Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-27 15:37:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/minio] Add support to deploy MinIO as a Gateway (#5750)

Browse Source 
* [bitnami/minio] Add support to deploy MinIO as a Gateway

Signed-off-by: juan131 <juanariza@vmware.com>

* Add suggestions from code review

Signed-off-by: juan131 <juanariza@vmware.com>

* [bitnami/minio] Update components versions

Signed-off-by: Bitnami Containers <containers@bitnami.com>

Co-authored-by: Bitnami Containers <containers@bitnami.com>
This commit is contained in:
Juan Ariza Toledano
2021-03-11 17:30:40 +01:00
committed by GitHub
parent f6faaabc94
commit 7adef44d0d
13 changed files with 465 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/minio/Chart.yaml
View File

@@ -25,4 +25,4 @@ name: minio
sources:
- https://github.com/bitnami/bitnami-docker-minio
- https://min.io
version: 6.3.0
version: 6.4.0

61
bitnami/minio/README.md
View File

@@ -112,11 +112,12 @@ The following table lists the configurable parameters of the MinIO&reg; chart an
| `statefulset.zones` | Number of zones (only for MinIO&reg; distributed mode) | `1` |
| `statefulset.drivesPerNode` | Number of drives per node (only for MinIO&reg; distributed mode) | `1` |
| `statefulset.updateStrategy` | Statefulset update strategy policy | `RollingUpdate` |
| `statefulset.podManagementpolicy` | Statefulset pods management policy | `Parallel` |
| `statefulset.podManagementPolicy` | Statefulset pods management policy | `Parallel` |
| `deployment.updateStrategy` | Deployment update strategy policy | `Recreate` |
| `securityContext.enabled` | Enable security context | `true` |
| `securityContext.fsGroup` | Group ID for the container | `1001` |
| `securityContext.runAsUser` | User ID for the container | `1001` |
| `containerPort` | MinIO(R) container port to open | `9000` |
| `resources.limits` | The resources limits for the MinIO&reg; container | `{}` |
| `resources.requests` | The requested resources for the MinIO&reg; container | `{}` |
| `livenessProbe` | Liveness probe configuration for MinIO&reg; | Check `values.yaml` file |
@@ -160,6 +161,7 @@ The following table lists the configurable parameters of the MinIO&reg; chart an
| `ingress.hostname` | Default host for the ingress resource | `minio.local` |
| `ingress.tls` | Enable TLS configuration for the hostname defined at `ingress.hostname` parameter | `false` |
| `ingress.annotations` | Ingress annotations | `{}` (evaluated as a template) |
| `ingress.extraPaths` | Any additional paths that may need to be added to the ingress under the main host | `[]` |
| `ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` |
| `ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` |
| `ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` |
@@ -178,7 +180,7 @@ The following table lists the configurable parameters of the MinIO&reg; chart an
| `persistence.enabled` | Enable MinIO&reg; data persistence using PVC | `true` |
| `persistence.storageClass` | PVC Storage Class for MinIO&reg; data volume | `nil` |
| `persistence.mountPath` | Path to mount the volume at | `/data` |
| `persistence.accessMode` | PVC Access Mode for MinIO&reg; data volume | `ReadWriteOnce` |
| `persistence.accessModes` | PVC Access Modes for MinIO&reg; data volume | `[ReadWriteOnce]` |
| `persistence.size` | PVC Storage Request for MinIO&reg; data volume | `8Gi` |
| `persistence.selector` | Selector to match an existing Persistent Volume | `{}`(evaluated as a template) |
| `persistence.annotations` | Annotations for the PVC | `{}`(evaluated as a template) |
@@ -204,11 +206,19 @@ The following table lists the configurable parameters of the MinIO&reg; chart an
| `serviceAccount.create` | Enable the creation of a ServiceAccount for MinIO&reg; pods | `true` |
| `serviceAccount.name` | Name of the created ServiceAccount | Generated using the `common.names.fullname` template |
### Other parameters
| Parameter | Description | Default |
|-------------------------|----------------------------------------------------------------|---------|
| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` |
| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` |
| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `nil` |
