MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-11 15:03:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Reformat helm chart templates (#16947)

Browse Source
This commit is contained in:
Denis Krivenko 2023-04-17 08:04:15 +02:00 committed by GitHub
parent 839b9c9271
commit 18515a4e3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 268 additions and 310 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
helm/minio/templates/_helpers.tpl
View File

@ -3,7 +3,7 @@
Expand the name of the chart.
*/}}
{{- define "minio.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
@ -12,102 +12,102 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
If release name contains chart name it will be used as a full name.
*/}}
{{- define "minio.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "minio.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "minio.networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "minio.deployment.apiVersion" -}}
{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}}
{{- print "apps/v1beta2" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}}
{{- print "apps/v1beta2" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for statefulset.
*/}}
{{- define "minio.statefulset.apiVersion" -}}
{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "apps/v1beta2" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}}
{{- print "apps/v1beta2" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "minio.ingress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for console ingress.
*/}}
{{- define "minio.consoleIngress.apiVersion" -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Determine secret name.
*/}}
{{- define "minio.secretName" -}}
{{- if .Values.existingSecret -}}
{{- .Values.existingSecret }}
{{- else -}}
{{- include "minio.fullname" . -}}
{{- end -}}
{{- if .Values.existingSecret -}}
{{- .Values.existingSecret }}
{{- else -}}
{{- include "minio.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Determine name for scc role and rolebinding
*/}}
{{- define "minio.sccRoleName" -}}
{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
@ -195,9 +195,9 @@ otherwise it generates a random value.
{{- $len := (default 16 .Length) | int -}}
{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
{{- if $obj }}
{{- index $obj .Key | b64dec -}}
{{- index $obj .Key | b64dec -}}
{{- else -}}
{{- randAlphaNum $len -}}
{{- randAlphaNum $len -}}
{{- end -}}
{{- end }}

26
helm/minio/templates/configmap.yaml
View File

@ -9,24 +9,24 @@ metadata:
heritage: {{ .Release.Service }}
data:
initialize: |-
{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }}
{{- include (print $.Template.BasePath "/_helper_create_bucket.txt") . | nindent 4 }}
add-user: |-
{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }}
{{- include (print $.Template.BasePath "/_helper_create_user.txt") . | nindent 4 }}
add-policy: |-
{{ include (print $.Template.BasePath "/_helper_create_policy.txt") . | indent 4 }}
{{- range $idx, $policy := .Values.policies }}
{{- include (print $.Template.BasePath "/_helper_create_policy.txt") . | nindent 4 }}
{{- range $idx, $policy := .Values.policies }}
# Policy: {{ $policy.name }}
policy_{{ $idx }}.json: |-
{{ include (print $.Template.BasePath "/_helper_policy.tpl") . | indent 4 }}
{{ end }}
{{- range $idx, $svc := .Values.svcaccts }}
{{- if $svc.policy }}
{{- include (print $.Template.BasePath "/_helper_policy.tpl") . | nindent 4 }}
{{ end }}
{{- range $idx, $svc := .Values.svcaccts }}
{{- if $svc.policy }}
# SVC: {{ $svc.accessKey }}
svc_policy_{{ $idx }}.json: |-
{{ include (print $.Template.BasePath "/_helper_policy.tpl") .policy | indent 4 }}
{{- end }}
{{ end }}
{{- include (print $.Template.BasePath "/_helper_policy.tpl") .policy | nindent 4 }}
{{- end }}
{{- end }}
add-svcacct: |-
{{ include (print $.Template.BasePath "/_helper_create_svcacct.txt") . | indent 4 }}
{{- include (print $.Template.BasePath "/_helper_create_svcacct.txt") . | nindent 4 }}
custom-command: |-
{{ include (print $.Template.BasePath "/_helper_custom_command.txt") . | indent 4 }}
{{- include (print $.Template.BasePath "/_helper_custom_command.txt") . | nindent 4 }}

28
helm/minio/templates/console-ingress.yaml
View File

@ -11,30 +11,28 @@ metadata:
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.consoleIngress.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.consoleIngress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.consoleIngress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.consoleIngress.annotations }}
annotations: {{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.consoleIngress.ingressClassName }}
{{- if .Values.consoleIngress.ingressClassName }}
ingressClassName: {{ .Values.consoleIngress.ingressClassName }}
{{- end }}
{{- if .Values.consoleIngress.tls }}
{{- end }}
{{- if .Values.consoleIngress.tls }}
tls:
{{- range .Values.consoleIngress.tls }}
{{- range .Values.consoleIngress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.consoleIngress.hosts }}
{{- range .Values.consoleIngress.hosts }}
- http:
paths:
- path: {{ $ingressPath }}
@ -53,5 +51,5 @@ spec:
{{- if . }}
host: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

38
helm/minio/templates/console-service.yaml
View File

@ -1,7 +1,4 @@
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
{{ $scheme := .Values.tls.enabled | ternary "https" "http" }}
apiVersion: v1
kind: Service
metadata:
@ -11,37 +8,36 @@ metadata:
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.consoleService.annotations }}
annotations:
{{ toYaml .Values.consoleService.annotations | indent 4 }}
{{- end }}
{{- if .Values.consoleService.annotations }}
annotations: {{- toYaml .Values.consoleService.annotations | nindent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }}
{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }}
type: ClusterIP
{{- if not (empty .Values.consoleService.clusterIP) }}
clusterIP: {{ .Values.consoleService.clusterIP }}
{{end}}
{{- else if eq .Values.consoleService.type "LoadBalancer" }}
{{- end }}
{{- else if eq .Values.consoleService.type "LoadBalancer" }}
type: {{ .Values.consoleService.type }}
loadBalancerIP: {{ default "" .Values.consoleService.loadBalancerIP }}
{{- else }}
{{- else }}
type: {{ .Values.consoleService.type }}
{{- end }}
{{- end }}
ports:
- name: {{ $scheme }}
port: {{ .Values.consoleService.port }}
protocol: TCP
{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }}
{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }}
nodePort: {{ .Values.consoleService.nodePort }}
{{- else }}
{{- else }}
targetPort: {{ .Values.minioConsolePort }}
{{- end}}
{{- if .Values.consoleService.externalIPs }}
{{- end }}
{{- if .Values.consoleService.externalIPs }}
externalIPs:
{{- range $i , $ip := .Values.consoleService.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
{{- range $i , $ip := .Values.consoleService.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
selector:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}

94
helm/minio/templates/deployment.yaml
View File

@ -1,8 +1,5 @@
{{- if eq .Values.mode "standalone" }}
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
{{ $scheme := .Values.tls.enabled | ternary "https" "http" }}
{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }}
apiVersion: {{ template "minio.deployment.apiVersion" . }}
kind: Deployment
@ -13,13 +10,12 @@ metadata:
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations:
{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.additionalLabels }}
{{- toYaml .Values.additionalLabels | nindent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations: {{- toYaml .Values.additionalAnnotations | nindent 4 }}
{{- end }}
spec:
strategy:
type: {{ .Values.DeploymentUpdate.type }}
@ -27,7 +23,7 @@ spec:
rollingUpdate:
maxSurge: {{ .Values.DeploymentUpdate.maxSurge }}
maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }}
{{- end}}
{{- end }}
replicas: 1
selector:
matchLabels:
@ -39,17 +35,17 @@ spec:
labels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
annotations:
{{- if not .Values.ignoreChartChecksums }}
{{- if not .Values.ignoreChartChecksums }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
@ -57,7 +53,7 @@ spec:
{{- if .Values.runtimeClassName }}
runtimeClassName: "{{ .Values.runtimeClassName }}"
{{- end }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
@ -65,10 +61,10 @@ spec:
{{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }}
fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }}
{{- end }}
{{- end }}
{{ if .Values.serviceAccount.create }}
{{- end }}
{{ if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@ -113,11 +109,11 @@ spec:
{{- if .Values.extraSecret }}
- name: MINIO_CONFIG_ENV_FILE
value: "/tmp/minio-config-env/config.env"
{{- end}}
{{- end }}
{{- if .Values.metrics.serviceMonitor.public }}
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
{{- end}}
{{- end }}
{{- if .Values.oidc.enabled }}
- name: MINIO_IDENTITY_OPENID_CONFIG_URL
value: {{ .Values.oidc.configUrl }}
@ -135,7 +131,7 @@ spec:
value: {{ .Values.oidc.redirectUri }}
- name: MINIO_IDENTITY_OPENID_COMMENT
value: {{ .Values.oidc.comment }}
{{- end}}
{{- end }}
{{- if .Values.etcd.endpoints }}
- name: MINIO_ETCD_ENDPOINTS
value: {{ join "," .Values.etcd.endpoints | quote }}
@ -159,37 +155,33 @@ spec:
{{- range $key, $val := .Values.environment }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end}}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- end }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.extraContainers }}
{{- if eq (typeOf .) "string" }}
{{- tpl . $ | nindent 8 }}
{{- else }}
{{- toYaml . | nindent 8 }}
{{- if eq (typeOf .) "string" }}
{{- tpl . $ | nindent 8 }}
{{- else }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 8 }}
{{- end }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- with .Values.affinity }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: export
{{- if .Values.persistence.enabled }}
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }}
{{- else }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.extraSecret }}
- name: extra-secret
secret:

