studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(infra): data, storage, devtools, and ory layer updates

Browse Source 
- data: CNPG cluster tuning, OpenBao values, OpenSearch deployment fixes,
  OpenSearch PVC, barman vault secret for S3 backup credentials
- storage: SeaweedFS filer updates (s3.json via secret subPath), PVC for
  filer persistent storage
- devtools: Gitea values (SSH service, custom theme), gitea-theme-cm ConfigMap
- ory: add kratos-selfservice-urls.yaml for self-service flow URLs
- media: LiveKit values updated (TURN config, STUN, resource limits)
- vso: kustomization cleanup
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-06 12:07:28 +00:00
parent 7ff35d3e0c
commit d32d1435f9
17 changed files with 454 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
base/data/barman-vault-secret.yaml Normal file
View File

@@ -0,0 +1,39 @@
---
# VaultAuth for VSO to authenticate in the data namespace.
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: vso-auth
namespace: data
spec:
method: kubernetes
mount: kubernetes
kubernetes:
role: vso
serviceAccount: default
---
# Scaleway S3 credentials for CNPG barman backups.
# OpenBao KV path: secret/scaleway-s3 (keys: access-key-id, secret-access-key)
# Seeded by: sunbeam seed (reads from scw CLI config)
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: barman-s3-creds
namespace: data
spec:
vaultAuthRef: vso-auth
mount: secret
type: kv-v2
path: scaleway-s3
refreshAfter: 30s
destination:
name: barman-s3-creds
create: true
overwrite: true
transformation:
excludeRaw: true
templates:
ACCESS_KEY_ID:
text: "{{ index .Secrets \"access-key-id\" }}"
ACCESS_SECRET_KEY:
text: "{{ index .Secrets \"secret-access-key\" }}"

2
base/data/kustomization.yaml
View File

@@ -10,7 +10,9 @@ resources:
- valkey-service.yaml
- opensearch-deployment.yaml
- opensearch-service.yaml
- opensearch-pvc.yaml
- openbao-keys-placeholder.yaml
- barman-vault-secret.yaml
helmCharts:
# helm repo add cnpg https://cloudnative-pg.github.io/charts

3
base/data/openbao-values.yaml
View File

@@ -17,6 +17,9 @@ server:
registry: quay.io
repository: openbao/openbao
# Disable anti-affinity — single-node cluster.
affinity: ""
standalone:
enabled: true
config: |

7
base/data/opensearch-deployment.yaml
View File

@@ -42,3 +42,10 @@ spec:
requests:
memory: 768Mi
cpu: 100m
volumeMounts:
- name: data
mountPath: /usr/share/opensearch/data
volumes:
- name: data
persistentVolumeClaim:
claimName: opensearch-data

10
base/data/opensearch-pvc.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: opensearch-data
namespace: data
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 10Gi

5
base/data/postgres-cluster.yaml
View File

@@ -16,8 +16,9 @@ spec:
initdb:
database: postgres
owner: postgres
secret:
name: postgres-superuser
# No `secret` field — CNPG auto-generates a random superuser password
# and stores it in the `postgres-superuser` Secret. sunbeam seed reads
# that Secret to configure the OpenBao database secrets engine.
postInitSQL:
# Create all 10 logical databases and their owners.
# Passwords are set by the seed-secrets script via ALTER USER after init.

282
base/devtools/gitea-theme-cm.yaml Normal file
View File

@@ -0,0 +1,282 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-custom-theme
namespace: devtools
data:
theme-sunbeam.css: |
/* theme-sunbeam.css — O Estúdio theme for Gitea
* Dark navy background + amber/honey primary, Ysabeau + Monaspace Neon.
* Based on cunningham.ts estudioTheme from people/desk.
*/
/* ── Base: inherit all gitea-dark variables, then override ─── */
@import url("/assets/css/theme-gitea-dark.css");
/* ── Font imports ──────────────────────────────────────────── */
/* Ysabeau Variable (UI font) — from Google Fonts */
@import url('https://fonts.googleapis.com/css2?family=Ysabeau:ital,wght@0,1..1000;1,1..1000&display=swap');
/* Monaspace Neon Variable (code font) — from jsDelivr */
@font-face {
font-family: 'Monaspace Neon';
src: url('https://cdn.jsdelivr.net/npm/@github/monaspace@1.101/dist/fonts/variable/MonaspaceNeonVarVF[wght,slnt].woff2') format('woff2');
font-weight: 200 800;
font-style: oblique 0deg 10deg;
font-display: swap;
}
/* ── Typography ─────────────────────────────────────────────── */
:root {
--fonts-regular: 'Ysabeau', -apple-system, 'Segoe UI', system-ui, sans-serif;
--fonts-proportional: 'Ysabeau', -apple-system, 'Segoe UI', system-ui, sans-serif;
--fonts-monospace: 'Monaspace Neon', ui-monospace, 'SFMono-Regular', 'SF Mono', Menlo, Consolas, 'Liberation Mono', monospace;
}
html, body {
font-size: 15px;
font-weight: 450;
}
/* Monaspace OpenType features: texture healing + stylistic sets + ligatures */
pre, code, kbd, samp,
.diff-code-inner, .markup-block-diff,
[class*="cm-"], .CodeMirror {
font-feature-settings: "calt" 1, "ss01" 1, "ss02" 1, "ss03" 1, "ss04" 1,
"ss05" 1, "ss06" 1, "ss07" 1, "ss08" 1, "liga" 1;
}
/* ── O Estúdio dark navy background ─────────────────────────── */
/* Greyscale from cunningham estudioTheme — inverted dark scale */
/* Variable names verified against gitea-dark.css source */
:root {
/* Page + nav */
--color-body: #0c1a2b; /* greyscale-000 */
--color-nav-bg: #182536; /* greyscale-100 */
--color-nav-hover-bg: #303c4b; /* greyscale-200 */
--color-secondary-nav-bg: #182536; /* greyscale-100 */
/* Boxes / cards */
--color-box-header: #182536; /* greyscale-100 */
--color-box-body: #0c1a2b; /* greyscale-000 */
--color-box-body-highlight: #303c4b; /* greyscale-200 */
--color-card: #182536; /* greyscale-100 */
--color-menu: #182536; /* greyscale-100 */
--color-button: #182536; /* greyscale-100 */
--color-expand-button: #303c4b; /* greyscale-200 */
/* Inputs / code */
--color-input-background: #182536; /* greyscale-100 */
--color-input-toggle-background: #303c4b; /* greyscale-200 */
--color-code-bg: #0c1a2b; /* greyscale-000 */
--color-secondary-bg: #303c4b; /* greyscale-200 */
/* Console (Actions log, SSH, etc.) */
--color-console-bg: #0c1a2b; /* greyscale-000 */
--color-console-border: #303c4b; /* greyscale-200 */
--color-console-hover-bg: #182536; /* greyscale-100 */
--color-console-active-bg: #303c4b; /* greyscale-200 */
--color-console-menu-bg: #182536; /* greyscale-100 */
--color-console-menu-border: #555f6b; /* greyscale-300 */
/* UI chrome */
--color-hover-opaque: #303c4b; /* greyscale-200 */
--color-timeline: #303c4b; /* greyscale-200 */
--color-grey: #555f6b; /* greyscale-300 */
--color-shadow-opaque: #07111c;
/* Borders */
--color-input-border: #303c4b; /* greyscale-200 */
--color-light-border: #182536; /* greyscale-100 */
/* Secondary scale — full 13-dark / 4-light spectrum */
--color-secondary: #182536; /* greyscale-100 */
--color-secondary-dark-1: #0c1a2b; /* greyscale-000 */
--color-secondary-dark-2: #07111c;
--color-secondary-dark-3: #040b12;
--color-secondary-dark-4: #020609;
--color-secondary-dark-5: #010406;
--color-secondary-dark-6: #000203;
--color-secondary-dark-7: #000000;
--color-secondary-dark-8: #000000;
--color-secondary-dark-9: #000000;
--color-secondary-dark-10: #000000;
--color-secondary-dark-11: #000000;
--color-secondary-dark-12: #000000;