### Metrics parameters
| Parameter | Description | Default |
|-------------------------------------------|-------------------------------------------------------------------------------------|--------------------------------------------------------------|
| `metrics.prometheusAuthType` | Authentication mode for Prometheus (`jwt` or `public`) | `public` |
| `metrics.prometheusAuthType` | Authentication mode for Prometheus (`jwt` or `public`) | `public` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `nil` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
@@ -218,6 +228,25 @@ The following table lists the configurable parameters of the MinIO&reg; chart an
| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` |
| `metrics.serviceMonitor.release` | Used to pass Labels release that sometimes should be custom for Prometheus Operator | `nil` |
### Gateway parameters
| Parameter | Description | Default |
|-------------------------------------------|-------------------------------------------------------------------------------------|--------------------------------------------------------------|
| `gateway.enabled` | Use MinIO&reg; as Gateway for other storage systems | `false` |
| `gateway.type` | Gateway type. Supported types are: `azure`, `gcs`, `nas`, `s3` | `s3` |
| `gateway.replicaCount` | Number of MinIO&reg; Gateway replicas | `4` |
| `gateway.auth.azure.storageAccountName` | Azure Storage Account Name to use to access Azure Blob Storage | `nil` |
| `gateway.auth.azure.storageAccountKey` | Azure Storage Account Key to use to access Azure Blob Storage | `nil` |
| `gateway.auth.gcs.accessKey` | Access Key to access MinIO using GCS Gateway | `nil` |
| `gateway.auth.gcs.secretKey` | Secret Key to access MinIO using GCS Gateway | `nil` |
| `gateway.auth.gcs.keyJSON` | Service Account key to access GCS | `nil` |
| `gateway.auth.gcs.projectID` | GCP Project ID to use | `nil` |
| `gateway.auth.nas.accessKey` | Access Key to access MinIO using NAS Gateway | `nil` |
| `gateway.auth.nas.secretKey` | Secret Key to access MinIO using NAS Gateway | `nil` |
| `gateway.auth.s3.serviceEndpoint` | AWS S3 endpoint | `https://s3.amazonaws.com` |
| `gateway.auth.s3.accessKey` | Access Key to use to access AWS S3 | `nil` |
| `gateway.auth.s3.secretKey` | Secret Key to use to access AWS S3 | `nil` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
@@ -328,6 +357,32 @@ In the first two cases, it's needed a certificate and a key. Files are expected
- To use self-signed certificates created by Helm, set `ingress.tls` to `true`, and `ingress.certManager` to `false`.
- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, set `ingress.certManager` boolean to `true` to enable the corresponding annotations for cert-manager.
### MinIO&reg; Gateway
MinIO&reg; can be configured as a Gateway for other other storage systems. Currently this chart supports to setup MinIO&reg; as a Gateway for the storage systems below:
- [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/)
- [GCS](https://cloud.google.com/storage)
- NAS: Network Attached Storage
- [AWS S3](https://aws.amazon.com/s3/)
The enable this feature, install the chart setting `gateway.enabled` to `true`. You can choose the Gateway type setting the `gateway.type` parameter. For instance, to install the chart as a S3 Gateway, install the chart the using the following parameters:
```console
gateway.enabled=true
gateway.replicaCount=4
gateway.type=s3
gateway.auth.s3.serviceEndpoint=https://s3.amazonaws.com
gateway.auth.s3.accessKey=S3_ACCESS_KEY
gateway.auth.s3.secretKey=S3_SECRET_KEY
```
> Note: remember to replace the S3_ACCESS_KEY and S3_SECRET_KEY placeholders with your actual S3 access & secret keys.
Find all the available parameters to configure MinIO&reg; as a Gateway in the [Gateway parameters section](#gateway-parameters).
> Note: when using MinIO&reg; as a NAS Gateway, you need ReadWriteMany PVs to deploy multiple MinIO&reg; instances. Ensure you K8s cluster supports this kind of cluster, and install the chart setting `persistence.accessModes[0]` to `ReadWriteMany` to do so.
### Adding extra environment variables
In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnv` property.

