feat: remove Minio #2903
Open
feat: remove Minio #2903
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CasLubbers
requested review from
Ani1357,
j-zimnowoda and
merll
as code owners
This was referenced Feb 2, 2026
Contributor
|
Comparison of Helm chart templating output: @@ data.REDIRECT_URIS @@
# v1/ConfigMap/apl-keycloak-operator/apl-keycloak-operator-cm
! ± value change
- ["https://alertmanager-demo.dev.linode-apl.net/*","https://alertmanager-dev.dev.linode-apl.net/*","https://alertmanager.dev.linode-apl.net/*","https://api.dev.linode-apl.net/*","https://argocd.dev.linode-apl.net/*","https://auth.dev.linode-apl.net/*","https://console.dev.linode-apl.net/*","https://gitea.dev.linode-apl.net/*","https://grafana-demo.dev.linode-apl.net/*","https://grafana-dev.dev.linode-apl.net/*","https://grafana.dev.linode-apl.net/*","https://harbor.dev.linode-apl.net/*","https://has-cert-svc-demo.dev.linode-apl.net/*","https://hello-admin.dev.linode-apl.net/*","https://hello-auth-demo.dev.linode-apl.net/*","https://hello-blue-green-demo.dev.linode-apl.net/*","https://hello-demo.dev.linode-apl.net/*","https://keycloak.dev.linode-apl.net/*","https://kubeflow-pipelines.dev.linode-apl.net/*","https://minio.dev.linode-apl.net/*","https://prometheus.dev.linode-apl.net/*","https://service-a-demo.dev.linode-apl.net/*","https://service-e-demo.dev.linode-apl.net/*","https://tekton-demo.dev.linode-apl.net/*","https://tekton-dev.dev.linode-apl.net/*","https://tekton.dev.linode-apl.net/*","https://thanos.dev.linode-apl.net/*","https://tlspass-demo.dev.linode-apl.net/*","https://tty.dev.linode-apl.net/*"]
+ ["https://alertmanager-demo.dev.linode-apl.net/*","https://alertmanager-dev.dev.linode-apl.net/*","https://alertmanager.dev.linode-apl.net/*","https://api.dev.linode-apl.net/*","https://argocd.dev.linode-apl.net/*","https://auth.dev.linode-apl.net/*","https://console.dev.linode-apl.net/*","https://gitea.dev.linode-apl.net/*","https://grafana-demo.dev.linode-apl.net/*","https://grafana-dev.dev.linode-apl.net/*","https://grafana.dev.linode-apl.net/*","https://harbor.dev.linode-apl.net/*","https://has-cert-svc-demo.dev.linode-apl.net/*","https://hello-admin.dev.linode-apl.net/*","https://hello-auth-demo.dev.linode-apl.net/*","https://hello-blue-green-demo.dev.linode-apl.net/*","https://hello-demo.dev.linode-apl.net/*","https://keycloak.dev.linode-apl.net/*","https://kubeflow-pipelines.dev.linode-apl.net/*","https://prometheus.dev.linode-apl.net/*","https://service-a-demo.dev.linode-apl.net/*","https://service-e-demo.dev.linode-apl.net/*","https://tekton-demo.dev.linode-apl.net/*","https://tekton-dev.dev.linode-apl.net/*","https://tekton.dev.linode-apl.net/*","https://thanos.dev.linode-apl.net/*","https://tlspass-demo.dev.linode-apl.net/*","https://tty.dev.linode-apl.net/*"]
@@ data.providers @@
# v1/ConfigMap/kfp-launcher
! ± value change in multiline text (one insert, one deletion)
s3:
default:
endpoint: nl-ams-1.linodeobjects.com:443
region: "nl-ams-1"
disableSSL: false
credentials:
fromEnv: false
secretRef:
- secretName: mlpipeline-minio-artifact
+ secretName: mlpipeline-obj-artifact
accessKeyKey: accesskey
secretKeyKey: secretkey
@@ spec.template.spec.containers.ml-pipeline-api-server.env.OBJECTSTORECONFIG_ACCESSKEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.template.spec.containers.ml-pipeline-api-server.env.OBJECTSTORECONFIG_SECRETACCESSKEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ data.viewer-pod-template.json @@
! ± value change in multiline text (two inserts, two deletions)
{
"spec": {
"containers": [
{
[one line unchanged)]
{
"name": "AWS_ACCESS_KEY_ID",
"valueFrom": {
"secretKeyRef": {
- "name": mlpipeline-minio-artifact,
+ "name": mlpipeline-obj-artifact,
"key": "accesskey"
}
}
},
{
"name": "AWS_SECRET_ACCESS_KEY",
"valueFrom": {
"secretKeyRef": {
- "name": "mlpipeline-minio-artifact",
+ "name": "mlpipeline-obj-artifact",
"key": "secretkey"
}
}
},
[ten lines unchanged)]
}
]
}
}
@@ spec.template.spec.containers.ml-pipeline-ui.env.MINIO_ACCESS_KEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.template.spec.containers.ml-pipeline-ui.env.MINIO_SECRET_KEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ data.artifactRepository @@
! ± value change in multiline text (two inserts, two deletions)
archiveLogs: true
s3:
endpoint: nl-ams-1.linodeobjects.com:443
region: "nl-ams-1"
[one line unchanged)]
keyFormat: "artifacts/{{workflow.name}}/{{workflow.creationTimestamp.Y}}/{{workflow.creationTimestamp.m}}/{{workflow.creationTimestamp.d}}/{{pod.name}}"
# insecure will disable TLS. Primarily used for minio installs not configured with TLS
insecure: false
accessKeySecret:
- name: mlpipeline-minio-artifact
+ name: mlpipeline-obj-artifact
key: accesskey
secretKeySecret:
- name: mlpipeline-minio-artifact
+ name: mlpipeline-obj-artifact
key: secretkey
@@ metadata.name @@
# v1/Secret/mlpipeline-obj-artifact
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.rules.otomi-all-node-selector.match.any @@
! - one list entry removed:
- - resources:
- kinds:
- - Pod
- namespaces:
- - cert-manager
- - cnpg-system
- - external-dns
