diff --git a/helm/minio/templates/_helpers.tpl b/helm/minio/templates/_helpers.tpl index 2fe061d34..1cb209e5e 100644 --- a/helm/minio/templates/_helpers.tpl +++ b/helm/minio/templates/_helpers.tpl @@ -3,7 +3,7 @@ Expand the name of the chart. */}} {{- define "minio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -12,102 +12,102 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "minio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} + {{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- $name := default .Chart.Name .Values.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- end -}} + {{- end -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "minio.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Return the appropriate apiVersion for networkpolicy. */}} {{- define "minio.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} + {{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}} + {{- print "extensions/v1beta1" -}} + {{- else if semverCompare ">=1.7-0, <1.16-0" .Capabilities.KubeVersion.Version -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else if semverCompare "^1.16-0" .Capabilities.KubeVersion.Version -}} + {{- print "networking.k8s.io/v1" -}} + {{- end -}} {{- end -}} {{/* Return the appropriate apiVersion for deployment. */}} {{- define "minio.deployment.apiVersion" -}} -{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} + {{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}} + {{- print "apps/v1beta2" -}} + {{- else -}} + {{- print "apps/v1" -}} + {{- end -}} {{- end -}} {{/* Return the appropriate apiVersion for statefulset. */}} {{- define "minio.statefulset.apiVersion" -}} -{{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}} -{{- print "apps/v1beta2" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} + {{- if semverCompare "<1.16-0" .Capabilities.KubeVersion.Version -}} + {{- print "apps/v1beta2" -}} + {{- else -}} + {{- print "apps/v1" -}} + {{- end -}} {{- end -}} {{/* Return the appropriate apiVersion for ingress. */}} {{- define "minio.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} + {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "extensions/v1beta1" -}} + {{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "networking.k8s.io/v1" -}} + {{- end -}} {{- end -}} {{/* Return the appropriate apiVersion for console ingress. */}} {{- define "minio.consoleIngress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} + {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "extensions/v1beta1" -}} + {{- else if semverCompare "<1.19-0" .Capabilities.KubeVersion.GitVersion -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "networking.k8s.io/v1" -}} + {{- end -}} {{- end -}} {{/* Determine secret name. */}} {{- define "minio.secretName" -}} -{{- if .Values.existingSecret -}} -{{- .Values.existingSecret }} -{{- else -}} -{{- include "minio.fullname" . -}} -{{- end -}} + {{- if .Values.existingSecret -}} + {{- .Values.existingSecret }} + {{- else -}} + {{- include "minio.fullname" . -}} + {{- end -}} {{- end -}} {{/* Determine name for scc role and rolebinding */}} {{- define "minio.sccRoleName" -}} -{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}} + {{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -195,9 +195,9 @@ otherwise it generates a random value. {{- $len := (default 16 .Length) | int -}} {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} {{- if $obj }} - {{- index $obj .Key | b64dec -}} + {{- index $obj .Key | b64dec -}} {{- else -}} - {{- randAlphaNum $len -}} + {{- randAlphaNum $len -}} {{- end -}} {{- end }} diff --git a/helm/minio/templates/configmap.yaml b/helm/minio/templates/configmap.yaml index 347062e5c..47f64cc23 100644 --- a/helm/minio/templates/configmap.yaml +++ b/helm/minio/templates/configmap.yaml @@ -9,24 +9,24 @@ metadata: heritage: {{ .Release.Service }} data: initialize: |- -{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }} + {{- include (print $.Template.BasePath "/_helper_create_bucket.txt") . | nindent 4 }} add-user: |- -{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }} + {{- include (print $.Template.BasePath "/_helper_create_user.txt") . | nindent 4 }} add-policy: |- -{{ include (print $.Template.BasePath "/_helper_create_policy.txt") . | indent 4 }} -{{- range $idx, $policy := .Values.policies }} + {{- include (print $.Template.BasePath "/_helper_create_policy.txt") . | nindent 4 }} + {{- range $idx, $policy := .Values.policies }} # Policy: {{ $policy.name }} policy_{{ $idx }}.json: |- -{{ include (print $.Template.BasePath "/_helper_policy.tpl") . | indent 4 }} -{{ end }} -{{- range $idx, $svc := .Values.svcaccts }} -{{- if $svc.policy }} + {{- include (print $.Template.BasePath "/_helper_policy.tpl") . | nindent 4 }} + {{ end }} + {{- range $idx, $svc := .Values.svcaccts }} + {{- if $svc.policy }} # SVC: {{ $svc.accessKey }} svc_policy_{{ $idx }}.json: |- -{{ include (print $.Template.BasePath "/_helper_policy.tpl") .policy | indent 4 }} -{{- end }} -{{ end }} + {{- include (print $.Template.BasePath "/_helper_policy.tpl") .policy | nindent 4 }} + {{- end }} + {{- end }} add-svcacct: |- -{{ include (print $.Template.BasePath "/_helper_create_svcacct.txt") . | indent 4 }} + {{- include (print $.Template.BasePath "/_helper_create_svcacct.txt") . | nindent 4 }} custom-command: |- -{{ include (print $.Template.BasePath "/_helper_custom_command.txt") . | indent 4 }} + {{- include (print $.Template.BasePath "/_helper_custom_command.txt") . | nindent 4 }} diff --git a/helm/minio/templates/console-ingress.yaml b/helm/minio/templates/console-ingress.yaml index 48952d953..9d2d8abb1 100644 --- a/helm/minio/templates/console-ingress.yaml +++ b/helm/minio/templates/console-ingress.yaml @@ -11,30 +11,28 @@ metadata: chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- with .Values.consoleIngress.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - -{{- with .Values.consoleIngress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- with .Values.consoleIngress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.consoleIngress.annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} spec: -{{- if .Values.consoleIngress.ingressClassName }} + {{- if .Values.consoleIngress.ingressClassName }} ingressClassName: {{ .Values.consoleIngress.ingressClassName }} -{{- end }} -{{- if .Values.consoleIngress.tls }} + {{- end }} + {{- if .Values.consoleIngress.tls }} tls: - {{- range .Values.consoleIngress.tls }} + {{- range .Values.consoleIngress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.consoleIngress.hosts }} + {{- range .Values.consoleIngress.hosts }} - http: paths: - path: {{ $ingressPath }} @@ -53,5 +51,5 @@ spec: {{- if . }} host: {{ . | quote }} {{- end }} - {{- end }} + {{- end }} {{- end }} diff --git a/helm/minio/templates/console-service.yaml b/helm/minio/templates/console-service.yaml index 78e07832c..2bbe7e385 100644 --- a/helm/minio/templates/console-service.yaml +++ b/helm/minio/templates/console-service.yaml @@ -1,7 +1,4 @@ -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} apiVersion: v1 kind: Service metadata: @@ -11,37 +8,36 @@ metadata: chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- if .Values.consoleService.annotations }} - annotations: -{{ toYaml .Values.consoleService.annotations | indent 4 }} -{{- end }} + {{- if .Values.consoleService.annotations }} + annotations: {{- toYaml .Values.consoleService.annotations | nindent 4 }} + {{- end }} spec: -{{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }} + {{- if (or (eq .Values.consoleService.type "ClusterIP" "") (empty .Values.consoleService.type)) }} type: ClusterIP {{- if not (empty .Values.consoleService.clusterIP) }} clusterIP: {{ .Values.consoleService.clusterIP }} - {{end}} -{{- else if eq .Values.consoleService.type "LoadBalancer" }} + {{- end }} + {{- else if eq .Values.consoleService.type "LoadBalancer" }} type: {{ .Values.consoleService.type }} loadBalancerIP: {{ default "" .Values.consoleService.loadBalancerIP }} -{{- else }} + {{- else }} type: {{ .Values.consoleService.type }} -{{- end }} + {{- end }} ports: - name: {{ $scheme }} port: {{ .Values.consoleService.port }} protocol: TCP -{{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }} + {{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }} nodePort: {{ .Values.consoleService.nodePort }} -{{- else }} + {{- else }} targetPort: {{ .Values.minioConsolePort }} -{{- end}} -{{- if .Values.consoleService.externalIPs }} + {{- end }} + {{- if .Values.consoleService.externalIPs }} externalIPs: -{{- range $i , $ip := .Values.consoleService.externalIPs }} - - {{ $ip }} -{{- end }} -{{- end }} + {{- range $i , $ip := .Values.consoleService.externalIPs }} + - {{ $ip }} + {{- end }} + {{- end }} selector: app: {{ template "minio.name" . }} release: {{ .Release.Name }} diff --git a/helm/minio/templates/deployment.yaml b/helm/minio/templates/deployment.yaml index 235ad8b07..5db589b9b 100644 --- a/helm/minio/templates/deployment.yaml +++ b/helm/minio/templates/deployment.yaml @@ -1,8 +1,5 @@ {{- if eq .Values.mode "standalone" }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} {{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} apiVersion: {{ template "minio.deployment.apiVersion" . }} kind: Deployment @@ -13,13 +10,12 @@ metadata: chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} + {{- if .Values.additionalLabels }} + {{- toYaml .Values.