JuiceFS graduate from Demo to Main

demo/juicefs/app_of_apps/external_secrets_app.yaml

@@ -0,0 +1,52 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: juicefs-external-secrets-app-set
+  namespace: argocd
+spec:
+  goTemplate: true
+  # generator allows us to source specific values from an external k8s secret
+  generators:
+    - plugin:
+        configMapRef:
+          name: secret-var-plugin-generator
+        input:
+          parameters:
+            secret_vars:
+              - global_external_secrets
+              - juicefs_s3_credentials_bitwarden_id
+              - juicefs_s3_backups_credentials_bitwarden_id
+              - juicefs_valkey_credentials_bitwarden_id
+  template:
+    metadata:
+      name: juicefs-external-secrets
+      annotations:
+        argocd.argoproj.io/sync-wave: "1"
+    spec:
+      project: juicefs
+
+      # where to put this argocd application
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: juicefs
+
+      # how to sync this argocd application
+      syncPolicy:
+        syncOptions:
+          - ApplyOutOfSyncOnly=true
+        automated:
+          prune: true
+          selfHeal: true
+
+      # where to source this argocd application
+      source:
+        repoURL: 'https://github.com/small-hack/argocd-apps.git'
+        path: demo/juicefs/external_secrets/
+        targetRevision: finish-juicefs
+        helm:
+          valuesObject:
+            provider: '{{ .global_external_secrets }}'
+            juicefs_valkey_bitwarden_id: '{{ .juicefs_valkey_credentials_bitwarden_id }}'
+            juicefs_s3_backups_credentials_bitwarden_id: '{{ .juicefs_s3_backups_credentials_bitwarden_id }}'
+            juicefs_s3_admin_credentials_bitwarden_id: '{{ .juicefs_s3_credentials_bitwarden_id }}'

demo/juicefs/app_of_apps/juicefs_argocd_appset.yaml

@@ -17,15 +17,11 @@ spec:
         input:
           parameters:
             secret_vars:
-              - juicefs_valkey_password
-              - juicefs_valkey_url
-              - juicefs_valkey_port
-              - juicefs_s3_key_id
-              - juicefs_s3_secret_key
               - juicefs_s3_bucket_url
               - juicefs_s3_dshboard_url
               - global_cluster_issuer
               - vouch_hostname
+              - juicefs_hostname
   template:
     metadata:
       name: juicefs-csi-driver-app
@@ -48,9 +44,7 @@ spec:
               enabled: true
               # Basic auth for dashboard
               auth:
-                enabled: true
-                username: admin
-                password: admin
+                existingSecret: ""
 
               ingress:
                 enabled: true
@@ -70,31 +64,19 @@ spec:
                     proxy_set_header X-User  $user;
                     proxy_set_header X-Email $email;
                 hosts:
-                - host: "{{ .juicefs_s3_dshboard_url }}"
+                - host: "{{ .juicefs_hostname }}"
                   paths:
                   - path: /
                     pathType: ImplementationSpecific
                 tls:
                   - secretName: juicefs-tls
                     hosts:
-                      - "{{ .juicefs_s3_dshboard_url }}"
+                      - "{{ .juicefs_hostname }}"
 
             storageClasses:
-            - name: "juicefs-sc"
-              enabled: true
-              reclaimPolicy: Delete
-              allowVolumeExpansion: true
-              backend:
-                name: "juicefs"
-                metaurl: "redis://:{{ .juicefs_valkey_password }}@{{ .juicefs_valkey_url }}:{{ .juicefs_valkey_port }}/1"
-                storage: "s3"
-                bucket: "{{ .juicefs_s3_bucket_url }}"
-                accessKey: {{ .juicefs_s3_key_id }}
-                secretKey: {{ .juicefs_s3_secret_key }}
-                envs: ""
-                configs: ""
-                trashDays: ""
-                formatOptions: ""
+            - name: "juicefs"
+              enabled: false
+
       syncPolicy:
         syncOptions:
           - CreateNamespace=true

demo/juicefs/app_of_apps/pvc_appset.yaml

@@ -19,12 +19,12 @@ spec:
               - juicefs_s3_backup_endpoint
               - juicefs_s3_backup_bucket
               - juicefs_s3_backup_region
-              - juicefs_s3_pvc_capacity
+              - juicefs_valkey_pvc_size
               - juicefs_pvc_backup_schedule
               - juicefs_valkey_pvc_storage_class
   template:
     metadata:
-      name: grafana-stack-s3-pvc
+      name: juicefs-s3-pvc
       annotations:
         argocd.argoproj.io/sync-wave: "1"
     spec:
@@ -41,11 +41,11 @@ spec:
       source:
         repoURL: https://github.com/small-hack/argocd-apps.git
         path: s3_persistence_and_backups/
-        targetRevision: main
+        targetRevision: finish-juicefs
         helm:
           valuesObject:
             provider: juicefs
-            pvc_capacity: '{{ .juicefs_s3_pvc_capacity }}'
+            pvc_capacity: '{{ .juicefs_valkey_pvc_size }}'
             pvc_storageClassName: '{{ .juicefs_valkey_pvc_storage_class }}'
 
             seaweedfs:

demo/juicefs/app_of_apps/valkey_application_set.yaml

@@ -2,7 +2,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
-  name: valkey-app-set
+  name: juicefs-valkey-app-set
   namespace: argocd
   annotations:
     # wait till after secrets are populated in sync wave 1
@@ -17,14 +17,15 @@ spec:
         input:
           parameters:
             secret_vars:
-              - global_storage_class
+              - juicefs_valkey_pvc_storage_class
+              - juicefs_valkey_pvc_size
   template:
     metadata:
-      name: valkey-app
+      name: juicefs-valkey-app
       annotations:
         argocd.argoproj.io/sync-wave: "2"
     spec:
-      project: valkey
+      project: juicefs
 