34
helm/minio/templates/ingress.yaml
View File

@ -11,47 +11,45 @@ metadata:
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.ingress.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
{{- with .Values.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations: {{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.ingressClassName }}
{{- if .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
{{- end }}
{{- if .Values.ingress.tls }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
{{- range .Values.ingress.hosts }}
- http:
paths:
- path: {{ $ingressPath }}
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
pathType: Prefix
backend:
service:
name: {{ $fullName }}
port:
number: {{ $servicePort }}
{{- else }}
{{- else }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}
{{- if . }}
host: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

41
helm/minio/templates/post-job.yaml
View File

@ -24,23 +24,19 @@ spec:
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
{{- if .Values.postJob.podAnnotations }}
annotations:
{{- toYaml .Values.postJob.podAnnotations | nindent 8 }}
annotations: {{- toYaml .Values.postJob.podAnnotations | nindent 8 }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- include "minio.imagePullSecrets" . | nindent 6 }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{- toYaml .Values.postJob.nodeSelector | nindent 8 }}
nodeSelector: {{- toYaml .Values.postJob.nodeSelector | nindent 8 }}
{{- end }}
{{- with .Values.postJob.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.postJob.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.postJob.securityContext.enabled }}
securityContext:
@ -81,7 +77,7 @@ spec:
items:
- key: {{ .Values.tls.publicCrt }}
path: CAs/public.crt
{{ end }}
{{- end }}
containers:
{{- if .Values.buckets }}
- name: minio-make-bucket
@ -109,9 +105,8 @@ spec:
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{- toYaml .Values.makeBucketJob.resources | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.makeBucketJob.resources | nindent 12 }}
{{- end }}
{{- if .Values.users }}
- name: minio-make-user
@ -139,9 +134,8 @@ spec:
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{- toYaml .Values.makeUserJob.resources | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.makeUserJob.resources | nindent 12 }}
{{- end }}
{{- if .Values.policies }}
- name: minio-make-policy
@ -169,9 +163,8 @@ spec:
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{- toYaml .Values.makePolicyJob.resources | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.makePolicyJob.resources | nindent 12 }}
{{- end }}
{{- if .Values.customCommands }}
- name: minio-custom-command
@ -199,9 +192,8 @@ spec:
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{- toYaml .Values.customCommandJob.resources | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.customCommandJob.resources | nindent 12 }}
{{- end }}
{{- if .Values.svcaccts }}
- name: minio-make-svcacct
@ -229,8 +221,7 @@ spec:
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{ end }}
resources:
{{- toYaml .Values.makeServiceAccountJob.resources | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.makeServiceAccountJob.resources | nindent 12 }}
{{- end }}
{{- end }}