--color-secondary-dark-13: #000000;
--color-secondary-light-1: #303c4b; /* greyscale-200 */
--color-secondary-light-2: #555f6b; /* greyscale-300 */
--color-secondary-light-3: #79818a; /* greyscale-400 */
--color-secondary-light-4: #9ea3aa; /* greyscale-500 */
/* Text */
--color-text: #e7e8ea; /* greyscale-700 */
--color-text-dark: #fafafb; /* greyscale-900 */
--color-text-light: #c2c6ca; /* greyscale-600 */
--color-text-light-1: #9ea3aa; /* greyscale-500 */
--color-text-light-2: #79818a; /* greyscale-400 */
--color-text-light-3: #555f6b; /* greyscale-300 */
}
/* ── O Estúdio amber/honey primary ──────────────────────────── */
/* Amber palette from cunningham estudioTheme */
:root {
--color-primary: #f59e0b; /* primary-500 */
--color-primary-dark-1: #d97706; /* primary-600 */
--color-primary-dark-2: #b45309; /* primary-700 */
--color-primary-dark-3: #92400e; /* primary-800 */
--color-primary-dark-4: #78350f; /* primary-900 */
--color-primary-dark-5: #5c2808;
--color-primary-dark-6: #3e1a04;
--color-primary-dark-7: #1c0d00;
--color-primary-light-1: #fbbf24; /* primary-400 */
--color-primary-light-2: #fcd34d; /* primary-300 */
--color-primary-light-3: #fde68a; /* primary-200 */
--color-primary-light-4: #fde9a0; /* primary-150 */
--color-primary-light-5: #fef3c7; /* primary-100 */
--color-primary-light-6: #fffbeb; /* primary-050 */
--color-primary-light-7: #fffef5;
--color-primary-hover: #d97706; /* primary-600 */
--color-primary-active: #b45309; /* primary-700 */
/* Amber is bright — use warm dark for contrast text */
--color-primary-contrast: #1c1917; /* primary-bg */
/* primary-500 = rgb(245, 158, 11) */
--color-primary-alpha-10: rgba(245, 158, 11, 0.10);
--color-primary-alpha-20: rgba(245, 158, 11, 0.20);
--color-primary-alpha-30: rgba(245, 158, 11, 0.30);
--color-primary-alpha-40: rgba(245, 158, 11, 0.40);
--color-primary-alpha-50: rgba(245, 158, 11, 0.50);
--color-primary-alpha-60: rgba(245, 158, 11, 0.60);
--color-primary-alpha-70: rgba(245, 158, 11, 0.70);
--color-primary-alpha-80: rgba(245, 158, 11, 0.80);
--color-primary-alpha-90: rgba(245, 158, 11, 0.90);
/* Accent variables used by Gitea for highlights + native browser accent */
--color-accent: #fbbf24; /* primary-400 */
--color-small-accent: #fef3c7; /* primary-100 */
--color-highlight-fg: #87651e;
--color-highlight-bg: #352c1c;
--color-reaction-hover-bg: rgba(245, 158, 11, 0.20);
--color-reaction-active-bg: rgba(245, 158, 11, 0.30);
accent-color: #f59e0b;
}
/* ── Explicit amber overrides (belt-and-suspenders) ──────────── */
/* Belt-and-suspenders rules for elements that must be amber on */
/* every page, in case CSS variable resolution has any gaps. */
/* Primary buttons */
.ui.primary.button,
.ui.primary.buttons .button {
background: #f59e0b !important;
color: #1c1917 !important;
}
.ui.primary.button:hover,
.ui.primary.buttons .button:hover {
background: #d97706 !important;
}
.ui.primary.button:active,
.ui.primary.buttons .button:active {
background: #b45309 !important;
}
.ui.basic.primary.button,
.ui.basic.primary.buttons .button {
color: #f59e0b !important;
border-color: #f59e0b !important;
background: none !important;
}
/* Links */
a { color: #f59e0b; }
a:hover { color: #d97706; }
/* Active nav/tab items and underlines */
.ui.secondary.menu .active.item,
.ui.tabular.menu .active.item,
.menu .active.item {
border-color: #f59e0b !important;
color: #f59e0b !important;
}
.repository .file-list .item.selected,
.ui.menu .active.item:hover {
color: #f59e0b !important;
}
/* Active border on bottom of tabs */
.ui.pointing.secondary.menu .active.item,
.ui.pointing.secondary.menu .active.item:hover {
border-bottom-color: #f59e0b !important;
}
/* Labels and badges using primary */
.ui.label.primary, .ui.labels.primary .label {
background: #f59e0b !important;
color: #1c1917 !important;
}
/* Gitea logo — inline SVG fallback (1.25+ uses <img>, see logo.svg mount) */
.gitea-logo, svg.gitea-logo path { fill: #f59e0b !important; }