- - external-secrets
- - gitea
- - gitea-operator
- - grafana
- - harbor
- - ingress
- - istio-system
- - keycloak
- - knative-operator
- - knative-serving
- - kyverno
- - maintenance
- - minio
- - otel
- - otomi
- - otomi-operator
- - tekton-pipelines
- - tekton-pipelines-resolvers
- - tekton-triggers
- - thanos
- - trivy-operator
- - vault
! + one list entry added:
+ - resources:
+ kinds:
+ - Pod
+ namespaces:
+ - cert-manager
+ - cnpg-system
+ - external-dns
+ - external-secrets
+ - gitea
+ - gitea-operator
+ - grafana
+ - harbor
+ - ingress
+ - istio-system
+ - keycloak
+ - knative-operator
+ - knative-serving
+ - kyverno
+ - maintenance
+ - otel
+ - otomi
+ - otomi-operator
+ - tekton-pipelines
+ - tekton-pipelines-resolvers
+ - tekton-triggers
+ - thanos
+ - trivy-operator
+ - vault
@@ data.core.yaml @@
! ± value change in multiline text (no inserts, three deletions)
adminApps:
- deps:
- prometheus
ingress:
[183 lines unchanged)]
- logging
- telemetry
- observability
useHost: grafana
- - ingress:
- - auth: true
- namespace: minio
- port: 9001
- removeRequestHeaders:
- - authorization
- svc: minio-console
- type: public
- name: minio
- ownHost: true
- tags:
- - storage
- - backup
- hide: true
ingress:
- auth: true
namespace: otomi
[309 lines unchanged)]
relatedLinks:
- https://grafana.com/docs/loki/latest/
repo: https://github.com/grafana/loki
title: Loki
- minio:
- about: MinIO is a High Performance Object Storage and its API is compatible with
- the Amazon Web Services S3 cloud storage service.
- appVersion: RELEASE.2025-09-07T16-13-09Z
- dependencies: None
- integration: App Platform installs Minio in a stand-alone setup. Optionally Minio
- Provisioning can be enabled to create buckets and policies for applications
- in App Platform capable of using object storage for data persistence.
- license: Apache 2.0
- maintainers: Minio
- relatedLinks:
- - https://minio.io/
- repo: https://github.com/minio/minio
- title: Minio
otel:
about: The OpenTelemetry Collector offers a vendor-agnostic implementation on
how to receive, process and export telemetry data. In addition, it removes the
need to run, operate and maintain multiple agents/collectors in order to support
[197 lines unchanged)]
disableIstioInjection: true
name: otel
- disableIstioInjection: true
name: maintenance
- - app: minio
- disableIstioInjection: true
- disablePolicyChecks: true
- name: minio
- disableIstioInjection: true
name: monitoring
- name: otomi
- disableIstioInjection: true
[48 lines unchanged)]
svc: tekton-dashboard
type: public
name: tekton
ownHost: true
@@ spec.rules @@
# networking.k8s.io/v1/Ingress/istio-system/nginx-team-admin-platform-public-auth
! - one list entry removed:
- - host: minio.dev.linode-apl.net
- http:
- paths:
- - backend:
- service:
- name: istio-ingressgateway-1-26-0-public
- port:
- number: 80
- path: /
- pathType: Prefix
@@ spec.tls @@
# networking.k8s.io/v1/Ingress/istio-system/nginx-team-admin-platform-public-auth
! - one list entry removed:
- - hosts:
- - minio.dev.linode-apl.net
- secretName: mysecret
@@ spec.servers.0.hosts @@
! - one list entry removed:
- - team-admin/minio.dev.linode-apl.net
@@ (root level) @@
# networking.istio.io/v1beta1/VirtualService/minio-dev-linodeapl-net
! - one document removed:
- ---
- apiVersion: networking.istio.io/v1beta1
- kind: VirtualService
- metadata:
- name: minio-dev-linodeapl-net
- labels:
- auth: "true"
- app: team-ns
- app.kubernetes.io/name: team-ns
- app.kubernetes.io/instance: team-ns-admin
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/version: 0.1.0
- app.kubernetes.io/part-of: otomi
- helm.sh/chart: team-ns-0.1.0
- otomi.io/team: admin
- spec:
- gateways:
- - team-admin/team-admin-public-tlsterm
- hosts:
- - minio.dev.linode-apl.net
- http:
- - match:
- - uri:
- prefix: /platform-logout
- redirect:
- authority: auth.dev.linode-apl.net
- uri: /oauth2/sign_out?rd=https%3A%2F%2Fkeycloak.dev.linode-apl.net%2Frealms%2Fotomi%2Fprotocol%2Fopenid-connect%2Flogout%3Fpost_logout_redirect_uri%3Dhttps%3A%2F%2Fconsole.dev.linode-apl.net%26client_id%3Dotomi
- redirectCode: 302
- - match:
- - uri:
- prefix: /
- rewrite:
- uri: /
- route:
- - destination:
- host: minio-console.minio.svc.cluster.local
- port:
- number: 9001
- headers:
- request:
- set:
- # fix for istio (=envoy) incorrectly setting proto to http
- # (@see https://github.com/istio/istio/issues/7964):
- X-Forwarded-Proto: https
- remove:
- - authorization
@@ apps @@
! - one map entry removed:
- minio:
- resources:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 500m
- memory: 128Mi
- enabled: true
- _rawValues: {}
- persistence:
- enabled: true
- size: 20Gi |
merll
approved these changes
Feb 3, 2026
Contributor
|
Comparison of Helm chart templating output: @@ data.REDIRECT_URIS @@
# v1/ConfigMap/apl-keycloak-operator/apl-keycloak-operator-cm
! ± value change
