diff --git a/CHANGELOG.md b/CHANGELOG.md index 805368e22d3b8e067315d12400cc83d54fd17a29..1252c6e1d81092c0a49e9441f365e96d333ea3d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [0.1.7-bb.0] - 2021-05-17 +### Changed +- Updated to latest Minio package as dependency + ## [0.1.6-bb.0] - 2021-05-11 ### Changed - Migrated Cypress tests to Helm tests diff --git a/chart/Chart.lock b/chart/Chart.lock index 042b2326021e186e4404306634d56e28d14c5de4..4365439f9029a45da5e008c141c0588a90e4ea3f 100644 --- a/chart/Chart.lock +++ b/chart/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 10.3.5 - name: minio-instance repository: file://./deps/minio - version: 2.0.9-bb.9 + version: 4.0.4-bb.4 - name: bb-test-lib repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates version: 0.5.2 -digest: sha256:0a15fa5bcd2dafdc621740c7cd177210b2c875337f32fe78755af8806bba735a -generated: "2021-05-13T10:38:37.154607-06:00" +digest: sha256:3ca344e6b6e62dc508c2599518d638e424477cf8de51a53cf795c8481d6c2b32 +generated: "2021-05-17T13:29:55.74089-06:00" diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 54b8cbec72703189434be6484519f2a193875583..4de4aabada25580a6a19d0aa32e3101faa8af15f 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mattermost type: application -version: "0.1.6-bb.0" +version: "0.1.7-bb.0" appVersion: "5.34.2" description: "Deployment of mattermost" keywords: @@ -17,7 +17,7 @@ dependencies: condition: postgresql.install repository: file://./deps/postgresql - name: minio-instance - version: 2.0.9-bb.9 + version: 4.0.4-bb.4 alias: minio condition: minio.install repository: file://./deps/minio diff --git a/chart/charts/minio-instance-2.0.9-bb.9.tgz b/chart/charts/minio-instance-2.0.9-bb.9.tgz deleted file mode 100644 index bbfa7b0d3abe6d2381694e9538bf214d1dbb934b..0000000000000000000000000000000000000000 Binary files a/chart/charts/minio-instance-2.0.9-bb.9.tgz and /dev/null differ diff --git a/chart/charts/minio-instance-4.0.4-bb.4.tgz b/chart/charts/minio-instance-4.0.4-bb.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..46ad6c493b04ee1a445ecedc63f15adda7d4b0b9 Binary files /dev/null and b/chart/charts/minio-instance-4.0.4-bb.4.tgz differ diff --git a/chart/charts/postgresql-10.3.5.tgz b/chart/charts/postgresql-10.3.5.tgz index a90af7a853398f710107dc689d2ee464c97d70d8..ad2bbeb3f9f0de74fd552da246173d001d058e16 100644 Binary files a/chart/charts/postgresql-10.3.5.tgz and b/chart/charts/postgresql-10.3.5.tgz differ diff --git a/chart/deps/minio/Chart.lock b/chart/deps/minio/Chart.lock new file mode 100644 index 0000000000000000000000000000000000000000..df1fa9acc94dbd8ebaef34d38bbc4ec099279c1a --- /dev/null +++ b/chart/deps/minio/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: bb-test-lib + repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates + version: 0.5.0 +digest: sha256:ec47e1f5de8d2060a2e7b93a756bb34c21b62069f04237c915adf8619ac03698 +generated: "2021-05-12T14:29:40.198378-06:00" diff --git a/chart/deps/minio/Chart.yaml b/chart/deps/minio/Chart.yaml index 42df286241f9d1427f12b2e72cd2eb17e9c1dd95..677b4ce4f4a47864157cc2dc0198e7846927c2ae 100644 --- a/chart/deps/minio/Chart.yaml +++ b/chart/deps/minio/Chart.yaml @@ -9,7 +9,7 @@ description: |- type: application -version: 2.0.9-bb.9 +version: 4.0.4-bb.4 appVersion: RELEASE.2020-11-19T23-48-16Z @@ -24,3 +24,6 @@ maintainers: email: dependencies: + - name: bb-test-lib + version: "0.5.0" + repository: "oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates" diff --git a/chart/deps/minio/Kptfile b/chart/deps/minio/Kptfile index 521d9164c2fcb4d2583212057c7b4f002b1a66f7..5111a051474bf3e64932f4ddf5745cd6b6f76725 100644 --- a/chart/deps/minio/Kptfile +++ b/chart/deps/minio/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: a8ef3702468317396a58ed94bb1823f9d4ae59cf + commit: 3da8ff8e918a5f0fbff1e9a14e2f00a4cba3f925 repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio directory: /chart - ref: 2.0.9-bb.9 + ref: 4.0.4-bb.4 diff --git a/chart/deps/minio/charts/bb-test-lib-0.5.0.tgz b/chart/deps/minio/charts/bb-test-lib-0.5.