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.additionalAnnotations }} + annotations: {{- toYaml .Values.additionalAnnotations | nindent 4 }} + {{- end }} spec: strategy: type: {{ .Values.DeploymentUpdate.type }} @@ -27,7 +23,7 @@ spec: rollingUpdate: maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} - {{- end}} + {{- end }} replicas: 1 selector: matchLabels: @@ -39,17 +35,17 @@ spec: labels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} annotations: -{{- if not .Values.ignoreChartChecksums }} + {{- if not .Values.ignoreChartChecksums }} checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} + {{- end }} spec: {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" @@ -57,7 +53,7 @@ spec: {{- if .Values.runtimeClassName }} runtimeClassName: "{{ .Values.runtimeClassName }}" {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} runAsGroup: {{ .Values.securityContext.runAsGroup }} @@ -65,10 +61,10 @@ spec: {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} {{- end }} -{{- end }} -{{ if .Values.serviceAccount.create }} + {{- end }} + {{ if .Values.serviceAccount.create }} serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -113,11 +109,11 @@ spec: {{- if .Values.extraSecret }} - name: MINIO_CONFIG_ENV_FILE value: "/tmp/minio-config-env/config.env" - {{- end}} + {{- end }} {{- if .Values.metrics.serviceMonitor.public }} - name: MINIO_PROMETHEUS_AUTH_TYPE value: "public" - {{- end}} + {{- end }} {{- if .Values.oidc.enabled }} - name: MINIO_IDENTITY_OPENID_CONFIG_URL value: {{ .Values.oidc.configUrl }} @@ -135,7 +131,7 @@ spec: value: {{ .Values.oidc.redirectUri }} - name: MINIO_IDENTITY_OPENID_COMMENT value: {{ .Values.oidc.comment }} - {{- end}} + {{- end }} {{- if .Values.etcd.endpoints }} - name: MINIO_ETCD_ENDPOINTS value: {{ join "," .Values.etcd.endpoints | quote }} @@ -159,37 +155,33 @@ spec: {{- range $key, $val := .Values.environment }} - name: {{ $key }} value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} + {{- end }} + resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.extraContainers }} - {{- if eq (typeOf .) "string" }} - {{- tpl . $ | nindent 8 }} - {{- else }} - {{- toYaml . | nindent 8 }} + {{- if eq (typeOf .) "string" }} + {{- tpl . $ | nindent 8 }} + {{- else }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} - {{- end }} -{{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} -{{- end }} -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "minio.imagePullSecrets" . | indent 6 }} + {{- with .Values.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} volumes: - name: export - {{- if .Values.persistence.enabled }} + {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} - {{- else }} + {{- else }} emptyDir: {} - {{- end }} + {{- end }} {{- if .Values.extraSecret }} - name: extra-secret secret: diff --git a/helm/minio/templates/ingress.yaml b/helm/minio/templates/ingress.yaml index 62d9a8c83..d27be6ecc 100644 --- a/helm/minio/templates/ingress.yaml +++ b/helm/minio/templates/ingress.yaml @@ -11,47 +11,45 @@ metadata: chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- with .Values.ingress.labels }} -{{ toYaml . | indent 4 }} -{{- end }} - -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ingress.annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} spec: -{{- if .Values.ingress.ingressClassName }} + {{- if .Values.ingress.ingressClassName }} ingressClassName: {{ .Values.ingress.ingressClassName }} -{{- end }} -{{- if .Values.ingress.tls }} + {{- end }} + {{- if .Values.