Merge pull request #16 from jgilfoil/feature/minio

deploy minio backend for volsync

kubernetes/apps/storage/kustomization.yaml

@@ -5,3 +5,4 @@ resources:
   - ./namespace.yaml
   - ./openebs/ks.yaml
   - ./volsync/ks.yaml
+  - ./minio/ks.yaml

kubernetes/apps/storage/minio/app/helm-release.yaml

@@ -0,0 +1,108 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: minio
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s-charts
+        namespace: flux-system
+  maxHistory: 3
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    image:
+      repository: quay.io/minio/minio
+      tag: RELEASE.2023-05-04T21-44-30Z
+    env:
+      TZ: America/Denver
+      MINIO_UPDATE: "off"
+      MINIO_BROWSER_REDIRECT_URL: https://minio.${SECRET_DOMAIN}
+      MINIO_SERVER_URL: https://s3.${SECRET_DOMAIN}
+    envFrom:
+      - secretRef:
+          name: minio-secret
+    args: ["server", "/data", "--console-address", ":9001"]
+    service:
+      main:
+        enabled: true
+        ports:
+          http:
+            port: 9001
+          api:
+            enabled: true
+            port: 9000
+    probes:
+      # liveness: &probes
+      #   enabled: true
+      #   custom: true
+      #   spec:
+      #     httpGet:
+      #       path: /minio/health/live
+      #       port: 9000
+      #     initialDelaySeconds: 0
+      #     periodSeconds: 10
+      #     timeoutSeconds: 1
+      #     failureThreshold: 3
+      # readiness: *probes
+      startup:
+        enabled: false
+    ingress:
+      main:
+        enabled: true
+        ClassName: internal
+        hosts:
+          - host: &host minio.${SECRET_DOMAIN}
+            paths:
+              - path: /
+                pathType: Prefix
+                service:
+                  port: 9001
+        tls:
+          - hosts:
+              - *host
+      s3:
+        enabled: true
+        className: internal
+        hosts:
+          - host: &s3host s3.${SECRET_DOMAIN}
+            paths:
+              - path: /
+                pathType: Prefix
+                service:
+                  port: 9000
+        tls:
+          - hosts:
+              - *s3host
+    podSecurityContext:
+      runAsUser: 1024
+      runAsGroup: 100
+      fsGroup: 100
+      fsGroupChangePolicy: "OnRootMismatch"
+      supplementalGroups:
+        - 100
+    persistence:
+      config:
+        enabled: true
+        existingClaim: minio-nfs
+        mountPath: /data
+    resources:
+      requests:
+        memory: 100Mi
+        cpu: 100m
+      limits:
+        memory: 750Mi

kubernetes/apps/storage/minio/app/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - secret.enc.yaml
+  - nfs-pvc.yaml
+  - helm-release.yaml

kubernetes/apps/storage/minio/app/nfs-pvc.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: minio-nfs
+spec:
+  capacity:
+    storage: 1Mi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: minio-nfs
+  persistentVolumeReclaimPolicy: Retain
+  nfs:
+    server: "192.168.1.33"
+    path: /volume10/Minio
+  mountOptions:
+    - nconnect=8
+    - noatime
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: minio-nfs
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: minio-nfs
+  resources:
+    requests:
+      storage: 1Mi

kubernetes/apps/storage/minio/app/secret.sops.yaml

@@ -0,0 +1,28 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: minio-secret
+stringData:
+    MINIO_ROOT_USER: ENC[AES256_GCM,data:yoJuEdMXgyjuuBI=,iv:lmJs++9pzhTBPTmfkKRc1Z7Kdc5lvVN2qcaVkkl1x4k=,tag:th1WiPutWHQHc4/XIV7wIQ==,type:str]
+    MINIO_ROOT_PASSWORD: ENC[AES256_GCM,data:aTc+lOWlEeXqgpFAy1YdQQ==,iv:AwgcNiIb0Eu3kUFQwGuMA++aTnQfmiJX436RpmtO09I=,tag:0CPjxCBOx+JBTCauiNBEMg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age12rzrdtn8xhd89y23qw4kymxftuylqn5cm522jcn327atent4a40swjcgmj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0MUVkSStORXBwRGI3VXMr
+            bXVZb3kyVkJrellNOW9LSlZrOG5EbU9LRFVzCmhOQi9ERVdyOGtVT1RSa2sxL0lu
+            MmtZOWJqbytOcDBPTHBoay9QVUlxOE0KLS0tIGVhTWZOeDhkZ3J6Wk1mNHUrcXNO
+            YjdLcWZJTnErQS8zSTFxdklvbVU3NEkKc1PWeQAv4S59aEkCTFzy5CcsaKslxurv
+            Z+7N1uW3eN8IGYVbIZTbLjmNvU3WOtpUN0uY9RiOIL5UctJL9hnoBQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-02-25T22:13:49Z"
+    mac: ENC[AES256_GCM,data:Xa+6zuDajCVheuuyDbWOihVySiwDHOzH+xZT/iluRTMmFjImauvib3XggZlFhgUYIFwY0cFd7dRik6GdvCsMidczMNwWKa0OBLVvi4V76rXu0uow/WfANj5UTAM+eGwaUGPzJlpQ3y/dYmRLqjF/ubeCyuYcwDt+BzWlTKD5Z5Y=,iv:IQFvw1qoIQLYDxZrQ3dbTwcMA/aDZC5LiuSP7Is37ao=,tag:3d03RurfYnE9LYciOyegPw==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1

kubernetes/apps/storage/minio/ks.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app minio
+  namespace: flux-system
+spec:
+  targetNamespace: storage
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/storage/minio/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m