/* ── Dark overrides for Fomantic UI message components ───────── */
/* index.css uses hardcoded light-theme hex values for these; */
/* they must be overridden explicitly — CSS vars don't reach them. */
.ui.message {
background: var(--color-secondary) !important;
color: var(--color-text) !important;
box-shadow: none !important;
}
.ui.warning.message,
.ui.yellow.message {
background: var(--color-warning-bg) !important;
color: var(--color-warning-text) !important;
border-color: var(--color-warning-border) !important;
}
.ui.warning.message .header,
.ui.yellow.message .header {
color: var(--color-warning-text) !important;
}
.ui.negative.message,
.ui.error.message,
.ui.red.message {
background: var(--color-error-bg) !important;
color: var(--color-error-text) !important;
border-color: var(--color-error-border) !important;
}
.ui.negative.message .header,
.ui.error.message .header {
color: var(--color-error-text) !important;
}
.ui.positive.message,
.ui.success.message,
.ui.green.message {
background: var(--color-success-bg) !important;
color: var(--color-success-text) !important;
border-color: var(--color-success-border) !important;
}
.ui.info.message,
.ui.teal.message,
.ui.blue.message {
background: var(--color-info-bg) !important;
color: var(--color-info-text) !important;
border-color: var(--color-info-border) !important;
}
/* Dropdown warning state (also hardcoded in index.css) */
.ui.selection.dropdown.warning {
background: var(--color-input-background) !important;
border-color: var(--color-warning-border) !important;
color: var(--color-text) !important;
}
# Amber Gitea logo — replaces the default green logo.svg
# Gitea 1.25+ serves the logo as <img src="/assets/img/logo.svg">, so CSS
# fill rules don't apply. We mount a custom amber SVG instead.
logo.svg: |
<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" viewBox="0 0 640 640" width="32" height="32"><path d="m395.9 484.2-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5 21.2-17.9 33.8-11.8 17.2 8.3 27.1 13 27.1 13l-.1-109.2 16.7-.1.1 117.1s57.4 24.2 83.1 40.1c3.7 2.3 10.2 6.8 12.9 14.4 2.1 6.1 2 13.1-1 19.3l-61 126.9c-6.2 12.7-21.4 18.1-33.9 12" style="fill:#fff"/><path d="M622.7 149.8c-4.1-4.1-9.6-4-9.6-4s-117.2 6.6-177.9 8c-13.3.3-26.5.6-39.6.7v117.2c-5.5-2.6-11.1-5.3-16.6-7.9 0-36.4-.1-109.2-.1-109.2-29 .4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5c-9.8-.6-22.5-2.1-39 1.5-8.7 1.8-33.5 7.4-53.8 26.9C-4.9 212.4 6.6 276.2 8 285.8c1.7 11.7 6.9 44.2 31.7 72.5 45.8 56.1 144.4 54.8 144.4 54.8s12.1 28.9 30.6 55.5c25 33.1 50.7 58.9 75.7 62 63 0 188.9-.1 188.9-.1s12 .1 28.3-10.3c14-8.5 26.5-23.4 26.5-23.4S547 483 565 451.5c5.5-9.7 10.1-19.1 14.1-28 0 0 55.2-117.1 55.2-231.1-1.1-34.5-9.6-40.6-11.6-42.6M125.6 353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6 321.8 60 295.4c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5 38.5-30c13.8-3.7 31-3.1 31-3.1s7.1 59.4 15.7 94.2c7.2 29.2 24.8 77.7 24.8 77.7s-26.1-3.1-43-9.1m300.3 107.6s-6.1 14.5-19.6 15.4c-5.8.4-10.3-1.2-10.3-1.2s-.3-.1-5.3-2.1l-112.9-55s-10.9-5.7-12.8-15.6c-2.2-8.1 2.7-18.1 2.7-18.1L322 273s4.8-9.7 12.2-13c.6-.3 2.3-1 4.5-1.5 8.1-2.1 18 2.8 18 2.8L467.4 315s12.6 5.7 15.3 16.2c1.9 7.4-.5 14-1.8 17.2-6.3 15.4-55 113.1-55 113.1" style="fill:#f59e0b"/><path d="M326.8 380.1c-8.2.1-15.4 5.8-17.3 13.8s2 16.3 9.1 20c7.7 4 17.5 1.8 22.7-5.4 5.1-7.1 4.3-16.9-1.8-23.1l24-49.1c1.5.1 3.7.2 6.2-.5 4.1-.9 7.1-3.6 7.1-3.6 4.2 1.8 8.6 3.8 13.2 6.1 4.8 2.4 9.3 4.9 13.4 7.3.9.5 1.8 1.1 2.8 1.9 1.6 1.3 3.4 3.1 4.7 5.5 1.9 5.5-1.9 14.9-1.9 14.9-2.3 7.6-18.4 40.6-18.4 40.6-8.1-.2-15.3 5-17.7 12.5-2.6 8.1 1.1 17.3 8.9 21.3s17.4 1.7 22.5-5.3c5-6.8 4.6-16.3-1.1-22.6 1.9-3.7 3.7-7.4 5.6-11.3 5-10.4 13.5-30.4 13.5-30.4.9-1.7 5.7-10.3 2.7-21.3-2.5-11.4-12.6-16.7-12.6-16.7-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3 4.7-9.7 9.4-19.3 14.1-29-4.1-2-8.1-4-12.2-6.1-4.8 9.8-9.7 19.7-14.5 29.5-6.7-.1-12.9 3.5-16.1 9.4-3.4 6.3-2.7 14.1 1.9 19.8z" style="fill:#f59e0b"/></svg>

