othrayte/infra
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Setup mounting smb shares as volumes using csi

Browse Source
This commit is contained in:
Adrian Cowan
2025-05-01 03:52:34 +10:00
parent 874f17aa74
commit 9c06f0bd80
9 changed files with 588 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

229
2-nomad-config/terraform.tfstate
View File

@@ -1,10 +1,97 @@
{
"version": 4,
"terraform_version": "1.11.4",
"serial": 206,
"serial": 333,
"lineage": "15e0900c-88bc-9754-4600-e3977d018ba0",
"outputs": {},
"resources": [
{
"mode": "data",
"type": "nomad_plugin",
"name": "smb",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"controller_required": false,
"controllers_expected": 0,
"controllers_healthy": 0,
"id": "smb",
"nodes": [
{
"healthy": true,
"healthy_description": "healthy",
"name": "0db77253-0579-e8b0-42cd-d619af9d8e73"
}
],
"nodes_expected": 1,
"nodes_healthy": 1,
"plugin_id": "smb",
"plugin_provider": "smb.csi.k8s.io",
"plugin_provider_version": "v1.7.0",
"wait_for_healthy": true,
"wait_for_registration": false
},
"sensitive_attributes": []
}
]
},
{
"mode": "managed",
"type": "nomad_job",
"name": "csi-smb",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [
"*"
],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
"deregister_on_id_change": true,
"detach": true,
"hcl2": [],
"id": "csi-smb",
"jobspec": "job \"csi-smb\" {\n type = \"system\"\n\n group \"smb\" {\n task \"plugin\" {\n driver = \"docker\"\n\n config {\n image = \"mcr.microsoft.com/k8s/csi/smb-csi:v1.7.0\"\n args = [\n \"--v=5\",\n \"--nodeid=${attr.unique.hostname}\",\n \"--endpoint=unix:///csi/csi.sock\",\n \"--drivername=smb.csi.k8s.io\"\n ]\n privileged = true\n }\n\n csi_plugin {\n id = \"smb\"\n type = \"node\"\n mount_dir = \"/csi\"\n }\n\n resources {\n cpu = 100\n memory = 50\n }\n }\n }\n}",
"json": null,
"modify_index": "11526",
"name": "csi-smb",
"namespace": "default",
"policy_override": null,
"purge_on_destroy": null,
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "running",
"task_groups": [
{
"count": 1,
"meta": {},
"name": "smb",
"task": [
{
"driver": "docker",
"meta": {},
"name": "plugin",
"volume_mounts": []
}
],
"volumes": []
}
],
"timeouts": null,
"type": "system"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
},
{
"mode": "managed",
"type": "nomad_job",
@@ -15,7 +102,9 @@
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [],
"datacenters": [
"*"
],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
@@ -133,9 +222,9 @@
"detach": true,
"hcl2": [],
"id": "traefik",
"jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n middlewares:\n - auth@file\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n basicAuth:\n users:\n - \"othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/\"\n \n routers:\n nomadui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomadui\n consului:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consului\n\n services:\n nomadui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consului:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n",
"jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 80\n }\n\n port \"https\" {\n static = 443\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.traefik.rule=Host(`traefik.othrayte.one`)\",\n \"traefik.http.routers.traefik.service=traefik\",\n \"traefik.http.services.traefik.loadbalancer.server.port=8081\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n volume \"traefik\" {\n type = \"host\"\n read_only = false\n source = \"traefik\"\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.yml:/etc/traefik/traefik.yml\",\n \"local/configs/:/etc/traefik/configs/\"\n ]\n }\n\n volume_mount {\n volume = \"traefik\"\n destination = \"/opt/traefik\"\n read_only = false\n }\n\n template {\n data = \u003c\u003cEOF\nentryPoints:\n web:\n address: \":80\"\n http:\n redirections:\n entryPoint:\n to: websecure\n scheme: https\n websecure:\n address: \":443\"\n http:\n middlewares:\n - auth@file\n tls:\n certResolver: letsencrypt\n traefik:\n address: \":8081\"\n\napi:\n dashboard: true\n insecure: true\n\nproviders:\n file:\n directory: \"/etc/traefik/configs/\"\n\n consulCatalog:\n prefix: \"traefik\"\n exposedByDefault: false\n defaultRule: {{\"Host(`{{ .Name }}.othrayte.one`)\"}}\n endpoint:\n address: \"127.0.0.1:8500\"\n scheme: \"http\"\n\ncertificatesResolvers:\n letsencrypt:\n acme:\n email: \"othrayte@gmail.com\"\n