From 0e324df5451fde281ae967f01ed2dd6f2c7efe6d Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Mon, 2 Mar 2026 01:24:07 +0000 Subject: [PATCH] [ci skip] complete NFS CSI migration: complex stacks + platform modules Migrate remaining multi-volume stacks and all platform modules from inline NFS volumes to CSI-backed PV/PVC with nfs-truenas StorageClass (soft,timeo=30,retrans=3 mount options). Complex stacks: openclaw (4 vols), immich (8 vols), frigate (2 vols), nextcloud (2 vols + old PV replaced), rybbit (1 vol) Remaining stacks: affine, ebook2audiobook, f1-stream, osm_routing, real-estate-crawler Platform modules: monitoring (prometheus, loki, alertmanager PVs converted from native NFS to CSI), redis, dbaas, technitium, headscale, vaultwarden, uptime-kuma, mailserver, infra-maintenance --- stacks/affine/main.tf | 13 +- stacks/ebook2audiobook/main.tf | 31 +++-- stacks/f1-stream/main.tf | 13 +- stacks/frigate/main.tf | 26 +++- stacks/immich/main.tf | 113 +++++++++++++----- stacks/nextcloud/chart_values.yaml | 2 +- stacks/nextcloud/main.tf | 61 ++++------ stacks/openclaw/main.tf | 52 ++++++-- stacks/osm_routing/main.tf | 31 +++-- stacks/platform/modules/dbaas/main.tf | 39 ++++-- stacks/platform/modules/headscale/main.tf | 13 +- .../modules/infra-maintenance/main.tf | 13 +- stacks/platform/modules/mailserver/main.tf | 13 +- .../modules/mailserver/roundcubemail.tf | 26 +++- stacks/platform/modules/monitoring/grafana.tf | 11 +- stacks/platform/modules/monitoring/loki.tf | 11 +- .../platform/modules/monitoring/prometheus.tf | 21 ++-- stacks/platform/modules/redis/main.tf | 13 +- stacks/platform/modules/technitium/ha.tf | 13 +- stacks/platform/modules/technitium/main.tf | 13 +- stacks/platform/modules/uptime-kuma/main.tf | 13 +- stacks/platform/modules/vaultwarden/main.tf | 13 +- stacks/real-estate-crawler/main.tf | 23 ++-- stacks/rybbit/main.tf | 13 +- 24 files changed, 411 insertions(+), 179 deletions(-) diff --git a/stacks/affine/main.tf b/stacks/affine/main.tf index 0e5c3742..1e61409d 100644 --- a/stacks/affine/main.tf +++ b/stacks/affine/main.tf @@ -73,6 +73,14 @@ locals { ] } +module "nfs_data" { + source = "../../modules/kubernetes/nfs_volume" + name = "affine-data" + namespace = kubernetes_namespace.affine.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/affine" +} + resource "kubernetes_deployment" "affine" { metadata { name = "affine" @@ -181,9 +189,8 @@ resource "kubernetes_deployment" "affine" { } volume { name = "data" - nfs { - server = var.nfs_server - path = "/mnt/main/affine" + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } } } diff --git a/stacks/ebook2audiobook/main.tf b/stacks/ebook2audiobook/main.tf index f3fa56fd..f687414d 100644 --- a/stacks/ebook2audiobook/main.tf +++ b/stacks/ebook2audiobook/main.tf @@ -19,6 +19,22 @@ resource "kubernetes_namespace" "ebook2audiobook" { } +module "nfs_data" { + source = "../../modules/kubernetes/nfs_volume" + name = "ebook2audiobook-data" + namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/ebook2audiobook" +} + +module "nfs_audiblez_data" { + source = "../../modules/kubernetes/nfs_volume" + name = "ebook2audiobook-audiblez-data" + namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/audiblez" +} + resource "kubernetes_deployment" "ebook2audiobook" { metadata { name = "ebook2audiobook" @@ -89,9 +105,8 @@ resource "kubernetes_deployment" "ebook2audiobook" { volume { name = "data" - nfs { - server = var.nfs_server - path = "/mnt/main/ebook2audiobook" + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } } } @@ -279,9 +294,8 @@ resource "kubernetes_deployment" "audiblez" { } volume { name = "data" - nfs { - server = var.nfs_server - path = "/mnt/main/audiblez" + persistent_volume_claim { + claim_name = module.nfs_audiblez_data.claim_name } } } @@ -366,9 +380,8 @@ resource "kubernetes_deployment" "audiblez-web" { } volume { name = "data" - nfs { - server = var.nfs_server - path = "/mnt/main/audiblez" + persistent_volume_claim { + claim_name = module.nfs_audiblez_data.claim_name } } } diff --git a/stacks/f1-stream/main.tf b/stacks/f1-stream/main.tf index 23d01639..07628c4f 100644 --- a/stacks/f1-stream/main.tf +++ b/stacks/f1-stream/main.tf @@ -15,6 +15,14 @@ resource "kubernetes_namespace" "f1-stream" { } } +module "nfs_data" { + source = "../../modules/kubernetes/nfs_volume" + name = "f1-stream-data" + namespace = kubernetes_namespace.f1-stream.