74 lines
2.1 KiB
YAML
74 lines
2.1 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: minio
|
|
namespace: argos-core
|
|
spec:
|
|
strategy:
|
|
type: Recreate
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: minio
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: minio
|
|
app.kubernetes.io/part-of: argos
|
|
app.kubernetes.io/managed-by: kustomize
|
|
spec:
|
|
# ayuda a que el FS sea accesible por el grupo
|
|
securityContext:
|
|
fsGroup: 1000
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
# arregla permisos heredados de root en el PVC
|
|
initContainers:
|
|
- name: fix-perms
|
|
image: alpine:3.20
|
|
command: ["/bin/sh","-c"]
|
|
args:
|
|
- |
|
|
set -ex
|
|
apk add --no-cache acl
|
|
chown -R 1000:1000 /data || true
|
|
chmod -R u+rwX,g+rwX /data || true
|
|
find /data -type d -exec chmod g+s {} \; || true
|
|
setfacl -R -m g:1000:rwx /data || true
|
|
setfacl -R -d -m g:1000:rwx /data || true
|
|
securityContext:
|
|
runAsUser: 0
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
containers:
|
|
- name: minio
|
|
image: quay.io/minio/minio:latest
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
args: ["server", "/data", "--console-address", ":9001"]
|
|
envFrom:
|
|
- secretRef: { name: minio-creds }
|
|
ports:
|
|
- { containerPort: 9000, name: api }
|
|
- { containerPort: 9001, name: console }
|
|
readinessProbe:
|
|
httpGet: { path: /minio/health/ready, port: 9000 }
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
livenessProbe:
|
|
httpGet: { path: /minio/health/live, port: 9000 }
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 20
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 256Mi
|
|
limits:
|
|
cpu: "1"
|
|
memory: 2Gi
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: minio-data
|