alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

change storage to minio

Browse Source
This commit is contained in:
Alex Lebens
2024-08-23 17:17:53 -05:00
parent b598cfea59
commit 5b880b1ec7
6 changed files with 150 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/cl01tl/applications/directus/Chart.yaml
View File

@@ -4,14 +4,17 @@ version: 1.0.0
description: Directus description: Directus
keywords: keywords:
- directus - directus
- cms
home: https://wiki.alexlebens.dev/doc/directus-EvV9wese9H home: https://wiki.alexlebens.dev/doc/directus-EvV9wese9H
sources: sources:
- https://github.com/directus/directus - https://github.com/directus/directus
- https://github.com/minio/operator
- https://github.com/valkey-io/valkey - https://github.com/valkey-io/valkey
- https://github.com/cloudflare/cloudflared - https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/directus/directus - https://hub.docker.com/r/directus/directus
- https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
- https://github.com/minio/operator/tree/master/helm/tenant
- https://github.com/bitnami/charts/tree/main/bitnami/valkey - https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://github.com/alexlebens/helm-charts/charts/cloudflared - https://github.com/alexlebens/helm-charts/charts/cloudflared
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
@@ -22,6 +25,10 @@ dependencies:
alias: directus alias: directus
repository: https://bjw-s.github.io/helm-charts/ repository: https://bjw-s.github.io/helm-charts/
version: 3.3.2 version: 3.3.2
- name: tenant
alias: minio
version: 6.0.1
repository: https://operator.min.io/
- name: valkey - name: valkey
version: 0.3.13 version: 0.3.13
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
@@ -29,6 +36,10 @@ dependencies:
alias: cloudflared-directus alias: cloudflared-directus
repository: http://alexlebens.github.io/helm-charts repository: http://alexlebens.github.io/helm-charts
version: 1.6.0 version: 1.6.0
- name: cloudflared
alias: cloudflared-minio
repository: http://alexlebens.github.io/helm-charts
version: 1.6.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-16-cluster alias: postgres-16-cluster
version: 3.9.0 version: 3.9.0

131
clusters/cl01tl/applications/directus/templates/external-secret.yaml
View File

@@ -18,28 +18,28 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/site-profile/directus/config key: /cl01tl/directus/config
metadataPolicy: None metadataPolicy: None
property: admin-email property: admin-email
- secretKey: admin-password - secretKey: admin-password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/site-profile/directus/config key: /cl01tl/directus/config
metadataPolicy: None metadataPolicy: None
property: admin-password property: admin-password
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/site-profile/directus/config key: /cl01tl/directus/config
metadataPolicy: None metadataPolicy: None
property: secret property: secret
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/site-profile/directus/config key: /cl01tl/directus/config
metadataPolicy: None metadataPolicy: None
property: key property: key
@@ -64,14 +64,14 @@ spec:
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/site-profile/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None metadataPolicy: None
property: user property: user
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/site-profile/directus/valkey key: /cl01tl/directus/valkey
metadataPolicy: None metadataPolicy: None
property: password property: password
@@ -111,35 +111,92 @@ spec:
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: site-profile-cloudflared-api-secret name: directus-minio-user-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: site-profile-cloudflared-api-secret app.kubernetes.io/name: directus-minio-user-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: vault
data: data:
- secretKey: cf-tunnel-token - secretKey: AWS_ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cloudflare/tunnels/site-profile key: /cl01tl/directus/minio/auth
metadataPolicy: None metadataPolicy: None
property: token property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/auth
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY
--- ---
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: directus-cloudflared-api-secret name: directus-minio-root-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-cloudflared-api-secret app.kubernetes.io/name: directus-minio-root-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/outline/minio/config
metadataPolicy: None
property: root-config.env
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: directus-minio-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-minio-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config.env
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/minio/config
metadataPolicy: None
property: config.env
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: directus-cloudflared-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web app.kubernetes.io/component: web
@@ -161,60 +218,26 @@ spec:
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: directus-config-backup-secret name: directus-minio-cloudflared-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-config-backup-secret app.kubernetes.io/name: directus-minio-cloudflared-secret
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/directus/directus-data"
data: data:
- secretKey: BUCKET_ENDPOINT - secretKey: cf-tunnel-token
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/volsync/restic/config key: /cloudflare/tunnels/directus-minio
metadataPolicy: None metadataPolicy: None
property: S3_BUCKET_ENDPOINT property: token
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/volsync/restic/config
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-volsync-backups
metadataPolicy: None
property: access_key
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /aws/keys/cl01tl-volsync-backups
metadataPolicy: None
property: secret_key
--- ---
apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1

27
clusters/cl01tl/applications/directus/templates/replication-source.yaml
View File