50
base/devtools/gitea-values.yaml
View File

@@ -19,11 +19,21 @@ gitea:
email: gitea@local.domain
config:
ui:
DEFAULT_THEME: sunbeam
THEMES: sunbeam
server:
DOMAIN: src.DOMAIN_SUFFIX
ROOT_URL: https://src.DOMAIN_SUFFIX/
SSH_DOMAIN: src.DOMAIN_SUFFIX
LFS_START_SERVER: "true"
# Gitea advertises port 22 (users clone with git@src.DOMAIN_SUFFIX:org/repo.git).
# The pod listens on 2222; Pingora forwards external port 22 → pod port 2222.
SSH_PORT: "22"
SSH_LISTEN_PORT: "2222"
SSH_EXPOSE_ANONYMOUS: "false"
LFS_START_SERVER: "true"
LANDING_PAGE: /studio
database:
DB_TYPE: postgres
@@ -46,6 +56,12 @@ gitea:
TYPE: redis
CONN_STR: redis://valkey.data.svc.cluster.local:6379/2?pool_size=100&idle_timeout=180s
oauth2_client:
# Auto-redirect to Hydra OIDC on login — makes OIDC the primary auth method.
OAUTH2_AUTO_REDIRECT_TO_PROVIDER: Sunbeam
# Register new OIDC users automatically.
ENABLE_AUTO_REGISTRATION: "true"
storage:
STORAGE_TYPE: minio
MINIO_ENDPOINT: seaweedfs-filer.storage.svc.cluster.local:8333
@@ -70,6 +86,33 @@ gitea:
name: gitea-s3-credentials
key: secret-key
initPreScript: |
mkdir -p /data/gitea/public/assets/css
mkdir -p /data/gitea/public/assets/img
extraVolumes:
- name: custom-theme
configMap:
name: gitea-custom-theme
- name: mkcert-ca
configMap:
name: gitea-mkcert-ca
optional: true # only exists in local env; production omits it safely
extraContainerVolumeMounts:
- name: custom-theme
mountPath: /data/gitea/public/assets/css/theme-sunbeam.css
subPath: theme-sunbeam.css
readOnly: true
- name: custom-theme
mountPath: /data/gitea/public/assets/img/logo.svg
subPath: logo.svg
readOnly: true
- name: mkcert-ca
mountPath: /run/ca/ca.crt
subPath: ca.crt
readOnly: true
resources:
limits:
memory: 256Mi
@@ -77,6 +120,11 @@ resources:
memory: 128Mi
cpu: 100m
service:
ssh:
# Pod listens on 2222 (SSH_LISTEN_PORT); Pingora proxies external port 22 → here.
port: 2222
persistence:
enabled: true
size: 5Gi

1
base/devtools/kustomization.yaml
View File

@@ -6,6 +6,7 @@ namespace: devtools
resources:
- namespace.yaml
- vault-secrets.yaml
- gitea-theme-cm.yaml
helmCharts:
# helm repo add gitea-charts https://dl.gitea.com/charts/

