Merge pull request #24 from MatMol96/main

Rook S3 Demo

Author: francescotimperi

demos/demo-rook-s3/README.md

@@ -0,0 +1,50 @@
+- dev
+    - controller
+        - demos
+            - demo-rook-s3
+                - README.md
+                - constants.sh
+                - s3-policy.json
+                - object.yaml
+                - object-bucket-claim-delete.yaml
+                - storageclass-bucket-delete.yaml
+                - traefik-ingress.yaml
+
+# CMDS
+
+```kubectl apply -f rook-object-store.yaml```
+will create the ceph object store into the rook-ceph namespace
+
+```kubectl apply -f rook-storageclass.yaml``` will create the storage class for the object created above
+
+```kubectl apply -f rook-object-bucket-claim.yaml``` 
+will create the OBC into the namespace nuvolaris
+
+```kubectl apply -f traefik-ingress.yaml``` 
+will create the traefik ingress for the rook-bucket
+
+```kubectl apply -f rook-nginx-cm.yaml``` 
+will create the config map for rook-nginx
+
+```kubectl apply -f rook-static-sts.yaml``` 
+will create the stateful set for rook-nginx
+
+```kubectl apply -f rook-nginx-static-svc.yaml``` 
+will create the service for rook-nginx
+
+```kubectl apply -f rook-middleware.yaml``` 
+will create the middleware for rook-nginx
+
+```kubectl apply -f rook-nginx-static-ingress.yaml``` 
+will create the ingress for rook-nginx
+
+```aws s3api put-bucket-policy --policy file://s3-policy.json --endpoint-url=https://rook-s3.metlabs.cloud --bucket ceph-bkt-57332554-f148-44e0-a988-d55773f79d8a```
+set the public access policy S3
+
+
+# TO-DO
+- [X] middleware ingress to rook-ceph 
+- [ ] perfezionare installazione objectstore
+- [ ] gestione affinity sul OS
+- [ ] installazione StorageClass DEL BUCKET che usa OS di cui sopra
+- [ ] (optional) User Management granting access to 2 or more buckets to a user

demos/demo-rook-s3/constants.sh

@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+AWS_HOST=$(kubectl -n nuvolaris get cm ceph-bucket -o jsonpath='{.data.BUCKET_HOST}') 
+PORT=$(kubectl -n nuvolaris get cm ceph-bucket -o jsonpath='{.data.BUCKET_PORT}') 
+BUCKET_NAME=$(kubectl -n nuvolaris get cm ceph-bucket -o jsonpath='{.data.BUCKET_NAME}') 
+AWS_ACCESS_KEY_ID=$(kubectl -n nuvolaris get secret ceph-bucket -o jsonpath='{.data.AWS_ACCESS_KEY_ID}' | base64 --decode) 
+AWS_SECRET_ACCESS_KEY=$(kubectl -n nuvolaris get secret ceph-bucket -o jsonpath='{.data.AWS_SECRET_ACCESS_KEY}' | base64 --decode) 
+
+echo $AWS_HOST
+echo $PORT
+echo $BUCKET_NAME
+echo $AWS_ACCESS_KEY_ID
+echo $AWS_SECRET_ACCESS_KEY

demos/demo-rook-s3/object-bucket-claim-delete.yaml

@@ -0,0 +1,25 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: ceph-bucket
+  namespace: nuvolaris
+spec:
+  generateBucketName: ceph-bkt
+  storageClassName: rook-ceph-bucket

demos/demo-rook-s3/object.yaml

@@ -0,0 +1,45 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStore
+metadata:
+  name: my-store
+  namespace: rook-ceph
+spec:
+  metadataPool:
+    failureDomain: host
+    replicated:
+      size: 3
+  dataPool:
+    failureDomain: host
+    # For production it is recommended to use more chunks, such as 4+2 or 8+4
+    erasureCoded:
+      dataChunks: 2
+      codingChunks: 1
+  preservePoolsOnDelete: true
+  gateway:
+    sslCertificateRef:
+    port: 80
+    # securePort: 443
+    instances: 1
+    #externalRgwEndpoints:
+    #  - ip: "192.168.122.1"
+    #service:
+    #  annotations:
+    #    # Add the bucket DNS names
+    #    external-dns.alpha.kubernetes.io/hostname: rook-bucket.metlabs.cloud

demos/demo-rook-s3/rook-middleware.yaml

@@ -0,0 +1,25 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: rook-static-ingress-add-prefix
+  namespace: nuvolaris
+spec:
+  addPrefix:
+    prefix: /ceph-bkt-57332554-f148-44e0-a988-d55773f79d8a

