production/objstorage: Deploy read-write instance to dynamic infra

This instance will be deployed on the saam host to continue using the /srv/softwareheritage/objects filesystem mountpoints. Specific affinity labels will be installed on that node to ensure the instance only runs there. The name of the service & ingress are explicit to avoid name conflict ambiguity on the various read-write services we have. Refs. swh/infra/sysadm-environment#5214

production/objstorage: Deploy read-write instance to dynamic infra
f71b2813 · Antoine R. Dumont · 0fd15e0c · f71b2813 · f71b2813
Verified Commit f71b2813 authored 1 year ago by Antoine R. Dumont
--- a/swh/values/production/default.yaml
+++ b/swh/values/production/default.yaml
@@ -505,3 +505,6 @@ externalServices:
    vault:
      internalName: vault-rpc-ingress
      target: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
+    objstorage-rw-saam-zfs:
+      internalName: objstorage-rw-saam-zfs-rpc-ingress
+      target: archive-production-rke2-ingress-nginx-controller.ingress-nginx.svc.cluster.local
--- a/swh/values/production/swh.yaml
+++ b/swh/values/production/swh.yaml
@@ -42,6 +42,15 @@ wineryRWObjectstorageConfiguration:
  cls: remote
  url: http://gloin001.internal.cea.swh.network

+saamZfsObjstorageConfiguration:
+  cls: multiplexer
+  objstorages:
+  - cls: pathslicing
+    root: "/srv/softwareheritage/objects"
+    slicing: 0:2/0:5
+    compression: none
+  client_max_size: 1073741824
+
 readOnlyStorageConfiguration:
  pipelineStepsRef: retryStoragePipelineSteps
  storageConfigurationRef: primaryPostgresqlROStorageConfiguration
@@ -1361,6 +1370,41 @@ objstorage:
            extraWhitelistSourceRange:
              # vpn network
              - 192.168.101.0/24
+    saam-zfs:
+      enabled: true
+      requestedCpu: 250m
+      requestedMemory: 1024Mi
+      replicas: 2
+      gunicorn:
+        workers: 4
+        threads: 2
+        timeout: 3600
+      objstorageConfigurationRef: saamZfsObjstorageConfiguration
+      volumes:
+        pathslicing-rw:
+          mountPath: /srv/softwareheritage/objects
+          volumeDefinition:
+            hostPath:
+              path: /srv/softwareheritage/objects
+              type: Directory
+      # Deploy an ingress to access the objstorage
+      hosts:
+        - objstorage-rw-saam-zfs-rpc-ingress
+      ingress:
+        enabled: true
+        # mandatory if ingress is enabled
+        # the hostname on which the objstorage must be reachable
+        # Optional: the ingress classname to use
+        className: nginx
+        whitelistSourceRangeRef: internalNetworkRanges
+        extraAnnotations:
+          nginx.ingress.kubernetes.io/proxy-body-size: 4G
+          nginx.ingress.kubernetes.io/proxy-buffering: "on"
+          nginx.ingress.kubernetes.io/client-body-buffer-size: 128K
+        endpoints:
+          default:
+            paths:
+              - path: /

 deposit:
  enabled: true