From 5228ee74a5b6c1d49640021e294dee584835bb23 Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Fri, 14 Apr 2023 20:17:25 -0400 Subject: [PATCH] Dont use bitnami/minio helm chart --- cluster/apps/database/minio/helm-release.yaml | 112 +++++++++++++++--- .../apps/database/minio/kustomization.yaml | 1 - cluster/apps/database/minio/minio-pv.yaml | 27 ----- cluster/apps/database/minio/minio.sops.yaml | 8 +- 4 files changed, 98 insertions(+), 50 deletions(-) delete mode 100644 cluster/apps/database/minio/minio-pv.yaml diff --git a/cluster/apps/database/minio/helm-release.yaml b/cluster/apps/database/minio/helm-release.yaml index bfc30df..9fb66cf 100644 --- a/cluster/apps/database/minio/helm-release.yaml +++ b/cluster/apps/database/minio/helm-release.yaml @@ -7,29 +7,105 @@ spec: interval: 5m chart: spec: - chart: minio - version: 12.2.x + chart: app-template + version: 1.3.x sourceRef: kind: HelmRepository - name: bitnami-charts + name: bjws-charts namespace: flux-system + values: - auth: - existingSecret: "minio-secret" + image: + repository: quay.io/minio/minio + tag: RELEASE.2023-04-13T03-08-07Z + env: + TZ: "America/New_York" + MINIO_UPDATE: "off" + MINIO_BROWSER_REDIRECT_URL: "https://minio.${SECRET_DOMAIN}" + MINIO_SERVER_URL: "https://s3.${SECRET_DOMAIN}" + envFrom: + - secretRef: + name: minio-secret + + args: ["server", "/data", "--console-address", ":9001"] + + service: + main: + enabled: true + ports: + http: + port: &console-port 9001 + api: + enabled: true + port: &api-port 9000 + + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /minio/health/live + port: *api-port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false ingress: - enabled: true - hostname: "minio.${SECRET_NEW_DOMAIN}" + main: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + traefik.ingress.kubernetes.io/router.entrypoints: websecure + hosts: + - host: &console-host minio.${SECRET_NEW_DOMAIN} + paths: + - path: / + pathType: Prefix + service: + port: *console-port + tls: + - hosts: + - *console-host + secretName: wildcard-main-tls + + s3: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + traefik.ingress.kubernetes.io/router.entrypoints: websecure + hosts: + - host: &api-host s3.${SECRET_NEW_DOMAIN} + paths: + - path: / + pathType: Prefix + service: + port: *api-port + tls: + - hosts: + - *api-host + secretName: wildcard-main-tls - apiIngress: - enabled: true - hostname: "s3.${SECRET_NEW_DOMAIN}" - - tls: - enabled: true - existingSecret: "wildcard-main-tls" - - # Note: This is only available in standalone mode, not in distributed mode - persistence: - existingClaim: "postgresql-pv-claim" + podSecurityContext: + runAsUser: 1024 + runAsGroup: 100 + fsGroup: 100 + fsGroupChangePolicy: "OnRootMismatch" + persistence: + storage: + enabled: true + type: hostPath + hostPath: /mnt/MainPool/Kubernetes/minio + mountPath: /data + + resources: + requests: + memory: 100Mi + cpu: 10m + limits: + memory: 750Mi \ No newline at end of file diff --git a/cluster/apps/database/minio/kustomization.yaml b/cluster/apps/database/minio/kustomization.yaml index bd780d7..e0db846 100644 --- a/cluster/apps/database/minio/kustomization.yaml +++ b/cluster/apps/database/minio/kustomization.yaml @@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./minio.sops.yaml -- ./minio-pv.yaml - ./helm-release.yaml \ No newline at end of file diff --git a/cluster/apps/database/minio/minio-pv.yaml b/cluster/apps/database/minio/minio-pv.yaml deleted file mode 100644 index 7e648e2..0000000 --- a/cluster/apps/database/minio/minio-pv.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: minio-pv - namespace: database -spec: - storageClassName: hostpath - persistentVolumeReclaimPolicy: Retain - capacity: - storage: 100Gi - accessModes: - - ReadWriteOnce - hostPath: - path: "/mnt/MainPool/Kubernetes/databases/minio" ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: minio-pv-claim - namespace: database -spec: - storageClassName: hostpath - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi \ No newline at end of file diff --git a/cluster/apps/database/minio/minio.sops.yaml b/cluster/apps/database/minio/minio.sops.yaml index d30a2b2..06e3012 100644 --- a/cluster/apps/database/minio/minio.sops.yaml +++ b/cluster/apps/database/minio/minio.sops.yaml @@ -4,16 +4,16 @@ metadata: name: minio-secret namespace: database stringData: - root-user: ENC[AES256_GCM,data:eISjlQ==,iv:eNbddpAADIvhx6kNBsFClGygmwUgZmZvwHNSDtijvts=,tag:fdF4nAR3UpwAOO4dF6Vc4Q==,type:str] - root-password: ENC[AES256_GCM,data:BRpms+OcNHActb4=,iv:pWW7zgYZJ/PKORDKsQ5XuxLczPxnMFsprvq5kqANLrY=,tag:mZf+ul4HlACducRJyPkNHA==,type:str] + MINIO_ROOT_USER: ENC[AES256_GCM,data:xEqc/w==,iv:QNJlfvs/uIWuTZ5i/OuGKRvK0iYhbO2bMI9oufCYQAI=,tag:Ck6DVPTcqcDpuM1SUBl+xA==,type:str] + MINIO_ROOT_PASSWORD: ENC[AES256_GCM,data:G83RzKMZ8L7F4e0=,iv:UidYzq8QTNX0/xTGcozEI8kvKJD8g58g2Z45Pihtpmw=,tag:UhnngTLbV3ZWK+4jF2hQQw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-04-14T23:37:34Z" - mac: ENC[AES256_GCM,data:QnKfDtijgkqz3X1E0T9Fb/okOqORHUAmWwbWPBal93CrPbHRYv8y6gUglxVo9hrItG06y187RbNz76uWyqpTIeNZr1nW84f9jf/74vSNmi3NiCGH+Ztu9AkpY14qZlKg8k9MwSV3hXspZae2UqJTWMAm96jTexGI/uGrUOZz1iI=,iv:oe5OgYpR8yFVOATzEC9wCiE/YuZgRJyWnWHzia/Dlyg=,tag:ZCMd0JsNMDMQFG/eQFPTIg==,type:str] + lastmodified: "2023-04-15T00:16:34Z" + mac: ENC[AES256_GCM,data:evOpEk01hJma7fD46PpjXtIeMJ2vLrMEdC4J08djTAFLFZ5R0xCzx7Q1LqpUYYbD6+/Np7KgS8J5Y3vG3XR+IBKJOa5e3Td8ark9ZX9uyeAs6OY/knBg/N8CaArAktb4ZKVAjd5qH3K+jex9NOKQMc05NnCfrxweMGI7GZMJ75c=,iv:jWERVLB3gHD1Dli3K4qKP1C4iSsSs2h6VBVsgIKSzmY=,tag:+wVUGRkMx1FRX/1/wLRVkg==,type:str] pgp: - created_at: "2023-04-07T01:57:22Z" enc: |