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} - http: paths: - path: {{ $ingressPath }} - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} pathType: Prefix backend: service: name: {{ $fullName }} port: number: {{ $servicePort }} - {{- else }} + {{- else }} backend: serviceName: {{ $fullName }} servicePort: {{ $servicePort }} - {{- end }} + {{- end }} {{- if . }} host: {{ . | quote }} {{- end }} - {{- end }} + {{- end }} {{- end }} diff --git a/helm/minio/templates/post-job.yaml b/helm/minio/templates/post-job.yaml index 1adf00d97..9d312118c 100644 --- a/helm/minio/templates/post-job.yaml +++ b/helm/minio/templates/post-job.yaml @@ -24,23 +24,19 @@ spec: {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} {{- if .Values.postJob.podAnnotations }} - annotations: - {{- toYaml .Values.postJob.podAnnotations | nindent 8 }} + annotations: {{- toYaml .Values.postJob.podAnnotations | nindent 8 }} {{- end }} spec: restartPolicy: OnFailure - {{- include "minio.imagePullSecrets" . | nindent 6 }} + {{- include "minio.imagePullSecrets" . | indent 6 }} {{- if .Values.nodeSelector }} - nodeSelector: - {{- toYaml .Values.postJob.nodeSelector | nindent 8 }} + nodeSelector: {{- toYaml .Values.postJob.nodeSelector | nindent 8 }} {{- end }} {{- with .Values.postJob.affinity }} - affinity: - {{- toYaml . | nindent 8 }} + affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.postJob.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} + tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.postJob.securityContext.enabled }} securityContext: @@ -81,7 +77,7 @@ spec: items: - key: {{ .Values.tls.publicCrt }} path: CAs/public.crt - {{ end }} + {{- end }} containers: {{- if .Values.buckets }} - name: minio-make-bucket @@ -109,9 +105,8 @@ spec: {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeBucketJob.resources | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.makeBucketJob.resources | nindent 12 }} {{- end }} {{- if .Values.users }} - name: minio-make-user @@ -139,9 +134,8 @@ spec: {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeUserJob.resources | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.makeUserJob.resources | nindent 12 }} {{- end }} {{- if .Values.policies }} - name: minio-make-policy @@ -169,9 +163,8 @@ spec: {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makePolicyJob.resources | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.makePolicyJob.resources | nindent 12 }} {{- end }} {{- if .Values.customCommands }} - name: minio-custom-command @@ -199,9 +192,8 @@ spec: {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.customCommandJob.resources | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.customCommandJob.resources | nindent 12 }} {{- end }} {{- if .Values.svcaccts }} - name: minio-make-svcacct @@ -229,8 +221,7 @@ spec: {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: - {{- toYaml .Values.makeServiceAccountJob.resources | nindent 12 }} + {{- end }} + resources: {{- toYaml .Values.makeServiceAccountJob.resources | nindent 12 }} {{- end }} {{- end }} diff --git a/helm/minio/templates/pvc.yaml b/helm/minio/templates/pvc.yaml index 5df1132a5..a68138ffe 100644 --- a/helm/minio/templates/pvc.yaml +++ b/helm/minio/templates/pvc.yaml @@ -9,26 +9,24 @@ metadata: chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | trimSuffix "\n" | indent 4 }} -{{- end }} + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 4 }} + {{- end }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} resources: requests: storage: {{ .Values.persistence.size | quote }} - -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} storageClassName: "" -{{- else }} + {{- else }} storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- if .Values.persistence.VolumeName }} + {{- end }} + {{- end }} + {{- if .Values.persistence.VolumeName }} volumeName: "{{ .Values.persistence.VolumeName }}" -{{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/helm/minio/templates/service.yaml b/helm/minio/templates/service.yaml index fd326a73e..ba1f3feaa 100644 --- a/helm/minio/templates/service.yaml +++ b/helm/minio/templates/service.yaml @@ -1,7 +1,4 @@ -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} apiVersion: v1 kind: Service metadata: @@ -12,37 +9,36 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} monitoring: "true" -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} + {{- if .Values.service.annotations }} + annotations: {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} spec: -{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }} + {{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }} type: ClusterIP {{- if not (empty .Values.service.clusterIP) }} clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} + {{- end }} + {{- else if eq .Values.service.type "LoadBalancer" }} type: {{ .Values.service.type }} loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} -{{- else }} + {{- else }} type: {{ .Values.service.type }} -{{- end }} + {{- end }} ports: - name: {{ $scheme }} port: {{ .Values.service.port }} protocol: TCP -{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} + {{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} nodePort: {{ .Values.service.nodePort }} -{{- else }} + {{- else }} targetPort: {{ .Values.minioAPIPort }} -{{- end}} -{{- if .Values.service.externalIPs }} + {{- end }} + {{- if .Values.service.externalIPs }} externalIPs: -{{- range $i , $ip := .Values.service.externalIPs }} - - {{ $ip }} -{{- end }} -{{- end }} + {{- range $i , $ip := .Values.service.externalIPs }} + - {{ $ip }} + {{- end }} + {{- end }} selector: app: {{ template "minio.name" . }} release: {{ .Release.Name }} diff --git a/helm/minio/templates/serviceaccount.yaml b/helm/minio/templates/serviceaccount.yaml index 1a5f77b49..6b02cbfa1 100644 --- a/helm/minio/templates/serviceaccount.yaml +++ b/helm/minio/templates/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceAccount.create -}} +{{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/helm/minio/templates/servicemonitor.yaml b/helm/minio/templates/servicemonitor.yaml index 80b907277..f875a850e 100644 --- a/helm/minio/templates/servicemonitor.yaml +++ b/helm/minio/templates/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode}} +{{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.includeNode }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -12,12 +12,11 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} {{- end }} -{{- if .Values.metrics.serviceMonitor.annotations }} - annotations: -{{ toYaml .Values.metrics.serviceMonitor.annotations | trimSuffix "\n" | indent 4 }} -{{- end }} + {{- if .Values.metrics.serviceMonitor.annotations }} + annotations: {{- toYaml .Values.metrics.serviceMonitor.annotations | nindent 4 }} + {{- end }} spec: endpoints: {{- if .Values.tls.enabled }} @@ -29,7 +28,7 @@ spec: name: {{ .Values.tls.certSecret }} key: {{ .Values.tls.publicCrt }} serverName: {{ template "minio.fullname" . }} - {{ else }} + {{- else }} - port: http scheme: http {{- end }} @@ -41,7 +40,7 @@ spec: scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} {{- end }} {{- if .Values.metrics.serviceMonitor.relabelConfigs }} -{{ toYaml .Values.metrics.serviceMonitor.relabelConfigs | indent 6 }} + {{- toYaml .Values.metrics.serviceMonitor.relabelConfigs | nindent 6 }} {{- end }} {{- if not .Values.metrics.serviceMonitor.public }} bearerTokenSecret: @@ -72,7 +71,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} {{- end }} spec: jobName: {{ template "minio.fullname" . }} @@ -89,11 +88,11 @@ spec: path: /minio/v2/metrics/cluster {{- if .Values.tls.enabled }} scheme: https - {{ else }} + {{- else }} scheme: http {{- end }} {{- if .Values.metrics.serviceMonitor.relabelConfigsCluster }} -{{ toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | indent 2 }} + {{- toYaml .Values.metrics.serviceMonitor.relabelConfigsCluster | nindent 2 }} {{- end }} targets: staticConfig: diff --git a/helm/minio/templates/statefulset.yaml b/helm/minio/templates/statefulset.yaml index e07e1654a..a66caee0d 100644 --- a/helm/minio/templates/statefulset.yaml +++ b/helm/minio/templates/statefulset.yaml @@ -3,10 +3,7 @@ {{ $nodeCount := .Values.replicas | int }} {{ $replicas := mul $poolCount $nodeCount }} {{ $drivesPerNode := .Values.drivesPerNode | int }} -{{ $scheme := "http" }} -{{- if .Values.tls.enabled }} -{{ $scheme = "https" }} -{{ end }} +{{ $scheme := .Values.tls.enabled | ternary "https" "http" }} {{ $mountPath := .Values.mountPath }} {{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} {{ $subPath := .Values.persistence.subPath }} @@ -21,8 +18,8 @@ metadata: labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} spec: publishNotReadyAddresses: true clusterIP: None @@ -44,13 +41,12 @@ metadata: chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- if .Values.additionalLabels }} -{{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} -{{- end }} -{{- if .Values.additionalAnnotations }} - annotations: -{{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} -{{- end }} + {{- if .Values.additionalLabels }} + {{- toYaml .Values.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.additionalAnnotations }} + annotations: {{- toYaml .Values.additionalAnnotations | nindent 4 }} + {{- end }} spec: updateStrategy: type: {{ .Values.StatefulSetUpdate.updateStrategy }} @@ -67,17 +63,17 @@ spec: labels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} + {{- if .Values.podLabels }} + {{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} annotations: -{{- if not .Values.ignoreChartChecksums }} + {{- if not .Values.ignoreChartChecksums }} checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} -{{- end }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} spec: {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" @@ -85,7 +81,7 @@ spec: {{- if .Values.runtimeClassName }} runtimeClassName: "{{ .Values.runtimeClassName }}" {{- end }} -{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} runAsGroup: {{ .Values.securityContext.runAsGroup }} @@ -93,18 +89,19 @@ spec: {{- if and (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "20") }} fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} {{- end }} -{{- end }} -{{ if .Values.serviceAccount.create }} + {{- end }} + {{- if .Values.serviceAccount.create }} serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} - - command: [ "/bin/sh", + command: [ + "/bin/sh", "-ce", - "/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" ] + "/usr/bin/docker-entrypoint.sh minio server {{- range $i := until $poolCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{ else }}{{ $bucketRoot }}{{end }}{{- end }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template `minio.extraArgs` . }}" + ] volumeMounts: {{- if $penabled }} {{- if (gt $drivesPerNode 1) }} @@ -150,11 +147,11 @@ spec: {{- if .Values.extraSecret }} - name: MINIO_CONFIG_ENV_FILE value: "/tmp/minio-config-env/config.env" - {{- end}} + {{- end }} {{- if .Values.metrics.serviceMonitor.public }} - name: MINIO_PROMETHEUS_AUTH_TYPE value: "public" - {{- end}} + {{- end }} {{- if .Values.oidc.enabled }} - name: MINIO_IDENTITY_OPENID_CONFIG_URL value: {{ .Values.oidc.configUrl }} @@ -172,39 +169,34 @@ spec: value: {{ .Values.oidc.redirectUri }} - name: MINIO_IDENTITY_OPENID_COMMENT value: {{ .Values.oidc.comment }} - {{- end}} + {{- end }} {{- range $key, $val := .Values.environment }} - name: {{ $key }} value: {{ $val | quote }} - {{- end}} - resources: -{{ toYaml .Values.resources | indent 12 }} + {{- end }} + resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.extraContainers }} - {{- if eq (typeOf .) "string" }} - {{- tpl . $ | nindent 8 }} - {{- else }} - {{- toYaml . | nindent 8 }} + {{- if eq (typeOf .) "string" }} + {{- tpl . $ | nindent 8 }} + {{- else }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} -{{- include "minio.imagePullSecrets" . | indent 6 }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{ toYaml . | indent 8 }} - {{- end }} - {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- include "minio.imagePullSecrets" . | indent 6 }} + {{- with .Values.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + {{- if and (gt $replicas 1) (ge .Capabilities.KubeVersion.Major "1") (ge .Capabilities.KubeVersion.Minor "19") }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} volumes: - name: minio-user secret: @@ -216,18 +208,17 @@ spec: {{- end }} {{- include "minio.tlsKeysVolume" . | indent 8 }} {{- if .Values.extraVolumes }} - {{ toYaml .Values.extraVolumes | nindent 8 }} + {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} -{{- if .Values.persistence.enabled }} + {{- if .Values.persistence.enabled }} volumeClaimTemplates: - {{- if gt $drivesPerNode 1 }} + {{- if gt $drivesPerNode 1 }} {{- range $diskId := until $drivesPerNode}} - metadata: name: export-{{ $diskId }} - {{- if $.Values.persistence.annotations }} - annotations: -{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }} - {{- end }} + {{- if $.Values.persistence.annotations }} + annotations: {{- toYaml $.Values.persistence.annotations | nindent 10 }} + {{- end }} spec: accessModes: [ {{ $accessMode | quote }} ] {{- if $storageClass }} @@ -237,13 +228,12 @@ spec: requests: storage: {{ $psize }} {{- end }} - {{- else }} + {{- else }} - metadata: name: export - {{- if $.Values.persistence.annotations }} - annotations: -{{ toYaml $.Values.persistence.annotations | trimSuffix "\n" | indent 10 }} - {{- end }} + {{- if $.Values.persistence.annotations }} + annotations: {{- toYaml $.Values.persistence.annotations | nindent 10 }} + {{- end }} spec: accessModes: [ {{ $accessMode | quote }} ] {{- if $storageClass }} @@ -252,6 +242,6 @@ spec: resources: requests: storage: {{ $psize }} + {{- end }} {{- end }} {{- end }} -{{- end }}