From 3a39517079c5fbdae573b2db6be324c24f312dd7 Mon Sep 17 00:00:00 2001 From: Michael Simmons Date: Mon, 20 Jul 2020 10:56:23 -0600 Subject: [PATCH 1/8] Added MinIO --- .DS_Store | Bin 0 -> 6148 bytes stable/.DS_Store | Bin 0 -> 6148 bytes stable/minio/.DS_Store | Bin 0 -> 6148 bytes stable/minio/minio/.DS_Store | Bin 0 -> 6148 bytes stable/minio/minio/Chart.yaml | 18 + stable/minio/minio/IRONBANK.md.gotmpl | 37 ++ stable/minio/minio/README-original.md | 374 ++++++++++++++++++ stable/minio/minio/README.md | 152 +++++++ stable/minio/minio/ci/distributed-values.yaml | 1 + stable/minio/minio/templates/NOTES.txt | 44 +++ .../minio/templates/_helper_create_bucket.txt | 96 +++++ stable/minio/minio/templates/_helpers.tpl | 96 +++++ stable/minio/minio/templates/configmap.yaml | 12 + stable/minio/minio/templates/deployment.yaml | 266 +++++++++++++ stable/minio/minio/templates/ingress.yaml | 45 +++ .../minio/minio/templates/networkpolicy.yaml | 25 ++ .../minio/templates/poddisruptionbudget.yaml | 13 + .../post-install-create-bucket-job.yaml | 76 ++++ .../post-install-prometheus-metrics-job.yaml | 110 ++++++ .../post-install-prometheus-metrics-role.yaml | 38 ++ ...nstall-prometheus-metrics-rolebinding.yaml | 20 + ...all-prometheus-metrics-serviceaccount.yaml | 12 + stable/minio/minio/templates/pvc.yaml | 35 ++ stable/minio/minio/templates/secrets.yaml | 32 ++ stable/minio/minio/templates/service.yaml | 47 +++ .../minio/minio/templates/serviceaccount.yaml | 7 + .../minio/minio/templates/servicemonitor.yaml | 41 ++ stable/minio/minio/templates/statefulset.yaml | 231 +++++++++++ stable/minio/minio/values-ironbank.yaml | 17 + stable/minio/minio/values.yaml | 334 ++++++++++++++++ 30 files changed, 2179 insertions(+) create mode 100644 .DS_Store create mode 100644 stable/.DS_Store create mode 100644 stable/minio/.DS_Store create mode 100644 stable/minio/minio/.DS_Store create mode 100755 stable/minio/minio/Chart.yaml create mode 100644 stable/minio/minio/IRONBANK.md.gotmpl create mode 100755 stable/minio/minio/README-original.md create mode 100644 stable/minio/minio/README.md create mode 100644 stable/minio/minio/ci/distributed-values.yaml create mode 100644 stable/minio/minio/templates/NOTES.txt create mode 100755 stable/minio/minio/templates/_helper_create_bucket.txt create mode 100644 stable/minio/minio/templates/_helpers.tpl create mode 100644 stable/minio/minio/templates/configmap.yaml create mode 100644 stable/minio/minio/templates/deployment.yaml create mode 100644 stable/minio/minio/templates/ingress.yaml create mode 100644 stable/minio/minio/templates/networkpolicy.yaml create mode 100644 stable/minio/minio/templates/poddisruptionbudget.yaml create mode 100755 stable/minio/minio/templates/post-install-create-bucket-job.yaml create mode 100644 stable/minio/minio/templates/post-install-prometheus-metrics-job.yaml create mode 100644 stable/minio/minio/templates/post-install-prometheus-metrics-role.yaml create mode 100644 stable/minio/minio/templates/post-install-prometheus-metrics-rolebinding.yaml create mode 100644 stable/minio/minio/templates/post-install-prometheus-metrics-serviceaccount.yaml create mode 100644 stable/minio/minio/templates/pvc.yaml create mode 100644 stable/minio/minio/templates/secrets.yaml create mode 100644 stable/minio/minio/templates/service.yaml create mode 100644 stable/minio/minio/templates/serviceaccount.yaml create mode 100644 stable/minio/minio/templates/servicemonitor.yaml create mode 100644 stable/minio/minio/templates/statefulset.yaml create mode 100644 stable/minio/minio/values-ironbank.yaml create mode 100755 stable/minio/minio/values.yaml diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..f1fb42d5e2dbed59ef65b44b03cc0d5c126fa219 GIT binary patch literal 6148 zcmeHK!EVz)5S>labRC4qp;CL?3lfJ2rA?uSs*(xmp$8;{D>y*a+BhPXTyJGNL?s0I zH{cKW6uyAZftlS+RTJP=RH_+i_RY@D?8a}M9WMZg!6e=S=m3C3C2V-u{6=V;bV(Y{ zvx+Fp92)Y&RKJZ<9W6z(<0djdd)I<7gpfl7_5GulVh{Df4yEZTGs?(!kr z%EH}HgjpTuS0)^UZ;@MOfElPWuwuI%s{aRnzW>*gxW^1I1GkC+(HsWD0X~wetxFF_ vwN{~?qLNTtW$`iv4O5CSmP+v^suA=nG7x=-l|}TR@P~k*fg5JvpEB?hevfwb literal 0 HcmV?d00001 diff --git a/stable/.DS_Store b/stable/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..7a522df01eb5e7ffa0faf76c24b99e6d21b4d58d GIT binary patch literal 6148 zcmeHK&2AGh5FWQFaZ({7gw!5=LE;dkloWbENUKl|y&)}v1E6-@4b6&;U9uY@2tj+{ zA>a*o6rO+w;Q`?DPpkY;jtEhYH2%i+%vk=sw%0_&dgFA5s6|8^YOvNs@f$JyMptCb zx72~m=156Vaggg{nXh<R{&i5_z-+=t%!X$6+?K7nsS zub_$&x7*LXzb<)Sr`I$liQKoTpb{~qwTCE63xy|`ap5|Fmb~@kL+Inr{N}cm2Z(eP_j0buWmq|G;ddcXysXb20f%Ntht@Cp` zkx#S!#8)svnctF*9rV%NcWgEtOa+tX>cd$%pRyLV=7 zG2Pqiw8d`s-fY(3TQ_$e92^bby`O%Vef*5+Ko|~FE7v@p!50{FWW0?>D%a`+ttMjA zE{g=&8K@o78&E!2ULf`Zp7YCzYLLsxfd9<+=H;Azm~~(vFz^Qk%=sXo1|yG^Lwj_f zuulMB4b4_yo1X>~BRobPD~ITTFc%7Rq0B!qmF~Dm3@qQ0e@^|aXn@U3ncsqSQuX+`Wou*X~k4?R>@?Lma4)*MP&viZ+0@1-MoZkhcU(*{cw%3GGk1DBIb(Fd?MJ7Iwd*l$pdmdhHAy? zB8XKm6-$oa$pEh147+9#OF$>r54XfN=<2H${rMA-!JyZ%EBzdF;;5I_YA-yOFU-u& z2~iTIh0>{ar3PN=r~O{T?;hjRzMozN);>@wez*PLFlrCZ%1gT{N&P5kcXe_Uwjt!? zC`v*#XsCV?_VhTO=@6nQif84@aOgOjRq1T3kE(K5uh*(_!`T{*ieh*J5VS zq%&@d4{qPgZH2=1+hKgE!x?uCQcDaF10NZ{+7G0R_y6A4^}i0Hh8Q3Q{wD*x(Da%O zn47&@r)G(Ftpq&>MZvht;Cl)f`YMK4yoxKJTEH*S0CX*82EhYDKLVNtYKVa!W#A3v Cxm>gW literal 0 HcmV?d00001 diff --git a/stable/minio/minio/.DS_Store b/stable/minio/minio/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..36687fbe02cf10e48acd584f43ca75832760163d GIT binary patch literal 6148 zcmeHK!AiqG5PegNwDwYZ(PNH+D0ub~YkMf71^oeSD_TgcR4aJP!H@74{60TG-|Q?k zY4s{9Gcfx$n|U+I+a;R?Ano~RA7}!o(G@FoHeZ9Iy24_h9UCv0#XCIYu^@Vp{0o41JuUjYGD_ zTpbgP*j{7GS`*wME9bxgbG#Jlw3wkwb_XZKUGioalRw5SpE$FO4E7<%gpxB{-gLIM3g zBy`0zVs02d9c;o8fLP^lF!uF#Q8`J(G-7VZJ2WvW(WnxS7-DpeCowLKm>U`$5)U5| zD@#0~NT|;INeG9ehTggYu0UCVHM?x;{@?xn{9h*dl`G&1{3`{d+BxsE`ATtbU3od( uYZLkfT}|V1!v%$%uoW{_x8f~&FpekMA*K;?Lypk=M Note the default secretNames defined in the `values-ironbank.yaml` file for certificates + +## Installation + +```shell +helm install ./ --name harbor --set tls.enabled=true,tls.certSecret=tls-ssl-minio -f values-ironbank.yaml +``` + +## Configuration + +{{ template "chart.valuesTable" . }} diff --git a/stable/minio/minio/README-original.md b/stable/minio/minio/README-original.md new file mode 100755 index 0000000..c01695c --- /dev/null +++ b/stable/minio/minio/README-original.md @@ -0,0 +1,374 @@ +MinIO +===== + +[MinIO](https://min.io) is a High Performance Object Storage released under Apache License v2.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads. + +MinIO supports [distributed mode](https://docs.minio.io/docs/distributed-minio-quickstart-guide). In distributed mode, you can pool multiple drives (even on different machines) into a single object storage server. + +For more detailed documentation please visit [here](https://docs.minio.io/) + +Introduction +------------ + +This chart bootstraps MinIO deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Prerequisites +------------- + +- Kubernetes 1.4+ with Beta APIs enabled for default standalone mode. +- Kubernetes 1.5+ with Beta APIs enabled to run MinIO in [distributed mode](#distributed-minio). +- PV provisioner support in the underlying infrastructure. + +Installing the Chart +-------------------- + +Install this chart using: + +```bash +$ helm install stable/minio +``` + +The command deploys MinIO on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +### Release name + +An instance of a chart running in a Kubernetes cluster is called a release. Each release is identified by a unique name within the cluster. Helm automatically assigns a unique release name after installing the chart. You can also set your preferred name by: + +```bash +$ helm install --name my-release stable/minio +``` + +### Access and Secret keys + +By default a pre-generated access and secret key will be used. To override the default keys, pass the access and secret keys as arguments to helm install. + +```bash +$ helm install --set accessKey=myaccesskey,secretKey=mysecretkey \ + stable/minio +``` + +### Updating MinIO configuration via Helm + +[ConfigMap](https://kubernetes.io/docs/user-guide/configmap/) allows injecting containers with configuration data even while a Helm release is deployed. + +To update your MinIO server configuration while it is deployed in a release, you need to + +1. Check all the configurable values in the MinIO chart using `helm inspect values stable/minio`. +2. Override the `minio_server_config` settings in a YAML formatted file, and then pass that file like this `helm upgrade -f config.yaml stable/minio`. +3. Restart the MinIO server(s) for the changes to take effect. + +You can also check the history of upgrades to a release using `helm history my-release`. Replace `my-release` with the actual release name. + +Uninstalling the Chart +---------------------- + +Assuming your release is named as `my-release`, delete it using the command: + +```bash +$ helm delete my-release +``` + +or + +```bash +$ helm uninstall my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +Upgrading the Chart +------------------- + +You can use Helm to update MinIO version in a live release. Assuming your release is named as `my-release`, get the values using the command: + +```bash +$ helm get values my-release > old_values.yaml +``` + +Then change the field `image.tag` in `old_values.yaml` file with MinIO image tag you want to use. Now update the chart using + +```bash +$ helm upgrade -f old_values.yaml my-release stable/minio +``` + +Default upgrade strategies are specified in the `values.yaml` file. Update these fields if you'd like to use a different strategy. + +Configuration +------------- + +The following table lists the configurable parameters of the MinIO chart and their default values. + +| Parameter | Description | Default | +|:------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------| +| `nameOverride` | Provide a name in place of `minio` | `""` | +| `fullnameOverride` | Provide a name to substitute for the full names of resources | `""` | +| `image.repository` | Image repository | `minio/minio` | +| `image.tag` | MinIO image tag. Possible values listed [here](https://hub.docker.com/r/minio/minio/tags/). | `RELEASE.2020-06-14T18-32-17Z` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `imagePullSecrets` | List of container registry secrets | `[]` | +| `mcImage.repository` | Client image repository | `minio/mc` | +| `mcImage.tag` | mc image tag. Possible values listed [here](https://hub.docker.com/r/minio/mc/tags/). | `RELEASE.2020-05-28T23-43-36Z` | +| `mcImage.pullPolicy` | mc Image pull policy | `IfNotPresent` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.labels ` | Ingress labels | `{}` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.hosts` | Ingress accepted hostnames | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `mode` | MinIO server mode (`standalone` or `distributed`) | `standalone` | +| `extraArgs` | Additional command line arguments to pass to the MinIO server | `[]` | +| `replicas` | Number of nodes (applicable only for MinIO distributed mode). | `4` | +| `zones` | Number of zones (applicable only for MinIO distributed mode). | `1` | +| `drivesPerNode` | Number of drives per node (applicable only for MinIO distributed mode). | `1` | +| `existingSecret` | Name of existing secret with access and secret key. | `""` | +| `accessKey` | Default access key (5 to 20 characters) | `AKIAIOSFODNN7EXAMPLE` | +| `secretKey` | Default secret key (8 to 40 characters) | `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY` | +| `certsPath` | Default certs path location | `/etc/minio/certs` | +| `configPathmc` | Default config file location for MinIO client - mc | `/etc/minio/mc` | +| `mountPath` | Default mount location for persistent drive | `/export` | +| `bucketRoot` | Directory from where minio should serve buckets. | Value of `.mountPath` | +| `clusterDomain` | domain name of kubernetes cluster where pod is running. | `cluster.local` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.port` | Kubernetes port where service is exposed | `9000` | +| `service.externalIPs` | service external IP addresses | `nil` | +| `service.annotations` | Service annotations | `{}` | +| `serviceAccount.create` | Toggle creation of new service account | `true` | +| `serviceAccount.name` | Name of service account to create and/or use | `""` | +| `persistence.enabled` | Use persistent volume to store data | `true` | +| `persistence.size` | Size of persistent volume claim | `500Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClass` | Storage class name of PVC | `nil` | +| `persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` | +| `persistence.subPath` | Mount a sub directory of the persistent volume if set | `""` | +| `resources` | Memory resource requests | Memory: `4Gi` | +| `priorityClassName` | Pod priority settings | `""` | +| `securityContext.enabled` | Enable to run containers as non-root. NOTE: if `persistence.enabled=false` then securityContext will be automatically disabled | `true` | +| `securityContext.runAsUser` | User id of the user for the container | `1000` | +| `securityContext.runAsGroup` | Group id of the user for the container | `1000` | +| `securityContext.fsGroup` | Group id of the persistent volume mount for the container | `1000` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Pod Labels | `{}` | +| `tls.enabled` | Enable TLS for MinIO server | `false` | +| `tls.certSecret` | Kubernetes Secret with `public.crt` and `private.key` files. | `""` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `5` | +| `livenessProbe.periodSeconds` | How often to perform the probe | `5` | +| `livenessProbe.timeoutSeconds` | When the probe times out | `1` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `1` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `60` | +| `readinessProbe.periodSeconds` | How often to perform the probe | `5` | +| `readinessProbe.timeoutSeconds` | When the probe times out (should be 1s higher than your `MINIO_API_READY_DEADLINE` timeout | `6` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `defaultBucket.enabled` | If set to true, a bucket will be created after MinIO install | `false` | +| `defaultBucket.name` | Bucket name | `bucket` | +| `defaultBucket.policy` | Bucket policy | `none` | +| `defaultBucket.purge` | Purge the bucket if already exists | `false` | +| `buckets` | List of buckets to create after MinIO install | `[]` | +| `makeBucketJob.annotations` | Additional annotations for the Kubernetes Batch (make-bucket-job) | `""` | +| `s3gateway.enabled` | Use MinIO as a [s3 gateway](https://github.com/minio/minio/blob/master/docs/gateway/s3.md) | `false` | +| `s3gateway.replicas` | Number of s3 gateway instances to run in parallel | `4` | +| `s3gateway.serviceEndpoint` | Endpoint to the S3 compatible service | `""` | +| `s3gateway.accessKey` | Access key of S3 compatible service | `""` | +| `s3gateway.secretKey` | Secret key of S3 compatible service | `""` | +| `azuregateway.enabled` | Use MinIO as an [azure gateway](https://docs.minio.io/docs/minio-gateway-for-azure) | `false` | +| `azuregateway.replicas` | Number of azure gateway instances to run in parallel | `4` | +| `gcsgateway.enabled` | Use MinIO as a [Google Cloud Storage gateway](https://docs.minio.io/docs/minio-gateway-for-gcs) | `false` | +| `gcsgateway.gcsKeyJson` | credential json file of service account key | `""` | +| `gcsgateway.projectId` | Google cloud project id | `""` | +| `ossgateway.enabled` | Use MinIO as an [Alibaba Cloud Object Storage Service gateway](https://github.com/minio/minio/blob/master/docs/gateway/oss.md) | `false` | +| `ossgateway.replicas` | Number of oss gateway instances to run in parallel | `4` | +| `ossgateway.endpointURL` | OSS server endpoint. | `""` | +| `nasgateway.enabled` | Use MinIO as a [NAS gateway](https://docs.MinIO.io/docs/minio-gateway-for-nas) | `false` | +| `nasgateway.replicas` | Number of NAS gateway instances to be run in parallel on a PV | `4` | +| `b2gateway.enabled` | Use MinIO as a [Backblaze B2 gateway](https://github.com/minio/minio/blob/master/docs/gateway/b2.md) | `false` | +| `b2gateway.replicas` | Number of b2 gateway instances to run in parallel | `4` | +| `environment` | Set MinIO server relevant environment variables in `values.yaml` file. MinIO containers will be passed these variables when they start. | `MINIO_API_READY_DEADLINE: "5s"` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | +| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | +| `etcd.endpoints` | Enpoints of etcd | `[]` | +| `etcd.pathPrefix` | Prefix for all etcd keys | `""` | +| `etcd.corednsPathPrefix` | Prefix for all CoreDNS etcd keys | `""` | +| `etcd.clientCert` | Certificate used for SSL/TLS connections to etcd [(etcd Security)](https://etcd.io/docs/latest/op-guide/security/) | `""` | +| `etcd.clientCertKey` | Key for the certificate [(etcd Security)](https://etcd.io/docs/latest/op-guide/security/) | `""` | + +Some of the parameters above map to the env variables defined in the [MinIO DockerHub image](https://hub.docker.com/r/minio/minio/). + +You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install --name my-release \ + --set persistence.size=1Ti \ + stable/minio +``` + +The above command deploys MinIO server with a 100Gi backing persistent volume. + +Alternately, you can provide a YAML file that specifies parameter values while installing the chart. For example, + +```bash +$ helm install --name my-release -f values.yaml stable/minio +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +Distributed MinIO +----------- + +This chart provisions a MinIO server in standalone mode, by default. To provision MinIO server in [distributed mode](https://docs.minio.io/docs/distributed-minio-quickstart-guide), set the `mode` field to `distributed`, + +```bash +$ helm install --set mode=distributed stable/minio +``` + +This provisions MinIO server in distributed mode with 4 nodes. To change the number of nodes in your distributed MinIO server, set the `replicas` field, + +```bash +$ helm install --set mode=distributed,replicas=8 stable/minio +``` + +This provisions MinIO server in distributed mode with 8 nodes. Note that the `replicas` value should be a minimum value of 4, there is no limit on number of servers you can run. + +You can also expand an existing deployment by adding new zones, following command will create a total of 16 nodes with each zone running 8 nodes. + +```bash +$ helm install --set mode=distributed,replicas=8,zones=2 stable/minio +``` + +### StatefulSet [limitations](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/#limitations) applicable to distributed MinIO + +1. StatefulSets need persistent storage, so the `persistence.enabled` flag is ignored when `mode` is set to `distributed`. +2. When uninstalling a distributed MinIO release, you'll need to manually delete volumes associated with the StatefulSet. + +NAS Gateway +----------- + +### Prerequisites + +MinIO in [NAS gateway mode](https://docs.minio.io/docs/minio-gateway-for-nas) can be used to create multiple MinIO instances backed by single PV in `ReadWriteMany` mode. Currently few [Kubernetes volume plugins](https://kubernetes.io/docs/user-guide/persistent-volumes/#access-modes) support `ReadWriteMany` mode. To deploy MinIO NAS gateway with Helm chart you'll need to have a Persistent Volume running with one of the supported volume plugins. [This document](https://kubernetes.io/docs/user-guide/volumes/#nfs) +outlines steps to create a NFS PV in Kubernetes cluster. + +### Provision NAS Gateway MinIO instances + +To provision MinIO servers in [NAS gateway mode](https://docs.minio.io/docs/minio-gateway-for-nas), set the `nasgateway.enabled` field to `true`, + +```bash +$ helm install --set nasgateway.enabled=true stable/minio +``` + +This provisions 4 MinIO NAS gateway instances backed by single storage. To change the number of instances in your MinIO deployment, set the `replicas` field, + +```bash +$ helm install --set nasgateway.enabled=true,nasgateway.replicas=8 stable/minio +``` + +This provisions MinIO NAS gateway with 8 instances. + +Persistence +----------- + +This chart provisions a PersistentVolumeClaim and mounts corresponding persistent volume to default location `/export`. You'll need physical storage available in the Kubernetes cluster for this to work. If you'd rather use `emptyDir`, disable PersistentVolumeClaim by: + +```bash +$ helm install --set persistence.enabled=false stable/minio +``` + +> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* + +Existing PersistentVolumeClaim +------------------------------ + +If a Persistent Volume Claim already exists, specify it during installation. + +1. Create the PersistentVolume +2. Create the PersistentVolumeClaim +3. Install the chart + +```bash +$ helm install --set persistence.existingClaim=PVC_NAME stable/minio +``` + +NetworkPolicy +------------- + +To enable network policy for MinIO, +install [a networking plugin that implements the Kubernetes +NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), +and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting +the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + + kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" + +With NetworkPolicy enabled, traffic will be limited to just port 9000. + +For more precise policy, set `networkPolicy.allowExternal=true`. This will +only allow pods with the generated client label to connect to MinIO. +This label will be displayed in the output of a successful install. + +Existing secret +--------------- + +Instead of having this chart create the secret for you, you can supply a preexisting secret, much +like an existing PersistentVolumeClaim. + +First, create the secret: +```bash +$ kubectl create secret generic my-minio-secret --from-literal=accesskey=foobarbaz --from-literal=secretkey=foobarbazqux +``` + +Then install the chart, specifying that you want to use an existing secret: +```bash +$ helm install --set existingSecret=my-minio-secret stable/minio +``` + +The following fields are expected in the secret +1. `accesskey` - the access key ID +2. `secretkey` - the secret key +3. `gcs_key.json` - The GCS key if you are using the GCS gateway feature. This is optional. + +Configure TLS +------------- + +To enable TLS for MinIO containers, acquire TLS certificates from a CA or create self-signed certificates. While creating / acquiring certificates ensure the corresponding domain names are set as per the standard [DNS naming conventions](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-identity) in a Kubernetes StatefulSet (for a distributed MinIO setup). Then create a secret using + +```bash +$ kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt +``` + +Then install the chart, specifying that you want to use the TLS secret: + +```bash +$ helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio stable/minio +``` + +Pass environment variables to MinIO containers +---------------------------------------------- + +To pass environment variables to MinIO containers when deploying via Helm chart, use the below command line format + +```bash +$ helm install --set environment.MINIO_BROWSER=on,environment.MINIO_DOMAIN=domain-name stable/minio +``` + +You can add as many environment variables as required, using the above format. Just add `environment.=` under `set` flag. + +Create buckets after install +--------------------------- + +Install the chart, specifying the buckets you want to create after install: + +```bash +$ helm install --set buckets[0].name=bucket1,buckets[0].policy=none,buckets[0].purge=false stable/minio +``` + +Description of the configuration parameters used above - +1. `buckets[].name` - name of the bucket to create, must be a string with length > 0 +2. `buckets[].policy` - Can be one of none|download|upload|public +3. `buckets[].purge` - Purge if bucket exists already diff --git a/stable/minio/minio/README.md b/stable/minio/minio/README.md new file mode 100644 index 0000000..d4989fe --- /dev/null +++ b/stable/minio/minio/README.md @@ -0,0 +1,152 @@ +minio +===== +MinIO is a high performance data infrastructure for machine learning, analytics and application data workloads. + +Version: 5.0.31 + +## Introduction + +This repository tracks the upstream [stable/minio](https://github.com/helm/charts/tree/master/stable/minio) Helm chart. + +A `values-ironbank.yaml` file is included with required parameters for deployment. + +- Uses Ironbank images +- Enables TLS + +Reference the original [README](./README-original.md) for additional instructions. + +## Prerequisites + +* TLS certificate + +``` +kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt +``` + +The `Installation` below shows how to enable TLS with the new certificates. + +> Note the default secretNames defined in the `values-ironbank.yaml` file for certificates + +## Installation + +```shell +helm install ./ --name harbor --set tls.enabled=true,tls.certSecret=tls-ssl-minio -f values-ironbank.yaml +``` + +## Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| DeploymentUpdate.maxSurge | string | `"100%"` | | +| DeploymentUpdate.maxUnavailable | int | `0` | | +| DeploymentUpdate.type | string | `"RollingUpdate"` | | +| StatefulSetUpdate.updateStrategy | string | `"RollingUpdate"` | | +| accessKey | string | `"AKIAIOSFODNN7EXAMPLE"` | | +| affinity | object | `{}` | | +| azuregateway.enabled | bool | `false` | | +| azuregateway.replicas | int | `4` | | +| b2gateway.enabled | bool | `false` | | +| b2gateway.replicas | int | `4` | | +| bucketRoot | string | `""` | | +| buckets | list | `[]` | | +| certsPath | string | `"/etc/minio/certs/"` | | +| clusterDomain | string | `"cluster.local"` | | +| configPathmc | string | `"/etc/minio/mc/"` | | +| defaultBucket.enabled | bool | `false` | | +| defaultBucket.name | string | `"bucket"` | | +| defaultBucket.policy | string | `"none"` | | +| defaultBucket.purge | bool | `false` | | +| drivesPerNode | int | `1` | | +| environment.MINIO_API_READY_DEADLINE | string | `"5s"` | | +| etcd.clientCert | string | `""` | | +| etcd.clientCertKey | string | `""` | | +| etcd.corednsPathPrefix | string | `""` | | +| etcd.endpoints | list | `[]` | | +| etcd.pathPrefix | string | `""` | | +| existingSecret | string | `""` | | +| extraArgs | list | `[]` | | +| fullnameOverride | string | `""` | | +| gcsgateway.enabled | bool | `false` | | +| gcsgateway.gcsKeyJson | string | `""` | | +| gcsgateway.projectId | string | `""` | | +| gcsgateway.replicas | int | `4` | | +| helmKubectlJqImage.pullPolicy | string | `"IfNotPresent"` | | +| helmKubectlJqImage.repository | string | `"bskim45/helm-kubectl-jq"` | | +| helmKubectlJqImage.tag | string | `"3.1.0"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"minio/minio"` | | +| image.tag | string | `"RELEASE.2020-06-14T18-32-17Z"` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0] | string | `"chart-example.local"` | | +| ingress.labels | object | `{}` | | +| ingress.path | string | `"/"` | | +| ingress.tls | list | `[]` | | +| livenessProbe.failureThreshold | int | `1` | | +| livenessProbe.initialDelaySeconds | int | `5` | | +| livenessProbe.periodSeconds | int | `5` | | +| livenessProbe.successThreshold | int | `1` | | +| livenessProbe.timeoutSeconds | int | `1` | | +| makeBucketJob.annotations | string | `nil` | | +| mcImage.pullPolicy | string | `"IfNotPresent"` | | +| mcImage.repository | string | `"minio/mc"` | | +| mcImage.tag | string | `"RELEASE.2020-05-28T23-43-36Z"` | | +| metrics.serviceMonitor.additionalLabels | object | `{}` | | +| metrics.serviceMonitor.enabled | bool | `false` | | +| mode | string | `"standalone"` | | +| mountPath | string | `"/export"` | | +| nameOverride | string | `""` | | +| nasgateway.enabled | bool | `false` | | +| nasgateway.pv | string | `nil` | | +| nasgateway.replicas | int | `4` | | +| networkPolicy.allowExternal | bool | `true` | | +| networkPolicy.enabled | bool | `false` | | +| nodeSelector | object | `{}` | | +| ossgateway.enabled | bool | `false` | | +| ossgateway.endpointURL | string | `""` | | +| ossgateway.replicas | int | `4` | | +| persistence.VolumeName | string | `""` | | +| persistence.accessMode | string | `"ReadWriteOnce"` | | +| persistence.enabled | bool | `true` | | +| persistence.existingClaim | string | `""` | | +| persistence.size | string | `"500Gi"` | | +| persistence.storageClass | string | `""` | | +| persistence.subPath | string | `""` | | +| podAnnotations | object | `{}` | | +| podDisruptionBudget.enabled | bool | `false` | | +| podDisruptionBudget.maxUnavailable | int | `1` | | +| podLabels | object | `{}` | | +| priorityClassName | string | `""` | | +| readinessProbe.failureThreshold | int | `3` | | +| readinessProbe.initialDelaySeconds | int | `30` | | +| readinessProbe.periodSeconds | int | `5` | | +| readinessProbe.successThreshold | int | `1` | | +| readinessProbe.timeoutSeconds | int | `6` | | +| replicas | int | `4` | | +| resources.requests.memory | string | `"4Gi"` | | +| s3gateway.accessKey | string | `""` | | +| s3gateway.enabled | bool | `false` | | +| s3gateway.replicas | int | `4` | | +| s3gateway.secretKey | string | `""` | | +| s3gateway.serviceEndpoint | string | `""` | | +| secretKey | string | `"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"` | | +| securityContext.enabled | bool | `true` | | +| securityContext.fsGroup | int | `1000` | | +| securityContext.runAsGroup | int | `1000` | | +| securityContext.runAsUser | int | `1000` | | +| service.annotations | object | `{}` | | +| service.clusterIP | string | `nil` | | +| service.externalIPs | list | `[]` | | +| service.nodePort | int | `32000` | | +| service.port | int | `9000` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `nil` | | +| tls.certSecret | string | `""` | | +| tls.enabled | bool | `false` | | +| tls.privateKey | string | `"private.key"` | | +| tls.publicCrt | string | `"public.crt"` | | +| tolerations | list | `[]` | | +| updatePrometheusJob.annotations | string | `nil` | | +| zones | int | `1` | | diff --git a/stable/minio/minio/ci/distributed-values.yaml b/stable/minio/minio/ci/distributed-values.yaml new file mode 100644 index 0000000..e6c4673 --- /dev/null +++ b/stable/minio/minio/ci/distributed-values.yaml @@ -0,0 +1 @@ +mode: distributed diff --git a/stable/minio/minio/templates/NOTES.txt b/stable/minio/minio/templates/NOTES.txt new file mode 100644 index 0000000..b690f50 --- /dev/null +++ b/stable/minio/minio/templates/NOTES.txt @@ -0,0 +1,44 @@ +{{- if eq .Values.service.type "ClusterIP" "NodePort" }} +Minio can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: +{{ template "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To access Minio from localhost, run the below commands: + + 1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + + 2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} + +Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/ + +You can now access Minio server on http://localhost:9000. Follow the below steps to connect to Minio server with mc client: + + 1. Download the Minio mc client - https://docs.minio.io/docs/minio-client-quickstart-guide + + 2. mc config host add {{ template "minio.fullname" . }}-local http://localhost:9000 {{ .Values.accessKey }} {{ .Values.secretKey }} S3v4 + + 3. mc ls {{ template "minio.fullname" . }}-local + +Alternately, you can use your browser or the Minio SDK to access the server - https://docs.minio.io/categories/17 +{{- end }} +{{- if eq .Values.service.type "LoadBalancer" }} +Minio can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by: +kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }} + +Note that the public IP may take a couple of minutes to be available. + +You can now access Minio server on http://:9000. Follow the below steps to connect to Minio server with mc client: + + 1. Download the Minio mc client - https://docs.minio.io/docs/minio-client-quickstart-guide + + 2. mc config host add {{ template "minio.fullname" . }}-local http://:{{ .Values.service.port }} {{ .Values.accessKey }} {{ .Values.secretKey }} S3v4 + + 3. mc ls {{ template "minio.fullname" . }}-local + +Alternately, you can use your browser or the Minio SDK to access the server - https://docs.minio.io/categories/17 +{{- end }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label +{{ template "minio.fullname" . }}-client=true" +will be able to connect to this minio cluster. +{{- end }} diff --git a/stable/minio/minio/templates/_helper_create_bucket.txt b/stable/minio/minio/templates/_helper_create_bucket.txt new file mode 100755 index 0000000..5d1c5b1 --- /dev/null +++ b/stable/minio/minio/templates/_helper_create_bucket.txt @@ -0,0 +1,96 @@ +#!