUpdate: | ||
maxUnavailable: 25% | ||
maxSurge: 25% | ||
template: | ||
metadata: | ||
labels: | ||
app: objectstorage | ||
spec: | ||
containers: | ||
- name: objectstorage | ||
env: | ||
- name: MONITOR_URL | ||
value: '{{ .MONITOR_URL }}' | ||
resources: | ||
limits: | ||
cpu: 100m | ||
memory: 1000Mi | ||
requests: | ||
cpu: 10m | ||
memory: 128Mi | ||
securityContext: | ||
runAsNonRoot: true | ||
runAsUser: 1001 | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- "ALL" | ||
# do not modify this image, it is used for CI/CD | ||
image: ghcr.io/labring/sealos-objectstorage:latest | ||
imagePullPolicy: Always | ||
volumeMounts: | ||
- name: objectstorage-volume | ||
mountPath: /config.yaml | ||
subPath: config.yaml | ||
volumes: | ||
- name: objectstorage-volume | ||
configMap: | ||
name: objectstorage-config | ||
replicas: 1 | ||
revisionHistoryLimit: 1 | ||
selector: | ||
matchLabels: | ||
app: object-storage-frontend | ||
strategy: | ||
type: RollingUpdate | ||
rollingUpdate: | ||
maxUnavailable: 1 | ||
maxSurge: 0 | ||
template: | ||
metadata: | ||
labels: | ||
app: object-storage-frontend | ||
spec: | ||
containers: | ||
- name: object-storage-frontend | ||
image: ghcr.io/labring/sealos-objectstorage-frontend:latest | ||
ports: | ||
- containerPort: 3000 | ||
protocol: TCP | ||
env: | ||
- name: MONITOR_URL | ||
value: https://object-storage-monitor.{{ .cloudDomain }}/q | ||
resources: | ||
limits: | ||
cpu: 500m | ||
memory: 512Mi | ||
requests: | ||
cpu: 5m | ||
memory: 64Mi | ||
imagePullPolicy: Always | ||
volumeMounts: [] | ||
volumes: [] | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
labels: | ||
app: objectstorage | ||
name: object-storage-frontend | ||
namespace: objectstorage-frontend | ||
labels: | ||
app: object-storage-frontend | ||
spec: | ||
ports: | ||
- port: 3000 | ||
targetPort: 3000 | ||
protocol: TCP | ||
selector: | ||
app: object-storage-frontend | ||
--- | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
annotations: | ||
kubernetes.io/ingress.class: nginx | ||
nginx.ingress.kubernetes.io/configuration-snippet: | | ||
if ($request_uri ~* \.(js|css|gif|jpe?g|png)) { | ||
expires 30d; | ||
add_header Cache-Control "public"; | ||
} | ||
nginx.ingress.kubernetes.io/proxy-body-size: 3g | ||
nginx.ingress.kubernetes.io/proxy-next-upstream-timeout: '180' | ||
nginx.ingress.kubernetes.io/proxy-send-timeout: '180' | ||
name: object-storage-frontend | ||
namespace: objectstorage-frontend | ||
spec: | ||
rules: | ||
- host: objectstorage.{{ .cloudDomain }} | ||
http: | ||
paths: | ||
- backend: | ||
service: | ||
name: object-storage-frontend | ||
port: | ||
number: 3000 | ||
path: / | ||
pathType: Prefix | ||
tls: | ||
- hosts: | ||
- objectstorage.{{ .cloudDomain }} | ||
secretName: wildcard-cert | ||
--- | ||
apiVersion: app.sealos.io/v1 | ||
kind: App | ||
metadata: | ||
name: objectstorage | ||
namespace: objectstorage | ||
namespace: app-system | ||
spec: | ||
ports: | ||
- name: http | ||
port: 3000 | ||
protocol: TCP | ||
targetPort: 3000 | ||
selector: | ||
app: objectstorage | ||
data: | ||
desc: object storage | ||
url: https://objectstorage.{{ .cloudDomain }}:{{ .cloudPort }} | ||
displayType: normal | ||
i18n: | ||
zh: | ||
name: 对象存储 | ||
zh-Hans: | ||
name: 对象存储 | ||
icon: https://objectstorage.{{ .cloudDomain }}:{{ .cloudPort }}/logo.svg | ||
menuData: | ||
helpDropDown: false | ||
nameColor: text-black | ||
name: Object Storage | ||
type: iframe |
51 changes: 0 additions & 51 deletions
51
frontend/providers/objectstorage/deploy/manifests/ingress.yaml.tmpl
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,8 @@ | ||
FROM scratch | ||
COPY registry registry | ||
COPY manifests manifests | ||
COPY entrypoint.sh entrypoint.sh | ||
|
||
CMD ["kubectl apply -f manifests/deploy.yaml"] | ||
ENV cloudDomain=${cloudDomain:-"127.0.0.1.nip.io"} | ||
|
||
CMD ["bash entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
#!/usr/bin/env bash | ||
set -e | ||
|
||
MINIO_CONFIG_ENV=$(kubectl -n objectstorage-system get secret object-storage-env-configuration -o jsonpath="{.data.config\.env}" | base64 --decode) | ||
MINIO_ROOT_USER=$(echo "$MINIO_CONFIG_ENV" | tr ' ' '\n' | grep '^MINIO_ROOT_USER=' | cut -d '=' -f 2); MINIO_ROOT_USER=${MINIO_ROOT_USER//\"} | ||
MINIO_ROOT_PASSWORD=$(echo "$MINIO_CONFIG_ENV" | tr ' ' '\n' | grep '^MINIO_ROOT_PASSWORD=' | cut -d '=' -f 2); MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD//\"} | ||
|
||
SYMMETRIC_KEY=$MINIO_ROOT_PASSWORD; HEADER='{"alg":"HS256","typ":"JWT"}'; PAYLOAD='{"exp":4833872336,"iss":"prometheus","sub":"'"$MINIO_ROOT_USER"'"}' | ||
|
||
BASE64_HEADER=$(echo -n "$HEADER" | base64 | tr -d '\n=' | tr '/+' '_-'); BASE64_PAYLOAD=$(echo -n "$PAYLOAD" | base64 | tr -d '\n=' | tr '/+' '_-') | ||
|
||
BASE64_SIGNATURE=$(echo -n "$BASE64_HEADER.$BASE64_PAYLOAD" | openssl dgst -binary -sha256 -hmac "$SYMMETRIC_KEY" | base64 | tr -d '\n=' | tr '/+' '_-') | ||
|
||
TOKEN="$BASE64_HEADER.$BASE64_PAYLOAD.$BASE64_SIGNATURE" | ||
|
||
BASE64_TOKEN=$(echo -n "$TOKEN" | base64 -w 0) | ||
|
||
sed -i 's/{BASE64_TOKEN}/'${BASE64_TOKEN}'/g' manifests/deploy.yaml | ||
|
||
kubectl apply -f manifests/deploy.yaml |
Oops, something went wrong.