apiVersion: apps/v1
kind: Deployment
metadata:
  name: minio
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: minio
    app.kubernetes.io/component: storage
    app.kubernetes.io/part-of: bakery-ia
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: minio
      app.kubernetes.io/component: storage
  template:
    metadata:
      labels:
        app.kubernetes.io/name: minio
        app.kubernetes.io/component: storage
    spec:
      # Init container to set up TLS certificates with correct permissions
      initContainers:
      - name: init-certs
        image: busybox:1.36
        command:
        - sh
        - -c
        - |
          mkdir -p /certs/CAs
          cp /certs-secret/minio-cert.pem /certs/public.crt
          cp /certs-secret/minio-key.pem /certs/private.key
          cp /certs-secret/ca-cert.pem /certs/CAs/ca.crt
          chmod 600 /certs/private.key
          chmod 644 /certs/public.crt /certs/CAs/ca.crt
        volumeMounts:
        - name: certs-secret
          mountPath: /certs-secret
          readOnly: true
        - name: certs
          mountPath: /certs
      containers:
      - name: minio
        image: minio/minio:RELEASE.2024-11-07T00-52-20Z
        args:
        - server
        - /data
        - --console-address
        - :9001
        - --address
        - :9000
        - --certs-dir
        - /certs
        env:
        - name: MINIO_ROOT_USER
          valueFrom:
            secretKeyRef:
              name: minio-secrets
              key: MINIO_ROOT_USER
        - name: MINIO_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: minio-secrets
              key: MINIO_ROOT_PASSWORD
        # Enable TLS for MinIO
        - name: MINIO_SERVER_URL
          value: "https://minio.bakery-ia.svc.cluster.local:9000"
        - name: MINIO_BROWSER_REDIRECT_URL
          value: "https://minio-console.bakery-ia.svc.cluster.local:9001"
        ports:
        - containerPort: 9000
          name: api
        - containerPort: 9001
          name: console
        volumeMounts:
        - name: minio-data
          mountPath: /data
        - name: certs
          mountPath: /certs
          readOnly: true
        resources:
          requests:
            memory: "512Mi"
            cpu: "200m"
          limits:
            memory: "2Gi"
            cpu: "1000m"
        livenessProbe:
          httpGet:
            path: /minio/health/live
            port: 9000
            scheme: HTTPS
          initialDelaySeconds: 30
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /minio/health/ready
            port: 9000
            scheme: HTTPS
          initialDelaySeconds: 5
          periodSeconds: 15
      volumes:
      - name: minio-data
        persistentVolumeClaim:
          claimName: minio-data
      - name: certs-secret
        secret:
          secretName: minio-tls
      - name: certs
        emptyDir: {}

---
apiVersion: v1
kind: Service
metadata:
  name: minio
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: minio
    app.kubernetes.io/component: storage
spec:
  type: ClusterIP
  ports:
  - port: 9000
    targetPort: 9000
    protocol: TCP
    name: api
  - port: 9001
    targetPort: 9001
    protocol: TCP
    name: console
  selector:
    app.kubernetes.io/name: minio
    app.kubernetes.io/component: storage

---
apiVersion: v1
kind: Service
metadata:
  name: minio-console
  namespace: bakery-ia
  labels:
    app.kubernetes.io/name: minio
    app.kubernetes.io/component: storage
spec:
  type: ClusterIP
  ports:
  - port: 9001
    targetPort: 9001
    protocol: TCP
    name: console
  selector:
    app.kubernetes.io/name: minio
    app.kubernetes.io/component: storage