167 lines
3.7 KiB
YAML
167 lines
3.7 KiB
YAML
# ------------------------------------------
|
|
# -- Istio extenstion. Just because I'm
|
|
# -- not using ingress nginx
|
|
# ------------------------------------------
|
|
istio:
|
|
enabled: true
|
|
istio:
|
|
- name: minio-http
|
|
gateway: istio-system/badhouseplants-net
|
|
kind: http
|
|
hostname: minio.badhouseplants.net
|
|
service: minio-console
|
|
port: 9001
|
|
- name: s3-http
|
|
gateway: istio-system/badhouseplants-net
|
|
kind: http
|
|
hostname: s3.badhouseplants.net
|
|
service: minio
|
|
port: 9000
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: ~
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
kubernetes.io/tls-acme: "true"
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
kubernetes.io/ingress.global-static-ip-name: ""
|
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
|
path: /
|
|
hosts:
|
|
- s3.badhouseplants.net
|
|
tls:
|
|
- secretName: s3-tls-secret
|
|
hosts:
|
|
- s3.badhouseplants.net
|
|
consoleIngress:
|
|
enabled: true
|
|
ingressClassName: ~
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
kubernetes.io/tls-acme: "true"
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
kubernetes.io/ingress.global-static-ip-name: ""
|
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
|
path: /
|
|
hosts:
|
|
- minio.badhouseplants.net
|
|
tls:
|
|
- secretName: minio-tls-secret
|
|
hosts:
|
|
- minio.badhouseplants.net
|
|
rootUser: 'overlord'
|
|
replicas: 1
|
|
mode: standalone
|
|
environment:
|
|
MINIO_SERVER_URL: "https://s3.badhouseplants.net:443"
|
|
tls:
|
|
enabled: false
|
|
certSecret: ''
|
|
publicCrt: public.crt
|
|
privateKey: private.key
|
|
persistence:
|
|
enabled: true
|
|
accessMode: ReadWriteMany
|
|
size: 10Gi
|
|
service:
|
|
type: ClusterIP
|
|
clusterIP: ~
|
|
port: '9000'
|
|
consoleService:
|
|
type: ClusterIP
|
|
clusterIP: ~
|
|
port: '9001'
|
|
resources:
|
|
requests:
|
|
memory: 2Gi
|
|
buckets:
|
|
- name: badhouseplants-net
|
|
policy: download
|
|
purge: false
|
|
versioning: false
|
|
- name: badhouseplants-js
|
|
policy: download
|
|
purge: false
|
|
versioning: false
|
|
- name: badhouseplants-net-main
|
|
policy: download
|
|
purge: false
|
|
versioning: false
|
|
- name: sharing
|
|
policy: download
|
|
purge: false
|
|
versioning: false
|
|
- name: allanger-music
|
|
policy: download
|
|
purge: false
|
|
- name: navidrome
|
|
policy: download
|
|
purge: false
|
|
- name: minecraft-mods
|
|
policy: download
|
|
purge: false
|
|
versioning: false
|
|
- name: zot
|
|
policy: none
|
|
purge: false
|
|
versioning: false
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: false
|
|
public: true
|
|
additionalLabels: {}
|
|
policies:
|
|
- name: allanger
|
|
statements:
|
|
- resources:
|
|
- 'arn:aws:s3:::*'
|
|
actions:
|
|
- "s3:*"
|
|
- resources: []
|
|
actions:
|
|
- "admin:*"
|
|
- resources: []
|
|
actions:
|
|
- "kms:*"
|
|
- name: Admins
|
|
statements:
|
|
- resources:
|
|
- 'arn:aws:s3:::*'
|
|
actions:
|
|
- "s3:*"
|
|
- resources: []
|
|
actions:
|
|
- "admin:*"
|
|
- resources: []
|
|
actions:
|
|
- "kms:*"
|
|
- name: DevOps
|
|
statements:
|
|
- resources:
|
|
- 'arn:aws:s3:::badhouseplants-net'
|
|
actions:
|
|
- "s3:*"
|
|
- resources:
|
|
- 'arn:aws:s3:::badhouseplants-net/*'
|
|
actions:
|
|
- "s3:*"
|
|
- name: sharing
|
|
statements:
|
|
- resources:
|
|
- 'arn:aws:s3:::sharing'
|
|
actions:
|
|
- "s3:*"
|
|
- resources:
|
|
- 'arn:aws:s3:::sharing/*'
|
|
actions:
|
|
- "s3:*"
|
|
- name: zot
|
|
statements:
|
|
- resources:
|
|
- 'arn:aws:s3:::zot'
|
|
- 'arn:aws:s3:::zot/*'
|
|
actions:
|
|
- 's3:*'
|