/bin/sh +set -e ; # Have script exit in the event of a failed command. + +{{- if .Values.configPathmc }} +MC_CONFIG_DIR="{{ .Values.configPathmc }}" +MC="/usr/bin/mc --config-dir ${MC_CONFIG_DIR}" +{{- else }} +MC="/usr/bin/mc" +{{- end }} + +# connectToMinio +# Use a check-sleep-check loop to wait for Minio service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/accesskey) ; SECRET=$(cat /config/secretkey) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to Minio server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="${MC} config host add myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 +} + +# checkBucketExists ($bucket) +# Check if the bucket exists, by using the exit code of `mc ls` +checkBucketExists() { + BUCKET=$1 + CMD=$(${MC} ls myminio/$BUCKET > /dev/null 2>&1) + return $? +} + +# createBucket ($bucket, $policy, $purge) +# Ensure bucket exists, purging if asked to +createBucket() { + BUCKET=$1 + POLICY=$2 + PURGE=$3 + + # Purge the bucket, if set & exists + # Since PURGE is user input, check explicitly for `true` + if [ $PURGE = true ]; then + if checkBucketExists $BUCKET ; then + echo "Purging bucket '$BUCKET'." + set +e ; # don't exit if this fails + ${MC} rm -r --force myminio/$BUCKET + set -e ; # reset `e` as active + else + echo "Bucket '$BUCKET' does not exist, skipping purge." + fi + fi + + # Create the bucket if it does not exist + if ! checkBucketExists $BUCKET ; then + echo "Creating bucket '$BUCKET'" + ${MC} mb myminio/$BUCKET + else + echo "Bucket '$BUCKET' already exists." + fi + + # At this point, the bucket should exist, skip checking for existence + # Set policy on the bucket + echo "Setting policy of bucket '$BUCKET' to '$POLICY'." + ${MC} policy set $POLICY myminio/$BUCKET +} + +# Try connecting to Minio instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{- if or .Values.defaultBucket.enabled }} +# Create the bucket +createBucket {{ .Values.defaultBucket.name }} {{ .Values.defaultBucket.policy }} {{ .Values.defaultBucket.purge }} +{{ else if .Values.buckets }} +# Create the buckets +{{- range .Values.buckets }} +createBucket {{ .name }} {{ .policy }} {{ .purge }} +{{- end }} +{{- end }} diff --git a/stable/minio/minio/templates/_helpers.tpl b/stable/minio/minio/templates/_helpers.tpl new file mode 100644 index 0000000..ef929d3 --- /dev/null +++ b/stable/minio/minio/templates/_helpers.tpl @@ -0,0 +1,96 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "minio.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "minio.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "minio.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "minio.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "minio.deployment.apiVersion" -}} +{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "minio.statefulset.apiVersion" -}} +{{- if .Capabilities.APIVersions.Has "apps/v1beta2" -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "minio.ingress.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Determine service account name for deployment or statefulset. +*/}} +{{- define "minio.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{- default (include "minio.fullname" .) .Values.serviceAccount.name | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- default "default" .Values.serviceAccount.name -}} +{{- end -}} +{{- end -}} + +{{/* +Properly format optional additional arguments to Minio binary +*/}} +{{- define "minio.extraArgs" -}} +{{- range .Values.extraArgs -}} +{{ " " }}{{ . }} +{{- end -}} +{{- end -}} diff --git a/stable/minio/minio/templates/configmap.yaml b/stable/minio/minio/templates/configmap.yaml new file mode 100644 index 0000000..cb11fcd --- /dev/null +++ b/stable/minio/minio/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + initialize: |- +{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }} diff --git a/stable/minio/minio/templates/deployment.yaml b/stable/minio/minio/templates/deployment.yaml new file mode 100644 index 0000000..a71fb7f --- /dev/null +++ b/stable/minio/minio/templates/deployment.yaml @@ -0,0 +1,266 @@ +{{- if eq .Values.mode "standalone" }} +{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} +apiVersion: {{ template "minio.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + strategy: + type: {{ .Values.DeploymentUpdate.type }} + {{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} + maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} + {{- end}} + {{- if .Values.nasgateway.enabled }} + replicas: {{ .Values.nasgateway.replicas }} + {{- end }} + {{- if .Values.s3gateway.enabled }} + replicas: {{ .Values.s3gateway.replicas }} + {{- end }} + {{- if .Values.azuregateway.enabled }} + replicas: {{ .Values.azuregateway.replicas }} + {{- end }} + {{- if .Values.gcsgateway.enabled }} + replicas: {{ .Values.gcsgateway.replicas }} + {{- end }} + {{- if .Values.ossgateway.enabled }} + replicas: {{ .Values.ossgateway.replicas }} + {{- end }} + {{- if .Values.b2gateway.enabled }} + replicas: {{ .Values.b2gateway.replicas }} + {{- end }} + selector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} + annotations: + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} +{{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + serviceAccountName: {{ include "minio.serviceAccountName" . | quote }} +{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + fsGroup: {{ .Values.securityContext.fsGroup }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.s3gateway.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} gateway s3 {{ .Values.s3gateway.serviceEndpoint }} {{- template `minio.extraArgs` . }}" ] + {{- else }} + {{- if .Values.azuregateway.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} gateway azure {{- template `minio.extraArgs` . }}" ] + {{- else }} + {{- if .Values.gcsgateway.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} gateway gcs {{ .Values.gcsgateway.projectId }} {{- template `minio.extraArgs` . }}" ] + {{- else }} + {{- if .Values.ossgateway.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} gateway oss {{ .Values.ossgateway.endpointURL }} {{- template `minio.extraArgs` . }}" ] + {{- else }} + {{- if .Values.nasgateway.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} gateway nas {{ $bucketRoot }} {{- template `minio.extraArgs` . }}" ] + {{- else }} + {{- if .Values.b2gateway.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} gateway b2 {{- template `minio.extraArgs` . }}" ] + {{- else }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} server {{ $bucketRoot }} {{- template `minio.extraArgs` . }}" ] + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + volumeMounts: + {{- if and .Values.persistence.enabled (not .Values.gcsgateway.enabled) (not .Values.azuregateway.enabled) (not .Values.s3gateway.enabled) (not .Values.b2gateway.enabled) }} + - name: export + mountPath: {{ .Values.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: "{{ .Values.persistence.subPath }}" + {{- end }} + {{- end }} + {{- if or .Values.gcsgateway.enabled .Values.etcd.clientCert .Values.etcd.clientCertKey }} + - name: minio-user + mountPath: "/etc/credentials" + readOnly: true + {{- end }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume + mountPath: {{ .Values.certsPath }} + {{ end }} + ports: + {{- if .Values.tls.enabled }} + - name: https + {{ else }} + - name: http + {{- end }} + containerPort: 9000 + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + key: secretkey + {{- if .Values.gcsgateway.enabled }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/gcs_key.json" + {{- end }} + {{- if .Values.etcd.endpoints }} + - name: MINIO_ETCD_ENDPOINTS + value: {{ join "," .Values.etcd.endpoints | quote }} + {{- end }} + {{- if .Values.etcd.clientCert }} + - name: MINIO_ETCD_CLIENT_CERT + value: "/etc/credentials/etcd_client_cert.pem" + {{- end }} + {{- if .Values.etcd.clientCertKey }} + - name: MINIO_ETCD_CLIENT_CERT_KEY + value: "/etc/credentials/etcd_client_cert_key.pem" + {{- end }} + {{- if .Values.etcd.pathPrefix }} + - name: MINIO_ETCD_PATH_PREFIX + value: {{ .Values.etcd.pathPrefix }} + {{- end }} + {{- if .Values.etcd.corednsPathPrefix }} + - name: MINIO_ETCD_COREDNS_PATH + value: {{ .Values.etcd.corednsPathPrefix }} + {{- end }} + {{- if .Values.s3gateway.enabled -}} + {{- if .Values.s3gateway.accessKey }} + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + key: awsAccessKeyId + {{- end }} + {{- if .Values.s3gateway.secretKey }} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + key: awsSecretAccessKey + {{- end }} + {{- end }} + {{- range $key, $val := .Values.environment }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + livenessProbe: + httpGet: + path: /minio/health/live + {{- if .Values.tls.enabled }} + port: https + {{ else }} + port: http + {{- end }} + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{ else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{- end }} + path: /minio/health/ready + {{- if .Values.tls.enabled }} + port: https + {{ else }} + port: http + {{- end }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + resources: +{{ toYaml .Values.resources | indent 12 }} +{{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} +{{- end }} +{{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + {{- if and (not .Values.gcsgateway.enabled) (not .Values.azuregateway.enabled) (not .Values.s3gateway.enabled) (not .Values.b2gateway.enabled) }} + - name: export + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: minio-user + secret: + secretName: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: public.crt + - key: {{ .Values.tls.privateKey }} + path: private.key + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{ end }} +{{- end }} diff --git a/stable/minio/minio/templates/ingress.yaml b/stable/minio/minio/templates/ingress.yaml new file mode 100644 index 0000000..2d9bbda --- /dev/null +++ b/stable/minio/minio/templates/ingress.yaml @@ -0,0 +1,45 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "minio.