badhouseplants/k8s-deployment
4
0
Fork 0
Code Issues 3 Pull Requests 7 Actions Packages Projects Releases Activity

Migrate minio to the platform namespace

Browse Source
This commit is contained in:
Nikolai Rodionov 2024-09-12 14:45:25 +02:00
parent 009b6c599a
commit 4b92f2fb8b
Signed by: allanger
GPG Key ID: 0AA46A90E25592AD
4 changed files with 51 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
installations/applications/helmfile.yaml
View File

@ -85,14 +85,15 @@ releases:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: ext-tcp-routes - template: ext-tcp-routes
#- name: vaultwardentest
# chart: allangers-charts/vaultwarden
# version: 2.1.0
# namespace: applications
# inherit:
# - template: default-env-values
# - template: default-env-secrets
- name: shadowsocks-libev - name: shadowsocks-libev
#- name: vaultwardentest
# chart: allangers-charts/vaultwarden
# version: 2.1.0
# namespace: applications
# inherit:
# - template: default-env-values
# - template: default-env-secrets
chart: allangers-charts/shadowsocks-libev chart: allangers-charts/shadowsocks-libev
namespace: applications namespace: applications
version: 0.3.1 version: 0.3.1

43
installations/platform/helmfile.yaml
View File

@ -10,16 +10,12 @@ repositories:
url: https://zotregistry.dev/helm-charts/ url: https://zotregistry.dev/helm-charts/
- name: bedag - name: bedag
url: https://bedag.github.io/helm-charts/ url: https://bedag.github.io/helm-charts/
- name: minio-standalone
url: https://charts.min.io/
- name: minio
url: https://operator.min.io/
- name: fluxcd-community
url: https://fluxcd-community.github.io/helm-charts
- name: crossplane-stable - name: crossplane-stable
url: https://charts.crossplane.io/stable url: https://charts.crossplane.io/stable
- name: goauthentik - name: goauthentik
url: https://charts.goauthentik.io/ url: https://charts.goauthentik.io/
- name: minio-standalone
url: https://charts.min.io/
releases: releases:
- name: argocd - name: argocd
chart: argo/argo-cd chart: argo/argo-cd
@ -30,12 +26,6 @@ releases:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- name: flux
chart: fluxcd-community/flux2
namespace: platform
condition: workload.enabled
version: 2.13.0
installed: false
- name: db-operator - name: db-operator
namespace: platform namespace: platform
chart: db-operator/db-operator chart: db-operator/db-operator
@ -69,32 +59,12 @@ releases:
inherit: inherit:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- name: minio-operator
chart: minio/operator
version: 6.0.3
namespace: platform
installed: false
condition: workload.enabled
inherit:
- template: default-env-values
- name: minio-tenant
chart: minio/tenant
version: 6.0.3
namespace: platform
installed: false
condition: workload.enabled
needs:
- platform/minio-operator
inherit:
- template: default-env-values
- name: crossplane - name: crossplane
# - template: default-env-secrets
chart: crossplane-stable/crossplane chart: crossplane-stable/crossplane
installed: false
version: 1.17.0 version: 1.17.0
namespace: platform namespace: platform
condition: workload.enabled condition: workload.enabled
installed: true
inherit: inherit:
- template: default-env-values - template: default-env-values
- name: authentik - name: authentik
@ -106,3 +76,10 @@ releases:
- template: default-env-values - template: default-env-values
- template: default-env-secrets - template: default-env-secrets
- template: ext-database - template: ext-database
- name: minio
chart: minio-standalone/minio
version: 5.2.0
namespace: platform
inherit:
- template: default-env-values
- template: default-env-secrets

32
manifests/network-policy.yaml Normal file
View File

@ -0,0 +1,32 @@
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: default-deny-all
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: allow-internet-only
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- to:
ports:
- protocol: TCP
port: 53
- protocol: UDP
port: 53
- to:
- ipBlock:
cidr: 0.0.0.0/0
except:
- 10.0.0.0/8
- 192.168.0.0/16
- 172.16.0.0/20

5
values/badhouseplants/values.minio.yaml
View File

@ -1,4 +1,3 @@
---
# ------------------------------------------ # ------------------------------------------
# -- Istio extenstion. Just because I'm # -- Istio extenstion. Just because I'm
# -- not using ingress nginx # -- not using ingress nginx
@ -18,7 +17,6 @@ istio:
hostname: s3.badhouseplants.net hostname: s3.badhouseplants.net
service: minio service: minio
port: 9000 port: 9000
ingress: ingress:
enabled: true enabled: true
ingressClassName: ~ ingressClassName: ~
@ -53,7 +51,6 @@ consoleIngress:
- secretName: minio-tls-secret - secretName: minio-tls-secret
hosts: hosts:
- minio.badhouseplants.net - minio.badhouseplants.net
rootUser: 'overlord' rootUser: 'overlord'
replicas: 1 replicas: 1
mode: standalone mode: standalone
@ -66,7 +63,7 @@ tls:
privateKey: private.key privateKey: private.key
persistence: persistence:
enabled: true enabled: true
accessMode: ReadWriteOnce accessMode: ReadWriteMany
size: 10Gi size: 10Gi
service: service:
type: ClusterIP type: ClusterIP