From f6b48ed02afce18f323644f99dd83c3328736910 Mon Sep 17 00:00:00 2001 From: jiuker <2818723467@qq.com> Date: Tue, 4 Jul 2023 22:39:29 +0800 Subject: [PATCH] fix: create user without policy that is required (#17554) fixes #17492 --- helm/minio/templates/post-job.yaml | 67 +++++++++++++++--------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/helm/minio/templates/post-job.yaml b/helm/minio/templates/post-job.yaml index b6a5e18dd..99b6997b2 100644 --- a/helm/minio/templates/post-job.yaml +++ b/helm/minio/templates/post-job.yaml @@ -85,6 +85,40 @@ spec: {{- if .Values.serviceAccount.create }} serviceAccountName: {{ .Values.serviceAccount.name }} {{- end }} + { { - if .Values.policies } } + initContainers: + - name: minio-make-policy + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + { { - if .Values.makePolicyJob.securityContext.enabled } } + securityContext: + runAsUser: { { .Values.makePolicyJob.securityContext.runAsUser } } + runAsGroup: { { .Values.makePolicyJob.securityContext.runAsGroup } } + { { - end } } + imagePullPolicy: { { .Values.mcImage.pullPolicy } } + { { - if .Values.makePolicyJob.exitCommand } } + command: [ "/bin/sh", "-c" ] + args: [ "/bin/sh /config/add-policy; EV=$?; {{ .Values.makePolicyJob.exitCommand }} && exit $EV" ] + { { - else } } + command: [ "/bin/sh", "/config/add-policy" ] + { { - end } } + env: + - name: MINIO_ENDPOINT + value: { { template "minio.fullname" . } } + - name: MINIO_PORT + value: { { .Values.service.port | quote } } + volumeMounts: + - name: etc-path + mountPath: /etc/minio/mc + - name: tmp + mountPath: /tmp + - name: minio-configuration + mountPath: /config + { { - if .Values.tls.enabled } } + - name: cert-secret-volume-mc + mountPath: { { .Values.configPathmc } }certs + {{- end }} + resources: { { - toYaml .Values.makePolicyJob.resources | nindent 12 } } + { { - end } } containers: {{- if .Values.buckets }} - name: minio-make-bucket @@ -152,39 +186,6 @@ spec: {{- end }} resources: {{- toYaml .Values.makeUserJob.resources | nindent 12 }} {{- end }} - {{- if .Values.policies }} - - name: minio-make-policy - image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - {{- if .Values.makePolicyJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }} - {{- end }} - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makePolicyJob.exitCommand }} - command: [ "/bin/sh", "-c" ] - args: [ "/bin/sh /config/add-policy; EV=$?; {{ .Values.makePolicyJob.exitCommand }} && exit $EV" ] - {{- else }} - command: [ "/bin/sh", "/config/add-policy" ] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: etc-path - mountPath: /etc/minio/mc - - name: tmp - mountPath: /tmp - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{- end }} - resources: {{- toYaml .Values.makePolicyJob.resources | nindent 12 }} - {{- end }} {{- if .Values.customCommands }} - name: minio-custom-command image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"