fix: create user without policy that is required (#17554)

fixes #17492
This commit is contained in:
jiuker 2023-07-04 22:39:29 +08:00 committed by GitHub
parent e37c4efc6e
commit f6b48ed02a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -85,6 +85,40 @@ spec:
{{- if .Values.serviceAccount.create }} {{- if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }} serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }} {{- end }}
{ { - if .Values.policies } }
initContainers:
- name: minio-make-policy
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
{ { - if .Values.makePolicyJob.securityContext.enabled } }
securityContext:
runAsUser: { { .Values.makePolicyJob.securityContext.runAsUser } }
runAsGroup: { { .Values.makePolicyJob.securityContext.runAsGroup } }
{ { - end } }
imagePullPolicy: { { .Values.mcImage.pullPolicy } }
{ { - if .Values.makePolicyJob.exitCommand } }
command: [ "/bin/sh", "-c" ]
args: [ "/bin/sh /config/add-policy; EV=$?; {{ .Values.makePolicyJob.exitCommand }} && exit $EV" ]
{ { - else } }
command: [ "/bin/sh", "/config/add-policy" ]
{ { - end } }
env:
- name: MINIO_ENDPOINT
value: { { template "minio.fullname" . } }
- name: MINIO_PORT
value: { { .Values.service.port | quote } }
volumeMounts:
- name: etc-path
mountPath: /etc/minio/mc
- name: tmp
mountPath: /tmp
- name: minio-configuration
mountPath: /config
{ { - if .Values.tls.enabled } }
- name: cert-secret-volume-mc
mountPath: { { .Values.configPathmc } }certs
{{- end }}
resources: { { - toYaml .Values.makePolicyJob.resources | nindent 12 } }
{ { - end } }
containers: containers:
{{- if .Values.buckets }} {{- if .Values.buckets }}
- name: minio-make-bucket - name: minio-make-bucket
@ -152,39 +186,6 @@ spec:
{{- end }} {{- end }}
resources: {{- toYaml .Values.makeUserJob.resources | nindent 12 }} resources: {{- toYaml .Values.makeUserJob.resources | nindent 12 }}
{{- end }} {{- end }}
{{- if .Values.policies }}
- name: minio-make-policy
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"
{{- if .Values.makePolicyJob.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }}
runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }}
{{- end }}
imagePullPolicy: {{ .Values.mcImage.pullPolicy }}
{{- if .Values.makePolicyJob.exitCommand }}
command: [ "/bin/sh", "-c" ]
args: [ "/bin/sh /config/add-policy; EV=$?; {{ .Values.makePolicyJob.exitCommand }} && exit $EV" ]
{{- else }}
command: [ "/bin/sh", "/config/add-policy" ]
{{- end }}
env:
- name: MINIO_ENDPOINT
value: {{ template "minio.fullname" . }}
- name: MINIO_PORT
value: {{ .Values.service.port | quote }}
volumeMounts:
- name: etc-path
mountPath: /etc/minio/mc
- name: tmp
mountPath: /tmp
- name: minio-configuration
mountPath: /config
{{- if .Values.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.configPathmc }}certs
{{- end }}
resources: {{- toYaml .Values.makePolicyJob.resources | nindent 12 }}
{{- end }}
{{- if .Values.customCommands }} {{- if .Values.customCommands }}
- name: minio-custom-command - name: minio-custom-command
image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}"