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: {{ template "minio.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.labels }} +{{ toYaml . | indent 4 }} +{{- end }} + +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- if . }} + host: {{ . | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/stable/minio/minio/templates/networkpolicy.yaml b/stable/minio/minio/templates/networkpolicy.yaml new file mode 100644 index 0000000..de57f48 --- /dev/null +++ b/stable/minio/minio/templates/networkpolicy.yaml @@ -0,0 +1,25 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "minio.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podSelector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + ingress: + - ports: + - port: {{ .Values.service.port }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "minio.name" . }}-client: "true" + {{- end }} +{{- end }} diff --git a/stable/minio/minio/templates/poddisruptionbudget.yaml b/stable/minio/minio/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000..1de813b --- /dev/null +++ b/stable/minio/minio/templates/poddisruptionbudget.yaml @@ -0,0 +1,13 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: minio + labels: + app: {{ template "minio.name" . }} +spec: + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + selector: + matchLabels: + app: {{ template "minio.name" . }} +{{- end }} \ No newline at end of file diff --git a/stable/minio/minio/templates/post-install-create-bucket-job.yaml b/stable/minio/minio/templates/post-install-create-bucket-job.yaml new file mode 100755 index 0000000..9a7fbb7 --- /dev/null +++ b/stable/minio/minio/templates/post-install-create-bucket-job.yaml @@ -0,0 +1,76 @@ +{{- if or .Values.defaultBucket.enabled .Values.buckets }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "minio.fullname" . }}-make-bucket-job + labels: + app: {{ template "minio.name" . }}-make-bucket-job + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation +{{- with .Values.makeBucketJob.annotations }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: + template: + metadata: + labels: + app: {{ template "minio.name" . }}-job + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} + spec: + restartPolicy: OnFailure +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: minio-configuration + projected: + sources: + - configMap: + name: {{ template "minio.fullname" . }} + - secret: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{ end }} + serviceAccountName: {{ include "minio.serviceAccountName" . | quote }} + containers: + - name: minio-mc + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + command: ["/bin/sh", "/config/initialize"] + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{ end }} + resources: +{{ toYaml .Values.resources | indent 10 }} +{{- end }} diff --git a/stable/minio/minio/templates/post-install-prometheus-metrics-job.yaml b/stable/minio/minio/templates/post-install-prometheus-metrics-job.yaml new file mode 100644 index 0000000..3f4d8ce --- /dev/null +++ b/stable/minio/minio/templates/post-install-prometheus-metrics-job.yaml @@ -0,0 +1,110 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{- $fullName := include "minio.fullname" . -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $fullName }}-update-prometheus-secret + labels: + app: {{ template "minio.name" . }}-update-prometheus-secret + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded + {{ toYaml .Values.updatePrometheusJob.annotations | indent 4 }} +spec: + template: + metadata: + labels: + app: {{ template "minio.name" . }}-update-prometheus-secret + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} + spec: +{{- if .Values.serviceAccount.create }} + serviceAccountName: {{ $fullName }}-update-prometheus-secret +{{- end }} + restartPolicy: OnFailure +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: workdir + emptyDir: {} + initContainers: + - name: minio-mc + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + command: + - /bin/sh + - "-c" + - mc admin prometheus generate target --json --no-color -q > /workdir/mc.json + env: + # mc admin prometheus generate don't really connect to remote server, TLS cert isn't required + - name: MC_HOST_target + value: http{{ if .Values.tls.enabled }}s{{ end }}://{{ .Values.accessKey }}:{{ .Values.secretKey }}@{{ $fullName }}:{{ .Values.service.port }} + volumeMounts: + - name: workdir + mountPath: /workdir + resources: +{{ toYaml .Values.resources | indent 12 }} + # extract bearerToken from mc admin output + - name: jq + image: "{{ .Values.helmKubectlJqImage.repository }}:{{ .Values.helmKubectlJqImage.tag }}" + imagePullPolicy: {{ .Values.helmKubectlJqImage.pullPolicy }} + command: + - /bin/sh + - "-c" + - jq -e -c -j -r .bearerToken < /workdir/mc.json > /workdir/token + volumeMounts: + - name: workdir + mountPath: /workdir + resources: +{{ toYaml .Values.resources | indent 12 }} + - name: kubectl-create + image: "{{ .Values.helmKubectlJqImage.repository }}:{{ .Values.helmKubectlJqImage.tag }}" + imagePullPolicy: {{ .Values.helmKubectlJqImage.pullPolicy }} + command: + - /bin/sh + - "-c" + # The following script does: + # - get the servicemonitor that need this secret and copy some metadata and create the ownerreference for the secret file + # - create the secret + # - merge both json + - > + kubectl -n {{ .Release.Namespace }} get servicemonitor {{ $fullName }} -o json | + jq -c '{metadata: {name: "{{ $fullName }}-prometheus", namespace: .metadata.namespace, labels: {app: .metadata.labels.app, release: .metadata.labels.release}, ownerReferences: [{apiVersion: .apiVersion, kind: .kind, blockOwnerDeletion: true, controller: true, uid: .metadata.uid, name: .metadata.name}]}}' > /workdir/metadata.json && + kubectl create secret generic {{ $fullName }}-prometheus --from-file=token=/workdir/token --dry-run -o json > /workdir/secret.json && + cat /workdir/secret.json /workdir/metadata.json | jq -s add > /workdir/object.json + volumeMounts: + - name: workdir + mountPath: /workdir + resources: +{{ toYaml .Values.resources | indent 12 }} + containers: + - name: kubectl-apply + image: "{{ .Values.helmKubectlJqImage.repository }}:{{ .Values.helmKubectlJqImage.tag }}" + imagePullPolicy: {{ .Values.helmKubectlJqImage.pullPolicy }} + command: + - kubectl + - apply + - "-f" + - /workdir/object.json + volumeMounts: + - name: workdir + mountPath: /workdir + resources: +{{ toYaml .Values.resources | indent 12 }} +{{- end }} diff --git a/stable/minio/minio/templates/post-install-prometheus-metrics-role.yaml b/stable/minio/minio/templates/post-install-prometheus-metrics-role.yaml new file mode 100644 index 0000000..26c0ce7 --- /dev/null +++ b/stable/minio/minio/templates/post-install-prometheus-metrics-role.yaml @@ -0,0 +1,38 @@ +{{- if .Values.serviceAccount.create -}} +{{- $fullName := include "minio.fullname" . -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $fullName }}-update-prometheus-secret + labels: + app: {{ template "minio.name" . }}-update-prometheus-secret + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + resourceNames: + - {{ $fullName }}-prometheus + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + resourceNames: + - {{ $fullName }} +{{- end -}} \ No newline at end of file diff --git a/stable/minio/minio/templates/post-install-prometheus-metrics-rolebinding.yaml b/stable/minio/minio/templates/post-install-prometheus-metrics-rolebinding.yaml new file mode 100644 index 0000000..7d0ea75 --- /dev/null +++ b/stable/minio/minio/templates/post-install-prometheus-metrics-rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.serviceAccount.create -}} +{{- $fullName := include "minio.fullname" . -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $fullName }}-update-prometheus-secret + labels: + app: {{ template "minio.name" . }}-update-prometheus-secret + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $fullName }}-update-prometheus-secret +subjects: + - kind: ServiceAccount + name: {{ $fullName }}-update-prometheus-secret + namespace: {{ .Release.Namespace | quote }} +{{- end -}} \ No newline at end of file diff --git a/stable/minio/minio/templates/post-install-prometheus-metrics-serviceaccount.yaml b/stable/minio/minio/templates/post-install-prometheus-metrics-serviceaccount.yaml new file mode 100644 index 0000000..050d368 --- /dev/null +++ b/stable/minio/minio/templates/post-install-prometheus-metrics-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +{{- $fullName := include "minio.fullname" . -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $fullName }}-update-prometheus-secret + labels: + app: {{ template "minio.name" . }}-update-prometheus-secret + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end -}} \ No newline at end of file diff --git a/stable/minio/minio/templates/pvc.yaml b/stable/minio/minio/templates/pvc.yaml new file mode 100644 index 0000000..014f90f --- /dev/null +++ b/stable/minio/minio/templates/pvc.yaml @@ -0,0 +1,35 @@ +{{- if eq .Values.mode "standalone" }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if and .Values.nasgateway.enabled .Values.nasgateway.pv }} + selector: + matchLabels: + pv: {{ .Values.nasgateway.pv | quote }} +{{- end }} + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- if .Values.persistence.VolumeName }} + volumeName: "{{ .Values.persistence.VolumeName }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/stable/minio/minio/templates/secrets.yaml b/stable/minio/minio/templates/secrets.yaml new file mode 100644 index 0000000..9714eef --- /dev/null +++ b/stable/minio/minio/templates/secrets.yaml @@ -0,0 +1,32 @@ +{{- if not .Values.