Create some buckets in ceph and expose them to the internet!

apps-kustomized/bucket/cephobjectstore.yaml

@@ -0,0 +1,19 @@
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStore
+metadata:
+  name: bucketstore
+spec:
+  metadataPool:
+    failureDomain: host
+    replicated:
+      size: 1
+  dataPool:
+    failureDomain: host
+    replicated:
+      size: 1
+  preservePoolsOnDelete: true
+  gateway:
+    sslCertificateRef:
+    port: 80
+    # securePort: 443
+    instances: 1

apps-kustomized/bucket/ingress.yaml

@@ -0,0 +1,40 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/proxy-body-size: 2000m
+  labels:
+    app.kubernetes.io/name: writefreely
+  name: files-s3
+spec:
+  rules:
+  - host: files.martyn.berlin
+    http:
+      paths:
+      - backend:
+          service:
+            name: rook-ceph-rgw-bucketstore-external
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  - host: files-a89a4194-3742-498e-8c6c-37128fdb9291.martyn.berlin
+    http:
+      paths:
+      - backend:
+          service:
+            name: rook-ceph-rgw-bucketstore-external
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - files.martyn.berlin
+    secretName: files-tls
+  - hosts:
+    - files-a89a4194-3742-498e-8c6c-37128fdb9291.martyn.berlin
+    secretName: long-name-files-tls

apps-kustomized/bucket/objectbucketclaim.yaml

@@ -0,0 +1,54 @@
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: ceph-bucket
+spec:
+  generateBucketName: files
+  storageClassName: rook-ceph-bucket
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: ceph-bucket-blog
+spec:
+  bucketName: blog
+  storageClassName: rook-ceph-bucket
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: ceph-bucket-blogimages
+spec:
+  bucketName: blogimages
+  storageClassName: rook-ceph-bucket
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: ceph-bucket-photos
+spec:
+  bucketName: photos
+  storageClassName: rook-ceph-bucket
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: ceph-bucket-proxyput
+spec:
+  bucketName: proxyput
+  storageClassName: rook-ceph-bucket
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: ceph-bucket-testy
+spec:
+  bucketName: testy
+---
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: ceph-bucket-video
+spec:
+  bucketName: video
+  storageClassName: rook-ceph-bucket

apps-kustomized/bucket/service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: rook-ceph-rgw-bucketstore-external
+  labels:
+    app: rook-ceph-rgw
+    rook_cluster: rook-ceph
+    rook_object_store: bucketstore
+spec:
+  ports:
+  - name: rgw
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: rook-ceph-rgw
+    rook_cluster: rook-ceph
+    rook_object_store: bucketstore
+  sessionAffinity: None
+  type: LoadBalancer

apps-kustomized/bucket/storageclass.yaml

@@ -0,0 +1,10 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+   name: rook-ceph-bucket
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.ceph.rook.io/bucket
+reclaimPolicy: Retain
+parameters:
+  objectStoreName: bucketstore
+  objectStoreNamespace: rook-ceph

everything-app/bucket.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: bucket
+  namespace: argocd
+spec:
+  destination:
+    namespace: rook-ceph
+    server: https://kubernetes.default.svc
+  project: apps
+  source:
+    path: apps-kustomized/bucket
+    repoURL: https://git.martyn.berlin/martyn/infra4talos
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true