add minio

2023-06-14 23:02:55 +03:00 · 2023-06-14 23:02:55 +03:00 · 1eb2302c31
commit 1eb2302c31
parent c99f760481
12 changed files with 106 additions and 4 deletions
--- a/inventory/ghp/sample/group_vars/all/all.yaml
+++ b/inventory/ghp/sample/group_vars/all/all.yaml
@ -51,6 +51,12 @@ openldap_simple_users:
  - { name: testuser1, sn: 6001, uid: 6001, gid: 6001 }
  - { name: testuser2, sn: 6002, uid: 6002, gid: 6002 }

+## MinIO ##
+minio_enabled: true
+minio_publish: false
+minio_console_publish: false
+#minio_size: "100Gi"
+
 ## Harbor ##
 harbor_enabled: false
 harbor_publish: false
--- a/inventory/ghp/sample/group_vars/all/versions.yaml
+++ b/inventory/ghp/sample/group_vars/all/versions.yaml
@ -32,6 +32,9 @@ postgres_operator_ui_version: 1.10.0
 # OpenLDAP
 openldap_version: 1.2.7

+# MinIO
+minio_version: 5.0.10
+
 # Adguard Home
 adguard_version: 2.3.13

--- a/inventory/ghp/sample/group_vars/ddclient.yaml
+++ b/inventory/ghp/sample/group_vars/ddclient.yaml
@ -33,5 +33,7 @@ ddclient_hosts:
  - "{% if mastodon_publish %}{{ mastodon_short_name | default('mastodon') }}.{{ domain }}{% else %}omitme{% endif %}"
  - "{% if harbor_publish %}{{ harbor_short_name | default('harbor') }}.{{ domain }}{% else %}omitme{% endif %}"
  - "{% if roundcube_publish %}{{ roundcube_short_name | default('webmail') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if minio_publish %}{{ minio_short_name | default('minio') }}.{{ domain }}{% else %}omitme{% endif %}"
+  - "{% if minio_console_publish %}{{ minio_console_short_name | default('minio') }}.{{ minio_short_name | default('minio') }}.{{ domain }}{% else %}omitme{% endif %}"
  - "{{ harbor_readonly_ingress | default('omitme') }}"
  - "{{ wikijs_readonly_ingress | default('omitme') }}"
--- a/inventory/ghp/sample/group_vars/k8s/minio.yaml
+++ b/inventory/ghp/sample/group_vars/k8s/minio.yaml
@ -0,0 +1 @@
+minio_values: {}
--- a/inventory/ghp/sample/group_vars/mail_proxy.yaml
+++ b/inventory/ghp/sample/group_vars/mail_proxy.yaml
@ -37,7 +37,7 @@ haproxy_config: |
    log global
    option tcplog
    timeout server 1m
-    timeout connect 7s
+    timeout connect 10s
    server postfix {{ postfix_loadbalancer_ip }}:2525 send-proxy
  
  frontend ft_submission
@ -54,7 +54,7 @@ haproxy_config: |
    log global
    option tcplog
    timeout server 1m
-    timeout connect 7s
+    timeout connect 10s
    server postfix {{ postfix_loadbalancer_ip }}:10587 send-proxy
  
  frontend ft_submissions
@ -71,7 +71,7 @@ haproxy_config: |
    log global
    option tcplog
    timeout server 1m
-    timeout connect 7s
+    timeout connect 10s
    server postfix {{ postfix_loadbalancer_ip }}:10465 send-proxy
  
  frontend ft_imap
--- a/inventory/ghp/sample/group_vars/web_proxy.yaml
+++ b/inventory/ghp/sample/group_vars/web_proxy.yaml
@ -75,6 +75,12 @@ nginx:
        {% if roundcube_publish %}
        {{ roundcube_short_name | default('webmail') }}.{{ domain }} https_{{ namespace }};
        {% endif %}
+        {% if minio_publish %}
+        {{ minio_short_name | default('minio') }}.{{ domain }} https_{{ namespace }};
+        {% endif %}
+        {% if minio_console_publish %}
+        {{ minio_console_short_name | default('console') }}.{{ minio_short_name | default('minio') }}.{{ domain }} https_{{ namespace }};
+        {% endif %}
        {% if wikijs_readonly_ingress %}
        {{ wikijs_readonly_ingress }} https_{{ namespace }};
        {% endif %}
--- a/playbooks/ghp/minio.yaml
+++ b/playbooks/ghp/minio.yaml
@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - minio
--- a/playbooks/ghp/shared-infra.yaml
+++ b/playbooks/ghp/shared-infra.yaml
@ -14,3 +14,8 @@
    when: openldap_enabled | default(true)
    tags: openldap