16
base/media/livekit-values.yaml
View File

@@ -14,11 +14,13 @@ livekit:
use_external_ip: true
turn:
enabled: true
domain: meet.DOMAIN_SUFFIX
tls_port: 5349
udp_port: 3478
external_tls: true
enabled: true
domain: meet.DOMAIN_SUFFIX
tls_port: 5349
udp_port: 3478
external_tls: true
relay_range_start: 13333
relay_range_end: 23333
redis:
# Valkey is protocol-compatible with Redis; LiveKit sees this as a Redis endpoint
@@ -30,6 +32,10 @@ livekit:
devkey: secret-placeholder
deployment:
# hostNetwork gives LiveKit direct access to the host network namespace,
# which is the only practical way to expose the 10k-port TURN relay range
# (13333-23333) without listing individual hostPorts in the pod spec.
hostNetwork: true
resources:
limits:
memory: 128Mi

23
base/ory/kratos-selfservice-urls.yaml Normal file
View File

@@ -0,0 +1,23 @@
# Kratos selfservice UI URLs — patch over the Helm-rendered kratos-config ConfigMap.
# DOMAIN_SUFFIX is substituted by sunbeam apply.
apiVersion: v1
kind: ConfigMap
metadata:
name: kratos-config
namespace: ory
data:
selfservice.default_browser_return_url: "https://auth.DOMAIN_SUFFIX/"
selfservice.flows.login.ui_url: "https://auth.DOMAIN_SUFFIX/login"
selfservice.flows.registration.ui_url: "https://auth.DOMAIN_SUFFIX/registration"
selfservice.flows.recovery.ui_url: "https://auth.DOMAIN_SUFFIX/recovery"
selfservice.flows.settings.ui_url: "https://auth.DOMAIN_SUFFIX/settings"
selfservice.allowed_return_urls: |
- https://auth.DOMAIN_SUFFIX/
- https://docs.DOMAIN_SUFFIX/
- https://meet.DOMAIN_SUFFIX/
- https://drive.DOMAIN_SUFFIX/
- https://mail.DOMAIN_SUFFIX/
- https://chat.DOMAIN_SUFFIX/
- https://people.DOMAIN_SUFFIX/
- https://src.DOMAIN_SUFFIX/
- https://admin.DOMAIN_SUFFIX/

5
base/ory/kustomization.yaml
View File

@@ -15,8 +15,11 @@ resources:
- hydra-oauth2client-crd.yaml
- vault-secrets.yaml
# The hydra-maester sub-chart does not set .Release.Namespace in its Deployment template.
patches:
# Set Kratos selfservice UI URLs (DOMAIN_SUFFIX substituted at apply time).
- path: kratos-selfservice-urls.yaml
# The hydra-maester sub-chart does not set .Release.Namespace in its Deployment template.
- patch: |
- op: add
path: /metadata/namespace

1
base/storage/kustomization.yaml
View File

@@ -9,4 +9,5 @@ resources:
- seaweedfs-master.yaml
- seaweedfs-volume.yaml
- seaweedfs-filer.yaml
- seaweedfs-filer-pvc.yaml
- vault-secrets.yaml

10
base/storage/seaweedfs-filer-pvc.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: seaweedfs-filer-data
namespace: storage
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 5Gi

10
base/storage/seaweedfs-filer.yaml
View File

@@ -13,6 +13,13 @@ spec:
labels:
app: seaweedfs-filer
spec:
initContainers:
- name: fix-permissions
image: busybox
command: ["sh", "-c", "chmod 777 /data/filer"]
volumeMounts:
- name: filer-data
mountPath: /data/filer
containers:
- name: filer
image: chrislusf/seaweedfs:latest
@@ -61,7 +68,8 @@ spec:
secret:
secretName: seaweedfs-s3-json
- name: filer-data
emptyDir: {}
persistentVolumeClaim:
claimName: seaweedfs-filer-data
---
apiVersion: v1
kind: Service

1
base/vso/kustomization.yaml
View File

@@ -5,7 +5,6 @@ namespace: vault-secrets-operator
resources:
- namespace.yaml
- test-rbac.yaml
helmCharts:
# helm repo add hashicorp https://helm.releases.hashicorp.com

4
justfile
View File

@@ -8,10 +8,6 @@ install:
test:
PYTHONPATH=../cli python3 -m unittest discover -s ../cli/sunbeam/tests -p 'test_*.py' -v
# Run any sunbeam CLI verb (e.g.: just sunbeam status ory)
sunbeam *args:
PYTHONPATH=../cli python3 -m sunbeam {{args}}
# Start Lima VM and deploy full stack
up:
bash scripts/local-up.sh