K3S-HOME/storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FEAT(minio): add minio and pgweb

Browse Source 
- move from applications to databases
This commit is contained in:
Mayne0213
2025-12-17 15:17:45 +09:00
parent a096efe80d
commit 26378b9143
10 changed files with 339 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
minio/argocd/minio.yaml Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: minio
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
# Official MinIO Helm chart
- repoURL: https://charts.min.io
chart: minio
targetRevision: 5.2.0
helm:
valueFiles:
- $values/minio/helm-values/minio.yaml
# Values file from Git repository
- repoURL: https://gitea0213.kro.kr/bluemayne/databases.git
targetRevision: main
ref: values
# Vault secrets from Git repository
- repoURL: https://gitea0213.kro.kr/bluemayne/databases.git
targetRevision: main
path: minio
destination:
server: https://kubernetes.default.svc
namespace: minio
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 10

85
minio/helm-values/minio.yaml Normal file
View File

@@ -0,0 +1,85 @@
# MinIO Helm Values
# Chart: https://github.com/minio/minio/tree/master/helm/minio
# Mode: Distributed with Erasure Coding (4 drives total)
#
# Disk allocation:
# - master node: 1 x 50GB (1 disk for MinIO, 1 for MariaDB)
# - worker-1: 2 x 50GB (2 disks for MinIO)
# - worker-2: 1 x 50GB (1 disk for MinIO)
# Total: 4 drives for erasure coding
# Use latest MinIO image
image:
repository: quay.io/minio/minio
tag: latest
pullPolicy: IfNotPresent
# 4 replicas, 1 drive per replica = 4 drives total
replicas: 4
# Number of drives per node (each pod uses 1 drive)
drivesPerNode: 1
# Persistence - using dedicated 50GB disks
persistence:
enabled: true
size: 45Gi
storageClass: minio-local
# Root credentials from SealedSecret
# Secret contains: root-user and root-password keys
existingSecret: minio-root-password
rootUserSecretKey: root-user
rootPasswordSecretKey: root-password
# Resources
resources:
requests:
memory: 512Mi
cpu: 30m # Reduced to 30% of original (100m -> 30m)
# Service
service:
type: ClusterIP
port: 9000
# Console service
consoleService:
type: ClusterIP
port: 9001
# Environment variables
environment:
MINIO_API_CORS_ALLOW_ORIGIN: "*"
MINIO_BROWSER_REDIRECT_URL: "https://minio.minio0213.kro.kr"
MINIO_PROMETHEUS_AUTH_TYPE: "public"
# Ingress disabled (managed separately)
ingress:
enabled: false
consoleIngress:
enabled: false
# Disable Kubernetes service links to prevent MINIO_SERVICE_PORT conflict
# This prevents Kubernetes from injecting service-related environment variables
enableServiceLinks: false
# Use soft anti-affinity since worker-1 needs 2 pods (has 2 disks)
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- minio
topologyKey: kubernetes.io/hostname
# Prometheus metrics
metrics:
serviceMonitor:
enabled: false

7
minio/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
# - argocd/minio.yaml
- vault/minio-root-password.yaml

30
minio/vault/minio-root-password.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: minio-root-password
namespace: minio
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: minio-root-password
creationPolicy: Owner
data:
- secretKey: root-user
remoteRef:
key: minio/root
property: ROOT_USER
- secretKey: root-password
remoteRef:
key: minio/root
property: ROOT_PASSWORD
- secretKey: rootUser
remoteRef:
key: minio/root
property: ROOT_USER
- secretKey: rootPassword
remoteRef:
key: minio/root
property: ROOT_PASSWORD

31
pgweb/argocd/pgweb.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: pgweb
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
sources:
- repoURL: https://gitea0213.kro.kr/bluemayne/databases.git
targetRevision: main
path: pgweb
destination:
server: https://kubernetes.default.svc
namespace: pgweb
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m

78
pgweb/deployment.yaml Normal file
View File

@@ -0,0 +1,78 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: pgweb
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pgweb
namespace: pgweb
labels:
app: pgweb
annotations:
reloader.stakater.com/auto: "true"
spec:
replicas: 1
selector:
matchLabels:
app: pgweb
template:
metadata:
labels:
app: pgweb
spec:
containers:
- name: pgweb
image: sosedoff/pgweb:0.17.0
ports:
- containerPort: 8081
name: http
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: pgweb-password
key: database-url
- name: PGWEB_AUTH_USER
valueFrom:
secretKeyRef:
name: pgweb-password
key: auth-user
- name: PGWEB_AUTH_PASS
valueFrom:
secretKeyRef:
name: pgweb-password
key: auth-password
args:
- "--bind=0.0.0.0"
- "--listen=8081"
resources:
requests:
memory: "64Mi"
cpu: "50m"
livenessProbe:
tcpSocket:
port: 8081
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 8081
initialDelaySeconds: 5
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: pgweb
namespace: pgweb
spec:
type: ClusterIP
ports:
- name: http
port: 80
targetPort: 8081
selector:
app: pgweb

10
pgweb/kustomization.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
# - argocd/pgweb.yaml
- deployment.yaml
- vault/serviceaccount.yaml
- vault/secretstore.yaml
- vault/pgweb-secret.yaml

26
pgweb/vault/pgweb-secret.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: pgweb-secret
namespace: pgweb
spec:
refreshInterval: 1h
secretStoreRef:
kind: SecretStore
name: vault-backend
target:
name: pgweb-password
creationPolicy: Owner
data:
- secretKey: database-url
remoteRef:
key: pgweb/dev
property: DATABASE_URL
- secretKey: auth-user
remoteRef:
key: pgweb/dev
property: AUTH_USER
- secretKey: auth-password
remoteRef:
key: pgweb/dev
property: AUTH_PASSWORD

17
pgweb/vault/secretstore.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: vault-backend
namespace: pgweb
spec:
provider:
vault:
server: http://vault.vault.svc.cluster.local:8200
path: secret
version: v2
auth:
kubernetes:
mountPath: kubernetes
role: pgweb
serviceAccountRef:
name: external-secrets

5
pgweb/vault/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-secrets
namespace: pgweb