Mayne0213
a15cb1510f
- actual usage from grafa... - external-secrets: 20m → 5m (actual: 1m) - external-secrets-webhook: 10m → 2m (actual: 1m) - external-secrets-cert: 10m → 2m (actual: 1m) - cnpg: 100m → 5m (actual: 2m) - haproxy-ingress: 100m → 15m (actual: 9-10m)
92 lines
2.3 KiB
YAML
92 lines
2.3 KiB
YAML
# MinIO Helm Values
|
|
# Chart: https://github.com/minio/minio/tree/master/helm/minio
|
|
# Mode: Distributed with Erasure Coding (4 drives total)
|
|
#
|
|
# Disk allocation:
|
|
# - master node: 1 x 50GB (1 disk for MinIO, 1 for MariaDB)
|
|
# - worker-1: 2 x 50GB (2 disks for MinIO)
|
|
# - worker-2: 1 x 50GB (1 disk for MinIO)
|
|
# Total: 4 drives for erasure coding
|
|
|
|
# Use latest MinIO image
|
|
image:
|
|
repository: quay.io/minio/minio
|
|
tag: latest
|
|
pullPolicy: IfNotPresent
|
|
|
|
# 4 replicas, 1 drive per replica = 4 drives total
|
|
replicas: 4
|
|
|
|
# Number of drives per node (each pod uses 1 drive)
|
|
drivesPerNode: 1
|
|
|
|
# Persistence - using dedicated 50GB disks
|
|
persistence:
|
|
enabled: true
|
|
size: 45Gi
|
|
storageClass: minio-local
|
|
|
|
# Root credentials from SealedSecret
|
|
# Secret contains: root-user and root-password keys
|
|
existingSecret: minio-root-password
|
|
rootUserSecretKey: root-user
|
|
rootPasswordSecretKey: root-password
|
|
|
|
# Resources
|
|
resources:
|
|
requests:
|
|
memory: 512Mi
|
|
cpu: 5m # Reduced from 30m based on actual usage (1-2m)
|
|
|
|
# Service
|
|
service:
|
|
type: ClusterIP
|
|
port: 9000
|
|
|
|
# Console service
|
|
consoleService:
|
|
type: ClusterIP
|
|
port: 9001
|
|
|
|
# Environment variables
|
|
environment:
|
|
MINIO_API_CORS_ALLOW_ORIGIN: "*"
|
|
MINIO_BROWSER_REDIRECT_URL: "https://minio.minio0213.kro.kr"
|
|
MINIO_PROMETHEUS_AUTH_TYPE: "public"
|
|
|
|
# Ingress disabled (managed separately)
|
|
ingress:
|
|
enabled: false
|
|
|
|
consoleIngress:
|
|
enabled: false
|
|
|
|
# Disable Kubernetes service links to prevent MINIO_SERVICE_PORT conflict
|
|
# This prevents Kubernetes from injecting service-related environment variables
|
|
enableServiceLinks: false
|
|
|
|
# Pod annotations for Velero backup exclusion
|
|
# Exclude PVC data from backup (prevent circular backup of velero-backups bucket)
|
|
# MinIO resources (StatefulSet, Service, etc.) will still be backed up
|
|
podAnnotations:
|
|
backup.velero.io/backup-volumes-excludes: export
|
|
|
|
# Use soft anti-affinity since worker-1 needs 2 pods (has 2 disks)
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- minio
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
# Prometheus metrics
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: false
|