k3s-cluster/cluster/apps/database/minio/helm-release.yaml

apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: minio
  namespace: database
spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 1.3.x
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system
        
  values:
    image:
      repository: quay.io/minio/minio
      tag: RELEASE.2023-04-13T03-08-07Z
    env:
      TZ: "America/New_York"
      MINIO_UPDATE: "off"
      MINIO_BROWSER_REDIRECT_URL: "https://minio.${SECRET_NEW_DOMAIN}"
      MINIO_SERVER_URL: "https://s3.${SECRET_NEW_DOMAIN}"
    envFrom:
      - secretRef:
          name: minio-secret
    
    args: ["server", "/data", "--console-address", ":9090"]

    service:
      main:
        enabled: true
        ports:
          http:
            port: &console-port 9090
          api:
            enabled: true
            port: &api-port 9000
            
    serviceMonitor:
      main:
        enabled: true
        labels:
          release: kube-prometheus-stack
        endpoints:
        - port: api
          interval: 15s
          scrapeTimeout: 5s
          path: /minio/v2/metrics/cluster
          bearerTokenSecret:
            name: minio-metrics-token
            key: bearerToken

    probes:
      liveness: &probes
        enabled: true
        custom: true
        spec:
          httpGet:
            path: /minio/health/live
            port: *api-port
          initialDelaySeconds: 0
          periodSeconds: 10
          timeoutSeconds: 1
          failureThreshold: 3
      readiness: *probes
      startup:
        enabled: false

    ingress:
      main:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
          - host: &console-host minio.${SECRET_NEW_DOMAIN}
            paths:
              - path: /
                pathType: Prefix
                service:
                  port: *console-port
        tls:
          - hosts:
              - *console-host

      s3:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
          - host: &api-host s3.${SECRET_NEW_DOMAIN}
            paths:
              - path: /
                pathType: Prefix
                service:
                  port: *api-port
          - host: &api-host-wildcard "*.s3.${SECRET_NEW_DOMAIN}"
            paths:
              - path: /
                pathType: Prefix
                service:
                  port: *api-port
        tls:
          - hosts:
              - *api-host
              - *api-host-wildcard

    podSecurityContext:
      runAsUser: 10000
      runAsGroup: 10000
      fsGroup: 100
      fsGroupChangePolicy: "OnRootMismatch"
    
    persistence:
      storage:
        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Kubernetes/databases/minio
        mountPath: /data
    
    resources:
      requests:
        memory: 100Mi
        cpu: 10m
      limits:
        memory: 750Mi