Minio gubbins

.gitignore

@@ -1,4 +1,5 @@
 /.idea
+/.debug
 /.terraform
 /terraform.tfstate*
 /.terraform.tfstate*

.terraform.lock.hcl

@@ -1,6 +1,48 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
+provider "registry.terraform.io/brendanthompson/scratch" {
+  version     = "0.4.0"
+  constraints = "0.4.0"
+  hashes = [
+    "h1:MTVRrvKcbCMw67V+QMOWkHaH5W6wusaBwoB2e6HcELM=",
+    "zh:02de448b66fa61d39588dadb267698f361a3b681beb48d6576068923de600df7",
+    "zh:23d038c6571aa3062e36b95bc3c7bcd511da66ae6f7e417ac2eb64b05794cad7",
+    "zh:31061bfe3094360eed7f649ad03d86b67b93af3019170c168888d82cbcffc380",
+    "zh:395932aa5755a5f8e77a429c393182b461c51a583fe17dee38e73aff70bbc640",
+    "zh:3e7b738148381ed501853bb21e34b30ec93320d3fe42cec127aa8513ab975eaf",
+    "zh:49a9a9e03a18ea052cc7ce71646e46f92ffc3ff47f9892182707508a8db2efa9",
+    "zh:5da9a599ebd739e6155a5ed64fec47cc4d44c1d480474235464c475f5db68d38",
+    "zh:8deeba7e7cc41be90b2a433fa69e7b59b5d7d4f35f73aa2c95dbb430bc21b3e2",
+    "zh:c6304ce9f6e499a4b537345c7587c232b6bca4954d7150ace8400ecae38392e5",
+    "zh:c9d3751cc1203a440b215358fb6f38023678ab36da02e28b5d84722fa19d7c48",
+    "zh:d649dcd94424fb23e9caa90a89a9f19c7964d4d56240f2f75c79ff27192f638a",
+    "zh:e4483df0cdfc2dd2210d406e7b4bc3c5940f8e63c9d2fce6958971a1fbc56813",
+    "zh:e71f355566b17fb0d834940a5d46256528684e1b2717eca6752e11cba329fe2f",
+    "zh:fe48ba87307e3b7833793ee7c2dec428aa1ace8af759ef3bbb32380b69d4a2d5",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/local" {
+  version     = "2.5.1"
+  constraints = "~> 2.1"
+  hashes = [
+    "h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=",
+    "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561",
+    "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561",
+    "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5",
+    "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24",
+    "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667",
+    "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8",
+    "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0",
+    "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867",
+    "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4",
+    "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520",
+  ]
+}
+
 provider "registry.terraform.io/hashicorp/random" {
   version     = "3.6.2"
   constraints = "~> 3.3"

docker.tf

@@ -10,12 +10,13 @@ provider "ssh" {
     }
   }
 }
-data "ssh_tunnel" "docker" {
+#data "ssh_tunnel" "docker" {
-  connection_name = "docker_socket_tunnel_california"
+#  connection_name = "docker_socket_tunnel_california"
-  remote = {
+#  remote = {
-    socket = "/var/run/docker.sock"
+#    socket = "/var/run/docker.sock"
-  }
+#  }
-}
+#}
 provider "docker" {
-  host = "tcp://${data.ssh_tunnel.docker.local.address}"
+  #host = "tcp://${data.ssh_tunnel.docker.local.address}"
+  host = "ssh://california.ti"
 }

loadbalancer.tf

@@ -0,0 +1,22 @@
+resource "docker_network" "loadbalancer" {
+  name        = "loadbalancer"
+  driver      = "overlay"
+  attachable  = true
+  ipam_driver = "default"
+  ipam_config {
+    aux_address = {}
+    subnet      = "172.16.0.0/16"
+    gateway     = "172.16.0.1"
+  }
+}
+
+module "nginx" {
+  source = "git::https://code.techinc.nl/grey/terraform-nginx.git"
+  configs = concat(
+    module.minio.nginx_files
+  )
+  networks = [
+    docker_network.loadbalancer,
+  ]
+  replicas = 1
+}

