2026-02-28 13:42:27 +00:00
|
|
|
apiVersion: batch/v1
|
|
|
|
|
kind: Job
|
|
|
|
|
metadata:
|
|
|
|
|
name: seaweedfs-bucket-init
|
|
|
|
|
namespace: lasuite
|
|
|
|
|
annotations:
|
|
|
|
|
# Run once on first deploy; manually delete to re-run if needed.
|
|
|
|
|
helm.sh/hook: post-install
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
spec:
|
|
|
|
|
restartPolicy: OnFailure
|
|
|
|
|
containers:
|
|
|
|
|
- name: mc
|
|
|
|
|
image: minio/mc:latest
|
|
|
|
|
command:
|
|
|
|
|
- /bin/sh
|
|
|
|
|
- -c
|
|
|
|
|
- |
|
|
|
|
|
set -e
|
|
|
|
|
ENDPOINT=http://seaweedfs-filer.storage.svc.cluster.local:8333
|
|
|
|
|
mc alias set weed "$ENDPOINT" "$S3_ACCESS_KEY" "$S3_SECRET_KEY"
|
|
|
|
|
|
|
|
|
|
for bucket in \
|
|
|
|
|
sunbeam-meet \
|
|
|
|
|
sunbeam-drive \
|
|
|
|
|
sunbeam-messages \
|
lasuite: declarative pre-work for La Suite app deployments
- Add find user and find_db to postgres-cluster.yaml (11th database)
- Add sunbeam-messages-imports and sunbeam-people buckets to SeaweedFS
- Configure Hydra Maester with enabledNamespaces: [lasuite] so it can
create and update OAuth2Client secrets in the lasuite namespace
- Add find to Kratos allowed_return_urls
- Add shared ConfigMaps: lasuite-postgres, lasuite-valkey, lasuite-s3,
lasuite-oidc-provider — single source of truth for all app env vars
- Add HydraOAuth2Client CRDs for all nine La Suite apps (docs, drive,
meet, conversations, messages, people, find, gitea, hive); Maester
will create oidc-<app> secrets with CLIENT_ID and CLIENT_SECRET
2026-03-01 18:03:13 +00:00
|
|
|
sunbeam-messages-imports \
|
2026-02-28 13:42:27 +00:00
|
|
|
sunbeam-conversations \
|
|
|
|
|
sunbeam-git-lfs \
|
feat: La Suite email/messages, buildkitd, monitoring, vault and storage updates
- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS
proxy, worker, DKIM config, and theme customization
- Add Collabora deployment for document collaboration
- Add Drive frontend nginx config and values
- Add buildkitd namespace for in-cluster container builds
- Add SeaweedFS remote sync and additional S3 buckets
- Update vault secrets across namespaces (devtools, lasuite, media,
monitoring, ory, storage) with expanded credential management
- Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus
remote write and additional scrape configs
- Update local/production overlays with resource patches
- Remove stale login-ui resource patch from production overlay
2026-03-10 19:00:57 +00:00
|
|
|
sunbeam-game-assets \
|
2026-04-04 15:37:45 +01:00
|
|
|
sunbeam-ml-models \
|
2026-04-05 21:50:46 +01:00
|
|
|
sunbeam-stalwart \
|
|
|
|
|
sunbeam-sccache; do
|
2026-02-28 13:42:27 +00:00
|
|
|
mc mb --ignore-existing "weed/$bucket"
|
|
|
|
|
echo "Ensured bucket: $bucket"
|
|
|
|
|
done
|
feat: La Suite email/messages, buildkitd, monitoring, vault and storage updates
- Add Messages (email) service: backend, frontend, MTA in/out, MPA, SOCKS
proxy, worker, DKIM config, and theme customization
- Add Collabora deployment for document collaboration
- Add Drive frontend nginx config and values
- Add buildkitd namespace for in-cluster container builds
- Add SeaweedFS remote sync and additional S3 buckets
- Update vault secrets across namespaces (devtools, lasuite, media,
monitoring, ory, storage) with expanded credential management
- Update monitoring: rename grafana→metrics OAuth2Client, add Prometheus
remote write and additional scrape configs
- Update local/production overlays with resource patches
- Remove stale login-ui resource patch from production overlay
2026-03-10 19:00:57 +00:00
|
|
|
|
|
|
|
|
# Enable object versioning on buckets that require it.
|
|
|
|
|
# Drive's WOPI GetFile response includes X-WOPI-ItemVersion from S3 VersionId.
|
feat(monitoring): comprehensive alerting overhaul, 66 rules across 14 PrometheusRules
The Longhorn memory leak went undetected for 14 days because alerting
was broken (email receiver, missing label selector, no node alerts).
This overhaul brings alerting to production grade.
Fixes:
- Alloy Loki URL pointed to deleted loki-gateway, now loki:3100
- seaweedfs-bucket-init crash on unsupported `mc versioning` command
- All PrometheusRules now have `release: kube-prometheus-stack` label
- Removed broken email receiver, Matrix-only alerting
New alert coverage:
- Node: memory, CPU, swap, filesystem, inodes, network, clock skew, OOM
- Kubernetes: deployment down, CronJob failed, pod crash-looping, PVC full
- Backups: Postgres barman stale/failed, WAL archiving, SeaweedFS mirror
- Observability: Prometheus WAL/storage/rules, Loki/Tempo/AlertManager down
- Services: Stalwart, Bulwark, Tuwunel, Sol, Valkey, OpenSearch (smart)
- SLOs: auth stack 99.9% burn rate, Matrix 99.5%, latency p95 < 2s
- Recording rules for Linkerd RED metrics and node aggregates
- Watchdog heartbeat → Matrix every 12h (dead pipeline detection)
- Inhibition: critical suppresses warning for same alert+namespace
- OpenSearchClusterYellow only fires with >1 data node (single-node aware)
2026-04-06 15:52:06 +01:00
|
|
|
# SeaweedFS doesn't support `mc versioning` — use the S3 API directly.
|
|
|
|
|
mc versioning enable weed/sunbeam-drive || echo "Versioning not supported by SeaweedFS mc, skipping (filer handles versioning natively)"
|
2026-02-28 13:42:27 +00:00
|
|
|
envFrom:
|
|
|
|
|
- secretRef:
|
|
|
|
|
name: seaweedfs-s3-credentials
|