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/f1-stream" +} + resource "kubernetes_deployment" "f1-stream" { metadata { name = "f1-stream" @@ -70,9 +78,8 @@ resource "kubernetes_deployment" "f1-stream" { } volume { name = "data" - nfs { - server = var.nfs_server - path = "/mnt/main/f1-stream" + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } } } diff --git a/stacks/frigate/main.tf b/stacks/frigate/main.tf index ba28eb34..6ac0054a 100644 --- a/stacks/frigate/main.tf +++ b/stacks/frigate/main.tf @@ -20,6 +20,22 @@ module "tls_secret" { tls_secret_name = var.tls_secret_name } +module "nfs_config" { + source = "../../modules/kubernetes/nfs_volume" + name = "frigate-config" + namespace = kubernetes_namespace.frigate.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/frigate/config" +} + +module "nfs_media" { + source = "../../modules/kubernetes/nfs_volume" + name = "frigate-media" + namespace = kubernetes_namespace.frigate.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/frigate/media" +} + resource "kubernetes_deployment" "frigate" { metadata { name = "frigate" @@ -135,9 +151,8 @@ resource "kubernetes_deployment" "frigate" { volume { name = "config" - nfs { - path = "/mnt/main/frigate/config" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_config.claim_name } } volume { @@ -149,9 +164,8 @@ resource "kubernetes_deployment" "frigate" { } volume { name = "media" - nfs { - path = "/mnt/main/frigate/media" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_media.claim_name } } volume { diff --git a/stacks/immich/main.tf b/stacks/immich/main.tf index c7a05d16..6cc19d96 100644 --- a/stacks/immich/main.tf +++ b/stacks/immich/main.tf @@ -19,6 +19,73 @@ module "tls_secret" { tls_secret_name = var.tls_secret_name } +# NFS volumes for immich-server +module "nfs_backups" { + source = "../../modules/kubernetes/nfs_volume" + name = "immich-backups" + namespace = kubernetes_namespace.immich.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/immich/immich/backups" +} + +module "nfs_encoded_video" { + source = "../../modules/kubernetes/nfs_volume" + name = "immich-encoded-video" + namespace = kubernetes_namespace.immich.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/immich/immich/encoded-video" +} + +module "nfs_library" { + source = "../../modules/kubernetes/nfs_volume" + name = "immich-library" + namespace = kubernetes_namespace.immich.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/immich/immich/library" +} + +module "nfs_profile" { + source = "../../modules/kubernetes/nfs_volume" + name = "immich-profile" + namespace = kubernetes_namespace.immich.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/immich/immich/profile" +} + +module "nfs_thumbs" { + source = "../../modules/kubernetes/nfs_volume" + name = "immich-thumbs" + namespace = kubernetes_namespace.immich.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/ssd/immich/thumbs" +} + +module "nfs_upload" { + source = "../../modules/kubernetes/nfs_volume" + name = "immich-upload" + namespace = kubernetes_namespace.immich.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/immich/immich/upload" +} + +# NFS volume for immich-postgresql (shared with backup cronjob) +module "nfs_postgresql" { + source = "../../modules/kubernetes/nfs_volume" + name = "immich-postgresql-data" + namespace = kubernetes_namespace.immich.