Add minimal minio installation

.gitlab-ci.yml

@@ -113,8 +113,8 @@ deploy_prod_rabbit:
     - echo $sec_info
     - auth_sec="geosphere-rabbit-rabbitmq"
     - if [ "$sec_info" != "" ]; then
-        pw=$(kubectl --kubeconfig $kubeconfig get secret --namespace geosphere-test geosphere-rabbit-rabbitmq -o jsonpath="{.data.rabbitmq-password}" | base64 -d);
-        ec=$(kubectl --kubeconfig $kubeconfig get secret --namespace geosphere-test geosphere-rabbit-rabbitmq -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 -d);
+        pw=$(kubectl --kubeconfig $kubeconfig get secret --namespace $ns $auth_sec -o jsonpath="{.data.rabbitmq-password}" | base64 -d);
+        ec=$(kubectl --kubeconfig $kubeconfig get secret --namespace $ns $auth_sec -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 -d);
         EXTRA_ARGS="--set auth.password=$pw --set auth.erlangCookie=$ec";
       fi
     - echo $EXTRA_ARGS
@@ -128,6 +128,46 @@ deploy_prod_rabbit:
       when: never
     - when: on_success
 
+
+deploy_prod_minio:
+  environment:
+    name: production
+    url: http://geosphere.ssec.wisc.edu
+  extends: .helm_based_job
+  stage: deploy storage
+  script:
+    - if [ -n "$CI_COMMIT_TAG" ]; then
+      ns="geosphere";
+      else
+      ns="geosphere-test";
+      fi
+    # copy secret kubeconfig to the mounted (pwd) directory
+    - cp $kubekorner_k3s_config .
+    - kubeconfig=$(basename $kubekorner_k3s_config)
+    # get password from any previous installation
+    - auth_sec="geosphere-minio-minio"
+    - sec_info=$(kubectl --kubeconfig $kubeconfig get secret --namespace geosphere-test geosphere-minio-minio || echo "")
+    - echo $sec_info
+    # if we've installed this once then reuse the existing secret
+    # otherwise force the chart to generate random values for accessKey and secretKey
+    # by setting them to false
+    - if [ "$sec_info" != "" ]; then
+      ak=$(kubectl --kubeconfig $kubeconfig get secret --namespace $ns $auth_sec -o jsonpath="{.data.accessKey}" | base64 -d);
+      sk=$(kubectl --kubeconfig $kubeconfig get secret --namespace $ns $auth_sec -o jsonpath="{.data.secretKey}" | base64 -d);
+      EXTRA_ARGS="--set existingSecret=$auth_sec --set accessKey=$ak --set secretKey=$sk";
+      else
+      EXTRA_ARGS="--set accessKey=false --set secretKey=false"
+      fi
+    - echo $EXTRA_ARGS
+    - helm upgrade -v 2 --install --kubeconfig $kubeconfig -f production/values-geosphere-minio.yaml $EXTRA_ARGS --namespace $ns geosphere-minio stable/minio
+  # this job doesn't actually need any artifacts from previous jobs
+  dependencies: []
+  rules:
+    - if: '$kubekorner_k3s_config == ""'
+      when: never
+    - when: on_success
+
+
 deploy_g16_grb:
   environment:
     name: production
@@ -149,7 +189,6 @@ deploy_g16_grb:
     # copy extra values files to the local directory (where helm has access via docker mount)
     - cp ../../production/values-g16-grb.yaml .
     # namespace names are the same as domain names
-    # FIXME: The rabbitmq stuff isn't getting all the way down
     - helm upgrade -v 2 --install --kubeconfig $kubeconfig --namespace $ns --set grbNotifier.image.dockerTag=$docker_tag -f values-g16-grb.yaml cspp-geo-grb cspp-geo-grb/
   dependencies:
     - get_chart_grb

admin/README.md

@@ -8,8 +8,38 @@ repository. The builtin resources could be used instead of installing the
 resources defined in this directory by updating the `values-X.yaml` files in
 the various directories and in the `.gitlab-ci.yml` configuration file.
 
+## k3s - Local Path Configuration
+
+When running on a K3S-based (rancher) cluster like the one currently running
+on kubekorner.ssec.wisc.edu, the local path provisioner should be updated to
+point to larger storage paths. The K3S cluster software comes with a local
+path provisioner as the default storage provisioner. This means that when an
+application asks for generic storage (PersistentVolumeClaim), this provisioner
+will be used to find and provide the storage. However, by default this
+provisioner is configured to give access to
+`/var/lib/rancher/k3s/storage` which is typically space limited.
+
+By modifying the `config.json` stored in the `local-path-config` ConfigMap,
+we can tell the provisioner where storage should be provided from for each
+node. See
+https://github.com/rancher/local-path-provisioner/blob/master/README.md#configuration
+for more information.
+
+To apply:
+
+```bash
+echo -e "data:\n  config.json: |-" > tmp.yaml
+cat k3s-local-path-config.json | awk '{ print "    " $0 }' >> tmp.yaml
+# dry run
+kubectl patch -n kube-system cm/local-path-config --type merge --patch "$(cat tmp.yaml)" --dry-run=client
+# not dry run
+kubectl patch -n kube-system cm/local-path-config --type merge --patch "$(cat tmp.yaml)"
+```
+
 ## Storage - Local Large Cache
 
+**DEPRECATED**: See local path provisioner above.
+
 This storage class and persistent volume can be used for cases where a
 GeoSphere component needs relatively high performance and
 large capacity storage. Both the StorageClass and the PersistentVolume
@@ -27,8 +57,17 @@ To apply:
 kubectl apply -f local-large-cache.yaml
 ```
 
+To delete (make unavailable):
+
+```bash
+kubectl delete pv/local-large-cache
+kubectl delete sc/local-large-cache
+```
+
 ## Storage - Local Medium Archive
 
+**DEPRECATED**: See local path provisioner above.
+
 Similar to Local Large Cache above, but larger available space. Note this
 should only be used for testing as data will be deleted when the claim
 is removed.
\ No newline at end of file

admin/k3s-local-path-config.json

+{
+        "nodePathMap":[
+        {
+                "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
+                "paths":["/var/lib/rancher/k3s/storage"]
+        },
+        {
+                "node":"kubekorner.ssec.wisc.edu",
+                "paths":["/data"]
+        },
+        {
+                "node":"presto.ssec.wisc.edu",
+                "paths":["/data"]
+        }
+        ]
+}
\ No newline at end of file

production/values-geosphere-minio.yaml

+persistence:
+  enabled: true
+  size: 10Ti
+  subPath: "geosphere_minio"
+buckets:
+  - g16-abi-l1b-netcdf
+  - g16-abi-l1b-geotiff
+  - g17-abi-l1b-netcdf
+  - g17-abi-l1b-geotiff