ansible-role-minio/tasks/main.yml

---
# tasks file for minio
- name: Deploy MinIO
  kubernetes.core.helm:
    name: minio
    chart_ref: bitnami/minio
    release_namespace: minio
    create_namespace: true
    values:
      image:
        repository: bitnamilegacy/minio
      clientImage:
        repository: bitnamilegacy/minio-client
      tls:
        enabled: true
        autoGenerated:
          engine: cert-manager
          certManager:
            existingIssuer: ca-issuer
      metrics:
        enabled: true
      console:
        enabled: false
      auth:
        rootUser: minio_admin
        rootPassword: "{{ minio_admin_password }}"
      defaultBuckets: default
      defaultInitContainers:
        volumePermissions:
          enabled: true
      mode: standalone
      persistence:
        size: 8Ti
      extraEnvVars:
        - name: MINIO_ROOT_USER
          value: minio_admin
        - name: MINIO_ROOT_PASSWORD
          value: "{{ minio_admin_password }}"
        - name: MINIO_SERVER_URL
          value: https://minio.eom.dev/
        - name: MINIO_IDENTITY_LDAP_SERVER_ADDR
          value: openldap.openldap.svc.cluster.local:389
        - name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN
          value: cn=readonly,dc=eom,dc=dev
        - name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD
          value: "{{ openldap_readonly_password }}"
        - name: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN
          value: dc=eom,dc=dev
        - name: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER
          value: (&(objectClass=posixAccount)(uid=%s)(memberOf=cn=Minio Users,ou=Minio,ou=Services,dc=eom,dc=dev))
        - name: MINIO_IDENTITY_LDAP_USER_DN_ATTRIBUTES
          value: uid,cn,mail,sshPublicKey
        - name: MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER
          value: (&(objectclass=groupOfUniqueNames)(uniqueMember=%d))
        - name: MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN
          value: dc=eom,dc=dev
        - name: MINIO_IDENTITY_LDAP_COMMENT
          value: OpenLDAP
        - name: MINIO_IDENTITY_LDAP_SERVER_INSECURE
          value: "on"
      ingress:
        enabled: true
        hostname: minio.eom.dev
        ingressClassName: nginx
        annotations:
          cert-manager.io/cluster-issuer: ca-issuer
          nginx.ingress.kubernetes.io/proxy-body-size: "0"
          nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
          nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
        tls: true