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + accesskey: {{ if .Values.accessKey }}{{ .Values.accessKey | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }} + secretkey: {{ if .Values.secretKey }}{{ .Values.secretKey | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }} +{{- if .Values.gcsgateway.enabled }} + gcs_key.json: {{ .Values.gcsgateway.gcsKeyJson | b64enc }} +{{- end }} +{{- if .Values.s3gateway.enabled -}} +{{- if .Values.s3gateway.accessKey }} + awsAccessKeyId: {{ .Values.s3gateway.accessKey | b64enc | quote }} +{{- end }} +{{- if .Values.s3gateway.secretKey }} + awsSecretAccessKey: {{ .Values.s3gateway.secretKey | b64enc | quote }} +{{- end }} +{{- end }} +{{- if .Values.etcd.clientCert }} + etcd_client_cert.pem: {{ .Values.etcd.clientCert | b64enc | quote }} +{{- end }} +{{- if .Values.etcd.clientCertKey }} + etcd_client_cert_key.pem: {{ .Values.etcd.clientCertKey | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/stable/minio/minio/templates/service.yaml b/stable/minio/minio/templates/service.yaml new file mode 100644 index 0000000..cb50b93 --- /dev/null +++ b/stable/minio/minio/templates/service.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }} + type: ClusterIP + {{- if not (empty .Values.service.clusterIP) }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} + ports: + {{- if .Values.tls.enabled }} + - name: https + {{ else }} + - name: http + {{- end }} + port: {{ .Values.service.port }} + protocol: TCP +{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort }} +{{- else }} + targetPort: 9000 +{{- end}} +{{- if .Values.service.externalIPs }} + externalIPs: +{{- range $i , $ip := .Values.service.externalIPs }} + - {{ $ip }} +{{- end }} +{{- end }} + selector: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} diff --git a/stable/minio/minio/templates/serviceaccount.yaml b/stable/minio/minio/templates/serviceaccount.yaml new file mode 100644 index 0000000..4380021 --- /dev/null +++ b/stable/minio/minio/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "minio.serviceAccountName" . | quote }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/stable/minio/minio/templates/servicemonitor.yaml b/stable/minio/minio/templates/servicemonitor.yaml new file mode 100644 index 0000000..2625de0 --- /dev/null +++ b/stable/minio/minio/templates/servicemonitor.yaml @@ -0,0 +1,41 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "minio.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} +{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} +spec: + endpoints: + {{- if .Values.tls.enabled }} + - port: https + {{ else }} + - port: http + {{- end }} + path: /minio/prometheus/metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + bearerTokenSecret: + name: {{ template "minio.fullname" . }}-prometheus + key: token + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: + app: {{ include "minio.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/stable/minio/minio/templates/statefulset.yaml b/stable/minio/minio/templates/statefulset.yaml new file mode 100644 index 0000000..1ae5fc9 --- /dev/null +++ b/stable/minio/minio/templates/statefulset.yaml @@ -0,0 +1,231 @@ +{{- if eq .Values.mode "distributed" }} +{{ $zoneCount := .Values.zones | int }} +{{ $nodeCount := .Values.replicas | int }} +{{ $drivesPerNode := .Values.drivesPerNode | int }} +{{ $scheme := "http" }} +{{- if .Values.tls.enabled }} +{{ $scheme = "https" }} +{{ end }} +{{ $mountPath := .Values.mountPath }} +{{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} +{{ $subPath := .Values.persistence.subPath }} +{{ $penabled := .Values.persistence.enabled }} +{{ $accessMode := .Values.persistence.accessMode }} +{{ $storageClass := .Values.persistence.storageClass }} +{{ $psize := .Values.persistence.size }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "minio.fullname" . }}-svc + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + publishNotReadyAddresses: true + clusterIP: None + ports: + {{- if .Values.tls.enabled }} + - name: https + {{ else }} + - name: http + {{- end }} + port: {{ .Values.service.port }} + protocol: TCP + selector: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} +--- +apiVersion: {{ template "minio.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + updateStrategy: + type: {{ .Values.StatefulSetUpdate.updateStrategy }} + podManagementPolicy: "Parallel" + serviceName: {{ template "minio.fullname" . }}-svc + replicas: {{ mul $zoneCount $nodeCount }} + selector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} + annotations: + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} +{{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + serviceAccountName: {{ include "minio.serviceAccountName" . | quote }} +{{- if and .Values.securityContext.enabled .Values.persistence.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + runAsGroup: {{ .Values.securityContext.runAsGroup }} + fsGroup: {{ .Values.securityContext.fsGroup }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} server {{- range $i := until $zoneCount }}{{ $factor := mul $i $nodeCount }}{{ $endIndex := add $factor $nodeCount }}{{ $beginIndex := mul $i $nodeCount }} {{ $scheme }}://{{ template `minio.fullname` $ }}-{{ `{` }}{{ $beginIndex }}...{{ sub $endIndex 1 }}{{ `}`}}.{{ template `minio.fullname` $ }}-svc.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{if (gt $drivesPerNode 1)}}{{ $bucketRoot }}-{{ `{` }}0...{{ sub $drivesPerNode 1 }}{{ `}` }}{{else}}{{ $bucketRoot }}{{end}}{{- end}}{{- template `minio.extraArgs` . }}" ] + volumeMounts: + {{- if $penabled }} + {{- if (gt $drivesPerNode 1) }} + {{- range $i := until $drivesPerNode }} + - name: export-{{ $i }} + mountPath: {{ $mountPath }}-{{ $i }} + {{- if and $penabled $subPath }} + subPath: {{ $subPath }} + {{- end }} + {{- end }} + {{- else }} + - name: export + mountPath: {{ $mountPath }} + {{- if and $penabled $subPath }} + subPath: {{ $subPath }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume + mountPath: {{ .Values.certsPath }} + {{ end }} + ports: + {{- if .Values.tls.enabled }} + - name: https + {{ else }} + - name: http + {{- end }} + containerPort: 9000 + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + key: secretkey + {{- range $key, $val := .Values.environment }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + livenessProbe: + httpGet: + path: /minio/health/live + {{- if .Values.tls.enabled }} + port: https + {{ else }} + port: http + {{- end }} + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{ else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: /minio/health/ready + {{- if .Values.tls.enabled }} + port: https + {{ else }} + port: http + {{- end }} + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{ else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: minio-user + secret: + secretName: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: public.crt + - key: {{ .Values.tls.privateKey }} + path: private.key + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{ end }} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + {{- if gt $drivesPerNode 1 }} + {{- range $diskId := until $drivesPerNode}} + - metadata: + name: export-{{ $diskId }} + spec: + accessModes: [ {{ $accessMode | quote }} ] + {{- if $storageClass }} + storageClassName: {{ $storageClass }} + {{- end }} + resources: + requests: + storage: {{ $psize }} + {{- end }} + {{- else }} + - metadata: + name: export + spec: + accessModes: [ {{ $accessMode | quote }} ] + {{- if $storageClass }} + storageClassName: {{ $storageClass }} + {{- end }} + resources: + requests: + storage: {{ $psize }} + {{- end }} +{{- end }} +{{- end }} diff --git a/stable/minio/minio/values-ironbank.yaml b/stable/minio/minio/values-ironbank.yaml new file mode 100644 index 0000000..c73e8d1 --- /dev/null +++ b/stable/minio/minio/values-ironbank.yaml @@ -0,0 +1,17 @@ +# Ironbank values + +image: + repository: registry1.dsop.io/opensource/minio/minio + tag: RELEASE.2020-07-02T00-15-09Z + pullPolicy: IfNotPresent + +mcImage: + repository: registry1.dsop.io/opensource/minio/minio + tag: RELEASE.2020-06-26T19-56-55Z + pullPolicy: IfNotPresent + +tls: + enabled: true + certSecret: "tls-ssl-minio" + publicCrt: public.crt + privateKey: private.key \ No newline at end of file diff --git a/stable/minio/minio/values.yaml b/stable/minio/minio/values.yaml new file mode 100755 index 0000000..f755cd6 --- /dev/null +++ b/stable/minio/minio/values.yaml @@ -0,0 +1,334 @@ +## Provide a name in place of minio for `app:` labels +## +nameOverride: "" + +## Provide a name to substitute for the full names of resources +## +fullnameOverride: "" + +## set kubernetes cluster domain where minio is running +## +clusterDomain: cluster.local + +## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the +## +image: + repository: minio/minio + tag: RELEASE.2020-06-14T18-32-17Z + pullPolicy: IfNotPresent + +## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio +## client used to create a default bucket). +## +mcImage: + repository: minio/mc + tag: RELEASE.2020-05-28T23-43-36Z + pullPolicy: IfNotPresent + +## Set default image, imageTag, and imagePullPolicy for the `jq` (the JSON +## process used to create secret for prometheus ServiceMonitor). +## +helmKubectlJqImage: + repository: bskim45/helm-kubectl-jq + tag: 3.1.0 + pullPolicy: IfNotPresent + +## minio server mode, i.e. standalone or distributed. +## Distributed Minio ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide +## +mode: standalone + +## Additional arguments to pass to minio binary +extraArgs: [] + +## Update strategy for Deployments +DeploymentUpdate: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 100% + +## Update strategy for StatefulSets +StatefulSetUpdate: + updateStrategy: RollingUpdate + +## Pod priority settings +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" + +## Set default accesskey, secretkey, Minio config file path, volume mount path and +## number of nodes (only used for Minio distributed mode) +## AccessKey and secretKey is generated when not set +## Distributed Minio ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide +## +existingSecret: "" +accessKey: "AKIAIOSFODNN7EXAMPLE" +secretKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" +certsPath: "/etc/minio/certs/" +configPathmc: "/etc/minio/mc/" +mountPath: "/export" + +## Override the root directory which the minio server should