From c52bfb3045b64c22ba904b7a0b3bce473fda5fa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beatrice=20Dellac=C3=A0?= Date: Sun, 6 Apr 2025 21:24:35 +0200 Subject: [PATCH] fix ingress --- deploy/minio-tenant/cert-job.yaml | 29 -------------------------- deploy/minio-tenant/certificate.yaml | 14 ------------- deploy/minio-tenant/ingress.yaml | 2 ++ deploy/minio-tenant/kustomization.yaml | 3 --- deploy/minio-tenant/rbac.yaml | 23 -------------------- 5 files changed, 2 insertions(+), 69 deletions(-) delete mode 100644 deploy/minio-tenant/cert-job.yaml delete mode 100644 deploy/minio-tenant/certificate.yaml delete mode 100644 deploy/minio-tenant/rbac.yaml diff --git a/deploy/minio-tenant/cert-job.yaml b/deploy/minio-tenant/cert-job.yaml deleted file mode 100644 index 0237a99..0000000 --- a/deploy/minio-tenant/cert-job.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: convert-tls-secret - namespace: minio-tenant -spec: - template: - spec: - restartPolicy: OnFailure - containers: - - name: sync-secret - image: bitnami/kubectl:latest - command: - - /bin/sh - - -c - - | - kubectl get secret panic-minio-tls -n minio-tenant -o json | jq '{ - apiVersion: "v1", - kind: "Secret", - metadata: { - name: "panic-minio-tls-converted", - namespace: "minio-tenant" - }, - type: "Opaque", - data: { - "public.crt": .data["tls.crt"], - "private.key": .data["tls.key"] - } - }' | kubectl apply -f - \ No newline at end of file diff --git a/deploy/minio-tenant/certificate.yaml b/deploy/minio-tenant/certificate.yaml deleted file mode 100644 index 32fba7a..0000000 --- a/deploy/minio-tenant/certificate.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: panic-minio-cert - namespace: minio-tenant -spec: - secretName: panic-minio-tls - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - commonName: s3.minio.panic.haus - dnsNames: - - s3.minio.panic.haus - - console.minio.panic.haus \ No newline at end of file diff --git a/deploy/minio-tenant/ingress.yaml b/deploy/minio-tenant/ingress.yaml index 2ea09fa..b2e1188 100644 --- a/deploy/minio-tenant/ingress.yaml +++ b/deploy/minio-tenant/ingress.yaml @@ -6,6 +6,8 @@ metadata: annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/ssl-passthrough: "false" spec: rules: - host: s3.minio.panic.haus diff --git a/deploy/minio-tenant/kustomization.yaml b/deploy/minio-tenant/kustomization.yaml index 66a55f3..1b98376 100644 --- a/deploy/minio-tenant/kustomization.yaml +++ b/deploy/minio-tenant/kustomization.yaml @@ -5,10 +5,7 @@ namespace: minio-tenant resources: - namespace.yaml - - certificate.yaml - - rbac.yaml - secret.yaml - - cert-job.yaml - tenant.yaml - ingress.yaml - svc-minio.yaml diff --git a/deploy/minio-tenant/rbac.yaml b/deploy/minio-tenant/rbac.yaml deleted file mode 100644 index 31a2edc..0000000 --- a/deploy/minio-tenant/rbac.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: secret-access - namespace: minio-tenant -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "create", "update", "patch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: secret-access-binding - namespace: minio-tenant -subjects: - - kind: ServiceAccount - name: default - namespace: minio-tenant -roleRef: - kind: Role - name: secret-access - apiGroup: rbac.authorization.k8s.io \ No newline at end of file