       # the sync policy for this Argo CD Application
       syncPolicy:
@@ -38,58 +39,102 @@ spec:
       # where this Argo CD Application should be deployed
       destination:
         server: https://kubernetes.default.svc
-        namespace: valkey
+        namespace: juicefs
 
       # where we should get the source of this Argo CD Application
       source:
         repoURL: 'registry-1.docker.io'
-        chart: bitnamicharts/valkey
-        targetRevision: 3.0.30
+        chart: bitnamicharts/valkey-cluster
+        targetRevision: 3.0.24
         helm:
           # helm parameter overrides
           valuesObject:
-            fullnameOverride: "valkey"
-
             global:
-              storageClass: "{{ .global_storage_class }}"
+              storageClass: "{{ .juicefs_valkey_pvc_storage_class }}"
 
-            # for auth, we get the valkey credentials from an ExternalSecret
-            auth:
-              enabled: true
-              existingSecret: "valkey-credentials"
-              existingSecretPasswordKey: "password"
+            fullnameOverride: "juicefs-valkey"
+
+            usePassword: true
+            existingSecret: "juicefs-valkey-credentials"
+            existingSecretPasswordKey: "password"
 
-            # TLS settings
             tls:
               enabled: false
               authClients: true
               autoGenerated: false
 
-            # primary (control plane) configuration
-            primary:
-              persistence:
-                enabled: true
-                existingClaim: "valkey-primary"
-
-            # valkey replica configuration
-            replica:
-              persistence:
-                enabled: true
-                existingClaim: "valkey-replica"
+            service:
+              ports:
+                valkey: 6379
+              type: ClusterIP
+              loadBalancerIP: ""
+              loadBalancerSourceRanges: []
+              externalTrafficPolicy: Cluster
 
+            persistence:
+              enabled: true
+              path: /bitnami/valkey/data
+              annotations:
+                k8up.io/backup: "true"
+              accessModes:
+                - ReadWriteOnce
+              size: "{{ .juicefs_valkey_pvc_size }}"
 
-            # persistnent volume retention policy for the StatefulSet
             persistentVolumeClaimRetentionPolicy:
               enabled: true
               whenScaled: Retain
               whenDeleted: Retain
 
-            metrics:
-              # we use a grafana exporter that logs into valkey directly
-              enabled: false
+            valkey:
+              configmap: |
+                maxmemory 6gb
+                maxmemory-policy allkeys-lru
+                appendfsync everysec
+
+              updateStrategy:
+                type: RollingUpdate
+                rollingUpdate:
+                  partition: 0
+
+              podManagementPolicy: Parallel
+              automountServiceAccountToken: false
+              hostNetwork: false
+              useAOFPersistence: "no"
+
+              containerPorts:
+                valkey: 6379
+                bus: 16379
 
-            # definitions: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
-            # Options: nano, micro, small, medium, large, xlarge, 2xlarge
-            # default: nano
-            resourcesPreset: "small"
+              # definitions: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+              # Options: nano, micro, small, medium, large, xlarge, 2xlarge
+              # default: nano
+              #resourcesPreset: "micro"
+              resources:
+                requests:
+                  cpu: 100m
+                  memory: 1Gi
+                limits:
+                  cpu: 2000m
+                  memory: 10Gi
 
+            cluster:
+              init: true
+              nodes: 6
+              replicas: 1
+              externalAccess:
+                enabled: false
+                hostMode: false
+                service:
+                  disableLoadBalancerIP: false
+                  type: LoadBalancer
+                  port: 6379
+                  loadBalancerIP: []
+                  loadBalancerSourceRanges: []
+
+            metrics:
+              enabled: true
+              resourcesPreset: "small"
+              serviceMonitor:
+                enabled: true
+                interval: 10s
+                scrapeTimeout: 5s

demo/juicefs/external_secrets/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-name: nextcloud-eso-bitwarden-chart
-description: A Helm chart for JuiceFS External Secrets using the Bitwarden ESO provider on Kubernetes 
+name: juicefs-eso-chart
+description: A Helm chart for JuiceFS External Secrets using the Bitwarden ESO provider on Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.0.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

demo/juicefs/external_secrets/README.md

@@ -0,0 +1,21 @@
+# grafana-stack-eso-chart
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+
+A Helm chart for Grafana Monitoring Stack External Secrets using the Bitwarden ESO provider on Kubernetes
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| lokiValkeyCredentialsBitwardenID | string | `""` | valkey Credentials for loki |
+| oidcCredentialsBitwardenID | string | `""` | grafana OIDC Credentials |
+| provider | string | `""` | if this is not set to "bitwarden", we will not actually deploy any templates we may support other secret providers in the future |
+| s3AdminCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 admin credentials |
+| s3BackupCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 credentials for the remote backups |
+| s3LokiCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 loki credentials |
+| s3MimirCredentialsBitwardenID | string | `""` | existing kubernetes secret with s3 mimir credentials |
+| s3_provider | string | `"seaweedfs"` | if set to seaweedfs we deploy a policy secret. can also be minio |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)