-
Notifications
You must be signed in to change notification settings - Fork 0
/
minio.yaml.aged
97 lines (91 loc) · 3.11 KB
/
minio.yaml.aged
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# Install minio helm chart: https://github.com/minio/minio/tree/master/helm/minio
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: minio
namespace: default
labels:
spec:
chart: minio
repo: https://charts.min.io/
version: 4.0.2
targetNamespace: default
valuesContent: |-
# Only needed if Keycloak SSO breaks.
rootUser: root
rootPassword: |-
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNYU0vVlhkcUptUm1YMk5D
U014TDhlVHFlY3o1RUpJV3BlSW43MFY0aEI4CjVwUTlXdDlmcTV3NzBrOGYrdVht
Z1V1YWw4TVZZejlsWmtzWDNycW14ZFEKLS0tIEpOZXRvTjBnS012SXMwSUVXK2lC
UDlVTmRqSUFBdTl4VnpwcHo4OGxXS2sKNFxvlf303wUpCrFf/6zibekrzkjVbfcA
a8Z41Pqw58jSPKWJA8ux/fNMKtHh+KxmNRakGQ==
-----END AGE ENCRYPTED FILE-----
replicas: 1
# TODO: look into running non-root with the media group.
securityContext:
enabled: false
persistence:
enabled: true
existingClaim: minio-pv-claim
resources:
requests:
memory: 256Mi
mode: standalone
environment:
MINIO_IDENTITY_OPENID_CONFIG_URL: "https://keycloak.snow.jflei.com/realms/snow/.well-known/openid-configuration"
MINIO_IDENTITY_OPENID_CLIENT_ID: "minio"
MINIO_IDENTITY_OPENID_CLIENT_SECRET: |-
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdnNKMGxCcUtydUJkakwz
QkJiSVp5clBpOW1Dd1lLU2hCMUt1aGNocDFRCmF2d0FvaDMzVXhpSTgyMUJQTTB1
R0M1OWVlUXBwdDdNNHFTTk9jVHk0OFUKLS0tIFdrZWQvOEtKOGpkMFJQWG5jbTc0
SU5EL3dLaHVQNWFsZmt2RVJuWXQ1eEEKciBL3W8187SCskLvVwso13TMJ6pNgegb
M35X2VzVBYlNcIH3i1+s80lHip5QQ8S759zg8XiaSETHUgtDSsmufg==
-----END AGE ENCRYPTED FILE-----
MINIO_BROWSER_REDIRECT_URL: "https://console.minio.snow.jflei.com"
users:
- accessKey: jfly
secretKey: |-
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDS3NmckJ3d096OVEydU94
eVhCTTd6bTczY21CcGVHVDBMS0d2SCtLRVNnClNuUjJQTVUvb2tCdFA3NmpGWVFC
eEdmMXAyelpLYkZVYk1wNW5GVU11YlUKLS0tIHd3c24rSDdlOVZwc2tnbGpQM1ZJ
d0tTVWJyT3NLUmlmaFJwTkpoSEdjekEK86pCUZS0akwdIAz9HPDbh/5WEALjkvVO
3MLwxwnCJidC/RKWi7Q54/0ve2NdLPaBAG9IoA==
-----END AGE ENCRYPTED FILE-----
policy: consoleAdmin
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- minio.snow.jflei.com
tls:
- hosts:
- minio.snow.jflei.com
secretName: minio-tls
consoleIngress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- console.minio.snow.jflei.com
tls:
- hosts:
- console.minio.snow.jflei.com
secretName: console-minio-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio-pv-claim
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi