Add ability to mount extra minio env from secret (#14254)

2025-11-25 03:56:17 -05:00 · 2022-02-04 23:53:20 +01:00
parent 6123377e66
commit 75adb787c4
4 changed files with 45 additions and 0 deletions
--- a/helm/minio/templates/deployment.yaml
+++ b/helm/minio/templates/deployment.yaml
@@ -81,6 +81,10 @@ spec:
              subPath: "{{ .Values.persistence.subPath }}"
              {{- end }}
            {{- end }}
+            {{- if .Values.extraSecret }}
+            - name: extra-secret
+              mountPath: "/tmp/minio-config-env"
+            {{- end }}
            {{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
          ports:
            - name: {{ $scheme }}
@@ -98,6 +102,10 @@ spec:
                secretKeyRef:
                  name: {{ template "minio.secretName" . }}
                  key: rootPassword
+            {{- if .Values.extraSecret }}
+            - name: MINIO_CONFIG_ENV_FILE
+              value: "/tmp/minio-config-env/config.env"
+            {{- end}}
            {{- if .Values.metrics.serviceMonitor.public }}
            - name: MINIO_PROMETHEUS_AUTH_TYPE
              value: "public"
@@ -149,6 +157,11 @@ spec:
        {{- else }}
          emptyDir: {}
        {{- end }}
+        {{- if .Values.extraSecret }}
+        - name: extra-secret
+          secret:
+            secretName: {{ .Values.extraSecret }}
+        {{- end }}
        - name: minio-user
          secret:
            secretName: {{ template "minio.secretName" . }}
--- a/helm/minio/templates/gateway-deployment.yaml
+++ b/helm/minio/templates/gateway-deployment.yaml
@@ -86,6 +86,10 @@ spec:
              subPath: "{{ .Values.persistence.subPath }}"
              {{- end }}
            {{- end }}
+            {{- if .Values.extraSecret }}
+            - name: extra-secret
+              mountPath: "/tmp/minio-config-env"
+            {{- end }}
            {{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
          ports:
            - name: {{ $scheme }}
@@ -103,6 +107,10 @@ spec:
                secretKeyRef:
                  name: {{ template "minio.secretName" . }}
                  key: rootPassword
+            {{- if .Values.extraSecret }}
+            - name: MINIO_CONFIG_ENV_FILE
+              value: "/tmp/minio-config-env/config.env"
+            {{- end}}
            {{- if eq .Values.gateway.type "gcs" }}
            - name: GOOGLE_APPLICATION_CREDENTIALS
              value: "/tmp/credentials/service-account-file.json"
@@ -161,5 +169,10 @@ spec:
        - name: minio-user
          secret:
            secretName: {{ template "minio.secretName" . }}
+        {{- if .Values.extraSecret }}
+        - name: extra-secret
+          secret:
+            secretName: {{ .Values.extraSecret }}
+        {{- end }}
        {{- include "minio.tlsKeysVolume" . | indent 8 }}
 {{- end }}
--- a/helm/minio/templates/statefulset.yaml
+++ b/helm/minio/templates/statefulset.yaml
@@ -114,6 +114,10 @@ spec:
              {{- end }}
            {{- end }}
            {{- end }}
+            {{- if .Values.extraSecret }}
+            - name: extra-secret
+              mountPath: "/tmp/minio-config-env"
+            {{- end }}
            {{- include "minio.tlsKeysVolumeMount" . | indent 12 }}
          ports:
            - name: {{ $scheme }}
@@ -131,6 +135,10 @@ spec:
                secretKeyRef:
                  name: {{ template "minio.secretName" . }}
                  key: rootPassword
+            {{- if .Values.extraSecret }}
+            - name: MINIO_CONFIG_ENV_FILE
+              value: "/tmp/minio-config-env/config.env"
+            {{- end}}
            {{- if .Values.metrics.serviceMonitor.public }}
            - name: MINIO_PROMETHEUS_AUTH_TYPE
              value: "public"
@@ -158,6 +166,11 @@ spec:
        - name: minio-user
          secret:
            secretName: {{ template "minio.secretName" . }}
+        {{- if .Values.extraSecret }}
+        - name: extra-secret
+          secret:
+            secretName: {{ .Values.extraSecret }}
+        {{- end }}
        {{- include "minio.tlsKeysVolume" . | indent 8 }}
 {{- if .Values.persistence.enabled }}
  volumeClaimTemplates:
--- a/helm/minio/values.yaml
+++ b/helm/minio/values.yaml
@@ -315,6 +315,12 @@ environment:
  ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
  ## MINIO_BROWSER: "off"

+## The name of a secret in the same kubernetes namespace which contain secret values
+## This can be useful for LDAP password, etc
+## The key in the secret must be 'config.env'
+##
+# extraSecret: minio-extraenv
+
 networkPolicy:
  enabled: false
  allowExternal: true