- ["https://alertmanager-demo.dev.linode-apl.net/*","https://alertmanager-dev.dev.linode-apl.net/*","https://alertmanager.dev.linode-apl.net/*","https://api.dev.linode-apl.net/*","https://argocd.dev.linode-apl.net/*","https://auth.dev.linode-apl.net/*","https://console.dev.linode-apl.net/*","https://gitea.dev.linode-apl.net/*","https://grafana-demo.dev.linode-apl.net/*","https://grafana-dev.dev.linode-apl.net/*","https://grafana.dev.linode-apl.net/*","https://harbor.dev.linode-apl.net/*","https://has-cert-svc-demo.dev.linode-apl.net/*","https://hello-admin.dev.linode-apl.net/*","https://hello-auth-demo.dev.linode-apl.net/*","https://hello-blue-green-demo.dev.linode-apl.net/*","https://hello-demo.dev.linode-apl.net/*","https://keycloak.dev.linode-apl.net/*","https://kubeflow-pipelines.dev.linode-apl.net/*","https://minio.dev.linode-apl.net/*","https://prometheus.dev.linode-apl.net/*","https://service-a-demo.dev.linode-apl.net/*","https://service-e-demo.dev.linode-apl.net/*","https://tekton-demo.dev.linode-apl.net/*","https://tekton-dev.dev.linode-apl.net/*","https://tekton.dev.linode-apl.net/*","https://tlspass-demo.dev.linode-apl.net/*","https://tty.dev.linode-apl.net/*"]
+ ["https://alertmanager-demo.dev.linode-apl.net/*","https://alertmanager-dev.dev.linode-apl.net/*","https://alertmanager.dev.linode-apl.net/*","https://api.dev.linode-apl.net/*","https://argocd.dev.linode-apl.net/*","https://auth.dev.linode-apl.net/*","https://console.dev.linode-apl.net/*","https://gitea.dev.linode-apl.net/*","https://grafana-demo.dev.linode-apl.net/*","https://grafana-dev.dev.linode-apl.net/*","https://grafana.dev.linode-apl.net/*","https://harbor.dev.linode-apl.net/*","https://has-cert-svc-demo.dev.linode-apl.net/*","https://hello-admin.dev.linode-apl.net/*","https://hello-auth-demo.dev.linode-apl.net/*","https://hello-blue-green-demo.dev.linode-apl.net/*","https://hello-demo.dev.linode-apl.net/*","https://keycloak.dev.linode-apl.net/*","https://kubeflow-pipelines.dev.linode-apl.net/*","https://prometheus.dev.linode-apl.net/*","https://service-a-demo.dev.linode-apl.net/*","https://service-e-demo.dev.linode-apl.net/*","https://tekton-demo.dev.linode-apl.net/*","https://tekton-dev.dev.linode-apl.net/*","https://tekton.dev.linode-apl.net/*","https://tlspass-demo.dev.linode-apl.net/*","https://tty.dev.linode-apl.net/*"]
@@ data.providers @@
# v1/ConfigMap/kfp-launcher
! ± value change in multiline text (one insert, one deletion)
s3:
default:
endpoint: nl-ams-1.linodeobjects.com:443
region: "nl-ams-1"
disableSSL: false
credentials:
fromEnv: false
secretRef:
- secretName: mlpipeline-minio-artifact
+ secretName: mlpipeline-obj-artifact
accessKeyKey: accesskey
secretKeyKey: secretkey
@@ spec.template.spec.containers.ml-pipeline-api-server.env.OBJECTSTORECONFIG_ACCESSKEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.template.spec.containers.ml-pipeline-api-server.env.OBJECTSTORECONFIG_SECRETACCESSKEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ data.viewer-pod-template.json @@
! ± value change in multiline text (two inserts, two deletions)
{
"spec": {
"containers": [
{
[one line unchanged)]
{
"name": "AWS_ACCESS_KEY_ID",
"valueFrom": {
"secretKeyRef": {
- "name": mlpipeline-minio-artifact,
+ "name": mlpipeline-obj-artifact,
"key": "accesskey"
}
}
},
{
"name": "AWS_SECRET_ACCESS_KEY",
"valueFrom": {
"secretKeyRef": {
- "name": "mlpipeline-minio-artifact",
+ "name": "mlpipeline-obj-artifact",
"key": "secretkey"
}
}
},
[ten lines unchanged)]
}
]
}
}
@@ spec.template.spec.containers.ml-pipeline-ui.env.MINIO_ACCESS_KEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.template.spec.containers.ml-pipeline-ui.env.MINIO_SECRET_KEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ data.artifactRepository @@
! ± value change in multiline text (two inserts, two deletions)
archiveLogs: true
s3:
endpoint: nl-ams-1.linodeobjects.com:443
region: "nl-ams-1"
[one line unchanged)]
keyFormat: "artifacts/{{workflow.name}}/{{workflow.creationTimestamp.Y}}/{{workflow.creationTimestamp.m}}/{{workflow.creationTimestamp.d}}/{{pod.name}}"
# insecure will disable TLS. Primarily used for minio installs not configured with TLS
insecure: false
accessKeySecret:
- name: mlpipeline-minio-artifact
+ name: mlpipeline-obj-artifact
key: accesskey
secretKeySecret:
- name: mlpipeline-minio-artifact
+ name: mlpipeline-obj-artifact
key: secretkey
@@ metadata.name @@
# v1/Secret/mlpipeline-obj-artifact
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.rules.otomi-all-node-selector.match.any @@
! - one list entry removed:
- - resources:
- kinds:
- - Pod
- namespaces:
- - cert-manager
- - cnpg-system
- - external-dns
- - external-secrets
- - gitea
- - gitea-operator
- - grafana
- - harbor
- - ingress
- - istio-system
- - keycloak
- - knative-operator
- - knative-serving
- - kyverno
- - maintenance
- - minio
- - otel
- - otomi
- - otomi-operator
- - tekton-pipelines
- - tekton-pipelines-resolvers
- - tekton-triggers
- - trivy-operator
- - vault
! + one list entry added:
+ - resources:
+ kinds:
+ - Pod
+ namespaces:
+ - cert-manager
+ - cnpg-system
+ - external-dns
+ - external-secrets
+ - gitea
+ - gitea-operator
+ - grafana
+ - harbor
+ - ingress
+ - istio-system
+ - keycloak
+ - knative-operator
+ - knative-serving
+ - kyverno
+ - maintenance
+ - otel
+ - otomi
+ - otomi-operator
+ - tekton-pipelines
+ - tekton-pipelines-resolvers