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ca0adf9edaa4f6f8a56ee22c14af94e432b150b8 Binary files /dev/null and b/chart/deps/minio/charts/bb-test-lib-0.5.0.tgz differ diff --git a/chart/deps/minio/templates/_helpers.tpl b/chart/deps/minio/templates/_helpers.tpl index 8e7b94ff7ea3dd4960fa32bb0e52095aed6b178e..d0d93096c6cd0b831256169532b3c4d8a1a5e20f 100644 --- a/chart/deps/minio/templates/_helpers.tpl +++ b/chart/deps/minio/templates/_helpers.tpl @@ -2,7 +2,7 @@ Expand the name of the chart. */}} {{- define "minio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- default .Chart.Name | trunc 63 | trimSuffix "-" }} {{- end }} {{/* @@ -11,17 +11,13 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "minio.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} +{{- $name := default .Chart.Name }} {{- if contains $name .Release.Name }} {{- .Release.Name | trunc 63 | trimSuffix "-" }} {{- else }} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} {{- end }} {{- end }} -{{- end }} {{/* Create chart name and version as used by the chart label. @@ -62,9 +58,22 @@ Create the name of the service account to use {{- end }} {{/* -Create the name of the service used to access the UI +Create the name of the service used to access the Minio object UI. +Note: the Minio operator has a fixed name of "minio" for the service it creates. */}} {{- define "minio.serviceName" -}} -{{- default (include "minio.fullname" .) .Values.service.nameOverride }} +minio +{{- end }} + +{{/* +Create the port used to communicate with the Minio service. +Note: the Minio operator has a fixed name of "minio" for the service it creates. +*/}} +{{- define "minio.servicePort" -}} +{{- if or .Values.tenants.certificate.requestAutoCert .Values.tenants.certificate.externalCertSecret }} +443 +{{- else }} +80 +{{- end }} {{- end }} diff --git a/chart/deps/minio/templates/console-secret.yaml b/chart/deps/minio/templates/console-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f2523a43db92e87f134f85ec312a398ff65dd5e7 --- /dev/null +++ b/chart/deps/minio/templates/console-secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.tenants.console.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.tenants.console.secrets.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "minio.labels" . | nindent 4 }} +type: Opaque +stringData: + CONSOLE_PBKDF_PASSPHRASE: {{ .Values.tenants.console.secrets.passphrase }} + CONSOLE_PBKDF_SALT: {{ .Values.tenants.console.secrets.salt }} + CONSOLE_ACCESS_KEY: {{ .Values.tenants.console.secrets.accessKey }} + CONSOLE_SECRET_KEY: {{ .Values.tenants.console.secrets.secretKey }} +--- +{{- end }} \ No newline at end of file diff --git a/chart/deps/minio/templates/default-secret.yaml b/chart/deps/minio/templates/default-secret.yaml deleted file mode 100644 index c79e87de13e6aad205d6dd03a06e327dd3e2d964..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/default-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: default-minio-creds-secret - namespace: {{ .Release.Namespace }} -type: Opaque -data: - accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) - secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64) ---- diff --git a/chart/deps/minio/templates/minio-vs.yaml b/chart/deps/minio/templates/minio-vs.yaml index 0fbee17d32a9dd3228e11ec22de4721828eb6643..08496b4aa5eb09d40b5593e2b0fc360eef47994d 100644 --- a/chart/deps/minio/templates/minio-vs.yaml +++ b/chart/deps/minio/templates/minio-vs.yaml @@ -31,7 +31,7 @@ spec: - destination: host: {{ include "minio.serviceName" . }} port: - number: {{ .Values.service.port }} + number: {{ include "minio.servicePort" . | trim }} fault: abort: percentage: @@ -42,7 +42,6 @@ spec: prefix: / route: - destination: + # Note: the minio operator creates the service for the tenant with a fixed name host: {{ include "minio.serviceName" . }} - port: - number: {{ .Values.service.port }} -{{- end }} + {{ end }} diff --git a/chart/deps/minio/templates/minioinstance.yaml b/chart/deps/minio/templates/minioinstance.yaml deleted file mode 100644 index b79519ad4b978902da4401a993201134a99d5802..