From 5b880b1ec7b72bc9d3e9e1ca96acde4f1b6ba778 Mon Sep 17 00:00:00 2001 From: alexlebens Date: Fri, 23 Aug 2024 17:17:53 -0500 Subject: [PATCH] change storage to minio --- .../cl01tl/applications/directus/Chart.yaml | 11 ++ .../directus/templates/external-secret.yaml | 131 ++++++++++-------- .../templates/replication-source.yaml | 27 ---- .../cl01tl/applications/directus/values.yaml | 92 +++++++----- .../cl01tl/applications/homepage/values.yaml | 6 + .../kube-prometheus-stack/values.yaml | 1 + 6 files changed, 150 insertions(+), 118 deletions(-) delete mode 100644 clusters/cl01tl/applications/directus/templates/replication-source.yaml diff --git a/clusters/cl01tl/applications/directus/Chart.yaml b/clusters/cl01tl/applications/directus/Chart.yaml index 9e9964531..147690341 100644 --- a/clusters/cl01tl/applications/directus/Chart.yaml +++ b/clusters/cl01tl/applications/directus/Chart.yaml @@ -4,14 +4,17 @@ version: 1.0.0 description: Directus keywords: - directus + - cms home: https://wiki.alexlebens.dev/doc/directus-EvV9wese9H sources: - https://github.com/directus/directus + - https://github.com/minio/operator - https://github.com/valkey-io/valkey - https://github.com/cloudflare/cloudflared - https://github.com/cloudnative-pg/cloudnative-pg - https://hub.docker.com/r/directus/directus - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template + - https://github.com/minio/operator/tree/master/helm/tenant - https://github.com/bitnami/charts/tree/main/bitnami/valkey - https://github.com/alexlebens/helm-charts/charts/cloudflared - https://github.com/alexlebens/helm-charts/charts/postgres-cluster @@ -22,6 +25,10 @@ dependencies: alias: directus repository: https://bjw-s.github.io/helm-charts/ version: 3.3.2 + - name: tenant + alias: minio + version: 6.0.1 + repository: https://operator.min.io/ - name: valkey version: 0.3.13 repository: https://charts.bitnami.com/bitnami @@ -29,6 +36,10 @@ dependencies: alias: cloudflared-directus repository: http://alexlebens.github.io/helm-charts version: 1.6.0 + - name: cloudflared + alias: cloudflared-minio + repository: http://alexlebens.github.io/helm-charts + version: 1.6.0 - name: postgres-cluster alias: postgres-16-cluster version: 3.9.0 diff --git a/clusters/cl01tl/applications/directus/templates/external-secret.yaml b/clusters/cl01tl/applications/directus/templates/external-secret.yaml index 0615608dc..2b5b65d16 100644 --- a/clusters/cl01tl/applications/directus/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/directus/templates/external-secret.yaml @@ -18,28 +18,28 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/site-profile/directus/config + key: /cl01tl/directus/config metadataPolicy: None property: admin-email - secretKey: admin-password remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/site-profile/directus/config + key: /cl01tl/directus/config metadataPolicy: None property: admin-password - secretKey: secret remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/site-profile/directus/config + key: /cl01tl/directus/config metadataPolicy: None property: secret - secretKey: key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/site-profile/directus/config + key: /cl01tl/directus/config metadataPolicy: None property: key @@ -64,14 +64,14 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/site-profile/directus/valkey + key: /cl01tl/directus/valkey metadataPolicy: None property: user - secretKey: password remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/site-profile/directus/valkey + key: /cl01tl/directus/valkey metadataPolicy: None property: password @@ -111,35 +111,92 @@ spec: apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: site-profile-cloudflared-api-secret + name: directus-minio-user-secret namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: site-profile-cloudflared-api-secret + app.kubernetes.io/name: directus-minio-user-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web + app.kubernetes.io/component: database app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - - secretKey: cf-tunnel-token + - secretKey: AWS_ACCESS_KEY_ID remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cloudflare/tunnels/site-profile + key: /cl01tl/directus/minio/auth metadataPolicy: None - property: token + property: AWS_ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/directus/minio/auth + metadataPolicy: None + property: AWS_SECRET_ACCESS_KEY --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: directus-cloudflared-api-secret + name: directus-minio-root-secret namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: directus-cloudflared-api-secret + app.kubernetes.io/name: directus-minio-root-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config.env + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/outline/minio/config + metadataPolicy: None + property: root-config.env + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: directus-minio-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: directus-minio-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config.env + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/directus/minio/config + metadataPolicy: None + property: config.env + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: directus-cloudflared-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: directus-cloudflared-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: web @@ -161,60 +218,26 @@ spec: apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: directus-config-backup-secret + name: directus-minio-cloudflared-secret namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: directus-config-backup-secret + app.kubernetes.io/name: directus-minio-cloudflared-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup + app.kubernetes.io/component: web app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: