Dont use bitnami/minio helm chart

This commit is contained in:
SeanOMik 2023-04-14 20:17:25 -04:00
parent 4b97aa3573
commit 5228ee74a5
Signed by: SeanOMik
GPG Key ID: 568F326C7EB33ACB
4 changed files with 98 additions and 50 deletions

View File

@ -7,29 +7,105 @@ spec:
interval: 5m interval: 5m
chart: chart:
spec: spec:
chart: minio chart: app-template
version: 12.2.x version: 1.3.x
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: bitnami-charts name: bjws-charts
namespace: flux-system namespace: flux-system
values: values:
auth: image:
existingSecret: "minio-secret" repository: quay.io/minio/minio
tag: RELEASE.2023-04-13T03-08-07Z
env:
TZ: "America/New_York"
MINIO_UPDATE: "off"
MINIO_BROWSER_REDIRECT_URL: "https://minio.${SECRET_DOMAIN}"
MINIO_SERVER_URL: "https://s3.${SECRET_DOMAIN}"
envFrom:
- secretRef:
name: minio-secret
args: ["server", "/data", "--console-address", ":9001"]
service:
main:
enabled: true
ports:
http:
port: &console-port 9001
api:
enabled: true
port: &api-port 9000
probes:
liveness: &probes
enabled: true
custom: true
spec:
httpGet:
path: /minio/health/live
port: *api-port
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readiness: *probes
startup:
enabled: false
ingress: ingress:
enabled: true main:
hostname: "minio.${SECRET_NEW_DOMAIN}" enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: &console-host minio.${SECRET_NEW_DOMAIN}
paths:
- path: /
pathType: Prefix
service:
port: *console-port
tls:
- hosts:
- *console-host
secretName: wildcard-main-tls
s3:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: &api-host s3.${SECRET_NEW_DOMAIN}
paths:
- path: /
pathType: Prefix
service:
port: *api-port
tls:
- hosts:
- *api-host
secretName: wildcard-main-tls
apiIngress: podSecurityContext:
enabled: true runAsUser: 1024
hostname: "s3.${SECRET_NEW_DOMAIN}" runAsGroup: 100
fsGroup: 100
tls: fsGroupChangePolicy: "OnRootMismatch"
enabled: true
existingSecret: "wildcard-main-tls"
# Note: This is only available in standalone mode, not in distributed mode
persistence:
existingClaim: "postgresql-pv-claim"
persistence:
storage:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/minio
mountPath: /data
resources:
requests:
memory: 100Mi
cpu: 10m
limits:
memory: 750Mi

View File

@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./minio.sops.yaml - ./minio.sops.yaml
- ./minio-pv.yaml
- ./helm-release.yaml - ./helm-release.yaml

View File

@ -1,27 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv
namespace: database
spec:
storageClassName: hostpath
persistentVolumeReclaimPolicy: Retain
capacity:
storage: 100Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/MainPool/Kubernetes/databases/minio"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio-pv-claim
namespace: database
spec:
storageClassName: hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi

View File

@ -4,16 +4,16 @@ metadata:
name: minio-secret name: minio-secret
namespace: database namespace: database
stringData: stringData:
root-user: ENC[AES256_GCM,data:eISjlQ==,iv:eNbddpAADIvhx6kNBsFClGygmwUgZmZvwHNSDtijvts=,tag:fdF4nAR3UpwAOO4dF6Vc4Q==,type:str] MINIO_ROOT_USER: ENC[AES256_GCM,data:xEqc/w==,iv:QNJlfvs/uIWuTZ5i/OuGKRvK0iYhbO2bMI9oufCYQAI=,tag:Ck6DVPTcqcDpuM1SUBl+xA==,type:str]
root-password: ENC[AES256_GCM,data:BRpms+OcNHActb4=,iv:pWW7zgYZJ/PKORDKsQ5XuxLczPxnMFsprvq5kqANLrY=,tag:mZf+ul4HlACducRJyPkNHA==,type:str] MINIO_ROOT_PASSWORD: ENC[AES256_GCM,data:G83RzKMZ8L7F4e0=,iv:UidYzq8QTNX0/xTGcozEI8kvKJD8g58g2Z45Pihtpmw=,tag:UhnngTLbV3ZWK+4jF2hQQw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2023-04-14T23:37:34Z" lastmodified: "2023-04-15T00:16:34Z"
mac: ENC[AES256_GCM,data:QnKfDtijgkqz3X1E0T9Fb/okOqORHUAmWwbWPBal93CrPbHRYv8y6gUglxVo9hrItG06y187RbNz76uWyqpTIeNZr1nW84f9jf/74vSNmi3NiCGH+Ztu9AkpY14qZlKg8k9MwSV3hXspZae2UqJTWMAm96jTexGI/uGrUOZz1iI=,iv:oe5OgYpR8yFVOATzEC9wCiE/YuZgRJyWnWHzia/Dlyg=,tag:ZCMd0JsNMDMQFG/eQFPTIg==,type:str] mac: ENC[AES256_GCM,data:evOpEk01hJma7fD46PpjXtIeMJ2vLrMEdC4J08djTAFLFZ5R0xCzx7Q1LqpUYYbD6+/Np7KgS8J5Y3vG3XR+IBKJOa5e3Td8ark9ZX9uyeAs6OY/knBg/N8CaArAktb4ZKVAjd5qH3K+jex9NOKQMc05NnCfrxweMGI7GZMJ75c=,iv:jWERVLB3gHD1Dli3K4qKP1C4iSsSs2h6VBVsgIKSzmY=,tag:+wVUGRkMx1FRX/1/wLRVkg==,type:str]
pgp: pgp:
- created_at: "2023-04-07T01:57:22Z" - created_at: "2023-04-07T01:57:22Z"
enc: | enc: |