feat: deploy minio

clusters/anton/core/kustomization.yaml

@@ -11,3 +11,4 @@ resources:
   - metallb.yaml
   - ip-pools.yaml
   - postgres.yaml
+  - minio.yaml

clusters/anton/core/minio.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: minio
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./core/minio
+  prune: true
+  dependsOn:
+    - name: core-base

core/minio/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./minio-creds.yaml
+  - ./pvc.yaml
+  - ./minio.yaml
+namespace: core

core/minio/minio-creds.yaml

@@ -0,0 +1,28 @@
+kind: Secret
+type: Opaque
+apiVersion: v1
+metadata:
+    name: minio-creds
+stringData:
+    root-user: ENC[AES256_GCM,data:Jt1nbw==,iv:MGccVmS4jQg8DlLNW8BLWuzpg+6fjfde2nBn2HtTUdk=,tag:vXjZjdKUG1fDl77vOb+FdA==,type:str]
+    root-password: ENC[AES256_GCM,data:Jt97Je3prE13Rm6J4GNh903Kd4CB++0Fdxb/Fy6DIYk=,iv:F26QevRI6Cf3/DmUmGeYmliiODIG3/v7LzLiKWQUzHo=,tag:Q6odd396nAD6MqYmLCgBjg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age194r4u78jlkcg3waxh5ddpwe6y0pwenuhk9avnkmc3huzcpf26d0spa3ggf
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0cTlzc1NmVDk0NVZ5aDcv
+            NE1mMTVpMXJ2dGlaVHR2U0ZSeDBhZnFJc0hnCnBDdW9TcUwvamtBdW5aS2JxdUt6
+            cTZLSnBSUk1zaWQ2RE9sTDNoK1hmUWcKLS0tIDhISzFuSFh3STkzVUgvdUp4aFpa
+            SFZLdlJjb0VXQVdpaG1JemlrN1h2TzgKes4pgYWodXfp1UK4cwyShBIZffhcpXRO
+            JH+VGJ+vrxjKkQIWEaxWgYrWEh4WLqcDq4etoeIaVSrpK4o1RuA6nw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-07-22T08:45:30Z"
+    mac: ENC[AES256_GCM,data:oiZsI+fDQR5HIFvGvtyvBejZRyj6uClve8MPjjUiLIq8UvEiG+03D6Cn1XxqeI/qYjssKxRSNoHHQpryD79jW84dr5JRKKngaVJ8rEahsZB3lc/joXsmZEQgyQunJ9bH8AUCeNFkbk6Gx41qtSaqfOHhXBFHtNd+26oUAyKCR3Y=,iv:a5ZSQ5Z1GiAVThZ4OPEkqiOxx1JBo2x8jcQrCDHZxjM=,tag:O0jxiXoG2UvDoyaYv54DhQ==,type:str]
+    pgp: []
+    encrypted_regex: ((?i)(pass($|word)|claim|secret($|[^N])|key|token|^data$|^stringData|^databaseUrl))
+    version: 3.9.0

core/minio/minio.yaml

@@ -0,0 +1,57 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: minio
+  namespace: core
+spec:
+  interval: 10m0s
+  chart:
+    spec:
+      chart: minio
+      version: "14.6.25"
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+  install:
+    remediation:
+      retries: 10
+  upgrade:
+    remediation:
+      retries: 10
+
+  values:
+    auth:
+      existingSecret: minio-creds
+
+    persistence:
+      enabled: true
+      existingClaim: minio-data
+
+
+    ingress:
+      enabled: true
+      ingressClassName: nginx
+      annotations:
+        nginx.ingress.kubernetes.io/whitelist-source-range: ${PRIVATE_WHITELIST}
+        cert-manager.io/cluster-issuer: letsencrypt
+      hostname: &console-host minio-console.${PERSONAL_DOMAIN}
+      extraTls:
+        - hosts:
+            - *console-host
+          secretName: letsencrypt-minio-console
+
+    extraEnvVars:
+      - name: MINIO_BROWSER_REDIRECT_URL
+        value: https://minio-console.${PERSONAL_DOMAIN}
+
+    apiIngress:
+      enabled: true
+      ingressClassName: nginx
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt
+        nginx.ingress.kubernetes.io/whitelist-source-range: ${PRIVATE_WHITELIST}
+      hostname: &api-host s3.${PERSONAL_DOMAIN}
+      extraTls:
+        - hosts:
+            - *api-host
+          secretName: letsencrypt-minio

core/minio/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: minio-data
+  namespace: core
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 25Gi