154 lines
3.7 KiB
YAML
154 lines
3.7 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: minio
|
|
namespace: bakery-ia
|
|
labels:
|
|
app.kubernetes.io/name: minio
|
|
app.kubernetes.io/component: storage
|
|
app.kubernetes.io/part-of: bakery-ia
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: minio
|
|
app.kubernetes.io/component: storage
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: minio
|
|
app.kubernetes.io/component: storage
|
|
spec:
|
|
# Init container to set up TLS certificates with correct permissions
|
|
initContainers:
|
|
- name: init-certs
|
|
image: busybox:1.36
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
mkdir -p /certs/CAs
|
|
cp /certs-secret/minio-cert.pem /certs/public.crt
|
|
cp /certs-secret/minio-key.pem /certs/private.key
|
|
cp /certs-secret/ca-cert.pem /certs/CAs/ca.crt
|
|
chmod 600 /certs/private.key
|
|
chmod 644 /certs/public.crt /certs/CAs/ca.crt
|
|
volumeMounts:
|
|
- name: certs-secret
|
|
mountPath: /certs-secret
|
|
readOnly: true
|
|
- name: certs
|
|
mountPath: /certs
|
|
containers:
|
|
- name: minio
|
|
image: minio/minio:RELEASE.2024-11-07T00-52-20Z
|
|
args:
|
|
- server
|
|
- /data
|
|
- --console-address
|
|
- :9001
|
|
- --address
|
|
- :9000
|
|
- --certs-dir
|
|
- /certs
|
|
env:
|
|
- name: MINIO_ROOT_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: minio-secrets
|
|
key: MINIO_ROOT_USER
|
|
- name: MINIO_ROOT_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: minio-secrets
|
|
key: MINIO_ROOT_PASSWORD
|
|
# Enable TLS for MinIO
|
|
- name: MINIO_SERVER_URL
|
|
value: "https://minio.bakery-ia.svc.cluster.local:9000"
|
|
- name: MINIO_BROWSER_REDIRECT_URL
|
|
value: "https://minio-console.bakery-ia.svc.cluster.local:9001"
|
|
ports:
|
|
- containerPort: 9000
|
|
name: api
|
|
- containerPort: 9001
|
|
name: console
|
|
volumeMounts:
|
|
- name: minio-data
|
|
mountPath: /data
|
|
- name: certs
|
|
mountPath: /certs
|
|
readOnly: true
|
|
resources:
|
|
requests:
|
|
memory: "512Mi"
|
|
cpu: "200m"
|
|
limits:
|
|
memory: "2Gi"
|
|
cpu: "1000m"
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /minio/health/live
|
|
port: 9000
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 30
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /minio/health/ready
|
|
port: 9000
|
|
scheme: HTTPS
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 15
|
|
volumes:
|
|
- name: minio-data
|
|
persistentVolumeClaim:
|
|
claimName: minio-data
|
|
- name: certs-secret
|
|
secret:
|
|
secretName: minio-tls
|
|
- name: certs
|
|
emptyDir: {}
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: minio
|
|
namespace: bakery-ia
|
|
labels:
|
|
app.kubernetes.io/name: minio
|
|
app.kubernetes.io/component: storage
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 9000
|
|
targetPort: 9000
|
|
protocol: TCP
|
|
name: api
|
|
- port: 9001
|
|
targetPort: 9001
|
|
protocol: TCP
|
|
name: console
|
|
selector:
|
|
app.kubernetes.io/name: minio
|
|
app.kubernetes.io/component: storage
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: minio-console
|
|
namespace: bakery-ia
|
|
labels:
|
|
app.kubernetes.io/name: minio
|
|
app.kubernetes.io/component: storage
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 9001
|
|
targetPort: 9001
|
|
protocol: TCP
|
|
name: console
|
|
selector:
|
|
app.kubernetes.io/name: minio
|
|
app.kubernetes.io/component: storage |