social/mastodon/minio.yaml

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: mastodon-minio
  namespace: social
spec:
  interval: 5m
  chart:
    spec:
      # renovate: registryUrl=https://charts.min.io/
      chart: minio
      version: 5.4.0
      sourceRef:
        kind: HelmRepository
        name: minio-charts
        namespace: flux-system
      interval: 5m
  values:
    image:
      repository: quay.io/minio/minio
      tag: RELEASE.2024-12-18T13-15-44Z@sha256:1dce27c494a16bae114774f1cec295493f3613142713130c2d22dd5696be6ad3
      pullPolicy: IfNotPresent
    mcImage:
      repository: quay.io/minio/mc
      tag: RELEASE.2023-01-11T03-14-16Z
      pullPolicy: IfNotPresent
    mode: standalone
    rootUser: ${SECRET_MASTODON_ADMIN_S3_ACCESS_KEY}
    rootPassword: ${SECRET_MASTODON_ADMIN_S3_SECRET_KEY}
    users:
    - accessKey: ${SECRET_MASTODON_S3_ACCESS_KEY}
      secretKey: ${SECRET_MASTODON_S3_SECRET_KEY}
      policy: readwrite
    persistence:
      enabled: true
      existingClaim: "nfs-mastodon-pvc"
    ingress:
      enabled: true
      annotations:
        nginx.ingress.kubernetes.io/proxy-body-size: 40m
        nginx.org/client-max-body-size: 40m
        #nginx.ingress.kubernetes.io/configuration-snippet: |
        #  more_set_headers "Content-Security-Policy: \"default-src 'none'; form-action 'none'\"";
        #  more_set_headers "X-Content-Type-Options: nosniff";
      ingressClassName: nginx-external
      hosts:
        - mfile.${SECRET_DOMAIN}
      tls:
        - secretName: mastodon-minio-cert
          hosts:
            - mfile.${SECRET_DOMAIN}
    consoleIngress:
      enabled: true
      hosts:
        - mmc.k.${SECRET_DOMAIN}
      tls:
        - secretName: mastodon-minio-console-cert
          hosts:
            - mmc.k.${SECRET_DOMAIN}
    securityContext:
      enabled: false
    resources:
      requests:
        memory: 350Mi
        cpu: 25m
      limits:
        memory: 1536Mi
    tolerations:
      - key: "arm"
        operator: "Exists"
    metrics:
      serviceMonitor:
        enabled: true