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/immich/data-immich-postgresql" +} + +# NFS volume for immich-machine-learning cache +module "nfs_ml_cache" { + source = "../../modules/kubernetes/nfs_volume" + name = "immich-ml-cache" + namespace = kubernetes_namespace.immich.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/ssd/immich/machine-learning" +} + resource "kubernetes_namespace" "immich" { metadata { name = "immich" @@ -186,44 +253,38 @@ resource "kubernetes_deployment" "immich_server" { volume { name = "backups" - nfs { - server = var.nfs_server - path = "/mnt/main/immich/immich/backups" + persistent_volume_claim { + claim_name = module.nfs_backups.claim_name } } volume { name = "encoded-video" - nfs { - server = var.nfs_server - path = "/mnt/main/immich/immich/encoded-video" + persistent_volume_claim { + claim_name = module.nfs_encoded_video.claim_name } } volume { name = "library" - nfs { - server = var.nfs_server - path = "/mnt/main/immich/immich/library" + persistent_volume_claim { + claim_name = module.nfs_library.claim_name } } volume { name = "profile" - nfs { - server = var.nfs_server - path = "/mnt/main/immich/immich/profile" + persistent_volume_claim { + claim_name = module.nfs_profile.claim_name } } volume { name = "thumbs" - nfs { - server = var.nfs_server - path = "/mnt/ssd/immich/thumbs" + persistent_volume_claim { + claim_name = module.nfs_thumbs.claim_name } } volume { name = "upload" - nfs { - server = var.nfs_server - path = "/mnt/main/immich/immich/upload" + persistent_volume_claim { + claim_name = module.nfs_upload.claim_name } } } @@ -316,9 +377,8 @@ resource "kubernetes_deployment" "immich-postgres" { } volume { name = "postgresql-persistent-storage" - nfs { - path = "/mnt/main/immich/data-immich-postgresql" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_postgresql.claim_name } } } @@ -458,10 +518,8 @@ resource "kubernetes_deployment" "immich-machine-learning" { } volume { name = "cache" - nfs { - # path = "/mnt/main/immich/machine-learning" - path = "/mnt/ssd/immich/machine-learning" # load cache from ssd - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_ml_cache.claim_name } } } @@ -550,9 +608,8 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" { } volume { name = "postgresql-backup" - nfs { - path = "/mnt/main/immich/data-immich-postgresql" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_postgresql.claim_name } } } diff --git a/stacks/nextcloud/chart_values.yaml b/stacks/nextcloud/chart_values.yaml index b7be14fb..49f04ac6 100644 --- a/stacks/nextcloud/chart_values.yaml +++ b/stacks/nextcloud/chart_values.yaml @@ -41,7 +41,7 @@ externalDatabase: persistence: enabled: true - existingClaim: nextcloud-data-pvc + existingClaim: nextcloud-data accessMode: ReadWriteOnce size: 100Gi diff --git a/stacks/nextcloud/main.tf b/stacks/nextcloud/main.tf index 835c3a2a..145b2be5 100644 --- a/stacks/nextcloud/main.tf +++ b/stacks/nextcloud/main.tf @@ -91,6 +91,23 @@ resource "helm_release" "nextcloud" { # } # } +module "nfs_nextcloud_data" { + source = "../../modules/kubernetes/nfs_volume" + name = "nextcloud-data" + namespace = kubernetes_namespace.nextcloud.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/nextcloud" + storage = "100Gi" +} + +module "nfs_nextcloud_backup" { + source = "../../modules/kubernetes/nfs_volume" + name = "nextcloud-backup" + namespace = kubernetes_namespace.nextcloud.