serve from. +## If left empty, it defaults to the value of {{ .Values.mountPath }} +## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }} +bucketRoot: "" + +# Number of drives attached to a node +drivesPerNode: 1 +# Number of MinIO containers running +replicas: 4 +# Number of expanded MinIO clusters +zones: 1 + +## TLS Settings for Minio +tls: + enabled: false + ## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + certSecret: "" + publicCrt: public.crt + privateKey: private.key + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## minio data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + ## Storage class of PV to bind. By default it looks for standard storage class. + ## If the PV uses a different storage class, specify that here. + storageClass: "" + VolumeName: "" + accessMode: ReadWriteOnce + size: 500Gi + + ## If subPath is set mount a sub folder of a volume instead of the root of the volume. + ## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs). + ## + subPath: "" + +## Expose the Minio service to be accessed from outside the cluster (LoadBalancer service). +## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. +## ref: http://kubernetes.io/docs/user-guide/services/ +## + +service: + type: ClusterIP + clusterIP: ~ + port: 9000 + nodePort: 32000 + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + # - externalIp1 + + annotations: {} + # prometheus.io/scrape: 'true' + # prometheus.io/path: '/minio/prometheus/metrics' + # prometheus.io/port: '9000' + +## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## + +imagePullSecrets: [] +# - name: "image-pull-secret" + +ingress: + enabled: false + labels: {} + # node-role.kubernetes.io/ingress: platform + + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # kubernetes.io/ingress.allow-http: "false" + # kubernetes.io/ingress.global-static-ip-name: "" + # nginx.ingress.kubernetes.io/secure-backends: "true" + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +tolerations: [] +affinity: {} + +## Add stateful containers to have security context, if enabled MinIO will run as this +## user and group NOTE: securityContext is only enabled if persistence.enabled=true +securityContext: + enabled: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + +# Additational pod annotations +podAnnotations: {} + +# Additional pod labels +podLabels: {} + +## Liveness and Readiness probe values. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ +livenessProbe: + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 1 +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 5 + ## Set this to 1s higher than MINIO_API_READY_DEADLINE + timeoutSeconds: 6 + successThreshold: 1 + failureThreshold: 3 + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 4Gi + +## Create a bucket after minio install +## +defaultBucket: + enabled: false + ## If enabled, must be a string with length > 0 + name: bucket + ## Can be one of none|download|upload|public + policy: none + ## Purge if bucket exists already + purge: false + +## Create multiple buckets after minio install +## Enabling `defaultBucket` will take priority over this list +## +buckets: [] + # - name: bucket1 + # policy: none + # purge: false + # - name: bucket2 + # policy: none + # purge: false + +## Additional Annotations for the Kubernetes Batch (make-bucket-job) +makeBucketJob: + annotations: + +## Additional Annotations for the Kubernetes Batch (update-prometheus-secret) +updatePrometheusJob: + annotations: + +s3gateway: + enabled: false + replicas: 4 + serviceEndpoint: "" + accessKey: "" + secretKey: "" + +## Use minio as an azure blob gateway, you should disable data persistence so no volume claim are created. +## https://docs.minio.io/docs/minio-gateway-for-azure +azuregateway: + enabled: false + # Number of parallel instances + replicas: 4 + +## Use minio as GCS (Google Cloud Storage) gateway, you should disable data persistence so no volume claim are created. +## https://docs.minio.io/docs/minio-gateway-for-gcs + +gcsgateway: + enabled: false + # Number of parallel instances + replicas: 4 + # credential json file of service account key + gcsKeyJson: "" + # Google cloud project-id + projectId: "" + +ossgateway: + enabled: false + # Number of parallel instances + replicas: 4 + endpointURL: "" + +## Use minio on NAS backend +## https://docs.minio.io/docs/minio-gateway-for-nas + +nasgateway: + enabled: false + # Number of parallel instances + replicas: 4 + # For NAS Gateway, you may want to bind the PVC to a specific PV. To ensure that happens, PV to bind to should have + # a label like "pv: ", use value here. + pv: ~ + +## Use minio as Backblaze B2 gateway +## https://github.com/minio/minio/blob/master/docs/gateway/b2.md +b2gateway: + enabled: false + # Number of parallel instances + replicas: 4 + +## Use this field to add environment variables relevant to Minio server. These fields will be passed on to Minio container(s) +## when Chart is deployed +environment: + MINIO_API_READY_DEADLINE: "5s" + ## Please refer for comprehensive list https://docs.minio.io/docs/minio-server-configuration-guide.html + +networkPolicy: + enabled: false + allowExternal: true + +## PodDisruptionBudget settings +## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ +## +podDisruptionBudget: + enabled: false + maxUnavailable: 1 + +## Specify the service account to use for the Minio pods. If 'create' is set to 'false' +## and 'name' is left unspecified, the account 'default' will be used. +serviceAccount: + create: true + ## The name of the service account to use. If 'create' is 'true', a service account with that name + ## will be created. Otherwise, a name will be auto-generated. + name: + +metrics: + # Metrics can not be disabled yet: https://github.com/minio/minio/issues/7493 + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + +## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md +etcd: + endpoints: [] + pathPrefix: "" + corednsPathPrefix: "" + clientCert: "" + clientCertKey: "" -- GitLab From dc1b6048b9b1a55ee3ec96a010f1fff788c15d83 Mon Sep 17 00:00:00 2001 From: Michael Simmons Date: Mon, 20 Jul 2020 13:17:30 -0600 Subject: [PATCH 2/8] MinIO update --- stable/minio/minio/.DS_Store | Bin 6148 -> 6148 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/stable/minio/minio/.DS_Store b/stable/minio/minio/.DS_Store index 36687fbe02cf10e48acd584f43ca75832760163d..554308241f3db8e947670751ba34679e73302136 100644 GIT binary patch delta 113 zcmZoMXfc@J&&aVcU^gQp$7CL+r>a2=t_+S0E)2dvT8|-@A;mK%KRGEUKZ${XK>&zX z0`ZK=Pnc}wMHtE$5*czBN*PiaiWzhnG8u{(@)`0Nl7OOl4B3zz<1aq|%0dgA -- GitLab From 3ebe190f1cd25139bc18e456bbef11b77a2cf434 Mon Sep 17 00:00:00 2001 From: Michael Simmons Date: Mon, 20 Jul 2020 19:39:15 +0000 Subject: [PATCH 3/8] Delete .DS_Store --- .DS_Store | Bin 6148 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .DS_Store diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index f1fb42d5e2dbed59ef65b44b03cc0d5c126fa219..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK!EVz)5S>labRC4qp;CL?3lfJ2rA?uSs*(xmp$8;{D>y*a+BhPXTyJGNL?s0I zH{cKW6uyAZftlS+RTJP=RH_+i_RY@D?8a}M9WMZg!6e=S=m3C3C2V-u{6=V;bV(Y{ zvx+Fp92)Y&RKJZ<9W6z(<0djdd)I<7gpfl7_5GulVh{Df4yEZTGs?(!kr z%EH}HgjpTuS0)^UZ;@MOfElPWuwuI%s{aRnzW>*gxW^1I1GkC+(HsWD0X~wetxFF_ vwN{~?qLNTtW$`iv4O5CSmP+v^suA=nG7x=-l|}TR@P~k*fg5JvpEB?hevfwb -- GitLab From 8dda0b0d6a747b9569cfcb1f3e804dc009a9d5b3 Mon Sep 17 00:00:00 2001 From: Michael Simmons Date: Mon, 20 Jul 2020 19:39:24 +0000 Subject: [PATCH 4/8] Delete .DS_Store --- stable/.DS_Store | Bin 6148 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 stable/.DS_Store diff --git a/stable/.DS_Store b/stable/.DS_Store deleted file mode 100644 index 7a522df01eb5e7ffa0faf76c24b99e6d21b4d58d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK&2AGh5FWQFaZ({7gw!5=LE;dkloWbENUKl|y&)}v1E6-@4b6&;U9uY@2tj+{ zA>a*o6rO+w;Q`?DPpkY;jtEhYH2%i+%vk=sw%0_&dgFA5s6|8^YOvNs@f$JyMptCb zx72~m=156Vaggg{nXh<R{&i5_z-+=t%!X$6+?K7nsS zub_$&x7*LXzb<)Sr`I$liQKoTpb{~qwTCE63xy|`ap5|Fmb~@kL+Inr{N}cm2Z(eP_j0buWmq|G;ddcXysXb20f%Ntht@Cp` zkx#S!#8)svnctF*9rV%NcWgEtOa+tX>cd$%pRyLV=7 zG2Pqiw8d`s-fY(3TQ_$e92^bby`O%Vef*5+Ko|~FE7v@p!50{FWW0?>D%a`+ttMjA zE{g=&8K@o78&E!2ULf`Zp7YCzYLLsxfd9<+=H;Azm~~(vFz^Qk%=sXo1|yG^Lwj_f zuulMB4b4_yo1X>~BRobPD~ITTFc%7Rq0B!qmF~Dm3@qQ0e@^|aXn@U3ncsqSQ Date: Mon, 20 Jul 2020 19:39:31 +0000 Subject: [PATCH 5/8] Delete .DS_Store --- stable/minio/.DS_Store | Bin 6148 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 stable/minio/.DS_Store diff --git a/stable/minio/.DS_Store b/stable/minio/.DS_Store deleted file mode 100644 index 79e7224b42ae2fe10a2dfe4fa766f3d279ffcf7b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK!Ab)$5KY>uX+`Wou*X~k4?R>@?Lma4)*MP&viZ+0@1-MoZkhcU(*{cw%3GGk1DBIb(Fd?MJ7Iwd*l$pdmdhHAy? zB8XKm6-$oa$pEh147+9#OF$>r54XfN=<2H${rMA-!JyZ%EBzdF;;5I_YA-yOFU-u& z2~iTIh0>{ar3PN=r~O{T?;hjRzMozN);>@wez*PLFlrCZ%1gT{N&P5kcXe_Uwjt!? zC`v*#XsCV?_VhTO=@6nQif84@aOgOjRq1T3kE(K5uh*(_!`T{*ieh*J5VS zq%&@d4{qPgZH2=1+hKgE!x?uCQcDaF10NZ{+7G0R_y6A4^}i0Hh8Q3Q{wD*x(Da%O zn47&@r)G(Ftpq&>MZvht;Cl)f`YMK4yoxKJTEH*S0CX*82EhYDKLVNtYKVa!W#A3v Cxm>gW -- GitLab From 306278ae837ef0801e73293612085da2c6e81498 Mon Sep 17 00:00:00 2001 From: Michael Simmons Date: Mon, 20 Jul 2020 19:39:38 +0000 Subject: [PATCH 6/8] Delete .DS_Store --- stable/minio/minio/.DS_Store | Bin 6148 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 stable/minio/minio/.DS_Store diff --git a/stable/minio/minio/.DS_Store b/stable/minio/minio/.DS_Store deleted file mode 100644 index 554308241f3db8e947670751ba34679e73302136..