Merge branch 'minio-4' into 'main'

Update to Minio 4.0

See merge request !28

CHANGELOG.md

@@ -4,6 +4,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ---
 
+## [0.1.7-bb.0] - 2021-05-17
+### Changed
+- Updated to latest Minio package as dependency
+
 ## [0.1.6-bb.0] - 2021-05-11
 ### Changed
 - Migrated Cypress tests to Helm tests

chart/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 10.3.5
 - name: minio-instance
   repository: file://./deps/minio
-  version: 2.0.9-bb.9
+  version: 4.0.4-bb.4
 - name: bb-test-lib
   repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates
   version: 0.5.2
-digest: sha256:0a15fa5bcd2dafdc621740c7cd177210b2c875337f32fe78755af8806bba735a
-generated: "2021-05-13T10:38:37.154607-06:00"
+digest: sha256:3ca344e6b6e62dc508c2599518d638e424477cf8de51a53cf795c8481d6c2b32
+generated: "2021-05-17T13:29:55.74089-06:00"

chart/Chart.yaml

@@ -2,7 +2,7 @@
 apiVersion: v2
 name: mattermost
 type: application
-version: "0.1.6-bb.0"
+version: "0.1.7-bb.0"
 appVersion: "5.34.2"
 description: "Deployment of mattermost"
 keywords: 
@@ -17,7 +17,7 @@ dependencies:
     condition: postgresql.install
     repository: file://./deps/postgresql
   - name: minio-instance
-    version: 2.0.9-bb.9
+    version: 4.0.4-bb.4
     alias: minio
     condition: minio.install
     repository: file://./deps/minio

chart/deps/minio/Chart.lock

+dependencies:
+- name: bb-test-lib
+  repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates
+  version: 0.5.0
+digest: sha256:ec47e1f5de8d2060a2e7b93a756bb34c21b62069f04237c915adf8619ac03698
+generated: "2021-05-12T14:29:40.198378-06:00"

chart/deps/minio/Chart.yaml

@@ -9,7 +9,7 @@ description: |-
 
 type: application
 
-version: 2.0.9-bb.9
+version: 4.0.4-bb.4
 
 appVersion: RELEASE.2020-11-19T23-48-16Z
 
@@ -24,3 +24,6 @@ maintainers:
     email:
 
 dependencies:
+  - name: bb-test-lib
+    version: "0.5.0"
+    repository: "oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates"

chart/deps/minio/Kptfile

@@ -5,7 +5,7 @@ metadata:
 upstream:
   type: git
   git:
-    commit: a8ef3702468317396a58ed94bb1823f9d4ae59cf
+    commit: 3da8ff8e918a5f0fbff1e9a14e2f00a4cba3f925
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio
     directory: /chart
-    ref: 2.0.9-bb.9
+    ref: 4.0.4-bb.4

chart/deps/minio/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 Expand the name of the chart.
 */}}
 {{- define "minio.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- default .Chart.Name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
@@ -11,17 +11,13 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "minio.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- $name := default .Chart.Name }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
-{{- end }}
 
 {{/*
 Create chart name and version as used by the chart label.
@@ -62,9 +58,22 @@ Create the name of the service account to use
 {{- end }}
 
 {{/*
-Create the name of the service used to access the UI
+Create the name of the service used to access the Minio object UI.
+Note: the Minio operator has a fixed name of "minio" for the service it creates.
 */}}
 {{- define "minio.serviceName" -}}
-{{- default (include "minio.fullname" .) .Values.service.nameOverride }}
+minio
+{{- end }}
+
+{{/*
+Create the port used to communicate with the Minio service.
+Note: the Minio operator has a fixed name of "minio" for the service it creates.
+*/}}
+{{- define "minio.servicePort" -}}
+{{- if or .Values.tenants.certificate.requestAutoCert .Values.tenants.certificate.externalCertSecret }}
+443
+{{- else }}
+80
+{{- end }}
 {{- end }}
 

chart/deps/minio/templates/console-secret.yaml

+{{- if .Values.tenants.console.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.tenants.console.secrets.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "minio.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  CONSOLE_PBKDF_PASSPHRASE: {{ .Values.tenants.console.secrets.passphrase }}
+  CONSOLE_PBKDF_SALT: {{ .Values.tenants.console.secrets.salt }}
+  CONSOLE_ACCESS_KEY: {{ .Values.tenants.console.secrets.accessKey }}
+  CONSOLE_SECRET_KEY: {{ .Values.tenants.console.secrets.secretKey }}
+---
+{{- end }}
\ No newline at end of file

chart/deps/minio/templates/default-secret.yaml

-apiVersion: v1
-kind: Secret
-metadata:
-  name: default-minio-creds-secret
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64)
-  secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64)
----

chart/deps/minio/templates/minio-vs.yaml

@@ -31,7 +31,7 @@ spec:
         - destination:
             host: {{ include "minio.serviceName" . }}
             port:
-              number: {{ .Values.service.port }}
+              number: {{ include "minio.servicePort" . | trim }}
       fault:
         abort:
           percentage:
@@ -42,7 +42,6 @@ spec:
             prefix: /
       route:
         - destination:
+            # Note: the minio operator creates the service for the tenant with a fixed name
             host: {{ include "minio.serviceName" . }}
-            port:
-              number: {{ .Values.service.port }}
-{{- end }}
+  {{ end }}