+ - tekton-triggers
+ - trivy-operator
+ - vault
@@ data.core.yaml @@
! ± value change in multiline text (no inserts, three deletions)
adminApps:
- deps:
- prometheus
ingress:
[172 lines unchanged)]
- logging
- telemetry
- observability
useHost: grafana
- - ingress:
- - auth: true
- namespace: minio
- port: 9001
- removeRequestHeaders:
- - authorization
- svc: minio-console
- type: public
- name: minio
- ownHost: true
- tags:
- - storage
- - backup
- hide: true
ingress:
- auth: true
namespace: otomi
[309 lines unchanged)]
relatedLinks:
- https://grafana.com/docs/loki/latest/
repo: https://github.com/grafana/loki
title: Loki
- minio:
- about: MinIO is a High Performance Object Storage and its API is compatible with
- the Amazon Web Services S3 cloud storage service.
- appVersion: RELEASE.2025-09-07T16-13-09Z
- dependencies: None
- integration: App Platform installs Minio in a stand-alone setup. Optionally Minio
- Provisioning can be enabled to create buckets and policies for applications
- in App Platform capable of using object storage for data persistence.
- license: Apache 2.0
- maintainers: Minio
- relatedLinks:
- - https://minio.io/
- repo: https://github.com/minio/minio
- title: Minio
otel:
about: The OpenTelemetry Collector offers a vendor-agnostic implementation on
how to receive, process and export telemetry data. In addition, it removes the
need to run, operate and maintain multiple agents/collectors in order to support
[173 lines unchanged)]
disableIstioInjection: true
name: otel
- disableIstioInjection: true
name: maintenance
- - app: minio
- disableIstioInjection: true
- disablePolicyChecks: true
- name: minio
- disableIstioInjection: true
name: monitoring
- name: otomi
- disableIstioInjection: true
[48 lines unchanged)]
svc: tekton-dashboard
type: public
name: tekton
ownHost: true
@@ spec.rules @@
# networking.k8s.io/v1/Ingress/istio-system/nginx-team-admin-platform-public-auth
! - one list entry removed:
- - host: minio.dev.linode-apl.net
- http:
- paths:
- - backend:
- service:
- name: istio-ingressgateway-1-26-0-public
- port:
- number: 80
- path: /
- pathType: Prefix
@@ spec.tls @@
# networking.k8s.io/v1/Ingress/istio-system/nginx-team-admin-platform-public-auth
! - one list entry removed:
- - hosts:
- - minio.dev.linode-apl.net
- secretName: mysecret
@@ spec.servers.0.hosts @@
! - one list entry removed:
- - team-admin/minio.dev.linode-apl.net
@@ (root level) @@
# networking.istio.io/v1beta1/VirtualService/minio-dev-linodeapl-net
! - one document removed:
- ---
- apiVersion: networking.istio.io/v1beta1
- kind: VirtualService
- metadata:
- name: minio-dev-linodeapl-net
- labels:
- auth: "true"
- app: team-ns
- app.kubernetes.io/name: team-ns
- app.kubernetes.io/instance: team-ns-admin
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/version: 0.1.0
- app.kubernetes.io/part-of: otomi
- helm.sh/chart: team-ns-0.1.0
- otomi.io/team: admin
- spec:
- gateways:
- - team-admin/team-admin-public-tlsterm
- hosts:
- - minio.dev.linode-apl.net
- http:
- - match:
- - uri:
- prefix: /platform-logout
- redirect:
- authority: auth.dev.linode-apl.net
- uri: /oauth2/sign_out?rd=https%3A%2F%2Fkeycloak.dev.linode-apl.net%2Frealms%2Fotomi%2Fprotocol%2Fopenid-connect%2Flogout%3Fpost_logout_redirect_uri%3Dhttps%3A%2F%2Fconsole.dev.linode-apl.net%26client_id%3Dotomi
- redirectCode: 302
- - match:
- - uri:
- prefix: /
- rewrite:
- uri: /
- route:
- - destination:
- host: minio-console.minio.svc.cluster.local
- port:
- number: 9001
- headers:
- request:
- set:
- # fix for istio (=envoy) incorrectly setting proto to http
- # (@see https://github.com/istio/istio/issues/7964):
- X-Forwarded-Proto: https
- remove:
- - authorization
@@ apps @@
! - one map entry removed:
- minio:
- resources:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 500m
- memory: 128Mi
- enabled: true
- _rawValues: {}
- persistence:
- enabled: true
- size: 20Gi |
1 similar comment
Contributor
|
Comparison of Helm chart templating output: @@ data.REDIRECT_URIS @@
# v1/ConfigMap/apl-keycloak-operator/apl-keycloak-operator-cm
! ± value change
- ["https://alertmanager-demo.dev.linode-apl.net/*","https://alertmanager-dev.dev.linode-apl.net/*","https://alertmanager.dev.linode-apl.net/*","https://api.dev.linode-apl.net/*","https://argocd.dev.linode-apl.net/*","https://auth.dev.linode-apl.net/*","https://console.dev.linode-apl.net/*","https://gitea.dev.linode-apl.net/*","https://grafana-demo.dev.linode-apl.net/*","https://grafana-dev.dev.linode-apl.net/*","https://grafana.dev.linode-apl.net/*","https://harbor.dev.linode-apl.net/*","https://has-cert-svc-demo.dev.linode-apl.net/*","https://hello-admin.dev.linode-apl.net/*","https://hello-auth-demo.dev.linode-apl.net/*","https://hello-blue-green-demo.dev.linode-apl.net/*","https://hello-demo.dev.linode-apl.net/*","https://keycloak.dev.linode-apl.net/*","https://kubeflow-pipelines.dev.linode-apl.net/*","https://minio.dev.linode-apl.net/*","https://prometheus.dev.linode-apl.net/*","https://service-a-demo.dev.linode-apl.net/*","https://service-e-demo.dev.linode-apl.net/*","https://tekton-demo.dev.linode-apl.net/*","https://tekton-dev.dev.linode-apl.net/*","https://tekton.dev.linode-apl.net/*","https://tlspass-demo.dev.linode-apl.net/*","https://tty.dev.linode-apl.net/*"]
