fix(stack/trino-superset-s3): Use Minio with TLS (#174)

* chore(stack): Render helm-chart for minio with tls

* chore(stack/minio-tls): Override command to copy certs to the correct names

* chore(stack/trino-superset-s3): Enable TLS for S3Connection

* chore(stack/trino-superset-s3): Use rendered mino-tls

Author: NickLarsenNZ

.pre-commit-config.yaml

@@ -2,6 +2,8 @@
 default_language_version:
   node: system
 
+exclude: '^stacks/_templates/minio-tls/rendered-chart\.yaml$'
+
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: 2c9f875913ee60ca25ce70243dc24d5b6415598c # 4.6.0

stacks/_templates/minio-tls/README.md

@@ -0,0 +1,16 @@
+# MinIO with TLS from secret-operator
+
+MinIO has a severe limitation whereby the TLS certificates must be named `public.crt`
+and `private.key`. This goes against Kubernetes naming of `tls.crt` and `tls.key`.
+
+The upstream minio chart is also too limited:
+
+- No way to add initContainers (to rename cert files in a shared volume).
+- No way to edit the container command (to rename cert files before starting minio).
+
+Therefore, we will render the upstream chart here, and then apply the necessary
+customizations on top.
+
+```yaml
+helm template minio minio/minio -f values.yaml > rendered-chart.yaml
+```