Dont use bitnami/minio helm chart
This commit is contained in:
parent
4b97aa3573
commit
5228ee74a5
|
@ -7,29 +7,105 @@ spec:
|
||||||
interval: 5m
|
interval: 5m
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: minio
|
chart: app-template
|
||||||
version: 12.2.x
|
version: 1.3.x
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bitnami-charts
|
name: bjws-charts
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
|
|
||||||
values:
|
values:
|
||||||
auth:
|
image:
|
||||||
existingSecret: "minio-secret"
|
repository: quay.io/minio/minio
|
||||||
|
tag: RELEASE.2023-04-13T03-08-07Z
|
||||||
|
env:
|
||||||
|
TZ: "America/New_York"
|
||||||
|
MINIO_UPDATE: "off"
|
||||||
|
MINIO_BROWSER_REDIRECT_URL: "https://minio.${SECRET_DOMAIN}"
|
||||||
|
MINIO_SERVER_URL: "https://s3.${SECRET_DOMAIN}"
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: minio-secret
|
||||||
|
|
||||||
|
args: ["server", "/data", "--console-address", ":9001"]
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: &console-port 9001
|
||||||
|
api:
|
||||||
|
enabled: true
|
||||||
|
port: &api-port 9000
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness: &probes
|
||||||
|
enabled: true
|
||||||
|
custom: true
|
||||||
|
spec:
|
||||||
|
httpGet:
|
||||||
|
path: /minio/health/live
|
||||||
|
port: *api-port
|
||||||
|
initialDelaySeconds: 0
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 1
|
||||||
|
failureThreshold: 3
|
||||||
|
readiness: *probes
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
main:
|
||||||
hostname: "minio.${SECRET_NEW_DOMAIN}"
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
hosts:
|
||||||
|
- host: &console-host minio.${SECRET_NEW_DOMAIN}
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
service:
|
||||||
|
port: *console-port
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *console-host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
|
s3:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
hosts:
|
||||||
|
- host: &api-host s3.${SECRET_NEW_DOMAIN}
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
service:
|
||||||
|
port: *api-port
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *api-host
|
||||||
|
secretName: wildcard-main-tls
|
||||||
|
|
||||||
apiIngress:
|
podSecurityContext:
|
||||||
enabled: true
|
runAsUser: 1024
|
||||||
hostname: "s3.${SECRET_NEW_DOMAIN}"
|
runAsGroup: 100
|
||||||
|
fsGroup: 100
|
||||||
tls:
|
fsGroupChangePolicy: "OnRootMismatch"
|
||||||
enabled: true
|
|
||||||
existingSecret: "wildcard-main-tls"
|
|
||||||
|
|
||||||
# Note: This is only available in standalone mode, not in distributed mode
|
|
||||||
persistence:
|
|
||||||
existingClaim: "postgresql-pv-claim"
|
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
storage:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/minio
|
||||||
|
mountPath: /data
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: 100Mi
|
||||||
|
cpu: 10m
|
||||||
|
limits:
|
||||||
|
memory: 750Mi
|
|
@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./minio.sops.yaml
|
- ./minio.sops.yaml
|
||||||
- ./minio-pv.yaml
|
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
|
@ -1,27 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolume
|
|
||||||
metadata:
|
|
||||||
name: minio-pv
|
|
||||||
namespace: database
|
|
||||||
spec:
|
|
||||||
storageClassName: hostpath
|
|
||||||
persistentVolumeReclaimPolicy: Retain
|
|
||||||
capacity:
|
|
||||||
storage: 100Gi
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
hostPath:
|
|
||||||
path: "/mnt/MainPool/Kubernetes/databases/minio"
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
metadata:
|
|
||||||
name: minio-pv-claim
|
|
||||||
namespace: database
|
|
||||||
spec:
|
|
||||||
storageClassName: hostpath
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 100Gi
|
|
|
@ -4,16 +4,16 @@ metadata:
|
||||||
name: minio-secret
|
name: minio-secret
|
||||||
namespace: database
|
namespace: database
|
||||||
stringData:
|
stringData:
|
||||||
root-user: ENC[AES256_GCM,data:eISjlQ==,iv:eNbddpAADIvhx6kNBsFClGygmwUgZmZvwHNSDtijvts=,tag:fdF4nAR3UpwAOO4dF6Vc4Q==,type:str]
|
MINIO_ROOT_USER: ENC[AES256_GCM,data:xEqc/w==,iv:QNJlfvs/uIWuTZ5i/OuGKRvK0iYhbO2bMI9oufCYQAI=,tag:Ck6DVPTcqcDpuM1SUBl+xA==,type:str]
|
||||||
root-password: ENC[AES256_GCM,data:BRpms+OcNHActb4=,iv:pWW7zgYZJ/PKORDKsQ5XuxLczPxnMFsprvq5kqANLrY=,tag:mZf+ul4HlACducRJyPkNHA==,type:str]
|
MINIO_ROOT_PASSWORD: ENC[AES256_GCM,data:G83RzKMZ8L7F4e0=,iv:UidYzq8QTNX0/xTGcozEI8kvKJD8g58g2Z45Pihtpmw=,tag:UhnngTLbV3ZWK+4jF2hQQw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age: []
|
age: []
|
||||||
lastmodified: "2023-04-14T23:37:34Z"
|
lastmodified: "2023-04-15T00:16:34Z"
|
||||||
mac: ENC[AES256_GCM,data:QnKfDtijgkqz3X1E0T9Fb/okOqORHUAmWwbWPBal93CrPbHRYv8y6gUglxVo9hrItG06y187RbNz76uWyqpTIeNZr1nW84f9jf/74vSNmi3NiCGH+Ztu9AkpY14qZlKg8k9MwSV3hXspZae2UqJTWMAm96jTexGI/uGrUOZz1iI=,iv:oe5OgYpR8yFVOATzEC9wCiE/YuZgRJyWnWHzia/Dlyg=,tag:ZCMd0JsNMDMQFG/eQFPTIg==,type:str]
|
mac: ENC[AES256_GCM,data:evOpEk01hJma7fD46PpjXtIeMJ2vLrMEdC4J08djTAFLFZ5R0xCzx7Q1LqpUYYbD6+/Np7KgS8J5Y3vG3XR+IBKJOa5e3Td8ark9ZX9uyeAs6OY/knBg/N8CaArAktb4ZKVAjd5qH3K+jex9NOKQMc05NnCfrxweMGI7GZMJ75c=,iv:jWERVLB3gHD1Dli3K4qKP1C4iSsSs2h6VBVsgIKSzmY=,tag:+wVUGRkMx1FRX/1/wLRVkg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-04-07T01:57:22Z"
|
- created_at: "2023-04-07T01:57:22Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
Loading…
Reference in New Issue