apiVersion: apps/v1 kind: Deployment metadata: name: minio namespace: argos-core spec: strategy: type: Recreate replicas: 1 selector: matchLabels: app: minio template: metadata: labels: app: minio app.kubernetes.io/part-of: argos app.kubernetes.io/managed-by: kustomize spec: # ayuda a que el FS sea accesible por el grupo securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch # arregla permisos heredados de root en el PVC initContainers: - name: fix-perms image: alpine:3.20 command: ["/bin/sh","-c"] args: - | set -ex apk add --no-cache acl chown -R 1000:1000 /data || true chmod -R u+rwX,g+rwX /data || true find /data -type d -exec chmod g+s {} \; || true setfacl -R -m g:1000:rwx /data || true setfacl -R -d -m g:1000:rwx /data || true securityContext: runAsUser: 0 volumeMounts: - name: data mountPath: /data containers: - name: minio image: quay.io/minio/minio:latest securityContext: runAsUser: 1000 runAsGroup: 1000 args: ["server", "/data", "--console-address", ":9001"] envFrom: - secretRef: { name: minio-creds } ports: - { containerPort: 9000, name: api } - { containerPort: 9001, name: console } readinessProbe: httpGet: { path: /minio/health/ready, port: 9000 } initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: { path: /minio/health/live, port: 9000 } initialDelaySeconds: 10 periodSeconds: 20 resources: requests: cpu: 50m memory: 256Mi limits: cpu: "1" memory: 2Gi volumes: - name: data persistentVolumeClaim: claimName: minio-data