stabify/gitops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(minio): add minio object storage deployment

Browse Source
This commit is contained in:
Ubuntu
2026-01-13 22:44:33 +00:00
parent dafcb42d0c
commit 30933481a4
4 changed files with 177 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
apps/minio-app.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: minio
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "3"
spec:
project: default
source:
repoURL: https://git.cloud-infra.prod.openmailserver.de/stabify/gitops.git
targetRevision: HEAD
path: apps/minio
destination:
server: https://kubernetes.default.svc
namespace: minio
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

95
apps/minio/deployment.yaml Normal file
View File

@@ -0,0 +1,95 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
namespace: minio
labels:
app: minio
spec:
replicas: 1
strategy:
type: Recreate # Wichtig für PVCs (ReadWriteOnce)
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
spec:
containers:
- name: minio
image: quay.io/minio/minio:RELEASE.2024-01-13T22-51-38Z
args:
- server
- /data
- --console-address
- :9001
ports:
- containerPort: 9000
name: api
- containerPort: 9001
name: console
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: minio-secrets
key: root_user
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: minio-secrets
key: root_password
# Setze die Browser Redirect URL korrekt für Public Access
- name: MINIO_BROWSER_REDIRECT_URL
value: "https://minio.apps.k3s.stabify.de"
volumeMounts:
- name: data
mountPath: /data
livenessProbe:
httpGet:
path: /minio/health/live
port: 9000
initialDelaySeconds: 30
periodSeconds: 20
readinessProbe:
httpGet:
path: /minio/health/ready
port: 9000
initialDelaySeconds: 30
periodSeconds: 20
volumes:
- name: data
persistentVolumeClaim:
claimName: minio-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio-pvc
namespace: minio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi # Kannst du später vergrößern (Requires VM disk space)
---
apiVersion: v1
kind: Service
metadata:
name: minio
namespace: minio
spec:
ports:
- port: 9000
targetPort: 9000
protocol: TCP
name: api
- port: 9001
targetPort: 9001
protocol: TCP
name: console
selector:
app: minio

22
apps/minio/external-secret.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: minio-external-secret
namespace: minio
spec:
refreshInterval: "1m"
secretStoreRef:
name: vault-backend
kind: ClusterSecretStore
target:
name: minio-secrets
creationPolicy: Owner
data:
- secretKey: root_user
remoteRef:
key: secret/apps/minio
property: root_user
- secretKey: root_password
remoteRef:
key: secret/apps/minio
property: root_password

38
apps/minio/ingress.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minio-ingress
namespace: minio
annotations:
cert-manager.io/cluster-issuer: cloudflare-issuer
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- minio.apps.k3s.stabify.de
- s3.apps.k3s.stabify.de
secretName: minio-tls
rules:
# Console Access (Browser UI)
- host: minio.apps.k3s.stabify.de
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: minio
port:
number: 9001
# API Access (Apps like Outline, etc.)
- host: s3.apps.k3s.stabify.de
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: minio
port:
number: 9000