22
helm/minio/templates/pvc.yaml
View File

@ -9,26 +9,24 @@ metadata:
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.persistence.annotations }}
annotations: {{- toYaml .Values.persistence.annotations | nindent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- if .Values.persistence.VolumeName }}
{{- end }}
{{- end }}
{{- if .Values.persistence.VolumeName }}
volumeName: "{{ .Values.persistence.VolumeName }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}

38
helm/minio/templates/service.yaml
View File

@ -1,7 +1,4 @@
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
{{ $scheme := .Values.tls.enabled | ternary "https" "http" }}
apiVersion: v1
kind: Service
metadata:
@ -12,37 +9,36 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
monitoring: "true"
{{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
{{- if .Values.service.annotations }}
annotations: {{- toYaml .Values.service.annotations | nindent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }}
{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }}
type: ClusterIP
{{- if not (empty .Values.service.clusterIP) }}
clusterIP: {{ .Values.service.clusterIP }}
{{end}}
{{- else if eq .Values.service.type "LoadBalancer" }}
{{- end }}
{{- else if eq .Values.service.type "LoadBalancer" }}
type: {{ .Values.service.type }}
loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }}
{{- else }}
{{- else }}
type: {{ .Values.service.type }}
{{- end }}
{{- end }}
ports:
- name: {{ $scheme }}
port: {{ .Values.service.port }}
protocol: TCP
{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }}
{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }}
nodePort: {{ .Values.service.nodePort }}
{{- else }}
{{- else }}
targetPort: {{ .Values.minioAPIPort }}
{{- end}}
{{- if .Values.service.externalIPs }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{- range $i , $ip := .Values.service.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
{{- range $i , $ip := .Values.service.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
selector:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}

2
helm/minio/templates/serviceaccount.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.serviceAccount.create -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:

21
helm/minio/templates/servicemonitor.yaml
View File

@ -1,4 +1,4 @@
{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode}}
{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
@ -12,12 +12,11 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }}
{{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.annotations }}
annotations:
{{ toYaml .Values.metrics.serviceMonitor.annotations | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.annotations }}
annotations: {{- toYaml .Values.metrics.serviceMonitor.annotations | nindent 4 }}
{{- end }}
spec:
endpoints:
{{- if .Values.tls.enabled }}
@ -29,7 +28,7 @@ spec:
name: {{ .Values.tls.certSecret }}
key: {{ .Values.tls.publicCrt }}
serverName: {{ template "minio.fullname" . }}
{{ else }}
{{- else }}
- port: http
scheme: http
{{- end }}
@ -41,7 +40,7 @@ spec:
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelConfigs }}
{{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }}
{{- toYaml .Values.metrics.serviceMonitor.relabelConfigs | nindent 6 }}
{{- end }}
{{- if not .Values.metrics.serviceMonitor.public }}
bearerTokenSecret:
@ -72,7 +71,7 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }}
{{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }}
{{- end }}
spec:
jobName: {{ template "minio.fullname" . }}
@ -89,11 +88,11 @@ spec:
path: /minio/v2/metrics/cluster
{{- if .Values.tls.enabled }}
scheme: https
{{ else }}
{{- else }}
scheme: http
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabelConfigsCluster }}
{{ toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | indent 2 }}
{{- toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | nindent 2 }}
{{- end }}
targets:
staticConfig:

