Add Minio Service

nomad_jobs/services/minio/minio.nomad.hcl

@@ -0,0 +1,143 @@
+# The use of Minio in this stack is not architected for high availability or
+# data integrity and as such, is not recommended for production use. Instead,
+# this is for making an s3 compatible storage available to the service mesh
+# and ZFS is relied upon for data integrity within a single node storage pool.
+
+# For a production ready Minio deployment, please start with the following:
+# https://min.io/docs/minio/kubernetes/upstream/operations/concepts/architecture.html
+
+# Note: This configures TWO minio instances, one for "HOT" storage made up of
+# SSDs and a "WARM" instance with HDDs instead. Manual configuration of tiers
+# is required to make use of this feature. TODO: Automate this.
+
+job "minio" {
+  datacenters = ["dc1"]
+  type        = "service"
+
+  group "minio" {
+    count = 1
+
+    network {
+      mode = "bridge"
+      port "console" {
+        to = 9090
+      }
+    }
+
+    service {
+      # Make available to other services by the 'minio' name
+      name = "minio"
+      port = "9000"
+      tags = ["traefik.enable=false"] # Hide minio from traefik
+
+      connect {
+        sidecar_service {
+          tags = ["traefik.enable=false"] # Hide minio from traefik
+        }
+      }
+    }
+
+    service {
+      name = "minio-backend-envoy"
+      tags = ["traefik.enable=false"] # Hide minio-backend from traefik
+      connect {
+        sidecar_service {
+          proxy {
+            upstreams {
+              destination_name = "minio-backend"
+              local_bind_address = "127.0.0.1"
+              local_bind_port  = 9001
+            }
+          }
+          tags = ["traefik.enable=false"] # Hide minio-backend from traefik
+        }
+      }
+    }
+
+    volume "minio-data" {
+      type      = "host"
+      source    = "minio-ssd" # Tier 1 Storage Host Volume
+    }
+
+    task "minio" {
+      driver = "docker"
+
+      volume_mount {
+        volume      = "minio-data"
+        destination = "/data"
+      }
+
+      config {
+        image = "quay.io/minio/minio"
+        ports = ["console"]
+        command = "server"
+        args = ["/data", "--console-address", ":9090"]
+      }
+
+      resources {
+        cpu    = 100
+        memory = 2000
+      }
+
+      env {
+        MINIO_ROOT_USER="op://InfraSecrets/Minio Tier 1/username"
+        MINIO_ROOT_PASSWORD="op://InfraSecrets/Minio Tier 1/password"
+      }
+    }
+  }
+
+  group "minio-hdd" {
+    count = 1
+
+    network {
+      mode = "bridge"
+      port "console" {
+        to = 9090
+      }
+    }
+
+    service {
+      name = "minio-backend"
+      port = "9000"
+      tags = ["traefik.enable=false"] # Hide minio-backend from traefik
+
+      connect {
+        sidecar_service {
+          tags = ["traefik.enable=false"] # Hide minio-backend from traefik
+        }
+      }
+    }
+    
+    volume "minio-warm-data" {
+      type      = "host"
+      source    = "minio-hdd" # Tier 2 Storage Host Volume
+    }
+
+    task "minio-hdd" {
+      driver = "docker"
+
+
+      volume_mount {
+        volume      = "minio-warm-data"
+        destination = "/data"
+      }
+
+      config {
+        image = "quay.io/minio/minio"
+        ports = ["console"]
+        command = "server"
+        args = ["/data", "--console-address", ":9090"]
+      }
+
+      resources {
+        cpu    = 100
+        memory = 2000
+      }
+
+      env {
+        MINIO_ROOT_USER="op://InfraSecrets/Minio Tier 2/username"
+        MINIO_ROOT_PASSWORD="op://InfraSecrets/Minio Tier 2/password"
+      }
+    }
+  }
+}