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/minioinstance.yaml +++ /dev/null @@ -1,119 +0,0 @@ -apiVersion: operator.min.io/v1 -kind: MinIOInstance -metadata: - name: {{ include "minio.fullname" . }} -## If specified, MinIOInstance pods will be dispatched by specified scheduler. -## If not specified, the pod will be dispatched by default scheduler. -# scheduler: -# name: my-custom-scheduler -spec: - ## Add metadata to the all pods created by the StatefulSet - metadata: - ## Optionally pass labels to be applied to the statefulset pods - labels: - {{- include "minio.labels" . | nindent 6 }} - {{- with .Values.podAnnotations }} - annotations: - prometheus.io/path: /minio/prometheus/metrics - prometheus.io/port: "9000" - prometheus.io/scrape: "true" - {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - - ## Registry location and Tag to download MinIO Server image - image: {{ .Values.image.name }}:{{ .Values.image.tag }} - serviceAccountName: {{ include "minio.serviceAccountName" . }} - ## A ClusterIP Service will be created with the given name - serviceName: minio-internal-service - zones: - - name: "zone-0" - ## Number of MinIO servers/pods in this zone. - ## For standalone mode, supply 1. For distributed mode, supply 4 or more. - ## Note that the operator does not support upgrading from standalone to distributed mode. - servers: {{ .Values.zones.servers }} - ## Supply number of volumes to be mounted per MinIO server instance. - ## 2 is minimum volumes with 3 servers - volumesPerServer: {{ .Values.volumesPerServer }} - ## Mount path where PV will be mounted inside container(s). Defaults to "/export". - mountPath: /export - ## Sub path inside Mount path where MinIO starts. Defaults to "". - # subPath: /data - ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO cluster. - ## Please do not change the volumeClaimTemplate field while expanding the cluster, this may - ## lead to unbound PVCs and missing data - volumeClaimTemplate: - metadata: - name: data - spec: - accessModes: - - {{ .Values.volumeClaimTemplate.accessModes}} - resources: - requests: - storage: {{ .Values.volumeClaimTemplate.storage}} - ## Secret with credentials to be used by MinIO instance. - credsSecret: - name: {{ .Values.minioRootCreds }} - ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel" - ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy - ## for details. Defaults to "Parallel" - podManagementPolicy: Parallel - ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained - ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret - # externalCertSecret: - # name: tls-ssl-minio - ## Enable Kubernetes based certificate generation and signing as explained in - ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster - requestAutoCert: false - ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate. - ## Internal DNS name for the pod will be used if CommonName is not provided. - ## DNS name format is minio-{0...3}.minio.default.svc.cluster.local - certConfig: - commonName: "" - organizationName: [] - dnsNames: [] - ## Used to specify a toleration for a pod - # tolerations: - # - effect: NoSchedule - # key: dedicated - # operator: Equal - # value: storage - ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) - env: - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: "public" - # - name: MINIO_BROWSER - # value: "off" # to turn-off browser - # - name: MINIO_STORAGE_CLASS_STANDARD - # value: "EC:2" - ## Configure resource requests and limits for MinIO containers - # resources: - # requests: - # memory: 20Gi - ## Liveness probe detects situations where MinIO server instance - ## is not working properly and needs restart. Kubernetes automatically - ## restarts the pods if liveness checks fail. - liveness: - initialDelaySeconds: 10 - periodSeconds: 1 - timeoutSeconds: 1 - ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be - ## eligible to run on a node, the node must have each of the - ## indicated key-value pairs as labels. - ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - # nodeSelector: - # disktype: ssd - ## Affinity settings for MinIO pods. Read more about affinity - ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. - # affinity: - securityContext: - runAsUser: 1001 - runAsGroup: 1001 - fsGroup: 1001 diff --git a/chart/deps/minio/templates/role.yaml b/chart/deps/minio/templates/role.yaml deleted file mode 100644 index a45547bf96c1bb8750dd6447fe89e5ce67a0d442..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.monitoring.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleList -items: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: prometheus-k8s - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: "monitoring" - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch -{{- end }} diff --git a/chart/deps/minio/templates/rolebinding.yaml b/chart/deps/minio/templates/rolebinding.yaml deleted file mode 100644 index ef303a8af8f05a9cead39cd821fc9e0eb2345e50..