132
helm/minio/templates/statefulset.yaml
View File

@ -3,10 +3,7 @@
{{ $nodeCount := .Values.replicas | int }}
{{ $replicas := mul $poolCount $nodeCount }}
{{ $drivesPerNode := .Values.drivesPerNode | int }}
{{ $scheme := "http" }}
{{- if .Values.tls.enabled }}
{{ $scheme = "https" }}
{{ end }}
{{ $scheme := .Values.tls.enabled | ternary "https" "http" }}
{{ $mountPath := .Values.mountPath }}
{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }}
{{ $subPath := .Values.persistence.subPath }}
@ -21,8 +18,8 @@ metadata:
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
publishNotReadyAddresses: true
clusterIP: None
@ -44,13 +41,12 @@ metadata:
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.additionalLabels }}
{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations:
{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }}
{{- end }}
{{- if .Values.additionalLabels }}
{{- toYaml .Values.additionalLabels | nindent 4 }}
{{- end }}
{{- if .Values.additionalAnnotations }}
annotations: {{- toYaml .Values.additionalAnnotations | nindent 4 }}
{{- end }}
spec:
updateStrategy:
type: {{ .Values.StatefulSetUpdate.updateStrategy }}
@ -67,17 +63,17 @@ spec:
labels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
annotations:
{{- if not .Values.ignoreChartChecksums }}
{{- if not .Values.ignoreChartChecksums }}
checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
@ -85,7 +81,7 @@ spec:
{{- if .Values.runtimeClassName }}
runtimeClassName: "{{ .Values.runtimeClassName }}"
{{- end }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
{{- if and .Values.securityContext.enabled .Values.persistence.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
@ -93,18 +89,19 @@ spec:
{{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }}
fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }}
{{- end }}
{{- end }}
{{ if .Values.serviceAccount.create }}
{{- end }}
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [ "/bin/sh",
command: [
"/bin/sh",
"-ce",
"/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" ]
"/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{ else }}{{ $bucketRoot }}{{end }}{{- end }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}"
]
volumeMounts:
{{- if $penabled }}
{{- if (gt $drivesPerNode 1) }}
@ -150,11 +147,11 @@ spec:
{{- if .Values.extraSecret }}
- name: MINIO_CONFIG_ENV_FILE
value: "/tmp/minio-config-env/config.env"
{{- end}}
{{- end }}
{{- if .Values.metrics.serviceMonitor.public }}
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
{{- end}}
{{- end }}
{{- if .Values.oidc.enabled }}
- name: MINIO_IDENTITY_OPENID_CONFIG_URL
value: {{ .Values.oidc.configUrl }}
@ -172,39 +169,34 @@ spec:
value: {{ .Values.oidc.redirectUri }}
- name: MINIO_IDENTITY_OPENID_COMMENT
value: {{ .Values.oidc.comment }}
{{- end}}
{{- end }}
{{- range $key, $val := .Values.environment }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end}}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- end }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.extraContainers }}
{{- if eq (typeOf .) "string" }}
{{- tpl . $ | nindent 8 }}
{{- else }}
{{- toYaml . | nindent 8 }}
{{- if eq (typeOf .) "string" }}
{{- tpl . $ | nindent 8 }}
{{- else }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 8 }}
{{- end }}
{{- include "minio.imagePullSecrets" . | indent 6 }}
{{- with .Values.affinity }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
{{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
volumes:
- name: minio-user
secret:
@ -216,18 +208,17 @@ spec:
{{- end }}
{{- include "minio.tlsKeysVolume" . | indent 8 }}
{{- if .Values.extraVolumes }}
{{ toYaml .Values.extraVolumes | nindent 8 }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- end }}
{{- if .Values.persistence.enabled }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
{{- if gt $drivesPerNode 1 }}
{{- if gt $drivesPerNode 1 }}
{{- range $diskId := until $drivesPerNode}}
- metadata:
name: export-{{ $diskId }}
{{- if $.Values.persistence.annotations }}
annotations:
{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }}
{{- end }}
{{- if $.Values.persistence.annotations }}
annotations: {{- toYaml $.Values.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes: [ {{ $accessMode | quote }} ]
{{- if $storageClass }}
@ -237,13 +228,12 @@ spec:
requests:
storage: {{ $psize }}
{{- end }}
{{- else }}
{{- else }}
- metadata:
name: export
{{- if $.Values.persistence.annotations }}
annotations:
{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }}
{{- end }}
{{- if $.Values.persistence.annotations }}
annotations: {{- toYaml $.Values.persistence.annotations | nindent 10 }}
{{- end }}
spec:
accessModes: [ {{ $accessMode | quote }} ]
{{- if $storageClass }}
@ -252,6 +242,6 @@ spec:
resources:
requests:
storage: {{ $psize }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}