8
bitnami/minio/ci/values-gateway.yaml Normal file
View File

@@ -0,0 +1,8 @@
gateway:
enabled: true
type: s3
auth:
s3:
serviceEndpoint: https://s3.amazonaws.com
accessKey: LoremIpsum
secretKey: dolorSitAmet

14
bitnami/minio/templates/NOTES.txt
View File

@@ -1,13 +1,17 @@
** Please be patient while the chart is being deployed **
{{- if .Values.gateway.enabled }}
MinIO(R) deployed as a {{ upper .Values.gateway.type }} Gateway
{{- end }}
MinIO(R) can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
To get your credentials run:
export ACCESS_KEY=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "minio.secretName" . }} -o jsonpath="{.data.access-key}" | base64 --decode)
export SECRET_KEY=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "minio.secretName" . }} -o jsonpath="{.data.secret-key}" | base64 --decode)
export ACCESS_KEY=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "minio.secretName" . }} -o jsonpath="{.data.{{ include "minio.secret.userKey" . }}}" | base64 --decode)
export SECRET_KEY=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "minio.secretName" . }} -o jsonpath="{.data.{{ include "minio.secret.passwordKey" . }}}" | base64 --decode)
To connect to your MinIO(R) server using a client:
@@ -29,7 +33,7 @@ To connect to your MinIO(R) server using a client:
"{{ template "common.names.fullname" . }}-client=true" will be able to connect to MinIO(R).
{{- end }}
{{- if not .Values.disableWebUI }}
{{- if or .Values.gateway.enabled (not .Values.disableWebUI) }}
To access the MinIO(R) web UI:
@@ -73,8 +77,8 @@ To access the MinIO(R) web UI:
{{- $requiredPassword := list -}}
{{- $secretName := include "minio.secretName" . -}}
{{- if and (not .Values.existingSecret) (not .Values.forceNewKeys) -}}
{{- $requiredAccessKey := dict "valueKey" "accessKey.password" "secret" $secretName "field" "access-key" -}}
{{- $requiredSecretKey := dict "valueKey" "secretKey.password" "secret" $secretName "field" "secret-key" -}}
{{- $requiredAccessKey := dict "valueKey" "accessKey.password" "secret" $secretName "field" (include "minio.secret.userKey" .) -}}
{{- $requiredSecretKey := dict "valueKey" "secretKey.password" "secret" $secretName "field" (include "minio.secret.passwordKey" .) -}}
{{- $requiredPassword = append $requiredPassword $requiredAccessKey -}}
{{- $requiredPassword = append $requiredPassword $requiredSecretKey -}}
{{- end -}}