storage: \"/opt/traefik/acme.json\"\n httpChallenge:\n entryPoint: web\nEOF\n\n destination = \"local/traefik.yml\"\n }\n\n template {\n data = \u003c\u003cEOF\nhttp:\n middlewares:\n auth:\n basicAuth:\n users:\n - \"othrayte:$apr1$7PqVUfNm$Go/SNo6y331KYDnQdOLIt/\"\n \n routers:\n nomad-ui:\n rule: \"Host(`nomad.othrayte.one`)\"\n service: nomad-ui\n consul-ui:\n rule: \"Host(`consul.othrayte.one`)\"\n service: consul-ui\n unraid:\n rule: \"Host(`unraid.othrayte.one`)\"\n service: unraid\n\n services:\n nomad-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:4646\"\n consul-ui:\n loadBalancer:\n servers:\n - url: \"http://127.0.0.1:8500\"\n unraid:\n loadBalancer:\n servers:\n - url: \"http://192.168.1.192:80\"\nEOF\n\n destination = \"local/configs/nomad.yml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n",
"json": null,
"modify_index": "9314",
"modify_index": "10880",
"name": "traefik",
"namespace": "default",
"policy_override": null,
@@ -181,6 +270,74 @@
}
]
},
{
"mode": "managed",
"type": "nomad_job",
"name": "volume_test",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [
"*"
],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
"deregister_on_id_change": true,
"detach": true,
"hcl2": [],
"id": "volume-test",
"jobspec": "job \"volume-test\" {\n group \"web\" {\n network {\n port \"www\" {\n to = 80\n }\n }\n\n volume \"unraid_transfer_use\" {\n type = \"csi\"\n source = \"unraid_transfer_id5\"\n access_mode = \"single-node-writer\"\n attachment_mode = \"file-system\"\n read_only = true\n\n mount_options {\n fs_type = \"ext4\"\n mount_flags = [\"noatime\"]\n }\n }\n\n service {\n name = \"volume-test\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"webserver\" {\n driver = \"docker\"\n\n config {\n image = \"nginx:latest\"\n\n ports = [\"www\"]\n # volumes = [\n # \"local:/usr/share/nginx/html:ro\"\n # ]\n }\n\n volume_mount {\n volume = \"unraid_transfer_use\"\n\t destination = \"/usr/share/nginx/html/transfer\"\n read_only = true\n }\n\n # template {\n # data = \"\u003ch1\u003eVolume Test 1\u003c/h1\u003e\"\n # destination = \"local/index.html\"\n # }\n\n resources {\n cpu = 500\n memory = 256\n }\n }\n\n # volume \"local\" {\n # type = \"csi\"\n # source = \"unraid_transfer\"\n # read_only = true\n # access_mode = \"single-node-writer\"\n # attachment_mode = \"file-system\"\n # }\n }\n}",
"json": null,
"modify_index": "12228",
"name": "volume-test",
"namespace": "default",
"policy_override": null,
"purge_on_destroy": null,
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "running",
"task_groups": [
{
"count": 1,
"meta": {},
"name": "web",
"task": [
{
"driver": "docker",
"meta": {},
"name": "webserver",
"volume_mounts": [
{
"destination": "/usr/share/nginx/html/transfer",
"read_only": true,
"volume": "unraid_transfer_use"
}
]
}
],
"volumes": [
{
"name": "unraid_transfer_use",
"read_only": true,
"source": "unraid_transfer_id5",
"type": "csi"
}
]
}
],
"timeouts": null,
"type": "service"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
},
{
"mode": "managed",
"type": "nomad_job",
@@ -235,6 +392,70 @@
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
},
{
"mode": "managed",
"type": "nomad_volume",
"name": "unraid_transfer",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"access_mode": null,
"attachment_mode": null,
"capability": [
{
"access_mode": "single-node-writer",
"attachment_mode": "file-system"
}
],
"context": {
"source": "//192.168.1.192/transfer"
},
"controller_required": false,
"controllers_expected": 0,
"controllers_healthy": 0,
"deregister_on_destroy": true,
"external_id": "unraid_transfer_ext",
"id": "unraid_transfer_id5",
"mount_options": [],
"name": "unraid_transfer_name",
"namespace": "default",
"nodes_expected": 1,
"nodes_healthy": 1,
"parameters": {
"csi.storage.k8s.io/node-stage-secret-name": "smbcreds",
"csi.storage.k8s.io/node-stage-secret-namespace": "default",
"source": "//192.168.1.192/transfer"
},
"plugin_id": "smb",
"plugin_provider": "smb.csi.k8s.io",
"plugin_provider_version": "v1.7.0",
"schedulable": true,
"secrets": {
"password": "",
"username": "anon"
},
"topologies": [],
"topology_request": [],
"type": "csi",
"volume_id": "unraid_transfer_id5"
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "secrets"
}
]
],
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==",
"dependencies": [
"data.nomad_plugin.smb"
]
}
]
}
],
"check_results": null