+  - name: Deploy MinIO
+    import_role: 
+      name: minio
+    when: minio_enabled | default(true)
+    tags: minio
--- a/roles/minio/defaults/main.yaml
+++ b/roles/minio/defaults/main.yaml
@ -0,0 +1,61 @@
+minio_enabled: true
+minio_publish: false
+minio_console_publish: false
+minio_chart_ref: "minio/minio"
+minio_short_name: "minio"
+minio_console_short_name: "console"
+minio_default_values:
+  mode: distributed ## other supported values are "standalone"
+  resources:
+    requests:
+      memory: 512Mi
+  replicas: 4
+
+  rootUser: "admin"
+  rootPassword: "{{ minio_admin_password }}"
+
+  persistence:
+    enabled: true
+    storageClass: "{{ minio_storage | default('nfs-hdd') }}"
+    accessMode: "{{ minio_storage_mode | default('ReadWriteOnce') }}"
+    size: "{{ minio_size | default('100Gi') }}"
+  
+  ingress:
+    enabled: true
+    ingressClassName: "{{ external_ingress_class if minio_publish else internal_ingress_class }}"
+    annotations:
+      cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      nginx.ingress.kubernetes.io/proxy-body-size: "0"
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+      # kubernetes.io/ingress.allow-http: "false"
+      # kubernetes.io/ingress.global-static-ip-name: ""
+      # nginx.ingress.kubernetes.io/secure-backends: "true"
+      # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+      # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
+    path: /
+    hosts:
+      - "{{ minio_short_name }}.{{ domain }}"
+    tls:
+      - secretName: "{{ minio_short_name }}.{{ domain }}-tls"
+        hosts:
+          - "{{ minio_short_name }}.{{ domain }}"
+  
+  consoleIngress:
+    enabled: true
+    ingressClassName: "{{ external_ingress_class if minio_console_publish else internal_ingress_class }}"
+    annotations:
+      cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      nginx.ingress.kubernetes.io/proxy-body-size: "0"
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+    path: /
+    hosts:
+      - "{{ minio_console_short_name }}.{{ minio_short_name }}.{{ domain }}"
+    tls:
+      - secretName: "{{ minio_console_short_name }}.{{ minio_short_name }}.{{ domain }}-tls"
+        hosts:
+          - "{{ minio_console_short_name }}.{{ minio_short_name }}.{{ domain }}"
+
--- a/roles/minio/tasks/main.yaml
+++ b/roles/minio/tasks/main.yaml
@ -0,0 +1,12 @@
+- set_fact:
+    minio_combined_values: "{{ minio_default_values | combine(minio_values, recursive=true) }}"
+
+- name: Deploy MinIO
+  kubernetes.core.helm:
+    create_namespace: true
+    release_namespace: "{{ minio_namespace | default(namespace) }}"
+    release_name: "{{ minio_name | default('minio') }}"
+    chart_ref: "{{ minio_chart_ref }}"
+    chart_version: "{{ minio_version | default(omit) }}"
+    release_values: "{{ minio_combined_values | from_yaml }}"
+    wait: true
--- a/roles/pwgen/defaults/main.yaml
+++ b/roles/pwgen/defaults/main.yaml
@ -14,6 +14,7 @@ default_accounts:
  - { name: mastodon_ldap }
  - { name: harbor_admin }
  - { name: systemuser }
+  - { name: minio_admin }

 secret_keys:
  - { name: peertube }
--- a/roles/pypiserver/tasks/main.yaml
+++ b/roles/pypiserver/tasks/main.yaml
@ -1,7 +1,7 @@
 - set_fact:
    pypiserver_combined_values: "{{ pypiserver_default_values | combine(pypiserver_values, recursive=true) }}"

- name: Deploy Docker pypiserver
+- name: Deploy pypiserver
  kubernetes.core.helm:
    create_namespace: true
    release_namespace: "{{ pypiserver_namespace | default(namespace) }}"