fix tls termination
This commit is contained in:
14
deploy/minio-tenant/certificate.yaml
Normal file
14
deploy/minio-tenant/certificate.yaml
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: minio-cert
|
||||||
|
namespace: minio-tenant
|
||||||
|
spec:
|
||||||
|
secretName: minio-tls
|
||||||
|
issuerRef:
|
||||||
|
name: letsencrypt-prod
|
||||||
|
kind: ClusterIssuer
|
||||||
|
commonName: s3.minio.panic.haus
|
||||||
|
dnsNames:
|
||||||
|
- s3.minio.panic.haus
|
||||||
|
- console.minio.panic.haus
|
||||||
@@ -6,8 +6,6 @@ metadata:
|
|||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: nginx
|
kubernetes.io/ingress.class: nginx
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
|
||||||
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
|
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: s3.minio.panic.haus
|
- host: s3.minio.panic.haus
|
||||||
@@ -19,7 +17,7 @@ spec:
|
|||||||
service:
|
service:
|
||||||
name: minio
|
name: minio
|
||||||
port:
|
port:
|
||||||
number: 443
|
number: 9000
|
||||||
- host: console.minio.panic.haus
|
- host: console.minio.panic.haus
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
@@ -27,9 +25,9 @@ spec:
|
|||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: panic-minio-console
|
name: minio-console
|
||||||
port:
|
port:
|
||||||
number: 9443
|
number: 9001
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- s3.minio.panic.haus
|
- s3.minio.panic.haus
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ resources:
|
|||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- secret.yaml
|
- secret.yaml
|
||||||
- tenant.yaml
|
- tenant.yaml
|
||||||
|
- certificate.yaml
|
||||||
- ingress.yaml
|
- ingress.yaml
|
||||||
- svc-minio.yaml
|
- svc-minio.yaml
|
||||||
- svc-minio-console.yaml
|
- svc-minio-console.yaml
|
||||||
|
|||||||
@@ -7,8 +7,6 @@ stringData:
|
|||||||
config.env: |-
|
config.env: |-
|
||||||
export MINIO_ROOT_USER="minio"
|
export MINIO_ROOT_USER="minio"
|
||||||
export MINIO_ROOT_PASSWORD="minio123"
|
export MINIO_ROOT_PASSWORD="minio123"
|
||||||
export MINIO_STORAGE_CLASS_STANDARD="EC:2"
|
|
||||||
export MINIO_SERVER_URL="https://s3.minio.panic.haus"
|
|
||||||
type: Opaque
|
type: Opaque
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|||||||
@@ -10,6 +10,9 @@ metadata:
|
|||||||
name: panic-minio
|
name: panic-minio
|
||||||
namespace: minio-tenant
|
namespace: minio-tenant
|
||||||
spec:
|
spec:
|
||||||
|
requestAutoCert: false
|
||||||
|
externalCertSecret:
|
||||||
|
- name: minio-tls
|
||||||
exposeServices: {}
|
exposeServices: {}
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
certConfig: {}
|
certConfig: {}
|
||||||
@@ -17,7 +20,6 @@ spec:
|
|||||||
name: storage-configuration
|
name: storage-configuration
|
||||||
env: []
|
env: []
|
||||||
externalCaCertSecret: []
|
externalCaCertSecret: []
|
||||||
externalCertSecret: []
|
|
||||||
externalClientCertSecrets: []
|
externalClientCertSecrets: []
|
||||||
features:
|
features:
|
||||||
bucketDNS: false
|
bucketDNS: false
|
||||||
@@ -27,47 +29,46 @@ spec:
|
|||||||
mountPath: /export
|
mountPath: /export
|
||||||
podManagementPolicy: Parallel
|
podManagementPolicy: Parallel
|
||||||
pools:
|
pools:
|
||||||
- affinity:
|
- name: pool-0
|
||||||
nodeAffinity: {}
|
affinity:
|
||||||
podAffinity: {}
|
nodeAffinity: {}
|
||||||
podAntiAffinity: {}
|
podAffinity: {}
|
||||||
containerSecurityContext:
|
podAntiAffinity: {}
|
||||||
allowPrivilegeEscalation: false
|
containerSecurityContext:
|
||||||
capabilities:
|
allowPrivilegeEscalation: false
|
||||||
drop:
|
capabilities:
|
||||||
- ALL
|
drop:
|
||||||
runAsGroup: 1000
|
- ALL
|
||||||
runAsNonRoot: true
|
runAsGroup: 1000
|
||||||
runAsUser: 1000
|
runAsNonRoot: true
|
||||||
seccompProfile:
|
runAsUser: 1000
|
||||||
type: RuntimeDefault
|
seccompProfile:
|
||||||
name: pool-0
|
type: RuntimeDefault
|
||||||
nodeSelector: {}
|
nodeSelector: {}
|
||||||
resources: {}
|
resources: {}
|
||||||
securityContext:
|
securityContext:
|
||||||
fsGroup: 1000
|
fsGroup: 1000
|
||||||
fsGroupChangePolicy: OnRootMismatch
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
runAsGroup: 1000
|
runAsGroup: 1000
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
servers: 4
|
servers: 4
|
||||||
tolerations: []
|
tolerations: []
|
||||||
topologySpreadConstraints: []
|
topologySpreadConstraints: []
|
||||||
volumeClaimTemplate:
|
volumeClaimTemplate:
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: persistentvolumeclaims
|
kind: persistentvolumeclaims
|
||||||
metadata: {}
|
metadata: {}
|
||||||
spec:
|
spec:
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 10Gi
|
storage: 10Gi
|
||||||
storageClassName: longhorn
|
storageClassName: longhorn
|
||||||
status: {}
|
status: {}
|
||||||
volumesPerServer: 1
|
volumesPerServer: 1
|
||||||
priorityClassName: ""
|
priorityClassName: ""
|
||||||
requestAutoCert: true
|
|
||||||
serviceAccountName: ""
|
serviceAccountName: ""
|
||||||
serviceMetadata:
|
serviceMetadata:
|
||||||
consoleServiceAnnotations: {}
|
consoleServiceAnnotations: {}
|
||||||
@@ -76,4 +77,4 @@ spec:
|
|||||||
minioServiceLabels: {}
|
minioServiceLabels: {}
|
||||||
subPath: ""
|
subPath: ""
|
||||||
users:
|
users:
|
||||||
- name: storage-user
|
- name: storage-user
|
||||||
Reference in New Issue
Block a user