175
bitnami/minio/templates/_helpers.tpl
View File

@@ -30,30 +30,92 @@ Return the proper Docker Image Registry Secret Names
{{- end -}}
{{/*
Return MinIO(R) accessKey
Get the credentials secret key to obtain the user
*/}}
{{- define "minio.accessKey" -}}
{{- $accessKey := coalesce .Values.global.minio.accessKey .Values.accessKey.password -}}
{{- if $accessKey }}
{{- $accessKey -}}
{{- else if (not .Values.accessKey.forcePassword) }}
{{- randAlphaNum 10 -}}
{{- else -}}
{{ required "An Access Key is required!" .Values.accessKey.password }}
{{- define "minio.secret.userKey" -}}
{{- if or (not .Values.gateway.enabled) (eq .Values.gateway.type "nas") (eq .Values.gateway.type "gcs") (eq .Values.gateway.type "s3") -}}
access-key
{{- else if and .Values.gateway.enabled (eq .Values.gateway.type "azure") -}}
azure-storage-account-name
{{- end -}}
{{- end -}}
{{/*
Return MinIO(R) secretKey
Get the user to use to access MinIO(R)
*/}}
{{- define "minio.secretKey" -}}
{{- $secretKey := coalesce .Values.global.minio.secretKey .Values.secretKey.password -}}
{{- if $secretKey }}
{{- $secretKey -}}
{{- else if (not .Values.secretKey.forcePassword) }}
{{- randAlphaNum 40 -}}
{{- else -}}
{{ required "A Secret Key is required!" .Values.secretKey.password }}
{{- define "minio.secret.userValue" -}}
{{- if .Values.gateway.enabled }}
{{- if eq .Values.gateway.type "azure" }}
{{- .Values.gateway.auth.azure.storageAccountName -}}
{{- else if eq .Values.gateway.type "gcs" }}
{{- if .Values.gateway.auth.gcs.accessKey }}
{{- .Values.gateway.auth.gcs.accessKey -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- else if eq .Values.gateway.type "nas" }}
{{- if .Values.gateway.auth.nas.accessKey }}
{{- .Values.gateway.auth.nas.accessKey -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- else if eq .Values.gateway.type "s3" }}
{{- .Values.gateway.auth.s3.accessKey -}}
{{- end -}}
{{- else }}
{{- $accessKey := coalesce .Values.global.minio.accessKey .Values.accessKey.password -}}
{{- if $accessKey }}
{{- $accessKey -}}
{{- else if (not .Values.accessKey.forcePassword) }}
{{- randAlphaNum 10 -}}
{{- else -}}
{{ required "An Access Key is required!" .Values.accessKey.password }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Get the credentials secret key to obtain the password
*/}}
{{- define "minio.secret.passwordKey" -}}
{{- if or (not .Values.gateway.enabled) (eq .Values.gateway.type "nas") (eq .Values.gateway.type "gcs") (eq .Values.gateway.type "s3") -}}
secret-key
{{- else if and .Values.gateway.enabled (eq .Values.gateway.type "azure") -}}
azure-storage-account-key
{{- end -}}
{{- end -}}
{{/*
Get the password to use to access MinIO(R)
*/}}
{{- define "minio.secret.passwordValue" -}}
{{- if .Values.gateway.enabled }}
{{- if eq .Values.gateway.type "azure" }}
{{- .Values.gateway.auth.azure.storageAccountKey -}}
{{- else if eq .Values.gateway.type "gcs" }}
{{- if .Values.gateway.auth.gcs.secretKey }}
{{- .Values.gateway.auth.gcs.secretKey -}}
{{- else -}}
{{- randAlphaNum 40 -}}
{{- end -}}
{{- else if eq .Values.gateway.type "nas" }}
{{- if .Values.gateway.auth.nas.secretKey }}
{{- .Values.gateway.auth.nas.secretKey -}}
{{- else -}}
{{- randAlphaNum 40 -}}
{{- end -}}
{{- else if eq .Values.gateway.type "s3" }}
{{- .Values.gateway.auth.s3.secretKey -}}
{{- end -}}
{{- else }}
{{- $secretKey := coalesce .Values.global.minio.secretKey .Values.secretKey.password -}}
{{- if $secretKey }}
{{- $secretKey -}}
{{- else if (not .Values.secretKey.forcePassword) }}
{{- randAlphaNum 40 -}}
{{- else -}}
{{ required "A Secret Key is required!" .Values.secretKey.password }}
{{- end -}}
{{- end -}}
{{- end -}}
@@ -85,7 +147,7 @@ Return true if a secret object should be created
Return true if a PVC object should be created (only in standalone mode)
*/}}
{{- define "minio.createPVC" -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.mode "standalone") }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (or (and (eq .Values.mode "standalone") (not .Values.gateway.enabled)) (and .Values.gateway.enabled (eq .Values.gateway.type "nas"))) }}
{{- true -}}
{{- end -}}
{{- end -}}
@@ -122,6 +184,11 @@ Compile all warnings into a single message, and call fail.
{{- $messages := append $messages (include "minio.validateValues.mode" .) -}}
{{- $messages := append $messages (include "minio.validateValues.totalDrives" .) -}}
{{- $messages := append $messages (include "minio.validateValues.tls" .) -}}
{{- $messages := append $messages (include "minio.validateValues.gateway.type" .) -}}