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/nextcloud-backup" +} + resource "kubernetes_deployment" "whiteboard" { metadata { name = "whiteboard" @@ -160,40 +177,6 @@ resource "kubernetes_service" "whiteboard" { } } -resource "kubernetes_persistent_volume" "nextcloud-data-pv" { - metadata { - name = "nextcloud-data-pv" - } - spec { - capacity = { - "storage" = "100Gi" - } - access_modes = ["ReadWriteOnce"] - persistent_volume_source { - nfs { - path = "/mnt/main/nextcloud" - server = var.nfs_server - } - } - } -} - -resource "kubernetes_persistent_volume_claim" "nextcloud-data-pvc" { - metadata { - name = "nextcloud-data-pvc" - namespace = kubernetes_namespace.nextcloud.metadata[0].name - } - spec { - access_modes = ["ReadWriteOnce"] - resources { - requests = { - "storage" = "100Gi" - } - } - volume_name = "nextcloud-data-pv" - } -} - module "ingress" { source = "../../modules/kubernetes/ingress_factory" namespace = kubernetes_namespace.nextcloud.metadata[0].name @@ -333,17 +316,15 @@ resource "kubernetes_cron_job_v1" "nextcloud-backup" { volume { name = "nextcloud-data" - nfs { - server = var.nfs_server - path = "/mnt/main/nextcloud" + persistent_volume_claim { + claim_name = module.nfs_nextcloud_data.claim_name } } volume { name = "backup" - nfs { - server = var.nfs_server - path = "/mnt/main/nextcloud-backup" + persistent_volume_claim { + claim_name = module.nfs_nextcloud_backup.claim_name } } diff --git a/stacks/openclaw/main.tf b/stacks/openclaw/main.tf index 12328ba7..f4ee3afc 100644 --- a/stacks/openclaw/main.tf +++ b/stacks/openclaw/main.tf @@ -210,6 +210,38 @@ resource "random_password" "gateway_token" { special = false } +module "nfs_tools" { + source = "../../modules/kubernetes/nfs_volume" + name = "openclaw-tools" + namespace = kubernetes_namespace.openclaw.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/openclaw/tools" +} + +module "nfs_openclaw_home" { + source = "../../modules/kubernetes/nfs_volume" + name = "openclaw-home" + namespace = kubernetes_namespace.openclaw.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/openclaw/home" +} + +module "nfs_workspace" { + source = "../../modules/kubernetes/nfs_volume" + name = "openclaw-workspace" + namespace = kubernetes_namespace.openclaw.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/openclaw/workspace" +} + +module "nfs_data" { + source = "../../modules/kubernetes/nfs_volume" + name = "openclaw-data" + namespace = kubernetes_namespace.openclaw.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/openclaw/data" +} + resource "kubernetes_deployment" "openclaw" { metadata { name = "openclaw" @@ -528,30 +560,26 @@ resource "kubernetes_deployment" "openclaw" { volume { name = "tools" - nfs { - server = var.nfs_server - path = "/mnt/main/openclaw/tools" + persistent_volume_claim { + claim_name = module.nfs_tools.claim_name } } volume { name = "openclaw-home" - nfs { - server = var.nfs_server - path = "/mnt/main/openclaw/home" + persistent_volume_claim { + claim_name = module.nfs_openclaw_home.claim_name } } volume { name = "workspace" - nfs { - server = var.nfs_server - path = "/mnt/main/openclaw/workspace" + persistent_volume_claim { + claim_name = module.nfs_workspace.claim_name } } volume { name = "data" - nfs { - server = var.nfs_server - path = "/mnt/main/openclaw/data" + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } } volume { diff --git a/stacks/osm_routing/main.tf b/stacks/osm_routing/main.tf index aad039a6..7a7d343e 100644 --- a/stacks/osm_routing/main.tf +++ b/stacks/osm_routing/main.tf @@ -12,6 +12,22 @@ resource "kubernetes_namespace" "osm-routing" { } } +module "nfs_osrm_data" { + source = "../../modules/kubernetes/nfs_volume" + name = "osm-routing-osrm-data" + namespace = kubernetes_namespace.osm-routing.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/osm-routing/osrm-data" +} + +module "nfs_otp_data" { + source = "../../modules/kubernetes/nfs_volume" + name = "osm-routing-otp-data" + namespace = kubernetes_namespace.osm-routing.