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.monitoring.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBindingList -items: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: prometheus-k8s - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: "monitoring" - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.monitoring.namespace }} -{{- end }} diff --git a/chart/deps/minio/templates/service-account.yaml b/chart/deps/minio/templates/service-account.yaml index 7d2de011d52fb972e246a76957d203015ab6873b..1ff1374e539829a7214d3c8f7c6d340a8ce0312a 100644 --- a/chart/deps/minio/templates/service-account.yaml +++ b/chart/deps/minio/templates/service-account.yaml @@ -1,4 +1,3 @@ -{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: @@ -12,4 +11,3 @@ metadata: {{- end }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} diff --git a/chart/deps/minio/templates/service.yaml b/chart/deps/minio/templates/service.yaml deleted file mode 100644 index c64299dadda0e70d55b29c980fa6b91f978c54bb..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "minio.serviceName" . }} - labels: - {{- include "minio.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 9000 - protocol: TCP - name: http - selector: - {{- include "minio.selectorLabels" . | nindent 4 }} diff --git a/chart/deps/minio/templates/tenant-secret.yaml b/chart/deps/minio/templates/tenant-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c1ded296474fdd50d31fbe4ec633465ce79ce10e --- /dev/null +++ b/chart/deps/minio/templates/tenant-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.tenants.secrets.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "minio.labels" . | nindent 4 }} +type: Opaque +stringData: + accesskey: {{ .Values.tenants.secrets.accessKey }} + secretkey: {{ .Values.tenants.secrets.secretKey }} +--- diff --git a/chart/deps/minio/templates/tenant.yaml b/chart/deps/minio/templates/tenant.yaml new file mode 100644 index 0000000000000000000000000000000000000000..aa06c5f55301df481fa9dae5feb9293ca11a84d7 --- /dev/null +++ b/chart/deps/minio/templates/tenant.yaml @@ -0,0 +1,222 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: {{ include "minio.fullname" . }} + namespace: {{ .Release.Namespace }} + + ## Optionally pass labels to be applied to the statefulset pods + labels: + app: {{ template "minio.fullname" . }} + {{- include "minio.labels" . | nindent 4 }} + {{- if .Values.istio.virtualService.labels }} + {{ toYaml .Values.istio.virtualservice.labels | indent 4 }} + {{- end }} + {{- if .Values.istio.virtualService.annotations }} + ## Annotations for MinIO Tenant Pods + annotations: + prometheus.io/path: /minio/prometheus/metrics + prometheus.io/port: "9000" + prometheus.io/scrape: "true" + {{ toYaml .Values.istio.virtualService.annotations | indent 4 }} + {{- end }} + +## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. +## If not specified, the Tenant pods will be dispatched by default scheduler. + ## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. + ## If not specified, the Tenant pods will be dispatched by default scheduler. + ##scheduler: + ## name: + +spec: + ## Registry location and Tag to download MinIO Server image + image: {{ .Values.tenants.image.repository }}:{{ .Values.tenants.image.tag }} + imagePullPolicy: {{ .Values.tenants.image.pullPolicy }} + imagePullSecret: + {{ toYaml .Values.tenants.imagePullSecret | indent 4 }} + + ## Secret with credentials to be used by MinIO Tenant. + ## Refers to the secret object created above. + credsSecret: + name: {{ .Values.tenants.secrets.name }} + + ## Specification for MinIO Pool(s) in this Tenant. + {{- range .Values.tenants.pools }} + pools: + ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + - servers: {{ .servers }} + + ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. + volumesPerServer: {{ .volumesPerServer }} + + ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this + ## Pool. + volumeClaimTemplate: + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .size }} + + ## Used to specify a toleration for a pod + # tolerations: + # - effect: NoSchedule + # key: dedicated + # operator: Equal + # value: storage + {{- with .tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} + + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + # nodeSelector: + # disktype: ssd + {{- with .nodeSelector }} + nodeSelector: + {{ toYaml . | nindent 8 }} + {{- end }} + + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/hostname + # operator: In + # values: + # - hostname1 + # - hostname2 + {{- with .affinity }} + affinity: + {{ toYaml . | nindent 8 }} + {{- end }} + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app + # operator: In + # values: + # - store + # topologyKey: "kubernetes.io/hostname" + + ## Configure resource requests and limits for MinIO containers + # resources: + # requests: + # cpu: 250m + # memory: 16Gi + # limits: + # cpu: 500m + # memory: 16Gi + {{- with .resources }} + resources: + {{ toYaml . | nindent 8 }} + {{- end }} + + ## Configure security context + #securityContext: + # runAsUser: 1000 + # runAsGroup: 1000 + # runAsNonRoot: true + {{- with .securityContext }} + securityContext: + {{ toYaml . | nindent 8 }} + {{- end }} + {{ end }} + + ## Mount path where PV will be mounted inside container(s). + mountPath: {{ .Values.tenants.mountPath }} + + ## Sub path inside Mount path where MinIO stores data. + subPath: {{ .Values.tenants.subPath }} + + ## Use this field to provide a list of Secrets with external certificates. This can be used to to configure + ## TLS for MinIO Tenant pods. Create secrets as explained here: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + # externalCertSecret: + # - name: tls-ssl-minio + # type: kubernetes.io/tls + #{{- with .Values.tenants.certificate.externalCertSecret }} + #externalCertSecret: + # {{ toYaml . | nindent 6 }} + #{{ end }} + + ## Enable automatic Kubernetes based certificate generation and signing as explained in + ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster + requestAutoCert: {{ .Values.tenants.certificate.requestAutoCert }} + + ## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be + ## accessible as DNS entries of form `.minio.default.svc.cluster.local` + s3: + ## This feature is turned off by default + bucketDNS: {{ .Values.tenants.s3.bucketDNS }} + + ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName + ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is + ## not provided. DNS name format is *.minio.default.svc.cluster.local + {{- with .Values.tenants.certificate.certConfig }} + certConfig: + {{ toYaml . | nindent 4 }} + {{- end }} + + ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel" + ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## for details. + podManagementPolicy: {{ .Values.tenants.podManagementPolicy }} + + ## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific + ## services created by the operator. + {{- with .Values.tenants.serviceMetadata }} + serviceMetadata: + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .env }} + {{ toYaml . | nindent 4 }} + {{- end }} + + ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + # env: + # - name: MINIO_BROWSER + # value: "off" # to turn-off browser + # - name: MINIO_STORAGE_CLASS_STANDARD + # value: "EC:2" + # ## For secure env vars like passwords, create an opaque Kubernetes secret and specify the secret in + # ## the `valueFrom` field. The `valueFrom` object must contain the following fields: + # ## `name` - the secret from which MinIO extracts the password, `key` - the data field + # ## within secret, whose value will be set to the env variable's value + # - name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD + # valueFrom: + # secretKeyRef: + # name: ldap-minio-secret + # key: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD + + ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods. + ## This is applied to MinIO pods only. + ## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/ + {{- if .Values.tenants.priorityClassName }} + priorityClassName: {{ .Values.tenants.priorityClassName }} + {{- end }} + + ## Define configuration for Console (Graphical user interface for MinIO) + ## Refer https://github.com/minio/console + {{- if .Values.tenants.console.enabled }} + console: + image: {{ .Values.tenants.console.image.repository }}:{{ .Values.tenants.console.image.tag }} + replicas: {{ .Values.tenants.console.replicaCount }} + consoleSecret: + name: {{ .Values.tenants.console.secrets.name }} + {{- with .Values.tenants.securityContext }} + securityContext: + {{ toYaml . | nindent 6 }} + {{ end }} + {{- end }} diff --git a/chart/deps/minio/values.yaml b/chart/deps/minio/values.yaml index e51cc84d1471039f7671066bc632ab1410fe6cfe..97f048bd12204df2e7745dae3b2050222dcb97d4 100644 --- a/chart/deps/minio/values.yaml +++ b/chart/deps/minio/values.yaml @@ -3,33 +3,31 @@ ## This is a YAML-formatted file. ## Declare variables to be passed into your templates. ## Configure number of MinIO Operator Deployment Replicas -replicas: - count: 1 +#replicas: +# count: 1 hostname: bigbang.dev -nameOverride: "" -fullnameOverride: "" +#nameOverride: "" +#fullnameOverride: "" # Configure repo and tag of MinIO Operator Image -image: - name: registry1.dso.mil/ironbank/opensource/minio/minio - tag: RELEASE.2020-11-19T23-48-16Z - imagePullPolicy: IfNotPresent +#image: +# name: registry1.dso.mil/ironbank/opensource/minio/minio +# tag: RELEASE.2020-11-19T23-48-16Z +# imagePullPolicy: IfNotPresent -zones: +#zones: # refer to documentation for number of servers versus volumes per server # https://docs.min.io/docs/minio-server-limits-per-tenant.html - servers: 3 # scale to 3 for dev +# servers: 3 # scale to 3 for dev +#volumesPerServer: 2 # 2 is minimum volumes with 3 servers -volumesPerServer: 2 # 2 is minimum volumes with 3 servers +#volumeClaimTemplate: +# accessModes: ReadWriteOnce +# storage: 1Gi # scale down for dev -volumeClaimTemplate: - accessModes: ReadWriteOnce - storage: 1Gi # scale down for dev - -minioRootCreds: default-minio-creds-secret - -imagePullSecrets: [ ] +imagePullSecrets: + - name: private-registry serviceAccount: # Specifies whether a service account should be created @@ -67,4 +65,142 @@ monitoring: enabled: false namespace: monitoring -mcImage: registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2021-03-23T05-46-11Z \ No newline at end of file + +## MinIO Tenant Definition +tenants: + # Tenant name + name: minio + ## Registry location and Tag to download MinIO Server image +# Configure repo and tag of MinIO Operator Image + image: + repository: registry1.dso.mil/ironbank/opensource/minio/minio + tag: RELEASE.2020-11-19T23-48-16Z + pullPolicy: "IfNotPresent" + imagePullSecret: + name: private-registry + ## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. + ## If not specified, the Tenant pods will be dispatched by default scheduler. + ##scheduler: + ## name: + scheduler: {} + + ## Used to specify a toleration for a pod + tolerations: {} + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + nodeSelector: {} + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + affinity: {} + ## Configure resource requests and limits for MinIO containers + resources: {} + ## Configure security context + ## BB Note: Defaults for Ironbank image are 1001 for user, group, and fsGroup + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + secrets: + name: minio-creds-secret + accessKey: ThisIsAVeryLongPasswordForExample + secretKey: ThisIsAVeryLongPasswordForExample + metrics: + enabled: false + port: 9000 + ## Specification for MinIO Pool(s) in this Tenant. + pools: + ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + - servers: 4 + ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. + volumesPerServer: 4 + ## size specifies the capacity per volume + size: 1Gi + ## storageClass specifies the storage class name to be used for this pool + storageClassName: standard + ## Used to specify a toleration for a pod + tolerations: {} + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + nodeSelector: {} + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + affinity: {} + ## Configure resource requests and limits for MinIO containers + resources: {} + ## Configure security context + ## BB Note: Defaults for Ironbank image are 1001 for user, group, and fsGroup + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + ## Mount path where PV will be mounted inside container(s). + mountPath: /export + ## Sub path inside Mount path where MinIO stores data. + subPath: /data + certificate: + ## Use this field to provide a list of Secrets with external certificates. This can be used to to configure + ## TLS for MinIO Tenant pods. Create secrets as explained here: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + externalCertSecret: {} + ## Enable automatic Kubernetes based certificate generation and signing as explained in + ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster + ## false = disabled TLS endpoints at the tenants + requestAutoCert: false + ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName + ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is + ## not provided. DNS name format