Restructured infra

infra/rook-ceph/kustomization.yaml

@@ -1,7 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: rook-ceph
 resources:
-  - ./namespace.yaml
-  - ./helm-repository.yaml
-  - ./helm-release.yaml
+  - ./rook-ceph.yaml
+  - ./rook-ceph-cluster.yaml

infra/rook-ceph/rook-ceph-cluster.yaml

@@ -0,0 +1,22 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: rook-ceph-cluster
+  namespace: flux-system
+  labels:
+    alert: flux-infra
+spec:
+  interval: 15m
+  path: ./infra/rook-ceph/rook-ceph-cluster
+  dependsOn:
+    - name: rook-ceph
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: domain-vars

infra/rook-ceph/rook-ceph-cluster/access-control-rule.yaml

@@ -0,0 +1,8 @@
+apiVersion: authelia.huizinga.dev/v1
+kind: AccessControlRule
+metadata:
+  name: ceph
+spec:
+  domain: ceph.${domain}
+  policy: one_factor
+  subject: "group:lldap_admin"

infra/rook-ceph/rook-ceph-cluster/helm-release.yaml

@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: rook-ceph-cluster
+spec:
+  chart:
+    spec:
+      chart: rook-ceph-cluster
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: rook-release
+      version: 1.16.3
+  interval: 15m
+  timeout: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: rook-cepth-cluster-values

infra/rook-ceph/rook-ceph-cluster/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: rook-ceph
+resources:
+  - ./helm-release.yaml
+  - ./access-control-rule.yaml
+
+configurations:
+  - ../../../common/name-reference/helm-release.yaml
+
+configMapGenerator:
+  - name: rook-cepth-cluster-values
+    files:
+      - ./values.yaml

infra/rook-ceph/rook-ceph-cluster/values.yaml

@@ -0,0 +1,48 @@
+toolbox:
+  enabled: true
+# TODO: Not sure we really need this is we have prometheus + grafana set up
+ingress:
+  dashboard:
+    annotations:
+      traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
+      traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd"
+      traefik.ingress.kubernetes.io/router.tls: "true"
+    host:
+      name: ceph.${domain}
+    tls:
+      - hosts:
+          - ceph.${domain}
+        secretName: ${domain//./-}-tls
+# Uncomment once prometheus stack has been added
+# monitoring:
+#   enabled: true
+#   createPrometheusRules: true
+cephBlockPoolsVolumeSnapshotClass:
+  enabled: true
+cephFileSystemVolumeSnapshotClass:
+  enabled: true
+cephClusterSpec:
+  dashboard:
+    ssl: false
+  storage:
+    useAllDevices: false
+    deviceFilter: "^nvme."
+  resources:
+    mgr:
+      limits:
+        memory: "1Gi"
+      requests:
+        cpu: "50m"
+        memory: "512Mi"
+    mon:
+      limits:
+        memory: "2Gi"
+      requests:
+        cpu: "100m"
+        memory: "1Gi"
+    osd:
+      limits:
+        memory: "2Gi"
+      requests:
+        cpu: "100m"
+        memory: "1Gi"

infra/rook-ceph/rook-ceph.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: rook-ceph
+  namespace: flux-system
+  labels:
+    alert: flux-infra
+spec:
+  interval: 15m
+  path: ./infra/rook-ceph/rook-ceph
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true

infra/rook-ceph/rook-ceph/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: rook-ceph
+resources:
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml