fix ingress

2025-04-06 21:24:35 +02:00
parent 50dc452b0d
commit c52bfb3045
5 changed files with 2 additions and 69 deletions
--- a/deploy/minio-tenant/cert-job.yaml
+++ b/deploy/minio-tenant/cert-job.yaml
@@ -1,29 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: convert-tls-secret
-  namespace: minio-tenant
-spec:
-  template:
-    spec:
-      restartPolicy: OnFailure
-      containers:
-        - name: sync-secret
-          image: bitnami/kubectl:latest
-          command:
-            - /bin/sh
-            - -c
-            - |
-              kubectl get secret panic-minio-tls -n minio-tenant -o json | jq '{
-                apiVersion: "v1",
-                kind: "Secret",
-                metadata: {
-                  name: "panic-minio-tls-converted",
-                  namespace: "minio-tenant"
-                },
-                type: "Opaque",
-                data: {
-                  "public.crt": .data["tls.crt"],
-                  "private.key": .data["tls.key"]
-                }
-              }' | kubectl apply -f -
--- a/deploy/minio-tenant/certificate.yaml
+++ b/deploy/minio-tenant/certificate.yaml
@@ -1,14 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: panic-minio-cert
-  namespace: minio-tenant
-spec:
-  secretName: panic-minio-tls
-  issuerRef:
-    name: letsencrypt-prod
-    kind: ClusterIssuer
-  commonName: s3.minio.panic.haus
-  dnsNames:
-    - s3.minio.panic.haus
-    - console.minio.panic.haus
--- a/deploy/minio-tenant/ingress.yaml
+++ b/deploy/minio-tenant/ingress.yaml
@@ -6,6 +6,8 @@ metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    nginx.ingress.kubernetes.io/ssl-passthrough: "false"
 spec:
  rules:
    - host: s3.minio.panic.haus
--- a/deploy/minio-tenant/kustomization.yaml
+++ b/deploy/minio-tenant/kustomization.yaml
@@ -5,10 +5,7 @@ namespace: minio-tenant

 resources:
  - namespace.yaml
-  - certificate.yaml
-  - rbac.yaml
  - secret.yaml
-  - cert-job.yaml
  - tenant.yaml
  - ingress.yaml
  - svc-minio.yaml
--- a/deploy/minio-tenant/rbac.yaml
+++ b/deploy/minio-tenant/rbac.yaml
@@ -1,23 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: secret-access
-  namespace: minio-tenant
-rules:
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "create", "update", "patch"]
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: secret-access-binding
-  namespace: minio-tenant
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: minio-tenant
-roleRef:
-  kind: Role
-  name: secret-access
-  apiGroup: rbac.authorization.k8s.io