diff --git a/helmfile/apps/services-external/values-minio.yaml.gotmpl b/helmfile/apps/services-external/values-minio.yaml.gotmpl index 0d196178..dc466f54 100644 --- a/helmfile/apps/services-external/values-minio.yaml.gotmpl +++ b/helmfile/apps/services-external/values-minio.yaml.gotmpl @@ -26,26 +26,34 @@ containerSecurityContext: drop: - "ALL" privileged: false - runAsUser: 1000 - runAsGroup: 0 + runAsUser: 1001 + runAsGroup: 1001 runAsNonRoot: true - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true seccompProfile: type: "RuntimeDefault" seLinuxOptions: {{ .Values.seLinuxOptions.minio | toYaml | nindent 4 }} -defaultBuckets: "openproject,openxchange,ums,nextcloud" - global: imagePullSecrets: {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + security: + allowInsecureImages: true image: registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.minio.registry | quote }} - repository: "{{ .Values.images.minio.repository }}" - tag: "{{ .Values.images.minio.tag }}" - pullPolicy: "{{ .Values.global.imagePullPolicy }}" + repository: {{ .Values.images.minio.repository | quote }} + tag: {{ .Values.images.minio.tag | quote }} + pullPolicy: {{ .Values.global.imagePullPolicy | quote }} + +volumePermissions: + enabled: true + image: + registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.minio.registry | quote }} + repository: {{ .Values.images.bitnamiOSShell.repository | quote }} + tag: {{ .Values.images.bitnamiOSShell.tag | quote }} + pullPolicy: {{ .Values.global.imagePullPolicy | quote }} {{- if .Values.debug.enabled }} ingress: @@ -79,7 +87,7 @@ networkPolicy: podSecurityContext: enabled: true - fsGroup: 1000 + fsGroup: 1001 persistence: storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" @@ -94,19 +102,19 @@ provisioning: - "mc anonymous set download provisioning/ums/portal-assets" buckets: - name: {{ .Values.objectstores.migrations.bucket | quote }} - versioning: false + versioning: "Suspended" withLock: false - name: {{ .Values.objectstores.nextcloud.bucket | quote }} - versioning: true + versioning: "Suspended" withLock: false - name: {{ .Values.objectstores.notes.bucket | quote }} - versioning: true + versioning: "Versioned" withLock: false - name: {{ .Values.objectstores.openproject.bucket | quote }} - versioning: true + versioning: "Suspended" withLock: false - name: {{ .Values.objectstores.nubus.bucket | quote }} - versioning: false + versioning: "Suspended" withLock: false policies: - name: "migrations-bucket-policy" @@ -221,6 +229,7 @@ startupProbe: statefulset: replicaCount: {{ .Values.replicas.minio }} + drivesPerNode: {{ if gt .Values.replicas.minio 1 }}2{{ else }}1{{ end }} {{- if .Values.certificate.selfSigned }} extraVolumes: diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl index 29550058..c023a212 100644 --- a/helmfile/environments/default/charts.yaml.gotmpl +++ b/helmfile/environments/default/charts.yaml.gotmpl @@ -239,7 +239,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/external/charts/bitnami-charts" name: "minio" - version: "12.10.11" + version: "14.10.1" verify: true nextcloud: # providerCategory: "Platform" diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl index 98dba65f..fd260a96 100644 --- a/helmfile/environments/default/images.yaml.gotmpl +++ b/helmfile/environments/default/images.yaml.gotmpl @@ -5,6 +5,14 @@ # Please read the /docs/development.md for information about structure and annotations used in this file. --- images: + bitnamiOSShell: + # providerCategory: "Community" + # providerResponsible: "openDesk" + # upstreamRegistry: "https://registry-1.docker.io" + # upstreamRepository: "bitnami/os-shell" + registry: "registry-1.docker.io" + repository: "bitnami/os-shell" + tag: "12-debian-12-r34@sha256:41e0561b0f08011c24acc5e8ad4c0d09a36062cfab35d9ec7b3fdd4cfecc01e0" clamd: # providerCategory: "Community" # providerResponsible: "openDesk" @@ -227,7 +235,7 @@ images: # upstreamRepository: "bitnami/minio" registry: "registry-1.docker.io" repository: "bitnami/minio" - tag: "2023@sha256:bced4f2f9fc48b755ebb3e1b35e76195a978d4331bf2d0c6699dab412d3c0be7" + tag: "2024.12.13-debian-12-r0@sha256:2a258ab6876f6ed3cd5609836d065f20927955a2ae721fd9edde8ca388b52135" nextcloud: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -257,8 +265,6 @@ images: # providerResponsible: "DINUM" # upstreamRegistry: "https://registry-1.docker.io" # upstreamRepository: "lasuite/impress-backend" - # upstreamMirrorTagFilterRegEx: '^v(\d+)\.(\d+)\.(\d+)\$' - # upstreamMirrorStartFrom: ["1", "7", "0"] registry: "registry-1.docker.io" repository: "lasuite/impress-backend" tag: "v1.10.0-docs-production@sha256:62f31bf18335fec031f9ea3af828b84a8bb811793b63bc1c484e4ce14d437198" @@ -267,8 +273,6 @@ images: # providerResponsible: "DINUM" # upstreamRegistry: "https://registry-1.docker.io" # upstreamRepository: "lasuite/impress-frontend" - # upstreamMirrorTagFilterRegEx: '^v(\d+)\.(\d+)\.(\d+)\$' - # upstreamMirrorStartFrom: ["1", "7", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-notes" tag: "1.5.1@sha256:dad7dd60a5eb39b71b4911558cf7eac9ed6dc050593a046f5da0eaa75c65d344" @@ -277,8 +281,6 @@ images: # providerResponsible: "DINUM" # upstreamRegistry: "https://registry-1.docker.io" # upstreamRepository: "lasuite/impress-y-provider" - # upstreamMirrorTagFilterRegEx: '^v(\d+)\.(\d+)\.(\d+)\$' - # upstreamMirrorStartFrom: ["1", "7", "0"] registry: "registry-1.docker.io" repository: "lasuite/impress-y-provider" tag: "v1.10.0-docs-production@sha256:9fcdb1fe7b20f0026b94765d64d83a2fe76cbe6e59c43d098fa21a7ea0c74803"