+ ["https://alertmanager-demo.dev.linode-apl.net/*","https://alertmanager-dev.dev.linode-apl.net/*","https://alertmanager.dev.linode-apl.net/*","https://api.dev.linode-apl.net/*","https://argocd.dev.linode-apl.net/*","https://auth.dev.linode-apl.net/*","https://console.dev.linode-apl.net/*","https://gitea.dev.linode-apl.net/*","https://grafana-demo.dev.linode-apl.net/*","https://grafana-dev.dev.linode-apl.net/*","https://grafana.dev.linode-apl.net/*","https://harbor.dev.linode-apl.net/*","https://has-cert-svc-demo.dev.linode-apl.net/*","https://hello-admin.dev.linode-apl.net/*","https://hello-auth-demo.dev.linode-apl.net/*","https://hello-blue-green-demo.dev.linode-apl.net/*","https://hello-demo.dev.linode-apl.net/*","https://keycloak.dev.linode-apl.net/*","https://kubeflow-pipelines.dev.linode-apl.net/*","https://prometheus.dev.linode-apl.net/*","https://service-a-demo.dev.linode-apl.net/*","https://service-e-demo.dev.linode-apl.net/*","https://tekton-demo.dev.linode-apl.net/*","https://tekton-dev.dev.linode-apl.net/*","https://tekton.dev.linode-apl.net/*","https://tlspass-demo.dev.linode-apl.net/*","https://tty.dev.linode-apl.net/*"]
@@ data.providers @@
# v1/ConfigMap/kfp-launcher
! ± value change in multiline text (one insert, one deletion)
s3:
default:
endpoint: nl-ams-1.linodeobjects.com:443
region: "nl-ams-1"
disableSSL: false
credentials:
fromEnv: false
secretRef:
- secretName: mlpipeline-minio-artifact
+ secretName: mlpipeline-obj-artifact
accessKeyKey: accesskey
secretKeyKey: secretkey
@@ spec.template.spec.containers.ml-pipeline-api-server.env.OBJECTSTORECONFIG_ACCESSKEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.template.spec.containers.ml-pipeline-api-server.env.OBJECTSTORECONFIG_SECRETACCESSKEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ data.viewer-pod-template.json @@
! ± value change in multiline text (two inserts, two deletions)
{
"spec": {
"containers": [
{
[one line unchanged)]
{
"name": "AWS_ACCESS_KEY_ID",
"valueFrom": {
"secretKeyRef": {
- "name": mlpipeline-minio-artifact,
+ "name": mlpipeline-obj-artifact,
"key": "accesskey"
}
}
},
{
"name": "AWS_SECRET_ACCESS_KEY",
"valueFrom": {
"secretKeyRef": {
- "name": "mlpipeline-minio-artifact",
+ "name": "mlpipeline-obj-artifact",
"key": "secretkey"
}
}
},
[ten lines unchanged)]
}
]
}
}
@@ spec.template.spec.containers.ml-pipeline-ui.env.MINIO_ACCESS_KEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.template.spec.containers.ml-pipeline-ui.env.MINIO_SECRET_KEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ data.artifactRepository @@
! ± value change in multiline text (two inserts, two deletions)
archiveLogs: true
s3:
endpoint: nl-ams-1.linodeobjects.com:443
region: "nl-ams-1"
[one line unchanged)]
keyFormat: "artifacts/{{workflow.name}}/{{workflow.creationTimestamp.Y}}/{{workflow.creationTimestamp.m}}/{{workflow.creationTimestamp.d}}/{{pod.name}}"
# insecure will disable TLS. Primarily used for minio installs not configured with TLS
insecure: false
accessKeySecret:
- name: mlpipeline-minio-artifact
+ name: mlpipeline-obj-artifact
key: accesskey
secretKeySecret:
- name: mlpipeline-minio-artifact
+ name: mlpipeline-obj-artifact
key: secretkey
@@ metadata.name @@
# v1/Secret/mlpipeline-obj-artifact
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.rules.otomi-all-node-selector.match.any @@
! - one list entry removed:
- - resources:
- kinds:
- - Pod
- namespaces:
- - cert-manager
- - cnpg-system
- - external-dns
- - external-secrets
- - gitea
- - gitea-operator
- - grafana
- - harbor
- - ingress
- - istio-system
- - keycloak
- - knative-operator
- - knative-serving
- - kyverno
- - maintenance
- - minio
- - otel
- - otomi
- - otomi-operator
- - tekton-pipelines
- - tekton-pipelines-resolvers
- - tekton-triggers
- - trivy-operator
- - vault
! + one list entry added:
+ - resources:
+ kinds:
+ - Pod
+ namespaces:
+ - cert-manager
+ - cnpg-system
+ - external-dns
+ - external-secrets
+ - gitea
+ - gitea-operator
+ - grafana
+ - harbor
+ - ingress
+ - istio-system
+ - keycloak
+ - knative-operator
+ - knative-serving
+ - kyverno
+ - maintenance
+ - otel
+ - otomi
+ - otomi-operator
+ - tekton-pipelines
+ - tekton-pipelines-resolvers
+ - tekton-triggers
+ - trivy-operator
+ - vault
@@ data.core.yaml @@
! ± value change in multiline text (no inserts, three deletions)
adminApps:
- deps:
- prometheus
ingress:
[172 lines unchanged)]
- logging
- telemetry
- observability
useHost: grafana
- - ingress:
- - auth: true
- namespace: minio
- port: 9001
- removeRequestHeaders:
- - authorization
- svc: minio-console
- type: public
- name: minio
- ownHost: true
- tags:
- - storage
- - backup
- hide: true
ingress:
- auth: true
namespace: otomi
[309 lines unchanged)]
relatedLinks:
- https://grafana.com/docs/loki/latest/
repo: https://github.com/grafana/loki
title: Loki
- minio:
- about: MinIO is a High Performance Object Storage and its API is compatible with
- the Amazon Web Services S3 cloud storage service.