is *.minio.default.svc.cluster.local + ##certConfig: + ## commonName: "" + ## organizationName: [] + ## dnsNames: [] + certConfig: {} + ## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be + ## accessible as DNS entries of form `.minio.default.svc.cluster.local` + s3: + ## This feature is turned off by default + bucketDNS: false + ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel" + ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## for details. + podManagementPolicy: Parallel + ## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific + ## services created by the operator. + ##serviceMetadata: {} + serviceMetadata: + minioServiceLabels: + label: minio-svc + minioServiceAnnotations: + v2.min.io: minio-svc + # consoleServiceLabels: + # label: console-svc + # consoleServiceAnnotations: + # v2.min.io: console-svc + + ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + env: {} + ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods. + ## This is applied to MinIO pods only. + ## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/ + # e.g., priorityClassName: high-priority + priorityClassName : "" + ## Define configuration for Console (Graphical user interface for MinIO) + ## Refer https://github.com/minio/console + console: + enabled: false + image: + repository: minio/console + tag: v0.6.3 + pullPolicy: IfNotPresent + replicaCount: 1 + secrets: + name: minio-console-secret + passphrase: ThisIsAVeryLongConsolePasswordForExample + salt: ThisIsAVeryLongConsolePasswordForExample + accessKey: ThisIsAVeryLongConsolePasswordForExample + secretKey: ThisIsAVeryLongConsolePasswordForExample diff --git a/chart/templates/mattermost.yaml b/chart/templates/mattermost.yaml index 190ebebb02981f46b75b085f8d05df9ca265b3a8..524b26d0e847d5845e46921d04c9c1e5a413bc10 100644 --- a/chart/templates/mattermost.yaml +++ b/chart/templates/mattermost.yaml @@ -155,6 +155,6 @@ spec: fileStore: external: - url: {{ .Values.fileStore.url | default (printf "%s:9000" .Values.minio.service.nameOverride) }} + url: {{ .Values.fileStore.url | default "minio:80" }} bucket: {{ .Values.fileStore.bucket | default "mattermost" }} - secret: {{ .Values.fileStore.secret | default "mattermost-objstore-creds" }} + secret: {{ .Values.fileStore.secret | default .Values.minio.tenants.secrets.name }} diff --git a/chart/templates/objectstorage-credentials.yaml b/chart/templates/objectstorage-credentials.yaml deleted file mode 100644 index 00acf7ebc7d4b918db72129ef62f19689adeb22c..0000000000000000000000000000000000000000 --- a/chart/templates/objectstorage-credentials.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.fileStore.secret) .Values.minio.install }} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: mattermost-objstore-creds - namespace: {{ .Release.Namespace }} - labels: - {{ include "mattermost.labels" . | nindent 4 }} - app.kubernetes.io/component: "objectstorage" -data: - accesskey: {{ .Values.minio.accessKey | b64enc }} - secretkey: {{ .Values.minio.secretKey | b64enc }} -{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index 67ed032aca4e71c44692922394470bad472cbeb9..81d548175b2e8b3b30089fa3b91a76268cf5dc91 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -98,19 +98,11 @@ existingSecretEnvs: {} minio: install: false - # Override the minio service name for easier connection setup - service: - nameOverride: "minio-mattermost-service" - - # Specify the secret to the Mattermost created secret - minioRootCreds: mattermost-objstore-creds - - # Credentials to populate the secret with - accessKey: minio - secretKey: minio#123 # default key, change this! - - imagePullSecrets: - - name: private-registry + tenants: + secrets: + name: "mattermost-objstore-creds" + accessKey: "minio" + secretKey: "minio#123" # default key, change this! postgresql: install: false diff --git a/tests/dependencies.yaml b/tests/dependencies.yaml index 3b18fbc707fe4712a18b56f139f543c0b01d7bb1..0199dcdca193f9dcd384d15024b2213f0b2e69ab 100644 --- a/tests/dependencies.yaml +++ b/tests/dependencies.yaml @@ -1,9 +1,9 @@ mattermostoperator: git: "https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator.git" namespace: "mattermost-operator" - branch: "1.12.0-bb.0" + branch: "1.13.0-bb.2" miniooperator: git: "https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git" namespace: "minio-operator" - branch: "2.0.9-bb.1" + branch: "4.0.4-bb.1"