minio.tf

@@ -0,0 +1,6 @@
+module "minio" {
+  source = "./modules/minio"
+  domain = "s3.california.ti"
+  network = docker_network.loadbalancer
+  storage_path = "/media/storage/minio"
+}

modules/minio/inputs.tf

@@ -0,0 +1,20 @@
+variable "admin_username" {
+  type = string
+  description = "The username of the admin user"
+  default = "admin"
+}
+variable "domain" {
+  type = string
+  description = "The domain name of the minio instance"
+}
+variable "network" {
+  type = object({
+    id = string
+    name = string
+  })
+  description = "The network to attach the minio service to"
+}
+variable "storage_path" {
+    type = string
+    description = "The path to the storage directory to use"
+}

modules/minio/minio.tf

@@ -0,0 +1,70 @@
+data "docker_registry_image" "minio" {
+  name     = "quay.io/minio/minio:latest"
+}
+
+resource "random_password" "minio_password" {
+  length  = 32
+  special = false
+}
+
+locals {
+  SERVER_URL = "https://${var.domain}"
+  UI_URL     = "https://${var.domain}/ui/"
+}
+
+resource "docker_service" "minio" {
+  name     = "minio"
+  task_spec {
+    container_spec {
+      image   = "${data.docker_registry_image.minio.name}@${data.docker_registry_image.minio.sha256_digest}"
+      command = ["minio", "server", "/data", ]
+      env = {
+        MINIO_ADDRESS              = "0.0.0.0:9000"
+        MINIO_CONSOLE_ADDRESS      = "0.0.0.0:9001"
+        MINIO_ROOT_USER            = var.admin_username
+        MINIO_ROOT_PASSWORD        = random_password.minio_password.result
+        MINIO_SERVER_URL           = local.SERVER_URL
+        MINIO_BROWSER_REDIRECT_URL = local.UI_URL
+        MINIO_BROWSER_REDIRECT     = true
+        MINIO_API_ROOT_ACCESS      = "on"
+      }
+      mounts {
+        target    = "/data"
+        source    = var.storage_path
+        type      = "bind"
+        read_only = false
+      }
+    }
+    networks_advanced {
+      name = var.network.id
+    }
+    placement {
+      platforms {
+        architecture = "amd64"
+        os           = "linux"
+      }
+    }
+  }
+  update_config {
+    parallelism = 1
+    order       = "stop-first"
+  }
+}
+
+module "minio_nginx_config" {
+  source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
+  hostname      = var.domain
+  //certificate   = acme_certificate.ooo_grey["s3"]
+  service_name  = "minio_s3"
+  upstream_host = "${docker_service.minio.name}:9000"
+  config_prefix = "nginx"
+  extra_upstreams = [
+    {
+      name    = "minio_ui",
+      servers = ["${docker_service.minio.name}:9001"]
+    }
+  ]
+  extra_locations = file("${path.module}/minio_nginx_extra.conf")
+  allow_non_ssl = true
+  allow_ssl = false
+}

modules/minio/minio_nginx_extra.conf

@@ -0,0 +1,25 @@
+  location /ui/ {
+    rewrite ^/ui/(.*) /$1 break;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-NginX-Proxy true;
+
+    # This is necessary to pass the correct IP to be hashed
+    real_ip_header X-Real-IP;
+
+    proxy_connect_timeout 300;
+
+    # To support websockets in MinIO versions released after January 2023
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
+    # Uncomment the following line to set the Origin request to an empty string
+    # proxy_set_header Origin '';
+
+    chunked_transfer_encoding off;
+
+    proxy_pass http://minio_ui;
+  }

modules/minio/outputs.tf

@@ -0,0 +1,12 @@
+output "auth" {
+  value = {
+    user     = docker_service.minio.task_spec[0].container_spec[0].env.MINIO_ROOT_USER
+    password = nonsensitive(docker_service.minio.task_spec[0].container_spec[0].env.MINIO_ROOT_PASSWORD)
+  }
+}
+output "domain" {
+  value = local.SERVER_URL
+}
+output "nginx_files" {
+  value = module.minio_nginx_config.files
+}

modules/minio/terraform.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~>3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.3"
+    }
+  }
+}