- appVersion: RELEASE.2025-09-07T16-13-09Z
- dependencies: None
- integration: App Platform installs Minio in a stand-alone setup. Optionally Minio
- Provisioning can be enabled to create buckets and policies for applications
- in App Platform capable of using object storage for data persistence.
- license: Apache 2.0
- maintainers: Minio
- relatedLinks:
- - https://minio.io/
- repo: https://github.com/minio/minio
- title: Minio
otel:
about: The OpenTelemetry Collector offers a vendor-agnostic implementation on
how to receive, process and export telemetry data. In addition, it removes the
need to run, operate and maintain multiple agents/collectors in order to support
[173 lines unchanged)]
disableIstioInjection: true
name: otel
- disableIstioInjection: true
name: maintenance
- - app: minio
- disableIstioInjection: true
- disablePolicyChecks: true
- name: minio
- disableIstioInjection: true
name: monitoring
- name: otomi
- disableIstioInjection: true
[48 lines unchanged)]
svc: tekton-dashboard
type: public
name: tekton
ownHost: true
@@ spec.rules @@
# networking.k8s.io/v1/Ingress/istio-system/nginx-team-admin-platform-public-auth
! - one list entry removed:
- - host: minio.dev.linode-apl.net
- http:
- paths:
- - backend:
- service:
- name: istio-ingressgateway-1-26-0-public
- port:
- number: 80
- path: /
- pathType: Prefix
@@ spec.tls @@
# networking.k8s.io/v1/Ingress/istio-system/nginx-team-admin-platform-public-auth
! - one list entry removed:
- - hosts:
- - minio.dev.linode-apl.net
- secretName: mysecret
@@ spec.servers.0.hosts @@
! - one list entry removed:
- - team-admin/minio.dev.linode-apl.net
@@ (root level) @@
# networking.istio.io/v1beta1/VirtualService/minio-dev-linodeapl-net
! - one document removed:
- ---
- apiVersion: networking.istio.io/v1beta1
- kind: VirtualService
- metadata:
- name: minio-dev-linodeapl-net
- labels:
- auth: "true"
- app: team-ns
- app.kubernetes.io/name: team-ns
- app.kubernetes.io/instance: team-ns-admin
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/version: 0.1.0
- app.kubernetes.io/part-of: otomi
- helm.sh/chart: team-ns-0.1.0
- otomi.io/team: admin
- spec:
- gateways:
- - team-admin/team-admin-public-tlsterm
- hosts:
- - minio.dev.linode-apl.net
- http:
- - match:
- - uri:
- prefix: /platform-logout
- redirect:
- authority: auth.dev.linode-apl.net
- uri: /oauth2/sign_out?rd=https%3A%2F%2Fkeycloak.dev.linode-apl.net%2Frealms%2Fotomi%2Fprotocol%2Fopenid-connect%2Flogout%3Fpost_logout_redirect_uri%3Dhttps%3A%2F%2Fconsole.dev.linode-apl.net%26client_id%3Dotomi
- redirectCode: 302
- - match:
- - uri:
- prefix: /
- rewrite:
- uri: /
- route:
- - destination:
- host: minio-console.minio.svc.cluster.local
- port:
- number: 9001
- headers:
- request:
- set:
- # fix for istio (=envoy) incorrectly setting proto to http
- # (@see https://github.com/istio/istio/issues/7964):
- X-Forwarded-Proto: https
- remove:
- - authorization
@@ apps @@
! - one map entry removed:
- minio:
- resources:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 500m
- memory: 128Mi
- enabled: true
- _rawValues: {}
- persistence:
- enabled: true
- size: 20Gi |
ferruhcihan
approved these changes
Feb 3, 2026
Contributor
|
Comparison of Helm chart templating output: @@ data.REDIRECT_URIS @@
# v1/ConfigMap/apl-keycloak-operator/apl-keycloak-operator-cm
! ± value change
- ["https://alertmanager-demo.dev.linode-apl.net/*","https://alertmanager-dev.dev.linode-apl.net/*","https://alertmanager.dev.linode-apl.net/*","https://api.dev.linode-apl.net/*","https://argocd.dev.linode-apl.net/*","https://auth.dev.linode-apl.net/*","https://console.dev.linode-apl.net/*","https://gitea.dev.linode-apl.net/*","https://grafana-demo.dev.linode-apl.net/*","https://grafana-dev.dev.linode-apl.net/*","https://grafana.dev.linode-apl.net/*","https://harbor.dev.linode-apl.net/*","https://has-cert-svc-demo.dev.linode-apl.net/*","https://hello-admin.dev.linode-apl.net/*","https://hello-auth-demo.dev.linode-apl.net/*","https://hello-blue-green-demo.dev.linode-apl.net/*","https://hello-demo.dev.linode-apl.net/*","https://keycloak.dev.linode-apl.net/*","https://kubeflow-pipelines.dev.linode-apl.net/*","https://minio.dev.linode-apl.net/*","https://prometheus.dev.linode-apl.net/*","https://service-a-demo.dev.linode-apl.net/*","https://service-e-demo.dev.linode-apl.net/*","https://tekton-demo.dev.linode-apl.net/*","https://tekton-dev.dev.linode-apl.net/*","https://tekton.dev.linode-apl.net/*","https://tlspass-demo.dev.linode-apl.net/*","https://tty.dev.linode-apl.net/*"]
