bea/infra-prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix tls termination

Browse Source
This commit is contained in:
Beatrice Dellacà
2025-04-06 20:58:12 +02:00
parent 4709f6ba84
commit c8501f505b
5 changed files with 61 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
deploy/minio-tenant/certificate.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: minio-cert
namespace: minio-tenant
spec:
secretName: minio-tls
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: s3.minio.panic.haus
dnsNames:
- s3.minio.panic.haus
- console.minio.panic.haus

8
deploy/minio-tenant/ingress.yaml
View File

@@ -6,8 +6,6 @@ metadata:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- host: s3.minio.panic.haus
@@ -19,7 +17,7 @@ spec:
service:
name: minio
port:
number: 443
number: 9000
- host: console.minio.panic.haus
http:
paths:
@@ -27,9 +25,9 @@ spec:
pathType: Prefix
backend:
service:
name: panic-minio-console
name: minio-console
port:
number: 9443
number: 9001
tls:
- hosts:
- s3.minio.panic.haus

1
deploy/minio-tenant/kustomization.yaml
View File

@@ -7,6 +7,7 @@ resources:
- namespace.yaml
- secret.yaml
- tenant.yaml
- certificate.yaml
- ingress.yaml
- svc-minio.yaml
- svc-minio-console.yaml

2
deploy/minio-tenant/secret.yaml
View File

@@ -7,8 +7,6 @@ stringData:
config.env: |-
export MINIO_ROOT_USER="minio"
export MINIO_ROOT_PASSWORD="minio123"
export MINIO_STORAGE_CLASS_STANDARD="EC:2"
export MINIO_SERVER_URL="https://s3.minio.panic.haus"
type: Opaque
---
apiVersion: v1

85
deploy/minio-tenant/tenant.yaml
View File

@@ -10,6 +10,9 @@ metadata:
name: panic-minio
namespace: minio-tenant
spec:
requestAutoCert: false
externalCertSecret:
- name: minio-tls
exposeServices: {}
imagePullPolicy: IfNotPresent
certConfig: {}
@@ -17,7 +20,6 @@ spec:
name: storage-configuration
env: []
externalCaCertSecret: []
externalCertSecret: []
externalClientCertSecrets: []
features:
bucketDNS: false
@@ -27,47 +29,46 @@ spec:
mountPath: /export
podManagementPolicy: Parallel
pools:
- affinity:
nodeAffinity: {}
podAffinity: {}
podAntiAffinity: {}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
name: pool-0
nodeSelector: {}
resources: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
servers: 4
tolerations: []
topologySpreadConstraints: []
volumeClaimTemplate:
apiVersion: v1
kind: persistentvolumeclaims
metadata: {}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: longhorn
status: {}
volumesPerServer: 1
- name: pool-0
affinity:
nodeAffinity: {}
podAffinity: {}
podAntiAffinity: {}
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
nodeSelector: {}
resources: {}
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
servers: 4
tolerations: []
topologySpreadConstraints: []
volumeClaimTemplate:
apiVersion: v1
kind: persistentvolumeclaims
metadata: {}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: longhorn
status: {}
volumesPerServer: 1
priorityClassName: ""
requestAutoCert: true
serviceAccountName: ""
serviceMetadata:
consoleServiceAnnotations: {}
@@ -76,4 +77,4 @@ spec:
minioServiceLabels: {}
subPath: ""
users:
- name: storage-user
- name: storage-user