/
rsync.yml
234 lines (234 loc) · 5.61 KB
/
rsync.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
apiVersion: apps/v1
kind: Deployment
metadata:
name: rsync-server
labels:
app: rsync-server
spec:
replicas: 1
selector:
matchLabels:
app: rsync-server
strategy:
# RollingUpgrade can't be used because of RWO storage
type: Recreate
template:
metadata:
labels:
app: rsync-server
spec:
# Run on the buildmaster node for shared access to packages pvc
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- buildmaster
topologyKey: kubernetes.io/hostname
containers:
- name: rsync-server
image: ghcr.io/haiku/repo-mirror:0.4
resources:
limits:
cpu: "1.0"
memory: "1Gi"
env:
- name: VOLUMES
value: "/haikuports-data /haiku-release-mirror"
- name: PROXY_PROTOCOL
value: "yes"
volumeMounts:
- name: buildmaster-packages
mountPath: /haikuports-data
- name: haiku-release-mirror
mountPath: /haiku-release-mirror/haiku-release
- name: access-lists
mountPath: /run/config
volumes:
- name: access-lists
configMap:
name: rsync-access-list
- name: buildmaster-packages
persistentVolumeClaim:
claimName: buildmaster-packages-pvc
- name: haiku-release-mirror
persistentVolumeClaim:
claimName: haiku-release-mirror
---
apiVersion: v1
kind: ConfigMap
metadata:
name: rsync-access-list
data:
haiku-release: |2
# cdn.haiku.nz (jessicah)
101.100.139.54
# mirror.fsmg.org.nz
163.7.134.123
163.7.134.121
2404:138:134:120::2
2404:138:134:122::2
# ipfs mirroring (kallisti5)
98.97.82.0/24
129.222.76.0/24
2605:59C8:4000::/40
# rit.edu
129.21.171.72
129.21.171.98
# lip6.fr
195.83.118.1
# haiku.datente.com (@warrenmyers)
136.243.154.164
# tnonline.net (mail:at:lechevalier.se)
155.4.110.241
2001:470:28:704::1
# truenetwork.ru
94.247.111.11
94.247.111.12
94.247.111.13
94.247.111.14
# osuosl.org
140.211.166.134
2605:bc80:3010::134
# files.mc9.eu/haiku (waluswko.net)
85.193.207.26
haikuports-master: |2
# cdn.haiku.nz (jessicah)
101.100.139.54
# mirror.fsmg.org.nz
163.7.134.123
163.7.134.121
2404:138:134:120::2
2404:138:134:122::2
# ipfs mirroring (kallisti5)
98.97.82.0/24
129.222.76.0/24
2605:59C8:4000::/40
# rit.edu
129.21.171.72
129.21.171.98
# lip6.fr
195.83.118.1
# haiku.datente.com (@warrenmyers)
136.243.154.164
# tnonline.net (mail:at:lechevalier.se)
155.4.110.241
2001:470:28:704::1
# truenetwork.ru
94.247.111.11
94.247.111.12
94.247.111.13
94.247.111.14
# osuosl.org
140.211.166.134
2605:bc80:3010::134
# files.mc9.eu/haiku (waluswko.net)
85.193.207.26
---
apiVersion: v1
kind: Service
metadata:
name: rsync
spec:
selector:
app: rsync-server
ports:
- name: rsync
port: 12000
targetPort: 12000
---
# state data for builds like logs of buildruns, buildrun id
# tracking, builder connection information.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: haiku-release-mirror
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 30Gi
---
apiVersion: traefik.io/v1alpha1
kind: MiddlewareTCP
metadata:
name: rsync-ingressmiddle
spec:
inFlightConn:
amount: 10
---
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: rsync-ingresstcp
spec:
entryPoints:
- rsync
routes:
- match: HostSNI(`*`)
services:
- name: rsync
port: 12000
weight: 10
terminationDelay: 900000
proxyProtocol:
version: 1
middlewares:
- name: rsync-ingressmiddle
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: haiku-release-mirror
spec:
schedule: "0 6 * * 0"
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
# volumes are attached to a single physical node (RWO), this ensures the backup
# job always starts on the same physical node where gerrit is running
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- buildmaster
topologyKey: kubernetes.io/hostname
restartPolicy: Never
containers:
- name: rclone-mirror
image: ghcr.io/haiku/rclone-mirror:3.15-3
env:
- name: BACKEND
value: s3
- name: BUCKET
value: haiku-release
- name: S3_ENDPOINT
value: "https://s3.us-east-1.wasabisys.com"
- name: S3_ACCESS_KEY
valueFrom:
secretKeyRef:
name: wasabi-access-ro-s3
key: s3_key
- name: S3_SECRET_KEY
valueFrom:
secretKeyRef:
name: wasabi-access-ro-s3
key: s3_secret
volumeMounts:
- name: haiku-release-mirror
mountPath: /data
volumes:
- name: haiku-release-mirror
persistentVolumeClaim:
claimName: haiku-release-mirror