@@ -1,27 +0,0 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: directus-data-backup-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-data-backup-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: backup
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: directus-data
trigger:
schedule: 0 0 * * *
restic:
pruneIntervalDays: 7
repository: directus-data-backup-secret
retain:
hourly: 1
daily: 1
weekly: 3
monthly: 2
yearly: 4
copyMethod: Snapshot
storageClassName: ceph-block-delete
volumeSnapshotClassName: ceph-blockpool-snapshot

92
clusters/cl01tl/applications/directus/values.yaml
View File

@@ -5,23 +5,6 @@ directus:
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3 revisionHistoryLimit: 3
initContainers:
init-chmod-data:
securityContext:
runAsUser: 0
image:
repository: busybox
tag: 1.36.1
pullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
/bin/chown -R 1000:1000 /directus/data
resources:
requests:
cpu: 100m
memory: 128Mi
containers: containers:
main: main:
image: image:
@@ -97,11 +80,25 @@ directus:
name: directus-valkey-config name: directus-valkey-config
key: password key: password
- name: STORAGE_LOCATIONS - name: STORAGE_LOCATIONS
value: LOCAL value: s3
- name: STORAGE_LOCAL_DRIVER - name: STORAGE_S3_DRIVER
value: local value: s3
- name: STORAGE_LOCAL_ROOT - name: STORAGE_S3_KEY
value: /directus/data valueFrom:
secretKeyRef:
name: directus-minio-user-secret
key: AWS_ACCESS_KEY_ID
- name: STORAGE_S3_SECRET
valueFrom:
secretKeyRef:
name: directus-minio-user-secret
key: AWS_SECRET_ACCESS_KEY
- name: STORAGE_S3_BUCKET
value: directus
- name: STORAGE_S3_ENDPOINT
value: http://minio:9000
- name: STORAGE_S3_S3_FORCE_PATH_STYLE
value: "true"
- name: AUTH_PROVIDERS - name: AUTH_PROVIDERS
value: AUTHENTIK value: AUTHENTIK
- name: AUTH_AUTHENTIK_DRIVER - name: AUTH_AUTHENTIK_DRIVER
@@ -142,20 +139,38 @@ directus:
port: 80 port: 80
targetPort: 8055 targetPort: 8055
protocol: TCP protocol: TCP
persistence: minio:
data: existingSecret:
storageClass: ceph-block name: directus-minio-root-secret
accessMode: ReadWriteOnce tenant:
size: 10Gi name: minio-directus
retain: true configuration:
advancedMounts: name: directus-minio-config-secret
main: pools:
init-chmod-data: - servers: 3
- path: /directus/data name: pool
readOnly: false volumesPerServer: 2
main: size: 10Gi
- path: /directus/data storageClassName: ceph-block
readOnly: false mountPath: /export
subPath: /data
metrics:
enabled: true
port: 9000
protocol: http
certificate:
requestAutoCert: false
ingress:
console:
enabled: true
ingressClassName: tailscale
tls:
- secretName: minio-directus-cl01tl
hosts:
- minio-directus-cl01tl
host: minio-directus-cl01tl
path: /
pathType: Prefix
valkey: valkey:
architecture: standalone architecture: standalone
auth: auth:
@@ -164,7 +179,10 @@ valkey:
existingSecretPasswordKey: password existingSecretPasswordKey: password
cloudflared-directus: cloudflared-directus:
name: cloudflared-directus name: cloudflared-directus
existingSecretName: directus-cloudflared-api-secret existingSecretName: directus-cloudflared-secret
cloudflared-minio:
name: cloudflared-directus-minio
existingSecretName: directus-minio-cloudflared-secret
postgres-16-cluster: postgres-16-cluster:
mode: standalone mode: standalone
cluster: cluster:

6
clusters/cl01tl/applications/homepage/values.yaml
View File

@@ -464,6 +464,12 @@ homepage:
href: https://minio-penpot-cl01tl.boreal-beaufort.ts.net href: https://minio-penpot-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://minio-penpot-console.penpot:9090 siteMonitor: http://minio-penpot-console.penpot:9090
statusStyle: dot statusStyle: dot
- Object Storage (Directus):
icon: minio.png
description: Minio Tenant
href: https://minio-directus-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://minio-directus-console.directus:9090
statusStyle: dot
- Sonarr: - Sonarr:
- Sonarr: - Sonarr:
icon: sonarr.png icon: sonarr.png

1
clusters/cl01tl/monitoring/kube-prometheus-stack/values.yaml
View File

@@ -87,6 +87,7 @@ kube-prometheus-stack:
- cert-manager - cert-manager
- cloudnative-pg - cloudnative-pg
- descheduler - descheduler
- directus
- external-dns - external-dns
- freshrss - freshrss
- ghost - ghost