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/osm-routing/otp-data" +} + # --- OSRM Foot --- resource "kubernetes_deployment" "osrm-foot" { metadata { @@ -65,9 +81,8 @@ resource "kubernetes_deployment" "osrm-foot" { } volume { name = "osrm-data" - nfs { - server = var.nfs_server - path = "/mnt/main/osm-routing/osrm-data" + persistent_volume_claim { + claim_name = module.nfs_osrm_data.claim_name } } } @@ -147,9 +162,8 @@ resource "kubernetes_deployment" "osrm-bicycle" { } volume { name = "osrm-data" - nfs { - server = var.nfs_server - path = "/mnt/main/osm-routing/osrm-data" + persistent_volume_claim { + claim_name = module.nfs_osrm_data.claim_name } } } @@ -219,9 +233,8 @@ resource "kubernetes_deployment" "otp" { } volume { name = "otp-data" - nfs { - server = var.nfs_server - path = "/mnt/main/osm-routing/otp-data" + persistent_volume_claim { + claim_name = module.nfs_otp_data.claim_name } } } diff --git a/stacks/platform/modules/dbaas/main.tf b/stacks/platform/modules/dbaas/main.tf index a4847099..c68574e3 100644 --- a/stacks/platform/modules/dbaas/main.tf +++ b/stacks/platform/modules/dbaas/main.tf @@ -234,6 +234,30 @@ resource "kubernetes_service" "mysql" { depends_on = [helm_release.mysql_cluster] } +module "nfs_mysql_backup" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "dbaas-mysql-backup" + namespace = kubernetes_namespace.dbaas.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/mysql-backup" +} + +module "nfs_pgadmin" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "dbaas-pgadmin" + namespace = kubernetes_namespace.dbaas.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/postgresql/pgadmin" +} + +module "nfs_postgresql_backup" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "dbaas-postgresql-backup" + namespace = kubernetes_namespace.dbaas.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/postgresql-backup" +} + resource "kubernetes_cron_job_v1" "mysql-backup" { metadata { name = "mysql-backup" @@ -281,9 +305,8 @@ resource "kubernetes_cron_job_v1" "mysql-backup" { } volume { name = "mysql-backup" - nfs { - path = "/mnt/main/mysql-backup" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_mysql_backup.claim_name } } } @@ -927,9 +950,8 @@ resource "kubernetes_deployment" "pgadmin" { # config_map { # name = "pgadmin-config" # } - nfs { - path = "/mnt/main/postgresql/pgadmin" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_pgadmin.claim_name } } dns_config { @@ -1017,9 +1039,8 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" { } volume { name = "postgresql-backup" - nfs { - path = "/mnt/main/postgresql-backup" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_postgresql_backup.claim_name } } } diff --git a/stacks/platform/modules/headscale/main.tf b/stacks/platform/modules/headscale/main.tf index 0284a824..b18c069c 100644 --- a/stacks/platform/modules/headscale/main.tf +++ b/stacks/platform/modules/headscale/main.tf @@ -20,6 +20,14 @@ module "tls_secret" { tls_secret_name = var.tls_secret_name } +module "nfs_data" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "headscale-data" + namespace = kubernetes_namespace.headscale.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/headscale" +} + resource "kubernetes_deployment" "headscale" { metadata { name = "headscale" @@ -111,9 +119,8 @@ resource "kubernetes_deployment" "headscale" { volume { name = "nfs-config" - nfs { - path = "/mnt/main/headscale" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } } # container { diff --git a/stacks/platform/modules/infra-maintenance/main.tf b/stacks/platform/modules/infra-maintenance/main.tf index 1f572630..0eeb68b2 100644 --- a/stacks/platform/modules/infra-maintenance/main.tf +++ b/stacks/platform/modules/infra-maintenance/main.tf @@ -66,6 +66,14 @@ variable "nfs_server" { type = string } # } # } +module "nfs_etcd_backup" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "infra-etcd-backup" + namespace = "default" + nfs_server = var.nfs_server + nfs_path = "/mnt/main/etcd-backup" +} + # # backup