aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.terraform/1n_nmd/main.tf
diff options
context:
space:
mode:
authorpmikus <pmikus@cisco.com>2021-11-08 12:50:51 +0100
committerPeter Mikus <pmikus@cisco.com>2021-11-11 07:25:59 +0000
commitdb7290d702450430e0d58e23f91e34407e08b41c (patch)
tree0350486f05197be82d57755df0dc17b4a71acc97 /fdio.infra.terraform/1n_nmd/main.tf
parent5390d5cedf42ecc0d589d79a0a9d1b346ebb5c11 (diff)
feat(Terraform): Minio S3 gateway proxy
Signed-off-by: pmikus <pmikus@cisco.com> Change-Id: I9543a856a2e5791b61accd7a183bc5a2bf2e6187
Diffstat (limited to 'fdio.infra.terraform/1n_nmd/main.tf')
-rw-r--r--fdio.infra.terraform/1n_nmd/main.tf121
1 files changed, 75 insertions, 46 deletions
diff --git a/fdio.infra.terraform/1n_nmd/main.tf b/fdio.infra.terraform/1n_nmd/main.tf
index a8a1bb9315..ed4f2b5ac3 100644
--- a/fdio.infra.terraform/1n_nmd/main.tf
+++ b/fdio.infra.terraform/1n_nmd/main.tf
@@ -60,62 +60,91 @@ module "grafana" {
grafana_port = 3000
}
-module "minio" {
- source = "./minio"
+#module "minio" {
+# source = "./minio"
+# providers = {
+# nomad = nomad.yul1
+# }
+#
+# # nomad
+# nomad_datacenters = ["yul1"]
+# nomad_host_volume = "prod-volume-data1-1"
+#
+# # minio
+# minio_job_name = "prod-minio"
+# minio_group_count = 4
+# minio_service_name = "storage"
+# minio_host = "http://10.32.8.1{4...7}"
+# minio_port = 9000
+# minio_container_image = "minio/minio:RELEASE.2021-07-27T02-40-15Z"
+# minio_vault_secret = {
+# use_vault_provider = false,
+# vault_kv_policy_name = "kv-secret",
+# vault_kv_path = "secret/data/minio",
+# vault_kv_field_access_key = "access_key",
+# vault_kv_field_secret_key = "secret_key"
+# }
+# minio_data_dir = "/data/"
+# minio_use_host_volume = true
+# minio_use_canary = true
+# minio_envs = ["MINIO_BROWSER=\"off\""]
+#
+# minio_buckets = ["logs.fd.io"]
+#}
+
+data "vault_generic_secret" "minio_creds" {
+ path = "kv/secret/data/minio"
+}
+
+module "minio_s3_gateway" {
+ source = "./minio_s3_gateway"
providers = {
nomad = nomad.yul1
}
# nomad
- nomad_datacenters = ["yul1"]
- nomad_host_volume = "prod-volume-data1-1"
+ datacenters = ["yul1"]
+ volume_source = "prod-volume-data1-1"
# minio
- minio_job_name = "prod-minio"
- minio_group_count = 4
- minio_service_name = "storage"
- minio_host = "http://10.32.8.1{4...7}"
- minio_port = 9000
- minio_container_image = "minio/minio:RELEASE.2021-07-27T02-40-15Z"
- minio_vault_secret = {
- use_vault_provider = false,
- vault_kv_policy_name = "kv-secret",
- vault_kv_path = "secret/data/minio",
- vault_kv_field_access_key = "access_key",
- vault_kv_field_secret_key = "secret_key"
- }
- minio_data_dir = "/data/"
- minio_use_host_volume = true
- minio_use_canary = true
- minio_envs = ["MINIO_BROWSER=\"off\""]
-
- # minio client
- mc_job_name = "prod-mc"
- mc_container_image = "minio/mc:RELEASE.2021-07-27T02-40-15Z"
- mc_extra_commands = [
- "mc policy set public LOCALMINIO/logs.fd.io",
- "mc policy set public LOCALMINIO/docs.fd.io",
- "mc ilm add --expiry-days '180' LOCALMINIO/logs.fd.io",
- "mc admin user add LOCALMINIO storage Storage1234",
- "mc admin policy set LOCALMINIO writeonly user=storage"
+ job_name = "minio-s3-gateway"
+ group_count = 4
+ service_name = "minio"
+ mode = "gateway"
+ port_base = 9001
+ port_console = 9002
+ image = "minio/minio:latest"
+ access_key = data.vault_generic_secret.minio_creds.data["access_key"]
+ secret_key = data.vault_generic_secret.minio_creds.data["secret_key"]
+ volume_destination = "/data/"
+ use_host_volume = true
+ use_canary = true
+ envs = [
+ "MINIO_BROWSER=\"off\"",
+ "MINIO_CACHE=\"on\"",
+ "MINIO_CACHE_DRIVES=\"/data/s3_cache1\"",
+ "MINIO_CACHE_EXCLUDE=\"\"",
+ "MINIO_CACHE_QUOTA=80",
+ "MINIO_CACHE_AFTER=1",
+ "MINIO_CACHE_WATERMARK_LOW=70",
+ "MINIO_CACHE_WATERMARK_HIGH=90"
]
- minio_buckets = ["logs.fd.io", "docs.fd.io"]
}
-module "nginx" {
- source = "./nginx"
- providers = {
- nomad = nomad.yul1
- }
-
- # nomad
- nomad_datacenters = ["yul1"]
- nomad_host_volume = "prod-volume-data1-1"
-
- # nginx
- nginx_job_name = "prod-nginx"
- nginx_use_host_volume = true
-}
+#module "nginx" {
+# source = "./nginx"
+# providers = {
+# nomad = nomad.yul1
+# }
+#
+# # nomad
+# nomad_datacenters = ["yul1"]
+# nomad_host_volume = "prod-volume-data1-1"
+#
+# # nginx
+# nginx_job_name = "prod-nginx"
+# nginx_use_host_volume = true
+#}
module "prometheus" {
source = "./prometheus"