minio oidc

infra/values/base/minio-values.yaml

@@ -25,6 +25,12 @@ resources:
     cpu: 500m
     memory: 512Mi
 
+## StatefulSet update strategy: OnDelete prevents Multi-Attach errors
+## with ReadWriteOnce PVCs on single-replica deployments.
+## After a values change, manually delete the pod to recreate.
+statefulSetUpdate:
+  updateStrategy: OnDelete
+
 ## Service configuration
 service:
   type: ClusterIP

infra/values/upc-dev/minio-values.yaml

@@ -42,13 +42,13 @@ ingress:
 ## TEMPORARILY disabled: the registrar needs time to create minio-oidc-credentials.
 ## Re-enable once `kubectl get secret minio-oidc-credentials -n minio` succeeds.
 oidc:
-  enabled: false
-  # configUrl: "https://id.forteapps.net/realms/forte/.well-known/openid-configuration"
-  # clientId: "minio"
-  # existingClientSecretName: "minio-oidc-credentials"
-  # existingClientSecretKey: "client-secret"
-  # claimName: "policy"
-  # scopes: "openid,email,profile"
-  # redirectUri: "https://zipline.forteapps.net/oauth_callback"
-  # claimPrefix: ""
-  # comment: ""
+  enabled: true
+  configUrl: "https://id.forteapps.net/realms/forte/.well-known/openid-configuration"
+  clientId: "minio"
+  existingClientSecretName: "minio-oidc-credentials"
+  existingClientSecretKey: "client-secret"
+  claimName: "policy"
+  scopes: "openid,email,profile"
+  redirectUri: "https://zipline.forteapps.net/oauth_callback"
+  claimPrefix: ""
+  comment: ""