Homelab/nomad_jobs/services/minio/minio.nomad.hcl

# The use of Minio in this stack is not architected for high availability or
# data integrity and as such, is not recommended for production use. Instead,
# this is for making an s3 compatible storage available to the service mesh
# and ZFS is relied upon for data integrity within a single node storage pool.

# For a production ready Minio deployment, please start with the following:
# https://min.io/docs/minio/kubernetes/upstream/operations/concepts/architecture.html

# Note: This configures TWO minio instances, one for "HOT" storage made up of
# SSDs and a "WARM" instance with HDDs instead. Manual configuration of tiers
# is required to make use of this feature. TODO: Automate this.

job "minio" {
  datacenters = ["dc1"]
  type        = "service"

  group "minio" {
    count = 1

    network {
      mode = "bridge"
      port "console" {
        to = 9090
      }
    }

    service {
      # Make available to other services by the 'minio' name
      name = "minio"
      port = "9000"
      tags = ["traefik.enable=false"] # Hide minio from traefik

      connect {
        sidecar_service {
          tags = ["traefik.enable=false"] # Hide minio from traefik
        }
      }
    }

    service {
      name = "minio-backend-envoy"
      tags = ["traefik.enable=false"] # Hide minio-backend from traefik
      connect {
        sidecar_service {
          proxy {
            upstreams {
              destination_name = "minio-backend"
              local_bind_address = "127.0.0.1"
              local_bind_port  = 9001
            }
          }
          tags = ["traefik.enable=false"] # Hide minio-backend from traefik
        }
      }
    }

    volume "minio-data" {
      type      = "host"
      source    = "minio-ssd" # Tier 1 Storage Host Volume
    }

    task "minio" {
      driver = "docker"

      volume_mount {
        volume      = "minio-data"
        destination = "/data"
      }

      config {
        image = "quay.io/minio/minio"
        ports = ["console"]
        command = "server"
        args = ["/data", "--console-address", ":9090"]
      }

      resources {
        cpu    = 100
        memory = 2000
      }

      env {
        MINIO_ROOT_USER="op://InfraSecrets/Minio Tier 1/username"
        MINIO_ROOT_PASSWORD="op://InfraSecrets/Minio Tier 1/password"
      }
    }
  }

  group "minio-hdd" {
    count = 1

    network {
      mode = "bridge"
      port "console" {
        to = 9090
      }
    }

    service {
      name = "minio-backend"
      port = "9000"
      tags = ["traefik.enable=false"] # Hide minio-backend from traefik

      connect {
        sidecar_service {
          tags = ["traefik.enable=false"] # Hide minio-backend from traefik
        }
      }
    }
    
    volume "minio-warm-data" {
      type      = "host"
      source    = "minio-hdd" # Tier 2 Storage Host Volume
    }

    task "minio-hdd" {
      driver = "docker"


      volume_mount {
        volume      = "minio-warm-data"
        destination = "/data"
      }

      config {
        image = "quay.io/minio/minio"
        ports = ["console"]
        command = "server"
        args = ["/data", "--console-address", ":9090"]
      }

      resources {
        cpu    = 100
        memory = 2000
      }

      env {
        MINIO_ROOT_USER="op://InfraSecrets/Minio Tier 2/username"
        MINIO_ROOT_PASSWORD="op://InfraSecrets/Minio Tier 2/password"
      }
    }
  }
}