zipline

2026-05-27 21:41:18 +02:00
parent c49d03d7f7
commit cf2c1427fd
8 changed files with 216 additions and 4 deletions
--- a/infra/values/base/minio-values.yaml
+++ b/infra/values/base/minio-values.yaml
@@ -0,0 +1,33 @@
+## MinIO base values — cross-cluster constants
+
+mode: standalone
+
+image:
+  repository: quay.io/minio/minio
+  tag: "RELEASE.2025-05-24T17-08-30Z"
+  pullPolicy: IfNotPresent
+
+## Use existing secret for root credentials
+## Secret must contain keys: rootUser, rootPassword
+existingSecret: "minio-credentials"
+
+## Single bucket created on startup
+buckets:
+- name: default
+  policy: none
+  purge: false
+
+resources:
+  requests:
+    cpu: 100m
+    memory: 256Mi
+  limits:
+    cpu: 500m
+    memory: 512Mi
+
+## Service configuration
+service:
+  type: ClusterIP
+
+consoleService:
+  type: ClusterIP
--- a/infra/values/upc-dev/minio-values.yaml
+++ b/infra/values/upc-dev/minio-values.yaml
@@ -0,0 +1,52 @@
+## MinIO upc-dev overlay values
+
+## Storage
+persistence:
+  enabled: true
+  size: 10Gi
+  accessMode: ReadWriteOnce
+
+## Console Ingress (Web UI) — port 9001
+consoleIngress:
+  enabled: true
+  ingressClassName: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    gethomepage.dev/enabled: "false"
+    gethomepage.dev/name: "Forte Zipline"
+    gethomepage.dev/description: "Object storage"
+    gethomepage.dev/group: "Storage"
+    gethomepage.dev/icon: "minio"
+    gethomepage.dev/href: "https://zipline.forteapps.net"
+  hosts:
+  - zipline.forteapps.net
+  tls:
+  - secretName: minio-console-tls
+    hosts:
+    - zipline.forteapps.net
+
+## API Ingress — port 9000
+ingress:
+  enabled: true
+  ingressClassName: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  hosts:
+  - s3.forteapps.net
+  tls:
+  - secretName: minio-api-tls
+    hosts:
+    - s3.forteapps.net
+
+## Native OIDC via Keycloak
+oidc:
+  enabled: true
+  configUrl: "https://id.forteapps.net/realms/forte/.well-known/openid-configuration"
+  clientId: "minio"
+  existingClientSecretName: "minio-oidc-credentials"
+  existingClientSecretKey: "client-secret"
+  claimName: "policy"
+  scopes: "openid,email,profile"
+  redirectUri: "https://zipline.forteapps.net/oauth_callback"
+  claimPrefix: ""
+  comment: ""