DevOpsTools/K3S
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
80dbf686b08fb28c688ef06a3fa0943704988f5b
K3S/addons/minio/role/tasks/main.yml
Sergey Antropoff 80dbf686b0 feat: добавить аддоны postgresql, mysql, databasus, minio, velero, crowdsec 
Базы данных:
- addons/postgresql: Bitnami PostgreSQL (Helm), vault_postgresql_*
- addons/mysql: Bitnami MySQL (Helm), vault_mysql_*

Объектное хранилище и backup:
- addons/minio: Bitnami MinIO в distributed режиме (4 ноды по умолчанию)
- addons/velero: backup кластера через Velero + MinIO как S3 backend;
  bucket создаётся автоматически через mc Job; daily schedule 02:00

Безопасность:
- addons/crowdsec: CrowdSec LAPI + DaemonSet агенты, мониторит ingress-nginx;
  опциональный nginx bouncer (crowdsec_nginx_bouncer_enabled: true)

Резервное копирование БД:
- addons/databasus: OCI chart, автоматически подключается к addon_postgresql
  и addon_mysql когда те включены (shared endpoint через postgresql_external_host
  и mysql_external_host)

Общее:
- group_vars/all/addons.yml: флаги addon_* + конфиги для всех 6 аддонов;
  shared DB endpoints postgresql_external_host / mysql_external_host
- group_vars/all/vault.yml.example: примеры паролей для всех аддонов
- Makefile: targets addon-postgresql/mysql/databasus/minio/velero/crowdsec
2026-04-25 11:11:18 +03:00

78 lines
3.3 KiB
YAML
Raw Blame History

---
- name: Add Bitnami Helm repo
kubernetes.core.helm_repository:
name: bitnami
repo_url: "{{ minio_chart_repo }}"
environment:
KUBECONFIG: "{{ k3s_kubeconfig_path }}"
- name: Deploy MinIO via Helm
kubernetes.core.helm:
name: minio
chart_ref: bitnami/minio
chart_version: "{{ minio_version }}"
release_namespace: "{{ minio_namespace }}"
create_namespace: true
wait: true
timeout: "15m0s"
values:
auth:
rootUser: "{{ minio_root_user }}"
rootPassword: "{{ minio_root_password }}"
mode: "{{ minio_mode }}"
statefulset:
replicaCount: "{{ minio_replicas }}"
persistence:
enabled: true
size: "{{ minio_storage_size }}"
storageClass: "{{ minio_storage_class }}"
ingress:
enabled: "{{ minio_ingress_enabled | bool }}"
ingressClassName: "{{ minio_ingress_class }}"
hostname: "{{ minio_console_ingress_host }}"
tls: "{{ minio_ingress_tls | bool }}"
annotations: >-
{{ {'cert-manager.io/cluster-issuer': minio_ingress_cert_issuer}
if minio_ingress_tls | bool else {} }}
apiIngress:
enabled: "{{ minio_ingress_enabled | bool }}"
ingressClassName: "{{ minio_ingress_class }}"
hostname: "{{ minio_api_ingress_host }}"
tls: "{{ minio_ingress_tls | bool }}"
annotations: >-
{{ {'cert-manager.io/cluster-issuer': minio_ingress_cert_issuer}
if minio_ingress_tls | bool else {} }}
resources: "{{ minio_resources }}"
environment:
KUBECONFIG: "{{ k3s_kubeconfig_path }}"
- name: Wait for MinIO StatefulSet to be ready
ansible.builtin.command: >
k3s kubectl -n {{ minio_namespace }}
rollout status statefulset/minio --timeout=300s
become: true
register: _minio_ready
changed_when: false
retries: 3
delay: 15
until: _minio_ready.rc == 0
failed_when: false
- name: Show MinIO access info
ansible.builtin.debug:
msg:
- "══════════════════════════════════════════════"
- " MinIO установлен (режим: {{ minio_mode }}, реплик: {{ minio_replicas }})"
- "══════════════════════════════════════════════"
- " Namespace: {{ minio_namespace }}"
- " S3 API: minio.{{ minio_namespace }}.svc.cluster.local:9000"
- " Root user: {{ minio_root_user }}"
- "{% if minio_ingress_enabled %} Консоль: http{{ 's' if minio_ingress_tls | bool else '' }}://{{ minio_console_ingress_host }}{% endif %}"
- "{% if minio_ingress_enabled %} S3 endpoint:http{{ 's' if minio_ingress_tls | bool else '' }}://{{ minio_api_ingress_host }}{% endif %}"
- "──────────────────────────────────────────────"
- " Port-forward консоли:"
- " kubectl port-forward -n {{ minio_namespace }} svc/minio 9001:9001"
- " Port-forward S3 API:"
- " kubectl port-forward -n {{ minio_namespace }} svc/minio 9000:9000"
- "══════════════════════════════════════════════"
Reference in New Issue View Git Blame Copy Permalink