--- apiVersion: mongodbcommunity.mongodb.com/v1 kind: MongoDBCommunity metadata: name: mongodb spec: additionalMongodConfig: systemLog: quiet: true members: 2 arbiters: 1 type: ReplicaSet version: "6.0.3" security: authentication: modes: ["SCRAM"] users: - name: readwrite db: application passwordSecretRef: name: mongodb-application-readwrite-password roles: - name: readWrite db: application scramCredentialsSecretName: mongodb-application-readwrite - name: readonly db: application passwordSecretRef: name: mongodb-application-readonly-password roles: - name: read db: application scramCredentialsSecretName: mongodb-application-readonly statefulSet: spec: logLevel: WARN template: spec: containers: - name: mongod resources: requests: cpu: 100m memory: 512Mi limits: cpu: 500m memory: 1Gi volumeMounts: - name: journal-volume mountPath: /data/journal - name: mongodb-agent resources: requests: cpu: 1m memory: 100Mi limits: {} affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - mongodb-svc topologyKey: kubernetes.io/hostname nodeSelector: dedicated: storage tolerations: - key: dedicated operator: Equal value: storage effect: NoSchedule volumeClaimTemplates: - metadata: name: logs-volume labels: usecase: logs spec: storageClassName: mongo accessModes: - ReadWriteOnce resources: requests: storage: 100Mi - metadata: name: journal-volume labels: usecase: journal spec: storageClassName: mongo accessModes: - ReadWriteOnce resources: requests: storage: 512Mi - metadata: name: data-volume labels: usecase: data spec: storageClassName: mongo accessModes: - ReadWriteOnce resources: requests: storage: 2Gi --- apiVersion: apps/v1 kind: StatefulSet metadata: name: minio labels: app.kubernetes.io/name: minio spec: selector: matchLabels: app.kubernetes.io/name: minio serviceName: minio-svc replicas: 4 podManagementPolicy: Parallel template: metadata: labels: app.kubernetes.io/name: minio spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - minio topologyKey: kubernetes.io/hostname nodeSelector: dedicated: storage tolerations: - key: dedicated operator: Equal value: storage effect: NoSchedule containers: - name: minio env: - name: MINIO_PROMETHEUS_AUTH_TYPE value: public envFrom: - secretRef: name: minio-secrets image: minio/minio:latest args: - server - http://minio-{0...3}.minio-svc.camtiler.svc.cluster.local/data - --address - 0.0.0.0:9000 - --console-address - 0.0.0.0:9001 ports: - containerPort: 9000 name: http - containerPort: 9001 name: console livenessProbe: httpGet: path: /minio/health/live port: 9000 initialDelaySeconds: 10 periodSeconds: 20 resources: requests: cpu: 1m memory: 512Mi limits: cpu: 1000m memory: 1Gi volumeMounts: - name: minio-data mountPath: /data volumeClaimTemplates: - metadata: name: minio-data spec: accessModes: - ReadWriteOnce resources: requests: storage: '30Gi' storageClassName: minio --- apiVersion: v1 kind: Service metadata: name: minio spec: type: ClusterIP ports: - port: 80 targetPort: 9000 protocol: TCP name: http selector: app.kubernetes.io/name: minio --- kind: Service apiVersion: v1 metadata: name: minio-svc spec: selector: app.kubernetes.io/name: minio clusterIP: None publishNotReadyAddresses: true ports: - name: http port: 9000 --- apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: minio spec: selector: matchLabels: app.kubernetes.io/name: minio podMetricsEndpoints: - port: http path: /minio/v2/metrics/node podTargetLabels: - app.kubernetes.io/name --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: minio spec: podSelector: matchLabels: app.kubernetes.io/name: minio policyTypes: - Ingress - Egress egress: - ports: - port: http to: - podSelector: matchLabels: app.kubernetes.io/name: minio ingress: - ports: - port: http from: - podSelector: {} - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: traefik podSelector: matchLabels: app.kubernetes.io/name: traefik - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: prometheus-operator podSelector: matchLabels: app.kubernetes.io/name: prometheus --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: minio annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.k-space.ee spec: rules: - host: cams-s3.k-space.ee http: paths: - pathType: Prefix path: "/" backend: service: name: minio-svc port: number: 9000 tls: - hosts: - "*.k-space.ee"