Mayne0213
485b588a7e
- Update minio memory 263Mi→175Mi - Update cnpg memory 128Mi→121Mi - Update zot memory 128Mi→121Mi - Update velero memory 128Mi→75Mi - Update velero nodeAgent memory 256Mi→100Mi
119 lines
3.1 KiB
YAML
119 lines
3.1 KiB
YAML
# MinIO Helm Values
|
|
# Chart: https://github.com/minio/minio/tree/master/helm/minio
|
|
# Mode: Distributed with Erasure Coding (4 drives total)
|
|
#
|
|
# Disk allocation:
|
|
# - master node: 2 x 50GB (minio-data1, minio-data2)
|
|
# - worker-1: 1 x 50GB (minio-data1)
|
|
# - worker-2: 1 x 50GB (minio-data1)
|
|
# Total: 4 drives for erasure coding
|
|
|
|
# Use latest MinIO image
|
|
image:
|
|
repository: quay.io/minio/minio
|
|
tag: latest
|
|
pullPolicy: IfNotPresent
|
|
|
|
# 4 replicas, 1 drive per replica = 4 drives total
|
|
replicas: 4
|
|
|
|
# Number of drives per node (each pod uses 1 drive)
|
|
drivesPerNode: 1
|
|
|
|
# Persistence - using dedicated 50GB disks
|
|
persistence:
|
|
enabled: true
|
|
size: 45Gi
|
|
storageClass: minio-local
|
|
|
|
# Root credentials from SealedSecret
|
|
# Secret contains: root-user and root-password keys
|
|
existingSecret: minio-root-password
|
|
rootUserSecretKey: root-user
|
|
rootPasswordSecretKey: root-password
|
|
|
|
# Resources
|
|
resources:
|
|
requests:
|
|
memory: 175Mi
|
|
cpu: 15m
|
|
limits:
|
|
memory: 175Mi
|
|
|
|
# Service
|
|
service:
|
|
type: ClusterIP
|
|
port: 9000
|
|
|
|
# Console service disabled - using custom console-deployment.yaml instead
|
|
consoleService:
|
|
enabled: false
|
|
|
|
# Environment variables
|
|
environment:
|
|
MINIO_API_CORS_ALLOW_ORIGIN: "*"
|
|
MINIO_BROWSER_REDIRECT_URL: "https://minio.minio0213.kro.kr"
|
|
MINIO_PROMETHEUS_AUTH_TYPE: "public"
|
|
# CPU optimization - disable unused workers
|
|
MINIO_API_REPLICATION_MAX_WORKERS: "1"
|
|
MINIO_API_REPLICATION_MAX_LRG_WORKERS: "1"
|
|
MINIO_API_TRANSITION_WORKERS: "1"
|
|
MINIO_SCANNER_SPEED: "slow"
|
|
|
|
# API Ingress (S3 endpoint)
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
hosts:
|
|
- s3.minio0213.kro.kr
|
|
tls:
|
|
- secretName: minio-api-tls
|
|
hosts:
|
|
- s3.minio0213.kro.kr
|
|
|
|
# Console Ingress disabled (using custom console-deployment in manifests/)
|
|
consoleIngress:
|
|
enabled: false
|
|
|
|
# Disable Kubernetes service links to prevent MINIO_SERVICE_PORT conflict
|
|
# This prevents Kubernetes from injecting service-related environment variables
|
|
enableServiceLinks: false
|
|
|
|
# Pod annotations for Velero backup exclusion
|
|
# Exclude PVC data from backup (prevent circular backup of velero-backups bucket)
|
|
# MinIO resources (StatefulSet, Service, etc.) will still be backed up
|
|
podAnnotations:
|
|
backup.velero.io/backup-volumes-excludes: export
|
|
|
|
# Use soft anti-affinity since worker-1 needs 2 pods (has 2 disks)
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- minio
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
# High priority for critical storage infrastructure
|
|
priorityClassName: high-priority
|
|
|
|
# Prometheus metrics
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: true # Enable ServiceMonitor for Prometheus scraping
|
|
|
|
# Disable post-install job by setting all triggers to empty
|
|
# Job is created if any of: buckets, users, policies, customCommands, svcaccts exist
|
|
buckets: []
|
|
users: []
|
|
policies: []
|
|
customCommands: []
|
|
svcaccts: []
|