mirror of
https://github.com/minio/minio.git
synced 2025-01-12 07:23:23 -05:00
Allow MinIO to load configurations from env file (#12706)
docker-entrypoint.sh will load configuration values from 'config.env' file, this is useful when MinIO is deployed in Kubernetes environments and want to avoid reading secrets from environment variables Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
This commit is contained in:
parent
e8cbfa7af2
commit
92ffe5e5ef
@ -17,7 +17,8 @@ ENV MINIO_ACCESS_KEY_FILE=access_key \
|
|||||||
MINIO_ROOT_USER_FILE=access_key \
|
MINIO_ROOT_USER_FILE=access_key \
|
||||||
MINIO_ROOT_PASSWORD_FILE=secret_key \
|
MINIO_ROOT_PASSWORD_FILE=secret_key \
|
||||||
MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
|
MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
|
||||||
MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
|
MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \
|
||||||
|
MINIO_CONFIG_ENV_FILE=config.env
|
||||||
|
|
||||||
COPY dockerscripts/verify-minio.sh /usr/bin/verify-minio.sh
|
COPY dockerscripts/verify-minio.sh /usr/bin/verify-minio.sh
|
||||||
COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
|
COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
|
||||||
|
@ -17,7 +17,8 @@ ENV MINIO_ACCESS_KEY_FILE=access_key \
|
|||||||
MINIO_ROOT_USER_FILE=access_key \
|
MINIO_ROOT_USER_FILE=access_key \
|
||||||
MINIO_ROOT_PASSWORD_FILE=secret_key \
|
MINIO_ROOT_PASSWORD_FILE=secret_key \
|
||||||
MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
|
MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
|
||||||
MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
|
MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \
|
||||||
|
MINIO_CONFIG_ENV_FILE=config.env
|
||||||
|
|
||||||
COPY dockerscripts/verify-minio.sh /usr/bin/verify-minio.sh
|
COPY dockerscripts/verify-minio.sh /usr/bin/verify-minio.sh
|
||||||
COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
|
COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
|
||||||
|
@ -8,6 +8,20 @@ if [ "${1}" != "minio" ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
## look for specific a `config.env` file to load all the
|
||||||
|
## minio settings from
|
||||||
|
docker_minio_env() {
|
||||||
|
if [ -f "$MINIO_CONFIG_ENV_FILE" ]; then
|
||||||
|
config_env_file="${MINIO_CONFIG_ENV_FILE}"
|
||||||
|
else
|
||||||
|
config_env_file="/run/secrets/${MINIO_CONFIG_ENV_FILE}"
|
||||||
|
fi
|
||||||
|
if [ -f "$config_env_file" ]; then
|
||||||
|
# shellcheck source=/dev/null
|
||||||
|
. "${config_env_file}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
## Look for docker secrets at given absolute path or in default documented location.
|
## Look for docker secrets at given absolute path or in default documented location.
|
||||||
docker_secrets_env_old() {
|
docker_secrets_env_old() {
|
||||||
if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
|
if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
|
||||||
@ -73,15 +87,16 @@ docker_kms_secret_encryption_env() {
|
|||||||
|
|
||||||
# su-exec to requested user, if service cannot run exec will fail.
|
# su-exec to requested user, if service cannot run exec will fail.
|
||||||
docker_switch_user() {
|
docker_switch_user() {
|
||||||
if [ ! -z "${MINIO_USERNAME}" ] && [ ! -z "${MINIO_GROUPNAME}" ]; then
|
if [ -n "${MINIO_USERNAME}" ] && [ -n "${MINIO_GROUPNAME}" ]; then
|
||||||
if [ ! -z "${MINIO_UID}" ] && [ ! -z "${MINIO_GID}" ]; then
|
if [ -n "${MINIO_UID}" ] && [ -n "${MINIO_GID}" ]; then
|
||||||
groupadd -g "$MINIO_GID" "$MINIO_GROUPNAME" && \
|
groupadd -g "$MINIO_GID" "$MINIO_GROUPNAME" && \
|
||||||
useradd -u "$MINIO_UID" -g "$MINIO_GROUPNAME" "$MINIO_USERNAME"
|
useradd -u "$MINIO_UID" -g "$MINIO_GROUPNAME" "$MINIO_USERNAME"
|
||||||
else
|
else
|
||||||
groupadd "$MINIO_GROUPNAME" && \
|
groupadd "$MINIO_GROUPNAME" && \
|
||||||
useradd -g "$MINIO_GROUPNAME" "$MINIO_USERNAME"
|
useradd -g "$MINIO_GROUPNAME" "$MINIO_USERNAME"
|
||||||
fi
|
fi
|
||||||
exec setpriv --reuid="${MINIO_USERNAME}" --regid="${MINIO_GROUPNAME}" --keep-groups "$@"
|
exec setpriv --reuid="${MINIO_USERNAME}" \
|
||||||
|
--regid="${MINIO_GROUPNAME}" --keep-groups "$@"
|
||||||
else
|
else
|
||||||
exec "$@"
|
exec "$@"
|
||||||
fi
|
fi
|
||||||
@ -96,5 +111,10 @@ docker_secrets_env
|
|||||||
## Set kms encryption from secrets if necessary. Override
|
## Set kms encryption from secrets if necessary. Override
|
||||||
docker_kms_secret_encryption_env
|
docker_kms_secret_encryption_env
|
||||||
|
|
||||||
|
## Set all config environment variables from 'config.env' if necessary.
|
||||||
|
## Overrides all previous settings and also overrides all
|
||||||
|
## environment values passed from 'podman run -e ENV=value'
|
||||||
|
docker_minio_env
|
||||||
|
|
||||||
## Switch to user if applicable.
|
## Switch to user if applicable.
|
||||||
docker_switch_user "$@"
|
docker_switch_user "$@"
|
||||||
|
Loading…
Reference in New Issue
Block a user