---
# tasks file for minio
- name: Deploy MinIO
  kubernetes.core.helm:
    name: minio
    chart_ref: bitnami/minio
    release_namespace: minio
    create_namespace: true
    values:
      metrics:
        enabled: true
      disableWebUI: true
      auth:
        rootUser: minio_admin
        rootPassword: "{{ minio_admin_password }}"
      defaultBuckets: default
      volumePermissions:
        enabled: true
      mode: standalone
      persistence:
        size: 8Ti
      extraEnvVars:
        - name: MINIO_ROOT_USER
          value: minio_admin
        - name: MINIO_ROOT_PASSWORD
          value: "{{ minio_admin_password }}"
        - name: MINIO_SERVER_URL
          value: https://minio.eom.dev/
        - name: MINIO_IDENTITY_LDAP_SERVER_ADDR
          value: openldap.openldap.svc.cluster.local:389
        - name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN
          value: cn=readonly,dc=eom,dc=dev
        - name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD
          value: "{{ openldap_readonly_password }}"
        - name: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN
          value: dc=eom,dc=dev
        - name: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER
          value: (&(objectClass=posixAccount)(uid=%s)(memberOf=cn=Minio Users,ou=Minio,ou=Services,dc=eom,dc=dev))
        - name: MINIO_IDENTITY_LDAP_USER_DN_ATTRIBUTES
          value: uid,cn,mail,sshPublicKey
        - name: MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER
          value: (&(objectclass=groupOfUniqueNames)(uniqueMember=%d))
        - name: MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN
          value: dc=eom,dc=dev
        - name: MINIO_IDENTITY_LDAP_COMMENT
          value: OpenLDAP
        - name: MINIO_IDENTITY_LDAP_SERVER_INSECURE
          value: "on"
      apiIngress:
        enabled: true
        hostname: minio.eom.dev
        ingressClassName: nginx
        annotations:
          cert-manager.io/cluster-issuer: ca-issuer
        tls:
          - hosts:
            - minio.eom.dev
            secretName: minio-tls