+ ["https://alertmanager-demo.dev.linode-apl.net/*","https://alertmanager-dev.dev.linode-apl.net/*","https://alertmanager.dev.linode-apl.net/*","https://api.dev.linode-apl.net/*","https://argocd.dev.linode-apl.net/*","https://auth.dev.linode-apl.net/*","https://console.dev.linode-apl.net/*","https://gitea.dev.linode-apl.net/*","https://grafana-demo.dev.linode-apl.net/*","https://grafana-dev.dev.linode-apl.net/*","https://grafana.dev.linode-apl.net/*","https://harbor.dev.linode-apl.net/*","https://has-cert-svc-demo.dev.linode-apl.net/*","https://hello-admin.dev.linode-apl.net/*","https://hello-auth-demo.dev.linode-apl.net/*","https://hello-blue-green-demo.dev.linode-apl.net/*","https://hello-demo.dev.linode-apl.net/*","https://keycloak.dev.linode-apl.net/*","https://kubeflow-pipelines.dev.linode-apl.net/*","https://prometheus.dev.linode-apl.net/*","https://service-a-demo.dev.linode-apl.net/*","https://service-e-demo.dev.linode-apl.net/*","https://tekton-demo.dev.linode-apl.net/*","https://tekton-dev.dev.linode-apl.net/*","https://tekton.dev.linode-apl.net/*","https://tlspass-demo.dev.linode-apl.net/*","https://tty.dev.linode-apl.net/*"]
@@ data.providers @@
# v1/ConfigMap/kfp-launcher
! ± value change in multiline text (one insert, one deletion)
s3:
default:
endpoint: nl-ams-1.linodeobjects.com:443
region: "nl-ams-1"
disableSSL: false
credentials:
fromEnv: false
secretRef:
- secretName: mlpipeline-minio-artifact
+ secretName: mlpipeline-obj-artifact
accessKeyKey: accesskey
secretKeyKey: secretkey
@@ spec.template.spec.containers.ml-pipeline-api-server.env.OBJECTSTORECONFIG_ACCESSKEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.template.spec.containers.ml-pipeline-api-server.env.OBJECTSTORECONFIG_SECRETACCESSKEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ data.viewer-pod-template.json @@
! ± value change in multiline text (two inserts, two deletions)
{
"spec": {
"containers": [
{
[one line unchanged)]
{
"name": "AWS_ACCESS_KEY_ID",
"valueFrom": {
"secretKeyRef": {
- "name": mlpipeline-minio-artifact,
+ "name": mlpipeline-obj-artifact,
"key": "accesskey"
}
}
},
{
"name": "AWS_SECRET_ACCESS_KEY",
"valueFrom": {
"secretKeyRef": {
- "name": "mlpipeline-minio-artifact",
+ "name": "mlpipeline-obj-artifact",
"key": "secretkey"
}
}
},
[ten lines unchanged)]
}
]
}
}
@@ spec.template.spec.containers.ml-pipeline-ui.env.MINIO_ACCESS_KEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.template.spec.containers.ml-pipeline-ui.env.MINIO_SECRET_KEY.valueFrom.secretKeyRef.name @@
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ data.artifactRepository @@
! ± value change in multiline text (two inserts, two deletions)
archiveLogs: true
s3:
endpoint: nl-ams-1.linodeobjects.com:443
region: "nl-ams-1"
[one line unchanged)]
keyFormat: "artifacts/{{workflow.name}}/{{workflow.creationTimestamp.Y}}/{{workflow.creationTimestamp.m}}/{{workflow.creationTimestamp.d}}/{{pod.name}}"
# insecure will disable TLS. Primarily used for minio installs not configured with TLS
insecure: false
accessKeySecret:
- name: mlpipeline-minio-artifact
+ name: mlpipeline-obj-artifact
key: accesskey
secretKeySecret:
- name: mlpipeline-minio-artifact
+ name: mlpipeline-obj-artifact
key: secretkey
@@ metadata.name @@
# v1/Secret/mlpipeline-obj-artifact
! ± value change
- mlpipeline-minio-artifact
+ mlpipeline-obj-artifact
@@ spec.rules.otomi-all-node-selector.match.any @@
! - one list entry removed:
- - resources:
- kinds:
- - Pod
- namespaces:
- - cert-manager
- - cnpg-system
- - external-dns
- - external-secrets
- - gitea
- - gitea-operator
- - grafana
- - harbor
- - ingress
- - istio-system
- - keycloak
- - knative-operator
- - knative-serving
- - kyverno
- - maintenance
- - minio
- - otel
- - otomi
- - otomi-operator
- - tekton-pipelines
- - tekton-pipelines-resolvers
- - tekton-triggers
- - trivy-operator
- - vault
! + one list entry added:
+ - resources:
+ kinds:
+ - Pod
+ namespaces:
+ - cert-manager
+ - cnpg-system
+ - external-dns
+ - external-secrets
+ - gitea
+ - gitea-operator
+ - grafana
+ - harbor
+ - ingress
+ - istio-system
+ - keycloak
+ - knative-operator
+ - knative-serving
+ - kyverno
+ - maintenance
+ - otel
+ - otomi
+ - otomi-operator
+ - tekton-pipelines
+ - tekton-pipelines-resolvers
+ - tekton-triggers
+ - trivy-operator
+ - vault
@@ data.VERSIONS @@