{{- $messages := append $messages (include "minio.validateValues.gateway.azure.credentials" .) -}}
{{- $messages := append $messages (include "minio.validateValues.gateway.gcs.projectID" .) -}}
{{- $messages := append $messages (include "minio.validateValues.gateway.nas.persistence" .) -}}
{{- $messages := append $messages (include "minio.validateValues.gateway.s3.credentials" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
@@ -130,9 +197,12 @@ Compile all warnings into a single message, and call fail.
{{- end -}}
{{- end -}}
{{/* Validate values of MinIO(R) - must provide a valid mode ("distributed" or "standalone") */}}
{{/*
Validate values of MinIO(R) - must provide a valid mode ("distributed" or "standalone")
*/}}
{{- define "minio.validateValues.mode" -}}
{{- if and (ne .Values.mode "distributed") (ne .Values.mode "standalone") -}}
{{- $allowedValues := list "distributed" "standalone" }}
{{- if not (has .Values.mode $allowedValues) -}}
minio: mode
Invalid mode selected. Valid values are "distributed" and
"standalone". Please set a valid mode (--set mode="xxxx")
@@ -160,7 +230,68 @@ Validate values of MinIO(R) - TLS secret must provided if TLS is enabled
{{- define "minio.validateValues.tls" -}}
{{- if and .Values.tls.enabled (not .Values.tls.secretName) }}
minio: tls.secretName
The name of an existin secret containing the certificates must be provided
The name of an existing secret containing the certificates must be provided
if TLS is enabled. Please set its name (--set tls.secretName=X)
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - must provide a valid gateway type ("azure", "gcs", "nas" or "s3")
*/}}
{{- define "minio.validateValues.gateway.type" -}}
{{- $allowedValues := list "azure" "gcs" "nas" "s3" }}
{{- if and .Values.gateway.enabled (not (has .Values.gateway.type $allowedValues)) -}}
minio: gateway.type
Invalid Gateway type. Valid values are "azure", "gcs", "nas" and "s3".
Please set a valid mode (--set gateway.type="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - when using MinIO(R) as an Azure Gateway, the StorageAccount Name/Key are required
*/}}
{{- define "minio.validateValues.gateway.azure.credentials" -}}
{{- if and .Values.gateway.enabled (eq .Values.gateway.type "azure") (or (empty .Values.gateway.auth.azure.storageAccountName) (empty .Values.gateway.auth.azure.storageAccountKey)) }}
minio: gateway.auth.azure
The StorageAccount name and key are required to use MinIO(R) as a Azure Gateway.
Please set a valid StorageAccount information (--set gateway.auth.azure.storageAccountName="xxxx",gateway.auth.azure.storageAccountKey="yyyy")
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - when using MinIO(R) as a GCS Gateway, the GCP project ID is required
*/}}
{{- define "minio.validateValues.gateway.gcs.projectID" -}}
{{- if and .Values.gateway.enabled (eq .Values.gateway.type "gcs") (empty .Values.gateway.auth.gcs.projectID) }}
minio: gateway.auth.gcs.projectID
A GCP project ID is required to use MinIO(R) as a GCS Gateway.
Please set a valid project ID (--set gateway.auth.gcs.projectID="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - when using MinIO(R) as a NAS Gateway, ReadWriteMany volumes are required
*/}}
{{- define "minio.validateValues.gateway.nas.persistence" -}}
{{- $replicaCount := int .Values.gateway.replicaCount }}
{{- if and .Values.gateway.enabled (eq .Values.gateway.type "nas") (gt $replicaCount 1) (not .Values.persistence.enabled) }}
minio: persistence.enabled
ReadWriteMany volumes are required to use MinIO(R) as a NAS Gateway with N replicas.
Please enable persistence (--set persistence.enabled=true)
{{- else if and .Values.gateway.enabled (eq .Values.gateway.type "nas") (gt $replicaCount 1) (include "minio.createPVC" .) (not (has "ReadWriteMany" .Values.persistence.accessModes)) }}
minio: persistence.accessModes
ReadWriteMany volumes are required to use MinIO(R) as a NAS Gateway with N replicas.
Please set a valid mode (--set persistence.accessModes[0]="ReadWriteMany")
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - when using MinIO(R) as a S3 Gateway, the Access & Secret keys are required
*/}}
{{- define "minio.validateValues.gateway.s3.credentials" -}}
{{- if and .Values.gateway.enabled (eq .Values.gateway.type "s3") (or (empty .Values.gateway.auth.s3.accessKey) (empty .Values.gateway.auth.s3.secretKey)) }}
minio: gateway.auth.s3
The Access & Secret keys are required to use MinIO(R) as a S3 Gateway.
Please set valid keys (--set gateway.auth.s3.accessKey="xxxx",gateway.auth.s3.secretKey="yyyy")
{{- end -}}
{{- end -}}