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK%}T>S5dKzsXzisGL612KqTty}tnHzQ3i<-tRy3G4Qmx=E2Oq*$@cDcI{bqKl z*;Wr;L}UhLzs>Ia<=Z5i1>icf(H_tOP^Sv6G}wG0GB3I$D`7+?oyK^;E}n3SG4dsA z8~BS1$l9&p5I0=4DJtvN&x_$8F9w{KhvSvH^{&Dm9~KOe#WrqZ!KRHq&Txtoba24- zh)>5DBevHlm}`tXuS!c#N3)VQ`=mfW)@5MqKskNH98O52u zO|h4=0b}3?3~cSDjd3TN{!7dG0di3sa;qc)?W*1HAxbStK< eY{i>Y6^ Date: Mon, 20 Jul 2020 13:53:25 -0600 Subject: [PATCH 7/8] Moved repo up one level --- stable/minio/.DS_Store | Bin 0 -> 6148 bytes stable/minio/{minio => }/Chart.yaml | 0 stable/minio/{minio => }/IRONBANK.md.gotmpl | 0 stable/minio/{minio => }/README-original.md | 0 stable/minio/{minio => }/README.md | 0 .../minio/{minio => }/ci/distributed-values.yaml | 0 stable/minio/{minio => }/templates/NOTES.txt | 0 .../templates/_helper_create_bucket.txt | 0 stable/minio/{minio => }/templates/_helpers.tpl | 0 .../minio/{minio => }/templates/configmap.yaml | 0 .../minio/{minio => }/templates/deployment.yaml | 0 stable/minio/{minio => }/templates/ingress.yaml | 0 .../{minio => }/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../post-install-create-bucket-job.yaml | 0 .../post-install-prometheus-metrics-job.yaml | 0 .../post-install-prometheus-metrics-role.yaml | 0 ...t-install-prometheus-metrics-rolebinding.yaml | 0 ...nstall-prometheus-metrics-serviceaccount.yaml | 0 stable/minio/{minio => }/templates/pvc.yaml | 0 stable/minio/{minio => }/templates/secrets.yaml | 0 stable/minio/{minio => }/templates/service.yaml | 0 .../{minio => }/templates/serviceaccount.yaml | 0 .../{minio => }/templates/servicemonitor.yaml | 0 .../minio/{minio => }/templates/statefulset.yaml | 0 stable/minio/{minio => }/values-ironbank.yaml | 0 stable/minio/{minio => }/values.yaml | 0 27 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 stable/minio/.DS_Store rename stable/minio/{minio => }/Chart.yaml (100%) rename stable/minio/{minio => }/IRONBANK.md.gotmpl (100%) rename stable/minio/{minio => }/README-original.md (100%) rename stable/minio/{minio => }/README.md (100%) rename stable/minio/{minio => }/ci/distributed-values.yaml (100%) rename stable/minio/{minio => }/templates/NOTES.txt (100%) rename stable/minio/{minio => }/templates/_helper_create_bucket.txt (100%) rename stable/minio/{minio => }/templates/_helpers.tpl (100%) rename stable/minio/{minio => }/templates/configmap.yaml (100%) rename stable/minio/{minio => }/templates/deployment.yaml (100%) rename stable/minio/{minio => }/templates/ingress.yaml (100%) rename stable/minio/{minio => }/templates/networkpolicy.yaml (100%) rename stable/minio/{minio => }/templates/poddisruptionbudget.yaml (100%) rename stable/minio/{minio => }/templates/post-install-create-bucket-job.yaml (100%) rename stable/minio/{minio => }/templates/post-install-prometheus-metrics-job.yaml (100%) rename stable/minio/{minio => }/templates/post-install-prometheus-metrics-role.yaml (100%) rename stable/minio/{minio => }/templates/post-install-prometheus-metrics-rolebinding.yaml (100%) rename stable/minio/{minio => }/templates/post-install-prometheus-metrics-serviceaccount.yaml (100%) rename stable/minio/{minio => }/templates/pvc.yaml (100%) rename stable/minio/{minio => }/templates/secrets.yaml (100%) rename stable/minio/{minio => }/templates/service.yaml (100%) rename stable/minio/{minio => }/templates/serviceaccount.yaml (100%) rename stable/minio/{minio => }/templates/servicemonitor.yaml (100%) rename stable/minio/{minio => }/templates/statefulset.yaml (100%) rename stable/minio/{minio => }/values-ironbank.yaml (100%) rename stable/minio/{minio => }/values.yaml (100%) diff --git a/stable/minio/.DS_Store b/stable/minio/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..79e7224b42ae2fe10a2dfe4fa766f3d279ffcf7b GIT binary patch literal 6148 zcmeHK!Ab)$5KY>uX+`Wou*X~k4?R>@?Lma4)*MP&viZ+0@1-MoZkhcU(*{cw%3GGk1DBIb(Fd?MJ7Iwd*l$pdmdhHAy? zB8XKm6-$oa$pEh147+9#OF$>r54XfN=<2H${rMA-!JyZ%EBzdF;;5I_YA-yOFU-u& z2~iTIh0>{ar3PN=r~O{T?;hjRzMozN);>@wez*PLFlrCZ%1gT{N&P5kcXe_Uwjt!? zC`v*#XsCV?_VhTO=@6nQif84@aOgOjRq1T3kE(K5uh*(_!`T{*ieh*J5VS zq%&@d4{qPgZH2=1+hKgE!x?uCQcDaF10NZ{+7G0R_y6A4^}i0Hh8Q3Q{wD*x(Da%O zn47&@r)G(Ftpq&>MZvht;Cl)f`YMK4yoxKJTEH*S0CX*82EhYDKLVNtYKVa!W#A3v Cxm>gW literal 0 HcmV?d00001 diff --git a/stable/minio/minio/Chart.yaml b/stable/minio/Chart.yaml similarity index 100% rename from stable/minio/minio/Chart.yaml rename to stable/minio/Chart.yaml diff --git a/stable/minio/minio/IRONBANK.md.gotmpl b/stable/minio/IRONBANK.md.gotmpl similarity index 100% rename from stable/minio/minio/IRONBANK.md.gotmpl rename to stable/minio/IRONBANK.md.gotmpl diff --git a/stable/minio/minio/README-original.md b/stable/minio/README-original.md similarity index 100% rename from stable/minio/minio/README-original.md rename to stable/minio/README-original.md diff --git a/stable/minio/minio/README.md b/stable/minio/README.md similarity index 100% rename from stable/minio/minio/README.md rename to stable/minio/README.md diff --git a/stable/minio/minio/ci/distributed-values.yaml b/stable/minio/ci/distributed-values.yaml similarity index 100% rename from stable/minio/minio/ci/distributed-values.yaml rename to stable/minio/ci/distributed-values.yaml diff --git a/stable/minio/minio/templates/NOTES.txt b/stable/minio/templates/NOTES.txt similarity index 100% rename from stable/minio/minio/templates/NOTES.txt rename to stable/minio/templates/NOTES.txt diff --git a/stable/minio/minio/templates/_helper_create_bucket.txt b/stable/minio/templates/_helper_create_bucket.txt similarity index 100% rename from stable/minio/minio/templates/_helper_create_bucket.txt rename to stable/minio/templates/_helper_create_bucket.txt diff --git a/stable/minio/minio/templates/_helpers.tpl b/stable/minio/templates/_helpers.tpl similarity index 100% rename from stable/minio/minio/templates/_helpers.tpl rename to stable/minio/templates/_helpers.tpl diff --git a/stable/minio/minio/templates/configmap.yaml b/stable/minio/templates/configmap.yaml similarity index 100% rename from stable/minio/minio/templates/configmap.yaml rename to stable/minio/templates/configmap.yaml diff --git a/stable/minio/minio/templates/deployment.yaml b/stable/minio/templates/deployment.yaml similarity index 100% rename from stable/minio/minio/templates/deployment.yaml rename to stable/minio/templates/deployment.yaml diff --git a/stable/minio/minio/templates/ingress.yaml b/stable/minio/templates/ingress.yaml similarity index 100% rename from stable/minio/minio/templates/ingress.yaml rename to stable/minio/templates/ingress.yaml diff --git a/stable/minio/minio/templates/networkpolicy.yaml b/stable/minio/templates/networkpolicy.yaml similarity index 100% rename from stable/minio/minio/templates/networkpolicy.yaml rename to stable/minio/templates/networkpolicy.yaml diff --git a/stable/minio/minio/templates/poddisruptionbudget.yaml b/stable/minio/templates/poddisruptionbudget.yaml similarity index 100% rename from stable/minio/minio/templates/poddisruptionbudget.yaml rename to stable/minio/templates/poddisruptionbudget.yaml diff --git a/stable/minio/minio/templates/post-install-create-bucket-job.yaml b/stable/minio/templates/post-install-create-bucket-job.yaml similarity index 100% rename from stable/minio/minio/templates/post-install-create-bucket-job.yaml rename to stable/minio/templates/post-install-create-bucket-job.yaml diff --git a/stable/minio/minio/templates/post-install-prometheus-metrics-job.yaml b/stable/minio/templates/post-install-prometheus-metrics-job.yaml similarity index 100% rename from stable/minio/minio/templates/post-install-prometheus-metrics-job.yaml rename to stable/minio/templates/post-install-prometheus-metrics-job.yaml diff --git a/stable/minio/minio/templates/post-install-prometheus-metrics-role.yaml b/stable/minio/templates/post-install-prometheus-metrics-role.yaml similarity index 100% rename from stable/minio/minio/templates/post-install-prometheus-metrics-role.yaml rename to stable/minio/templates/post-install-prometheus-metrics-role.yaml diff --git a/stable/minio/minio/templates/post-install-prometheus-metrics-rolebinding.yaml b/stable/minio/templates/post-install-prometheus-metrics-rolebinding.yaml similarity index 100% rename from stable/minio/minio/templates/post-install-prometheus-metrics-rolebinding.yaml rename to stable/minio/templates/post-install-prometheus-metrics-rolebinding.yaml diff --git a/stable/minio/minio/templates/post-install-prometheus-metrics-serviceaccount.yaml b/stable/minio/templates/post-install-prometheus-metrics-serviceaccount.yaml similarity index 100% rename from stable/minio/minio/templates/post-install-prometheus-metrics-serviceaccount.yaml rename to stable/minio/templates/post-install-prometheus-metrics-serviceaccount.yaml diff --git a/stable/minio/minio/templates/pvc.yaml b/stable/minio/templates/pvc.yaml similarity index 100% rename from stable/minio/minio/templates/pvc.yaml rename to stable/minio/templates/pvc.yaml diff --git a/stable/minio/minio/templates/secrets.yaml b/stable/minio/templates/secrets.yaml similarity index 100% rename from stable/minio/minio/templates/secrets.yaml rename to stable/minio/templates/secrets.yaml diff --git a/stable/minio/minio/templates/service.yaml b/stable/minio/templates/service.yaml similarity index 100% rename from stable/minio/minio/templates/service.yaml rename to stable/minio/templates/service.yaml diff --git a/stable/minio/minio/templates/serviceaccount.yaml b/stable/minio/templates/serviceaccount.yaml similarity index 100% rename from stable/minio/minio/templates/serviceaccount.yaml rename to stable/minio/templates/serviceaccount.yaml diff --git a/stable/minio/minio/templates/servicemonitor.yaml b/stable/minio/templates/servicemonitor.yaml similarity index 100% rename from stable/minio/minio/templates/servicemonitor.yaml rename to stable/minio/templates/servicemonitor.yaml diff --git a/stable/minio/minio/templates/statefulset.yaml b/stable/minio/templates/statefulset.yaml similarity index 100% rename from stable/minio/minio/templates/statefulset.yaml rename to stable/minio/templates/statefulset.yaml diff --git a/stable/minio/minio/values-ironbank.yaml b/stable/minio/values-ironbank.yaml similarity index 100% rename from stable/minio/minio/values-ironbank.yaml rename to stable/minio/values-ironbank.yaml diff --git a/stable/minio/minio/values.yaml b/stable/minio/values.yaml similarity index 100% rename from stable/minio/minio/values.yaml rename to stable/minio/values.yaml -- GitLab From 53ae62de85900d9c013e6f4b5a4918c830741522 Mon Sep 17 00:00:00 2001 From: Michael Simmons Date: Mon, 20 Jul 2020 19:53:45 +0000 Subject: [PATCH 8/8] Delete .DS_Store --- stable/minio/.DS_Store | Bin 6148 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 stable/minio/.DS_Store diff --git a/stable/minio/.DS_Store b/stable/minio/.DS_Store deleted file mode 100644 index 79e7224b42ae2fe10a2dfe4fa766f3d279ffcf7b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK!Ab)$5KY>uX+`Wou*X~k4?R>@?Lma4)*MP&viZ+0@1-MoZkhcU(*{cw%3GGk1DBIb(Fd?MJ7Iwd*l$pdmdhHAy? zB8XKm6-$oa$pEh147+9#OF$>r54XfN=<2H${rMA-!JyZ%EBzdF;;5I_YA-yOFU-u& z2~iTIh0>{ar3PN=r~O{T?;hjRzMozN);>@wez*PLFlrCZ%1gT{N&P5kcXe_Uwjt!? zC`v*#XsCV?_VhTO=@6nQif84@aOgOjRq1T3kE(K5uh*(_!`T{*ieh*J5VS zq%&@d4{qPgZH2=1+hKgE!x?uCQcDaF10NZ{+7G0R_y6A4^}i0Hh8Q3Q{wD*x(Da%O zn47&@r)G(Ftpq&>MZvht;Cl)f`YMK4yoxKJTEH*S0CX*82EhYDKLVNtYKVa!W#A3v Cxm>gW -- GitLab