k3s-cluster/cluster/apps/database/minio/helm-release.yaml

132 lines
3.2 KiB
YAML
Raw Normal View History

2023-04-14 23:49:30 +00:00
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
2023-04-14 23:51:18 +00:00
name: minio
2023-04-14 23:49:30 +00:00
namespace: database
spec:
interval: 5m
chart:
spec:
2023-04-15 00:17:25 +00:00
chart: app-template
version: 1.3.x
2023-04-14 23:49:30 +00:00
sourceRef:
kind: HelmRepository
2023-04-15 00:17:25 +00:00
name: bjws-charts
2023-04-14 23:49:30 +00:00
namespace: flux-system
2023-04-15 00:17:25 +00:00
2023-04-14 23:49:30 +00:00
values:
2023-04-15 00:17:25 +00:00
image:
repository: quay.io/minio/minio
tag: RELEASE.2023-04-13T03-08-07Z
env:
TZ: "America/New_York"
MINIO_UPDATE: "off"
MINIO_BROWSER_REDIRECT_URL: "https://minio.${SECRET_NEW_DOMAIN}"
MINIO_SERVER_URL: "https://s3.${SECRET_NEW_DOMAIN}"
2023-04-15 00:17:25 +00:00
envFrom:
- secretRef:
name: minio-secret
args: ["server", "/data", "--console-address", ":9090"]
2023-04-14 23:49:30 +00:00
2023-04-15 00:17:25 +00:00
service:
main:
enabled: true
ports:
http:
port: &console-port 9090
2023-04-15 00:17:25 +00:00
api:
enabled: true
port: &api-port 9000
2023-08-25 14:23:02 +00:00
serviceMonitor:
main:
enabled: true
labels:
release: kube-prometheus-stack
endpoints:
- port: http
interval: 60s
scrapeTimeout: 5s
path: /minio/v2/metrics/cluster
bearerTokenSecret:
name: minio-metrics-token
key: bearerToken
2023-04-15 00:17:25 +00:00
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /minio/health/live
port: *api-port
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: false
2023-04-14 23:49:30 +00:00
2023-04-15 00:17:25 +00:00
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: &console-host minio.${SECRET_NEW_DOMAIN}
paths:
- path: /
pathType: Prefix
service:
port: *console-port
tls:
- hosts:
- *console-host
secretName: wildcard-main-tls
2023-04-15 00:20:34 +00:00
2023-04-15 00:17:25 +00:00
s3:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: &api-host s3.${SECRET_NEW_DOMAIN}
paths:
- path: /
pathType: Prefix
service:
port: *api-port
2023-04-26 00:07:10 +00:00
- host: &api-host-wildcard "*.s3.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
service:
port: *api-port
2023-04-15 00:17:25 +00:00
tls:
- hosts:
- *api-host
2023-04-26 00:07:10 +00:00
- *api-host-wildcard
2023-04-15 00:17:25 +00:00
secretName: wildcard-main-tls
2023-04-14 23:49:30 +00:00
2023-04-15 00:17:25 +00:00
podSecurityContext:
runAsUser: 10000
runAsGroup: 10000
2023-04-15 00:17:25 +00:00
fsGroup: 100
fsGroupChangePolicy: "OnRootMismatch"
2023-04-14 23:49:30 +00:00
persistence:
2023-04-15 00:17:25 +00:00
storage:
enabled: true
type: hostPath
2023-04-15 00:20:34 +00:00
hostPath: /mnt/MainPool/Kubernetes/databases/minio
2023-04-15 00:17:25 +00:00
mountPath: /data
2023-04-14 23:49:30 +00:00
2023-04-15 00:17:25 +00:00
resources:
requests:
memory: 100Mi
cpu: 10m
limits:
memory: 750Mi