kind: ClusterSecretStore name: vault - target: - template: - mergePolicy: Merge - engineVersion: v2 - data: - RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/directus/directus-data" data: - - secretKey: BUCKET_ENDPOINT + - secretKey: cf-tunnel-token remoteRef: conversionStrategy: Default decodingStrategy: None - key: /cl01tl/volsync/restic/config + key: /cloudflare/tunnels/directus-minio metadataPolicy: None - property: S3_BUCKET_ENDPOINT - - secretKey: RESTIC_PASSWORD - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: RESTIC_PASSWORD - - secretKey: AWS_DEFAULT_REGION - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/volsync/restic/config - metadataPolicy: None - property: AWS_DEFAULT_REGION - - secretKey: AWS_ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /aws/keys/cl01tl-volsync-backups - metadataPolicy: None - property: access_key - - secretKey: AWS_SECRET_ACCESS_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /aws/keys/cl01tl-volsync-backups - metadataPolicy: None - property: secret_key + property: token --- apiVersion: external-secrets.io/v1beta1 diff --git a/clusters/cl01tl/applications/directus/templates/replication-source.yaml b/clusters/cl01tl/applications/directus/templates/replication-source.yaml deleted file mode 100644 index 34817deca..000000000 --- a/clusters/cl01tl/applications/directus/templates/replication-source.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: volsync.backube/v1alpha1 -kind: ReplicationSource -metadata: - name: directus-data-backup-source - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-data-backup-source - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: backup - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - sourcePVC: directus-data - trigger: - schedule: 0 0 * * * - restic: - pruneIntervalDays: 7 - repository: directus-data-backup-secret - retain: - hourly: 1 - daily: 1 - weekly: 3 - monthly: 2 - yearly: 4 - copyMethod: Snapshot - storageClassName: ceph-block-delete - volumeSnapshotClassName: ceph-blockpool-snapshot diff --git a/clusters/cl01tl/applications/directus/values.yaml b/clusters/cl01tl/applications/directus/values.yaml index 24b44c4ec..5493ac8a2 100644 --- a/clusters/cl01tl/applications/directus/values.yaml +++ b/clusters/cl01tl/applications/directus/values.yaml @@ -5,23 +5,6 @@ directus: replicas: 1 strategy: Recreate revisionHistoryLimit: 3 - initContainers: - init-chmod-data: - securityContext: - runAsUser: 0 - image: - repository: busybox - tag: 1.36.1 - pullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - /bin/chown -R 1000:1000 /directus/data - resources: - requests: - cpu: 100m - memory: 128Mi containers: main: image: @@ -97,11 +80,25 @@ directus: name: directus-valkey-config key: password - name: STORAGE_LOCATIONS - value: LOCAL - - name: STORAGE_LOCAL_DRIVER - value: local - - name: STORAGE_LOCAL_ROOT - value: /directus/data + value: s3 + - name: STORAGE_S3_DRIVER + value: s3 + - name: STORAGE_S3_KEY + valueFrom: + secretKeyRef: + name: directus-minio-user-secret + key: AWS_ACCESS_KEY_ID + - name: STORAGE_S3_SECRET + valueFrom: + secretKeyRef: + name: directus-minio-user-secret + key: AWS_SECRET_ACCESS_KEY + - name: STORAGE_S3_BUCKET + value: directus + - name: STORAGE_S3_ENDPOINT + value: http://minio:9000 + - name: STORAGE_S3_S3_FORCE_PATH_STYLE + value: "true" - name: AUTH_PROVIDERS value: AUTHENTIK - name: AUTH_AUTHENTIK_DRIVER @@ -142,20 +139,38 @@ directus: port: 80 targetPort: 8055 protocol: TCP - persistence: - data: - storageClass: ceph-block - accessMode: ReadWriteOnce - size: 10Gi - retain: true - advancedMounts: - main: - init-chmod-data: - - path: /directus/data - readOnly: false - main: - - path: /directus/data - readOnly: false +minio: + existingSecret: + name: directus-minio-root-secret + tenant: + name: minio-directus + configuration: + name: directus-minio-config-secret + pools: + - servers: 3 + name: pool + volumesPerServer: 2 + size: 10Gi + storageClassName: ceph-block + mountPath: /export + subPath: /data + metrics: + enabled: true + port: 9000 + protocol: http + certificate: + requestAutoCert: false + ingress: + console: + enabled: true + ingressClassName: tailscale + tls: + - secretName: minio-directus-cl01tl + hosts: + - minio-directus-cl01tl + host: minio-directus-cl01tl + path: / + pathType: Prefix valkey: architecture: standalone auth: @@ -164,7 +179,10 @@ valkey: existingSecretPasswordKey: password cloudflared-directus: name: cloudflared-directus - existingSecretName: directus-cloudflared-api-secret + existingSecretName: directus-cloudflared-secret +cloudflared-minio: + name: cloudflared-directus-minio + existingSecretName: directus-minio-cloudflared-secret postgres-16-cluster: mode: standalone cluster: diff --git a/clusters/cl01tl/applications/homepage/values.yaml b/clusters/cl01tl/applications/homepage/values.yaml index fb168330f..877adc015 100644 --- a/clusters/cl01tl/applications/homepage/values.yaml +++ b/clusters/cl01tl/applications/homepage/values.yaml @@ -464,6 +464,12 @@ homepage: href: https://minio-penpot-cl01tl.boreal-beaufort.ts.net siteMonitor: http://minio-penpot-console.penpot:9090 statusStyle: dot + - Object Storage (Directus): + icon: minio.png + description: Minio Tenant + href: https://minio-directus-cl01tl.boreal-beaufort.ts.net + siteMonitor: http://minio-directus-console.directus:9090 + statusStyle: dot - Sonarr: - Sonarr: icon: sonarr.png diff --git a/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml b/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml index 9b7ff24d2..087c5fe70 100644 --- a/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml +++ b/clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml @@ -87,6 +87,7 @@ kube-prometheus-stack: - cert-manager - cloudnative-pg - descheduler + - directus - external-dns - freshrss - ghost