etcd resource "kubernetes_cron_job_v1" "backup-etcd" { metadata { @@ -123,9 +131,8 @@ resource "kubernetes_cron_job_v1" "backup-etcd" { volume { name = "backup" - nfs { - path = "/mnt/main/etcd-backup" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_etcd_backup.claim_name } } volume { diff --git a/stacks/platform/modules/mailserver/main.tf b/stacks/platform/modules/mailserver/main.tf index ceaed435..cfbb0b46 100644 --- a/stacks/platform/modules/mailserver/main.tf +++ b/stacks/platform/modules/mailserver/main.tf @@ -154,6 +154,14 @@ resource "kubernetes_secret" "opendkim_key" { } +module "nfs_data" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "mailserver-data" + namespace = kubernetes_namespace.mailserver.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/mailserver" +} + resource "kubernetes_deployment" "mailserver" { metadata { name = "mailserver" @@ -413,9 +421,8 @@ resource "kubernetes_deployment" "mailserver" { } volume { name = "data" - nfs { - path = "/mnt/main/mailserver" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } # iscsi { # target_portal = "iscsi.viktorbarzin.lan:3260" diff --git a/stacks/platform/modules/mailserver/roundcubemail.tf b/stacks/platform/modules/mailserver/roundcubemail.tf index c38bc650..d5be55c3 100644 --- a/stacks/platform/modules/mailserver/roundcubemail.tf +++ b/stacks/platform/modules/mailserver/roundcubemail.tf @@ -1,6 +1,22 @@ variable "roundcube_db_password" { type = string } variable "mysql_host" { type = string } +module "nfs_roundcube_html" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "roundcubemail-html" + namespace = kubernetes_namespace.mailserver.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/roundcubemail/html" +} + +module "nfs_roundcube_enigma" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "roundcubemail-enigma" + namespace = kubernetes_namespace.mailserver.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/roundcubemail/enigma" +} + # If you want to override settings mount this in /var/roundcube/config # more info in https://github.com/roundcube/roundcubemail-docker?tab=readme-ov-file # resource "kubernetes_config_map" "roundcubemail_config" { @@ -147,16 +163,14 @@ resource "kubernetes_deployment" "roundcubemail" { volume { name = "html" - nfs { - path = "/mnt/main/roundcubemail/html" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_roundcube_html.claim_name } } volume { name = "enigma" - nfs { - path = "/mnt/main/roundcubemail/enigma" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_roundcube_enigma.claim_name } } dns_config { diff --git a/stacks/platform/modules/monitoring/grafana.tf b/stacks/platform/modules/monitoring/grafana.tf index aa3c22df..0212be60 100644 --- a/stacks/platform/modules/monitoring/grafana.tf +++ b/stacks/platform/modules/monitoring/grafana.tf @@ -34,11 +34,16 @@ resource "kubernetes_persistent_volume" "alertmanager_pv" { } access_modes = ["ReadWriteOnce"] persistent_volume_source { - nfs { - path = "/mnt/main/alertmanager" - server = var.nfs_server + csi { + driver = "nfs.csi.k8s.io" + volume_handle = "alertmanager-pv" + volume_attributes = { + server = var.nfs_server + share = "/mnt/main/alertmanager" + } } } + storage_class_name = "nfs-truenas" } } # resource "kubernetes_persistent_volume_claim" "grafana_pvc" { diff --git a/stacks/platform/modules/monitoring/loki.tf b/stacks/platform/modules/monitoring/loki.tf index 7cef0ace..91d5cf9d 100644 --- a/stacks/platform/modules/monitoring/loki.tf +++ b/stacks/platform/modules/monitoring/loki.tf @@ -24,11 +24,16 @@ resource "kubernetes_persistent_volume" "loki" { } access_modes = ["ReadWriteOnce"] persistent_volume_source { - nfs { - path = "/mnt/main/loki/loki" - server = var.nfs_server + csi { + driver = "nfs.csi.k8s.io" + volume_handle = "loki" + volume_attributes = { + server = var.nfs_server + share = "/mnt/main/loki/loki" + } } } + storage_class_name = "nfs-truenas" persistent_volume_reclaim_policy = "Retain" volume_mode = "Filesystem" } diff --git a/stacks/platform/modules/monitoring/prometheus.tf b/stacks/platform/modules/monitoring/prometheus.tf index 472603e7..b288b21e 100644 --- a/stacks/platform/modules/monitoring/prometheus.tf +++ b/stacks/platform/modules/monitoring/prometheus.tf @@ -14,7 +14,8 @@ resource "kubernetes_persistent_volume_claim" "prometheus_server_pvc" { } } # storage_class_name = "standard" - volume_name = "prometheus-iscsi-pv" + storage_class_name = "nfs-truenas" + volume_name = "prometheus-iscsi-pv" } } @@ -28,18 +29,16 @@ resource "kubernetes_persistent_volume" "prometheus_server_pvc" { } access_modes = ["ReadWriteOnce"] persistent_volume_source { - nfs { - path = "/mnt/main/prometheus" - server = var.nfs_server + csi { + driver = "nfs.csi.k8s.io" + volume_handle = "prometheus-iscsi-pv" + volume_attributes = { + server = var.nfs_server + share = "/mnt/main/prometheus" + } } - # iscsi { - # fs_type = "ext4" - # iqn = "iqn.2020-12.lan.viktorbarzin:storage:monitoring:prometheus" - # lun = 0 - # target_portal = "iscsi.viktorbarzin.me:3260" - # } - } + storage_class_name = "nfs-truenas" persistent_volume_reclaim_policy = "Retain" volume_mode = "Filesystem" } diff --git a/stacks/platform/modules/redis/main.tf b/stacks/platform/modules/redis/main.tf index 85bcfec3..1026c7a0 100644 --- a/stacks/platform/modules/redis/main.tf +++ b/stacks/platform/modules/redis/main.tf @@ -139,6 +139,14 @@ resource "kubernetes_service" "redis" { depends_on = [helm_release.redis] } +module "nfs_backup" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "redis-backup" + namespace = kubernetes_namespace.redis.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/redis-backup" +} + # Hourly backup: copy RDB snapshot from master to NFS resource "kubernetes_cron_job_v1" "redis-backup" { metadata { @@ -179,9 +187,8 @@ resource "kubernetes_cron_job_v1" "redis-backup" { } volume { name = "backup" - nfs { - path = "/mnt/main/redis-backup" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_backup.claim_name } } } diff --git a/stacks/platform/modules/technitium/ha.tf b/stacks/platform/modules/technitium/ha.tf index b6db1c17..98cd06db 100644 --- a/stacks/platform/modules/technitium/ha.tf +++ b/stacks/platform/modules/technitium/ha.tf @@ -6,6 +6,14 @@ # Both pods share the `dns-server=true` label so the DNS LoadBalancer # in main.tf routes queries to whichever pod is healthy. +module "nfs_secondary_config" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "technitium-secondary-config" + namespace = kubernetes_namespace.technitium.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/technitium-secondary" +} + # Primary-only service for zone transfers (AXFR) and API access resource "kubernetes_service" "technitium_primary" { metadata { @@ -135,9 +143,8 @@ resource "kubernetes_deployment" "technitium_secondary" { } volume { name = "nfs-config" - nfs { - path = "/mnt/main/technitium-secondary" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_secondary_config.claim_name } } dns_config { diff --git a/stacks/platform/modules/technitium/main.tf b/stacks/platform/modules/technitium/main.tf index cfa2487c..7490e422 100644 --- a/stacks/platform/modules/technitium/main.tf +++ b/stacks/platform/modules/technitium/main.tf @@ -81,6 +81,14 @@ resource "kubernetes_config_map" "coredns" { } } +module "nfs_config" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "technitium-config" + namespace = kubernetes_namespace.technitium.