diff --git a/justfile b/justfile index 052a176..99a2299 100644 --- a/justfile +++ b/justfile @@ -1,5 +1,7 @@ export TF_VAR_hetzner_token := `pass hetzner.com/tokens/suricata` export TF_VAR_pg_passwd := `pass pg.monotremata.xyz/terraform` +export TF_VAR_minio_root_user := "rilla" +export TF_VAR_minio_root_password := `pass minio.monotremata.xyz/rilla` export LINODE_TOKEN := `pass linode.com/token` export VULTR_API_KEY := `pass vultr.com/api_key` diff --git a/main.tf b/main.tf index af3ce7e..5a358a7 100644 --- a/main.tf +++ b/main.tf @@ -70,3 +70,12 @@ module "dns" { module "vps" { source = "./modules/vps" } + +module "minio" { + source = "./modules/minio" + minio_root_user = var.minio_root_user + minio_root_password = var.minio_root_password + minio_url = "minio.monotremata.xyz" + minio_console_url = "minio-console.monotremata.xyz" + minio_host_path = "/mnt/k3s_volumes/minio" +} diff --git a/modules/minio/main.tf b/modules/minio/main.tf new file mode 100644 index 0000000..fd106e1 --- /dev/null +++ b/modules/minio/main.tf @@ -0,0 +1,203 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.20.0" + } + } +} + +provider "kubernetes" { + config_path = "~/.kube/config" +} + +# terraform import module.minio.kubernetes_namespace.minio_namespace minio +resource "kubernetes_namespace" "minio_namespace" { + metadata { + name = "minio" + } +} + +# terraform import module.minio.kubernetes_persistent_volume.minio-pv minio-pv +resource "kubernetes_persistent_volume" "minio-pv" { + metadata { + name = "minio-pv" + } + spec { + capacity = { storage = var.minio_storage_capacity } + access_modes = ["ReadWriteOnce"] + storage_class_name = "local" + persistent_volume_source { + host_path { path = var.minio_host_path } + } + } +} + +# terraform import module.minio.kubernetes_persistent_volume_claim.minio-pvc minio/minio-pvc +resource "kubernetes_persistent_volume_claim" "minio-pvc" { + metadata { + name = "minio-pvc" + namespace = kubernetes_namespace.minio_namespace.metadata[0].name + } + spec { + storage_class_name = "local" + volume_name = kubernetes_persistent_volume.minio-pv.metadata[0].name + access_modes = ["ReadWriteOnce"] + resources { + requests = { storage = var.minio_storage_capacity } + } + } +} + +# terraform import module.minio.kubernetes_secret.minio-secret minio/minio-secret +resource "kubernetes_secret" "minio-secret" { + metadata { + name = "minio-secret" + namespace = kubernetes_namespace.minio_namespace.metadata[0].name + } + type = "Opaque" + wait_for_service_account_token = false + data = { + root_user = var.minio_root_user + root_password = var.minio_root_password + } +} + +# terraform import module.minio.kubernetes_deployment.minio-deployment minio/minio-deployment +resource "kubernetes_deployment" "minio-deployment" { + metadata { + name = "minio-deployment" + namespace = kubernetes_namespace.minio_namespace.metadata[0].name + } + spec { + selector { + match_labels = { app = "minio" } + } + template { + metadata { + labels = { app = "minio" } + } + spec { + container { + name = "minio" + image = var.minio_image + args = [ + "server", + "--console-address", + format(":%s", var.minio_console_port), + "/storage" + ] + env { + name = "MINIO_ROOT_USER" + value_from { + secret_key_ref { + name = kubernetes_secret.minio-secret.metadata[0].name + key = "root_user" + } + } + } + env { + name = "MINIO_ROOT_PASSWORD" + value_from { + secret_key_ref { + name = kubernetes_secret.minio-secret.metadata[0].name + key = "root_password" + } + } + } + env { + name = "MINIO_BROWSER_REDIRECT_URL" + value = format("https://%s", var.minio_console_url) + } + port { + container_port = var.minio_port + host_port = var.minio_port + } + port { + container_port = var.minio_console_port + host_port = var.minio_console_port + } + volume_mount { + name = "storage" + mount_path = "/storage" + } + } + volume { + name = "storage" + persistent_volume_claim { + claim_name = kubernetes_persistent_volume_claim.minio-pvc.metadata[0].name + } + } + automount_service_account_token = false + enable_service_links = false + } + } + } + wait_for_rollout = false +} + +# terraform import module.minio.kubernetes_service.minio-svc minio/minio-svc +resource "kubernetes_service" "minio-svc" { + metadata { + name = "minio-svc" + namespace = kubernetes_namespace.minio_namespace.metadata[0].name + labels = { service = "minio" } + } + spec { + type = "ClusterIP" + selector = { + app = kubernetes_deployment.minio-deployment.spec[0].template[0].metadata[0].labels.app + } + port { + name = "minio" + port = var.minio_port + protocol = "TCP" + } + port { + name = "minio-console" + port = var.minio_console_port + protocol = "TCP" + } + } + wait_for_load_balancer = false +} + +# terraform import module.minio.kubernetes_ingress_v1.minio-ingress minio/minio-ingress +resource "kubernetes_ingress_v1" "minio-ingress" { + metadata { + name = "minio-ingress" + namespace = kubernetes_namespace.minio_namespace.metadata[0].name + } + spec { + rule { + host = var.minio_url + http { + path { + path_type = "Prefix" + path = "/" + backend { + service { + name = kubernetes_service.minio-svc.metadata[0].name + port { number = var.minio_port } + } + } + } + } + } + rule { + host = var.minio_console_url + http { + path { + path_type = "Prefix" + path = "/" + backend { + service { + name = kubernetes_service.minio-svc.metadata[0].name + port { number = var.minio_console_port } + } + } + } + } + } + } +} diff --git a/modules/minio/variables.tf b/modules/minio/variables.tf new file mode 100644 index 0000000..afbbf69 --- /dev/null +++ b/modules/minio/variables.tf @@ -0,0 +1,50 @@ +variable "minio_image" { + type = string + description = "image used for minio" + default = "minio/minio:latest" +} + +variable "minio_root_user" { + type = string + description = "minio root username" + sensitive = true +} + +variable "minio_root_password" { + type = string + description = "minio root password" + sensitive = true +} + +variable "minio_port" { + type = number + description = "http port used by minio" + default = 9000 +} + +variable "minio_console_port" { + type = number + description = "http port used by minio's console" + default = 9001 +} + +variable "minio_url" { + type = string + description = "minio url" +} + +variable "minio_console_url" { + type = string + description = "minio console url" +} + +variable "minio_host_path" { + type = string + description = "host path for the volume to be used as storage for minio" +} + +variable "minio_storage_capacity" { + type = string + description = "capacity for minio's storage" + default = "10Gi" +} diff --git a/variables.tf b/variables.tf index f9a3a9a..a65da36 100644 --- a/variables.tf +++ b/variables.tf @@ -37,3 +37,15 @@ variable "pg_passwd" { sensitive = true description = "postgresql password" } + +variable "minio_root_user" { + type = string + description = "minio root username" + sensitive = true +} + +variable "minio_root_password" { + type = string + description = "minio root password" + sensitive = true +}