! ± value change in multiline text (one insert, one deletion)
- {"api":"main","aplCharts":"main","console":"main","consoleLogin":"main","core":"main","specVersion":50,"tasks":"main","tools":"main"}
+ {"api":"main","aplCharts":"main","console":"main","consoleLogin":"main","core":"main","specVersion":52,"tasks":"main","tools":"main"}
@@ data.core.yaml @@
! ± value change in multiline text (no inserts, three deletions)
adminApps:
- deps:
- prometheus
ingress:
[172 lines unchanged)]
- logging
- telemetry
- observability
useHost: grafana
- - ingress:
- - auth: true
- namespace: minio
- port: 9001
- removeRequestHeaders:
- - authorization
- svc: minio-console
- type: public
- name: minio
- ownHost: true
- tags:
- - storage
- - backup
- hide: true
ingress:
- auth: true
namespace: otomi
[309 lines unchanged)]
relatedLinks:
- https://grafana.com/docs/loki/latest/
repo: https://github.com/grafana/loki
title: Loki
- minio:
- about: MinIO is a High Performance Object Storage and its API is compatible with
- the Amazon Web Services S3 cloud storage service.
- appVersion: RELEASE.2025-09-07T16-13-09Z
- dependencies: None
- integration: App Platform installs Minio in a stand-alone setup. Optionally Minio
- Provisioning can be enabled to create buckets and policies for applications
- in App Platform capable of using object storage for data persistence.
- license: Apache 2.0
- maintainers: Minio
- relatedLinks:
- - https://minio.io/
- repo: https://github.com/minio/minio
- title: Minio
otel:
about: The OpenTelemetry Collector offers a vendor-agnostic implementation on
how to receive, process and export telemetry data. In addition, it removes the
need to run, operate and maintain multiple agents/collectors in order to support
[173 lines unchanged)]
disableIstioInjection: true
name: otel
- disableIstioInjection: true
name: maintenance
- - app: minio
- disableIstioInjection: true
- disablePolicyChecks: true
- name: minio
- disableIstioInjection: true
name: monitoring
- name: otomi
- disableIstioInjection: true
[48 lines unchanged)]
svc: tekton-dashboard
type: public
name: tekton
ownHost: true
@@ spec.rules @@
# networking.k8s.io/v1/Ingress/istio-system/nginx-team-admin-platform-public-auth
! - one list entry removed:
- - host: minio.dev.linode-apl.net
- http:
- paths:
- - backend:
- service:
- name: istio-ingressgateway-1-26-0-public
- port:
- number: 80
- path: /
- pathType: Prefix
@@ spec.tls @@
# networking.k8s.io/v1/Ingress/istio-system/nginx-team-admin-platform-public-auth
! - one list entry removed:
- - hosts:
- - minio.dev.linode-apl.net
- secretName: mysecret
@@ spec.servers.0.hosts @@
! - one list entry removed:
- - team-admin/minio.dev.linode-apl.net
@@ (root level) @@
# networking.istio.io/v1beta1/VirtualService/minio-dev-linodeapl-net
! - one document removed:
- ---
- apiVersion: networking.istio.io/v1beta1
- kind: VirtualService
- metadata:
- name: minio-dev-linodeapl-net
- labels:
- auth: "true"
- app: team-ns
- app.kubernetes.io/name: team-ns
- app.kubernetes.io/instance: team-ns-admin
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/version: 0.1.0
- app.kubernetes.io/part-of: otomi
- helm.sh/chart: team-ns-0.1.0
- otomi.io/team: admin
- spec:
- gateways:
- - team-admin/team-admin-public-tlsterm
- hosts:
- - minio.dev.linode-apl.net
- http:
- - match:
- - uri:
- prefix: /platform-logout
- redirect:
- authority: auth.dev.linode-apl.net
- uri: /oauth2/sign_out?rd=https%3A%2F%2Fkeycloak.dev.linode-apl.net%2Frealms%2Fotomi%2Fprotocol%2Fopenid-connect%2Flogout%3Fpost_logout_redirect_uri%3Dhttps%3A%2F%2Fconsole.dev.linode-apl.net%26client_id%3Dotomi
- redirectCode: 302
- - match:
- - uri:
- prefix: /
- rewrite:
- uri: /
- route:
- - destination:
- host: minio-console.minio.svc.cluster.local
- port:
- number: 9001
- headers:
- request:
- set:
- # fix for istio (=envoy) incorrectly setting proto to http
- # (@see https://github.com/istio/istio/issues/7964):
- X-Forwarded-Proto: https
- remove:
- - authorization
@@ apps @@
! - one map entry removed:
- minio:
- resources:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 500m
- memory: 128Mi
- enabled: true
- _rawValues: {}
- persistence:
- enabled: true
- size: 20Gi
@@ versions.specVersion @@
! ± value change
- 50
+ 52 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
📌 Summary
linode/apl-console#709
linode/apl-api#909
blocked-by: #2899 (contains Thanos-minio related files)
🔍 Reviewer Notes
🧹 Checklist