Merge branch 'bb-1233' into 'master'

BB 1233 - Add Minio deployment

Closes #44

See merge request platform-one/big-bang/bigbang!190

CHANGELOG.md

@@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ---
 
+
+## [1.0.8]
+
+* Added support for deployment of Minio operator and instance deployment of minio.    
+
 ## [1.0.7]
 
 * Added Kubernetes labels to all objects created by umbrella

chart/templates/minio/minio-instance/gitrepository.yaml

+{{- if and (not .Values.offline) .Values.minio.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: minio
+  namespace: {{ .Release.Namespace }}
+spec:
+  interval: {{ .Values.flux.interval }}
+  url: {{ .Values.minio.minioinstance.git.repo }}
+  ref:
+    {{- include "validRef" .Values.minio.minioinstance.git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
+{{- end }}

chart/templates/minio/minio-instance/minio-instance-helmrelease.yaml

+{{- if .Values.minio.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: minio
+  namespace: {{ .Release.Namespace }}
+spec:
+  targetNamespace: minio
+  chart:
+    spec:
+      chart: {{ .Values.minio.minioinstance.git.path }}
+      interval: 5m
+      sourceRef:
+        kind: GitRepository
+        name: minio
+        namespace: {{ .Release.Namespace }}
+
+  {{- with .Values.flux }}
+  interval: {{ .interval }}
+  test:
+    enable: false
+  install:
+    remediation:
+      retries: {{ .install.retries }}
+  upgrade:
+    remediation:
+      retries: {{ .upgrade.retries }}
+      remediateLastFailure: true
+    cleanupOnFail: true
+  rollback:
+    timeout: {{ .rollback.timeout }}
+    cleanupOnFail: {{ .rollback.cleanupOnFail }}
+  {{- end }}
+
+  valuesFrom:
+    - name: values
+      kind: Secret
+      valuesKey: "minio.yaml"
+
+  values:
+    podAnnotations:
+      sidecar.istio.io/inject: "true"
+      traffic.sidecar.istio.io/includeInboundPorts: "*"
+      traffic.sidecar.istio.io/excludeInboundPorts: "9443"
+    imagePullSecrets:
+      - name: private-registry
+
+  dependsOn:
+    - name: minio-operator
+      namespace: {{ .Release.Namespace }}
+{{- end }}

chart/templates/minio/minio-instance/namespace.yaml

+{{- if .Values.minio.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: minio
+  labels:
+    istio-injection: enabled
+---
+{{- if (   include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: minio
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+---
+# probably want to get rid of this eventually
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-creds-secret
+  namespace: minio
+type: Opaque
+data:
+  accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64)
+  secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64)
+{{- end }}
\ No newline at end of file

chart/templates/minio/minio-operator/gitrepository.yaml

+{{- if and (not .Values.offline) .Values.minio.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: minio-operator
+  namespace: {{ .Release.Namespace }}
+spec:
+  interval: {{ .Values.flux.interval }}
+  url: {{ .Values.minio.miniooperator.git.repo }}
+  ref:
+    {{- include "validRef" .Values.minio.miniooperator.git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
+{{- end }}

chart/templates/minio/minio-operator/minio-operator-helmrelease.yaml

+{{- if .Values.minio.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: minio-operator
+  namespace: {{ .Release.Namespace }}
+spec:
+  targetNamespace: minio-operator
+  chart:
+    spec:
+      chart: {{ .Values.minio.miniooperator.git.path }}
+      interval: 5m
+      sourceRef:
+        kind: GitRepository
+        name: minio-operator
+        namespace: {{ .Release.Namespace }}
+
+  {{- with .Values.flux }}
+  interval: {{ .interval }}
+  test:
+    enable: false
+  install:
+    remediation:
+      retries: {{ .install.retries }}
+  upgrade:
+    remediation:
+      retries: {{ .upgrade.retries }}
+      remediateLastFailure: true
+    cleanupOnFail: true
+  rollback:
+    timeout: {{ .rollback.timeout }}
+    cleanupOnFail: {{ .rollback.cleanupOnFail }}
+  {{- end }}
+
+  valuesFrom:
+    - name: values
+      kind: Secret
+      valuesKey: "miniooperator.yaml"
+
+  values:
+    podAnnotations:
+      sidecar.istio.io/inject: "true"
+      traffic.sidecar.istio.io/includeInboundPorts: "*"
+      traffic.sidecar.istio.io/excludeInboundPorts: "9443"
+    imagePullSecrets:
+      - name: private-registry
+
+  {{- if or .Values.gatekeeper.enabled .Values.istio.enabled }}
+  dependsOn:
+  {{- if .Values.gatekeeper.enabled }}
+  - name: gatekeeper
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+
+  {{- if .Values.istio.enabled }}
+  - name: istio
+    namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/minio/minio-operator/namespace.yaml

+{{- if .Values.minio.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: minio-operator
+  labels:
+    istio-injection: enabled
+---
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: minio-operator
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/values.yaml

@@ -49,6 +49,10 @@ stringData:
 {{ toYaml .Values.twistlock.values | indent 4 }} 
   clusterauditor.yaml: |
 {{ toYaml .Values.twistlock.values | indent 4 }}
+  miniooperator.yaml: |
+{{ toYaml .Values.minio.miniooperator.values | indent 4 }}
+  minio.yaml: |
+{{ toYaml .Values.minio.minioinstance.values | indent 4 }}
   gitlab.yaml: |
 {{ toYaml .Values.addons.gitlab.values | indent 4 }}
   anchore.yaml: |

chart/values.yaml

@@ -187,8 +187,28 @@ twistlock:
     path: "./chart"
     tag: "0.0.2-bb.1"
   values: {}
+
 # ----------------------------------------------------------------------------------------------------------------------
+# Minio Operator and Instance
+#
+minio:
+  enabled: true
+  miniooperator:
+    git:
+      repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
+      path: "./chart"
+      tag: "2.0.9-bb.1"
+    values: {}
+  minioinstance:
+    git:
+      repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
+      path: "./chart"
+      tag: "2.0.9-bb.1"
+    values: {}
 
+#
+# ----------------------------------------------------------------------------------------------------------------------
+#
 addons:
   argocd:
     enabled: false

scripts/deploy/02_wait_for_helmrealeases.sh

@@ -3,7 +3,8 @@
 set -ex
 
 ## This is an array to instantiate the order of wait conditions
-ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso anchore sonarqube"
+ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso minio-operator minio anchore sonarqube"
+
 
 ## This the actual deployed helmrelease objects in the cluster
 DEPLOYED_HELMRELEASES=$(kubectl get hr --no-headers -n bigbang | awk '{ print $1}')
@@ -41,6 +42,8 @@ do
   fi
 done
 
+kubectl get hr,kustomizations,gitrepositories -A
+
 for package in $DEPLOYED_HELMRELEASES;
 do
   if array_contains ORDERED_HELMRELEASES "$package";