137 lines
4.0 KiB
YAML
137 lines
4.0 KiB
YAML
secrets: null
|
|
tenant:
|
|
name: minio
|
|
# The Kubernetes secret name that contains MinIO environment variable configurations.
|
|
# The secret is expected to have a key named config.env containing environment variables exports.
|
|
existingSecret: false
|
|
configSecret:
|
|
name: myminio-env-configuration
|
|
accessKey: minio
|
|
secretKey: minio123
|
|
pools:
|
|
- servers: 1
|
|
storageClassName: ceph-filesystem
|
|
name: main
|
|
volumesPerServer: 1
|
|
size: 5Gi
|
|
storageAnnotations: { }
|
|
annotations: { }
|
|
labels: { }
|
|
tolerations: [ ]
|
|
nodeSelector: { }
|
|
resources: { }
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
runAsNonRoot: true
|
|
containerSecurityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
topologySpreadConstraints: [ ]
|
|
env:
|
|
- name: MINIO_IDENTITY_OPENID_CONFIG_URL
|
|
value: https://authentik.badhouseplants.net/application/o/minio/.well-known/openid-configuration
|
|
- name: MINIO_IDENTITY_OPENID_CLIENT_ID
|
|
value: minio
|
|
- name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
|
|
value: Z2vCo8rw5jsEVZlvc3wCjPjUIcN31PAxEJQvZvzfawUtWPRCefk8uCjzffsOlK61RImz7IRUeGOfBeDnt7Xa8hpnhkXe6Dq2kBF0lZaUh0v3Jm3HV9zNONdAjxWaUJrh
|
|
- name: MINIO_IDENTITY_OPENID_SCOPES
|
|
value: openid,profile,email,groups
|
|
- name: MINIO_IDENTITY_OPENID_CLAIM_NAME
|
|
value: groups
|
|
- name: MINIO_IDENTITY_OPENID_REDIRECT_URI
|
|
value: https://minio-new.badhouseplants.net/oauth_callback
|
|
- name: MINIO_IDENTITY_OPENID_DISPLAY_NAME
|
|
value: Authentik
|
|
- name: MINIO_SERVER_URL
|
|
value: https://s3-new.badhouseplants.net:443
|
|
mountPath: /export
|
|
subPath: /data
|
|
metrics:
|
|
enabled: false
|
|
port: 9000
|
|
protocol: http
|
|
certificate:
|
|
externalCaCertSecret: [ ]
|
|
externalCertSecret: [ ]
|
|
requestAutoCert: false
|
|
certConfig: { }
|
|
features:
|
|
bucketDNS: false
|
|
domains: { }
|
|
enableSFTP: false
|
|
###
|
|
# Array of objects describing one or more buckets to create during tenant provisioning.
|
|
# Example:
|
|
#
|
|
# .. code-block:: yaml
|
|
#
|
|
# - name: my-minio-bucket
|
|
# objectLock: false # optional
|
|
# region: us-east-1 # optional
|
|
buckets:
|
|
- name: test
|
|
users: [ ]
|
|
podManagementPolicy: Parallel
|
|
liveness: { }
|
|
readiness: { }
|
|
startup: { }
|
|
lifecycle: { }
|
|
prometheusOperator: false
|
|
additionalVolumes: [ ]
|
|
###
|
|
# An array of volume mount points associated to each Tenant container.
|
|
#
|
|
# Specify each item in the array as follows:
|
|
#
|
|
# .. code-block:: yaml
|
|
#
|
|
# volumeMounts:
|
|
# - name: volumename
|
|
# mountPath: /path/to/mount
|
|
#
|
|
# The ``name`` field must correspond to an entry in the ``additionalVolumes`` array.
|
|
additionalVolumeMounts: [ ]
|
|
ingress:
|
|
api:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
kubernetes.io/tls-acme: "true"
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
kubernetes.io/ingress.global-static-ip-name: ""
|
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
|
tls:
|
|
- secretName: s3-new.badhouseplants.net
|
|
hosts:
|
|
- s3-new.badhouseplants.net
|
|
host: s3-new.badhouseplants.net
|
|
path: /
|
|
pathType: Prefix
|
|
console:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
kubernetes.io/tls-acme: "true"
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
kubernetes.io/ingress.global-static-ip-name: ""
|
|
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
|
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
|
tls:
|
|
- secretName: minio-new.badhouseplants.net
|
|
hosts:
|
|
- minio-new.badhouseplants.net
|
|
host: minio-new.badhouseplants.net
|
|
path: /
|
|
pathType: Prefix
|