chart/deps/minio/templates/minioinstance.yaml

-apiVersion: operator.min.io/v1
-kind: MinIOInstance
-metadata:
-  name: {{ include "minio.fullname" . }}
-## If specified, MinIOInstance pods will be dispatched by specified scheduler.
-## If not specified, the pod will be dispatched by default scheduler.
-# scheduler:
-#  name: my-custom-scheduler
-spec:
-  ## Add metadata to the all pods created by the StatefulSet
-  metadata:
-    ## Optionally pass labels to be applied to the statefulset pods
-    labels:
-      {{- include "minio.labels" . | nindent 6 }}
-    {{- with .Values.podAnnotations }}
-    annotations:
-      prometheus.io/path: /minio/prometheus/metrics
-      prometheus.io/port: "9000"
-      prometheus.io/scrape: "true"
-      {{- toYaml . | nindent 6 }}
-    {{- end }}
-  {{- if .Values.affinity }}
-      affinity:
-{{ toYaml .Values.affinity | indent 8 }}
-{{- end }}
-    {{- if .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
-      {{- end }}
-
-  ## Registry location and Tag to download MinIO Server image
-  image: {{ .Values.image.name }}:{{ .Values.image.tag }}
-  serviceAccountName: {{ include "minio.serviceAccountName" . }}
-  ## A ClusterIP Service will be created with the given name
-  serviceName: minio-internal-service
-  zones:
-    - name: "zone-0"
-      ## Number of MinIO servers/pods in this zone.
-      ## For standalone mode, supply 1. For distributed mode, supply 4 or more.
-      ## Note that the operator does not support upgrading from standalone to distributed mode.
-      servers: {{ .Values.zones.servers }}
-  ## Supply number of volumes to be mounted per MinIO server instance.
-  ## 2 is minimum volumes with 3 servers
-  volumesPerServer: {{ .Values.volumesPerServer }}
-  ## Mount path where PV will be mounted inside container(s). Defaults to "/export".
-  mountPath: /export
-  ## Sub path inside Mount path where MinIO starts. Defaults to "".
-  # subPath: /data
-  ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO cluster.
-  ## Please do not change the volumeClaimTemplate field while expanding the cluster, this may
-  ## lead to unbound PVCs and missing data
-  volumeClaimTemplate:
-    metadata:
-      name: data
-    spec:
-      accessModes:
-        - {{ .Values.volumeClaimTemplate.accessModes}}
-      resources:
-        requests:
-          storage: {{ .Values.volumeClaimTemplate.storage}}
-  ## Secret with credentials to be used by MinIO instance.
-  credsSecret:
-    name: {{ .Values.minioRootCreds }}
-  ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel"
-  ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
-  ## for details. Defaults to "Parallel"
-  podManagementPolicy: Parallel
-  ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained
-  ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
-  # externalCertSecret:
-  # name: tls-ssl-minio
-  ## Enable Kubernetes based certificate generation and signing as explained in
-  ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster
-  requestAutoCert: false
-  ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate.
-  ## Internal DNS name for the pod will be used if CommonName is not provided.
-  ## DNS name format is minio-{0...3}.minio.default.svc.cluster.local
-  certConfig:
-    commonName: ""
-    organizationName: []
-    dnsNames: []
-  ## Used to specify a toleration for a pod
-  # tolerations:
-  #  - effect: NoSchedule
-  #    key: dedicated
-  #    operator: Equal
-  #    value: storage
-  ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
-  env:
-    - name: MINIO_PROMETHEUS_AUTH_TYPE
-      value: "public"
-    # - name: MINIO_BROWSER
-    #   value: "off" # to turn-off browser
-    # - name: MINIO_STORAGE_CLASS_STANDARD
-    #   value: "EC:2"
-  ## Configure resource requests and limits for MinIO containers
-  # resources:
-    # requests:
-      # memory: 20Gi
-  ## Liveness probe detects situations where MinIO server instance
-  ## is not working properly and needs restart. Kubernetes automatically
-  ## restarts the pods if liveness checks fail.
-  liveness:
-    initialDelaySeconds: 10
-    periodSeconds: 1
-    timeoutSeconds: 1
-  ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
-  ## eligible to run on a node, the node must have each of the
-  ## indicated key-value pairs as labels.
-  ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-  # nodeSelector:
-  #   disktype: ssd
-  ## Affinity settings for MinIO pods. Read more about affinity
-  ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity.
-  # affinity:
-  securityContext:
-    runAsUser: 1001
-    runAsGroup: 1001
-    fsGroup: 1001

chart/deps/minio/templates/role.yaml

-{{- if .Values.monitoring.enabled }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleList
-items:
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: Role
-  metadata:
-    name: prometheus-k8s
-    namespace: {{ .Release.Namespace }}
-    labels:
-      app.kubernetes.io/component: "monitoring"
-  rules:
-  - apiGroups:
-    - ""
-    resources:
-    - services
-    - endpoints
-    - pods
-    verbs:
-    - get
-    - list
-    - watch
-{{- end }}

chart/deps/minio/templates/rolebinding.yaml

-{{- if .Values.monitoring.enabled }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBindingList
-items:
-- apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    name: prometheus-k8s
-    namespace: {{ .Release.Namespace }}
-    labels:
-      app.kubernetes.io/component: "monitoring"
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: prometheus-k8s
-  subjects:
-  - kind: ServiceAccount
-    name: prometheus-k8s
-    namespace: {{ .Values.monitoring.namespace }}
-{{- end }}

chart/deps/minio/templates/service-account.yaml

-{{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -12,4 +11,3 @@ metadata:
   {{- end }}
 imagePullSecrets:
   {{ toYaml .Values.imagePullSecrets | indent 2 }}
-{{- end }}

chart/deps/minio/templates/service.yaml

-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "minio.serviceName" . }}
-  labels:
-    {{- include "minio.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: 9000
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "minio.selectorLabels" . | nindent 4 }}

chart/deps/minio/templates/tenant-secret.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.tenants.secrets.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "minio.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  accesskey: {{ .Values.tenants.secrets.accessKey }}
+  secretkey: {{ .Values.tenants.secrets.secretKey }}
+---