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/technitium" +} + resource "kubernetes_deployment" "technitium" { # resource "kubernetes_daemonset" "technitium" { metadata { @@ -196,9 +204,8 @@ resource "kubernetes_deployment" "technitium" { } volume { name = "nfs-config" - nfs { - path = "/mnt/main/technitium" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_config.claim_name } } volume { diff --git a/stacks/platform/modules/uptime-kuma/main.tf b/stacks/platform/modules/uptime-kuma/main.tf index 6fdb4ac0..52bd1bdf 100644 --- a/stacks/platform/modules/uptime-kuma/main.tf +++ b/stacks/platform/modules/uptime-kuma/main.tf @@ -20,6 +20,14 @@ module "tls_secret" { tls_secret_name = var.tls_secret_name } +module "nfs_data" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "uptime-kuma-data" + namespace = kubernetes_namespace.uptime-kuma.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/uptime-kuma" +} + resource "kubernetes_deployment" "uptime-kuma" { metadata { name = "uptime-kuma" @@ -78,9 +86,8 @@ resource "kubernetes_deployment" "uptime-kuma" { } volume { name = "data" - nfs { - server = var.nfs_server - path = "/mnt/main/uptime-kuma" + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } } dns_config { diff --git a/stacks/platform/modules/vaultwarden/main.tf b/stacks/platform/modules/vaultwarden/main.tf index 8ff8d6a7..8b84afbf 100644 --- a/stacks/platform/modules/vaultwarden/main.tf +++ b/stacks/platform/modules/vaultwarden/main.tf @@ -20,6 +20,14 @@ module "tls_secret" { tls_secret_name = var.tls_secret_name } +module "nfs_data" { + source = "../../../../modules/kubernetes/nfs_volume" + name = "vaultwarden-data" + namespace = kubernetes_namespace.vaultwarden.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/vaultwarden" +} + resource "kubernetes_deployment" "vaultwarden" { metadata { name = "vaultwarden" @@ -108,9 +116,8 @@ resource "kubernetes_deployment" "vaultwarden" { } volume { name = "data" - nfs { - path = "/mnt/main/vaultwarden" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } } dns_config { diff --git a/stacks/real-estate-crawler/main.tf b/stacks/real-estate-crawler/main.tf index c893816c..eba835b4 100644 --- a/stacks/real-estate-crawler/main.tf +++ b/stacks/real-estate-crawler/main.tf @@ -23,6 +23,14 @@ module "tls_secret" { tls_secret_name = var.tls_secret_name } +module "nfs_data" { + source = "../../modules/kubernetes/nfs_volume" + name = "real-estate-crawler-data" + namespace = kubernetes_namespace.realestate-crawler.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/real-estate-crawler" +} + resource "kubernetes_deployment" "realestate-crawler-ui" { metadata { name = "realestate-crawler-ui" @@ -207,9 +215,8 @@ resource "kubernetes_deployment" "realestate-crawler-api" { } volume { name = "data" - nfs { - path = "/mnt/main/real-estate-crawler" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } } } @@ -341,9 +348,8 @@ resource "kubernetes_deployment" "realestate-crawler-celery" { } volume { name = "data" - nfs { - path = "/mnt/main/real-estate-crawler" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } } } @@ -439,9 +445,8 @@ resource "kubernetes_deployment" "realestate-crawler-celery-beat" { } volume { name = "data" - nfs { - path = "/mnt/main/real-estate-crawler" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_data.claim_name } } } diff --git a/stacks/rybbit/main.tf b/stacks/rybbit/main.tf index e78950e9..70a123e0 100644 --- a/stacks/rybbit/main.tf +++ b/stacks/rybbit/main.tf @@ -30,6 +30,14 @@ locals { } +module "nfs_clickhouse_data" { + source = "../../modules/kubernetes/nfs_volume" + name = "rybbit-clickhouse-data" + namespace = kubernetes_namespace.rybbit.metadata[0].name + nfs_server = var.nfs_server + nfs_path = "/mnt/main/clickhouse" +} + resource "kubernetes_deployment" "clickhouse" { metadata { name = "clickhouse" @@ -86,9 +94,8 @@ resource "kubernetes_deployment" "clickhouse" { } volume { name = "data" - nfs { - path = "/mnt/main/clickhouse" - server = var.nfs_server + persistent_volume_claim { + claim_name = module.nfs_clickhouse_data.claim_name } } }