demos/demo-rook-s3/rook-nginx-cm.yaml

@@ -0,0 +1,51 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+apiVersion: v1
+data:
+  default.conf: "server {\n  listen       8080;\n  server_name  localhost;\n\n  client_max_body_size
+    1000M;\n\n  #access_log  /var/log/nginx/host.access.log  main;\n\n  #location
+    / {\n  #    root   /usr/share/nginx/html;\n  #    index  index.html index.htm;\n
+    \ #}\n\n  location / {          \n      rewrite ^/$ ${request_uri}index.html break;
+    \         \n      rewrite ^([^.]*[^/])$ $1/;\n      rewrite (.*)/$ $1/index.html;
+    \                   \n\n      proxy_hide_header     x-amz-id-2;\n      proxy_hide_header
+    \    x-amz-meta-etag;\n      proxy_hide_header     x-amz-request-id;\n      proxy_hide_header
+    \    x-amz-meta-server-side-encryption;\n      proxy_hide_header     x-amz-server-side-encryption;
+    \       \n      proxy_set_header Host $http_host;\n\n      proxy_pass http://rook-ceph-rgw-my-store.rook-ceph.svc.cluster.local:80/;\n
+    \     \n      error_page 301 404 = @spa;\n      proxy_intercept_errors on;   \n
+    \     proxy_redirect     off;\n  }  \n\n  location @spa {\n    rewrite (.*)-web(.*)
+    $1-web/index.html;\n    proxy_pass http://rook-ceph-rgw-my-store.rook-ceph.svc.cluster.local:80;\n
+    \   error_page 404 = /404.html;\n    proxy_intercept_errors on;\n  }           \n\n
+    \ error_page  404              /404.html;\n\n  location = /404.html {\n      root
+    \  /usr/share/nginx/html;\n  }\n\n  # redirect server error pages to the static
+    page /50x.html\n  #\n  error_page   500 502 503 504  /50x.html;\n  location =
+    /50x.html {\n      root   /usr/share/nginx/html;\n  }\n\n}\n"
+  nginx.conf: "worker_processes  auto;\n\nerror_log  /var/log/nginx/error.log notice;\npid
+    \       /tmp/nginx.pid;\n\nevents {\n    worker_connections  1024;\n}\n\nhttp
+    {\n    proxy_temp_path /tmp/proxy_temp;\n    client_body_temp_path /tmp/client_temp;\n
+    \   fastcgi_temp_path /tmp/fastcgi_temp;\n    uwsgi_temp_path /tmp/uwsgi_temp;\n
+    \   scgi_temp_path /tmp/scgi_temp;\n    \n    client_max_body_size 1000M;\n\n
+    \   include       /etc/nginx/mime.types;\n    default_type  application/octet-stream;\n\n
+    \   log_format  main  '$remote_addr - $remote_user [$time_local] \"$request\"
+    '\n                      '$status $body_bytes_sent \"$http_referer\" '\n                      '\"$http_user_agent\"
+    \"$http_x_forwarded_for\" - \"$http_host\"';\n\n    access_log  /var/log/nginx/access.log
+    \ main;\n\n    sendfile        on;\n    #tcp_nopush     on;\n\n    keepalive_timeout
+    \ 65;\n\n    #gzip  on;\n\n    include /etc/nginx/conf.d/*.conf;\n}      "
+kind: ConfigMap
+metadata:
+  name: rook-static-conf-cm
+  namespace: nuvolaris

demos/demo-rook-s3/rook-nginx-static-ingress.yaml

@@ -0,0 +1,41 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    nginx.ingress.kubernetes.io/proxy-body-size: 1024m
+    traefik.ingress.kubernetes.io/router.middlewares: nuvolaris-rook-static-ingress-add-prefix@kubernetescrd
+    traefik.ingress.kubernetes.io/transport.respondingTimeouts.idleTimeout: "600"
+    traefik.ingress.kubernetes.io/transport.respondingTimeouts.readTimeout: "600"
+    traefik.ingress.kubernetes.io/transport.respondingTimeouts.writeTimeout: "600"
+  name: apihost-static-rook-ingress
+  namespace: nuvolaris
+spec:
+  rules:
+  - host: rook.metlabs.cloud
+    http:
+      paths:
+      - backend:
+          service:
+            name: rook-static-svc
+            port:
+              number: 8080
+        path: /
+        pathType: Prefix

demos/demo-rook-s3/rook-nginx-static-svc.yaml

@@ -0,0 +1,34 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: rook-static
+  name: rook-static-svc
+  namespace: nuvolaris
+spec:
+  ports:
+  - name: http
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: rook-static
+  sessionAffinity: None
+  type: ClusterIP

demos/demo-rook-s3/rook-object-bucket-claim.yaml

@@ -0,0 +1,25 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+apiVersion: objectbucket.io/v1alpha1
+kind: ObjectBucketClaim
+metadata:
+  name: ceph-bucket
+  namespace: nuvolaris
+spec:
+  generateBucketName: ceph-bkt
+  storageClassName: rook-ceph-bucket

demos/demo-rook-s3/rook-object-store.yaml

@@ -0,0 +1,45 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStore
+metadata:
+  name: my-store
+  namespace: rook-ceph
+spec:
+  metadataPool:
+    failureDomain: host
+    replicated:
+      size: 3
+  dataPool:
+    failureDomain: host
+    # For production it is recommended to use more chunks, such as 4+2 or 8+4
+    erasureCoded:
+      dataChunks: 2
+      codingChunks: 1
+  preservePoolsOnDelete: true
+  gateway:
+    sslCertificateRef:
+    port: 80
+    # securePort: 443
+    instances: 1
+    #externalRgwEndpoints:
+    #  - ip: "192.168.122.1"
+    #service:
+    #  annotations:
+    #    # Add the bucket DNS names
+    #    external-dns.alpha.kubernetes.io/hostname: rook-bucket.metlabs.cloud