apiVersion: apps/v1 kind: Deployment metadata: name: minio namespace: honeydue labels: app.kubernetes.io/name: minio app.kubernetes.io/part-of: honeydue spec: replicas: 1 strategy: type: Recreate # ReadWriteOnce PVC — can't attach to two pods selector: matchLabels: app.kubernetes.io/name: minio template: metadata: labels: app.kubernetes.io/name: minio app.kubernetes.io/part-of: honeydue spec: serviceAccountName: minio securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: minio image: minio/minio:latest args: ["server", "/data", "--console-address", ":9001"] ports: - name: api containerPort: 9000 protocol: TCP - name: console containerPort: 9001 protocol: TCP securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] env: - name: MINIO_ROOT_USER valueFrom: configMapKeyRef: name: honeydue-config key: MINIO_ROOT_USER - name: MINIO_ROOT_PASSWORD valueFrom: secretKeyRef: name: honeydue-secrets key: MINIO_ROOT_PASSWORD volumeMounts: - name: minio-data mountPath: /data - name: tmp mountPath: /tmp resources: requests: cpu: 50m memory: 128Mi limits: cpu: 500m memory: 512Mi readinessProbe: httpGet: path: /minio/health/ready port: 9000 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 livenessProbe: httpGet: path: /minio/health/live port: 9000 initialDelaySeconds: 15 periodSeconds: 30 timeoutSeconds: 5 volumes: - name: minio-data persistentVolumeClaim: claimName: minio-data - name: tmp emptyDir: sizeLimit: 64Mi