add base storage

clusters/cl01tl/storage/rook-ceph/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+name: rook-ceph
+version: 1.0.0
+description: Rook Ceph
+keywords:
+  - rook-ceph
+  - ceph
+  - storage
+  - kubernetes
+home: https://wiki.alexlebens.dev/doc/rook-ceph-C7G7SNuP5Z
+sources:
+  - https://github.com/rook/rook
+  - https://quay.io/repository/ceph/ceph?tab=tags
+  - https://github.com/rook/rook/tree/master/deploy/charts
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: rook-ceph
+    version: v1.16.4
+    repository: https://charts.rook.io/release
+  - name: rook-ceph-cluster
+    version: v1.16.4
+    repository: https://charts.rook.io/release
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/rook.png
+appVersion: v1.16.0

clusters/cl01tl/storage/rook-ceph/templates/http-route.yaml

@@ -0,0 +1,30 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-rook-ceph
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-rook-ceph
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - ceph.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: rook-ceph-mgr-dashboard
+          port: 8443
+          weight: 100

clusters/cl01tl/storage/rook-ceph/templates/namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rook-ceph
+  labels:
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged

clusters/cl01tl/storage/rook-ceph/values.yaml

@@ -0,0 +1,125 @@
+rook-ceph:
+  crds:
+    enabled: true
+  csi:
+    enableMetadata: true
+    provisionerReplicas: 3
+    serviceMonitor:
+      enabled: true
+  enableDiscoveryDaemon: true
+  monitoring:
+    enabled: true
+
+rook-ceph-cluster:
+  operatorNamespace: rook-ceph
+  toolbox:
+    enabled: true
+  monitoring:
+    enabled: true
+    createPrometheusRules: true
+  cephClusterSpec:
+    cephVersion:
+      # https://quay.io/repository/ceph/ceph?tab=tags
+      image: quay.io/ceph/ceph:v19.2.1-20250202
+    mon:
+      count: 3
+    mgr:
+      count: 1
+      modules:
+        - name: pg_autoscaler
+          enabled: true
+        - name: rook
+          enabled: true
+    dashboard:
+      enabled: true
+      ssl: false
+    network:
+      connections:
+        encryption:
+          enabled: true
+        compression:
+          enabled: true
+        requireMsgr2: true
+    placement:
+      all:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/rook-osd-node
+                    operator: Exists
+      mon:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/rook-mon-node
+                    operator: Exists
+                  - key: node-role.kubernetes.io/control-plane
+                    operator: Exists
+        tolerations:
+          - key: node-role.kubernetes.io/rook-mon-node
+            operator: Exists
+          - key: node-role.kubernetes.io/control-plane
+            operator: Exists
+    resources:
+      mgr:
+        limits:
+          cpu: 2000m
+        requests:
+          cpu: 100m
+          memory: 512Mi
+      mon:
+        limits:
+          cpu: 2000m
+        requests:
+          cpu: 200m
+          memory: 256Mi
+      osd:
+        limits:
+          cpu: 5000m
+        requests:
+          cpu: 100m
+          memory: 2Gi
+      prepareosd:
+        requests:
+          cpu: 100m
+          memory: 128Mi
+    storage:
+      useAllNodes: true
+      useAllDevices: true
+      deviceFilter: sda
+      config:
+          osdsPerDevice: "1"
+    csi:
+      readAffinity:
+        enabled: true
+  cephBlockPools:
+    - name: ceph-blockpool
+      spec:
+        failureDomain: host
+        replicated:
+          size: 3
+        enableRBDStats: false
+      storageClass:
+        enabled: true
+        name: ceph-block
+        isDefault: true
+        reclaimPolicy: Delete
+        allowVolumeExpansion: true
+        volumeBindingMode: "Immediate"
+        parameters:
+          imageFormat: "2"
+          imageFeatures: layering,exclusive-lock,object-map,fast-diff
+          csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
+          csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}"
+          csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
+          csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}"
+          csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
+          csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}"
+          csi.storage.k8s.io/fstype: ext4
+  cephBlockPoolsVolumeSnapshotClass:
+    enabled: true
+    name: ceph-blockpool-snapshot
+    isDefault: false
+    deletionPolicy: Delete