2
bitnami/minio/templates/distributed/headless-svc.yaml
View File

@@ -1,4 +1,4 @@
{{- if eq .Values.mode "distributed" }}
{{- if and (eq .Values.mode "distributed") (not .Values.gateway.enabled) }}
apiVersion: v1
kind: Service
metadata:

2
bitnami/minio/templates/distributed/pdb.yaml
View File

@@ -1,4 +1,4 @@
{{- if and .Values.pdb.create (eq .Values.mode "distributed") }}
{{- if and .Values.pdb.create (eq .Values.mode "distributed") (not .Values.gateway.enabled) }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:

12
bitnami/minio/templates/distributed/statefulset.yaml
View File

@@ -1,4 +1,4 @@
{{- if eq .Values.mode "distributed" }}
{{- if and (eq .Values.mode "distributed") (not .Values.gateway.enabled) }}
{{- $fullname := include "common.names.fullname" . }}
{{- $headlessService := printf "%s-headless" (include "common.names.fullname" .) | trunc 63 }}
{{- $releaseNamespace := .Release.Namespace }}
@@ -7,7 +7,7 @@
{{- $zoneCount := int .Values.statefulset.zones }}
{{- $drivesPerNode := int .Values.statefulset.drivesPerNode }}
{{- $mountPath := .Values.persistence.mountPath }}
apiVersion: apps/v1
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ $fullname }}
@@ -142,23 +142,23 @@ spec:
value: {{ ternary "yes" "no" .Values.forceNewKeys | quote }}
{{- if .Values.useCredentialsFile }}
- name: MINIO_ACCESS_KEY_FILE
value: "/opt/bitnami/minio/secrets/access-key"
value: {{ printf "/opt/bitnami/minio/secrets/%s" (include "minio.secret.userKey" .) | quote }}
{{- else }}
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: access-key
key: {{ include "minio.secret.userKey" . }}
{{- end }}
{{- if .Values.useCredentialsFile }}
- name: MINIO_SECRET_KEY_FILE
value: "/opt/bitnami/minio/secrets/secret-key"
value: {{ printf "/opt/bitnami/minio/secrets/%s" (include "minio.secret.passwordKey" .) | quote }}
{{- else }}
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: secret-key
key: {{ include "minio.secret.passwordKey" . }}
{{- end }}
- name: MINIO_SKIP_CLIENT
value: {{ ternary "yes" "no" (empty .Values.defaultBuckets) | quote }}

164
bitnami/minio/templates/gateway/deployment.yaml Normal file
View File

@@ -0,0 +1,164 @@
{{- if .Values.gateway.enabled }}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.gateway.replicaCount }}
{{- if .Values.deployment.updateStrategy }}
strategy: {{- toYaml .Values.deployment.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
{{- if or .Values.podAnnotations (include "minio.createSecret" .) }}
annotations:
{{- if (include "minio.createSecret" .) }}
checksum/credentials-secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- end }}
spec:
{{- include "minio.imagePullSecrets" . | nindent 6 }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
serviceAccountName: {{ template "minio.serviceAccountName" . }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{- if .Values.initContainers }}
initContainers: {- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: minio
image: {{ include "minio.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
command:
{{- if .Values.command }}
{{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- else }}
- minio
{{- end }}
args:
{{- if .Values.args }}
{{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- else }}
- --certs-dir
- /opt/bitnami/minio/certs
- gateway
- {{ .Values.gateway.type }}
{{- if eq .Values.gateway.type "gcs" }}
- {{ .Values.gateway.auth.gcs.projectID }}
{{- else if eq .Values.gateway.type "nas" }}
- {{ .Values.persistence.mountPath }}
{{- else if eq .Values.gateway.type "s3" }}
- {{ .Values.gateway.auth.s3.serviceEndpoint }}
{{- end }}
{{- end }}
env:
{{- if and (eq .Values.gateway.type "gcs") .Values.gateway.auth.gcs.keyJSON }}
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/opt/bitnami/minio/secrets/key.json"
{{- end }}
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: {{ include "minio.secret.userKey" . }}
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: {{ include "minio.secret.passwordKey" . }}
{{- if .Values.extraEnv }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnv "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: minio
containerPort: {{ .Values.containerPort }}
protocol: TCP
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if and (eq .Values.gateway.type "gcs") .Values.gateway.auth.gcs.keyJSON }}
- name: minio-credentials
mountPath: /opt/bitnami/minio/secrets/
readOnly: true
{{- end }}
{{- if eq .Values.gateway.type "nas" }}
- name: data
mountPath: {{ .Values.persistence.mountPath }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if and (eq .Values.gateway.type "gcs") .Values.gateway.auth.gcs.keyJSON }}
- name: minio-credentials
secret:
secretName: {{ include "minio.secretName" . }}
{{- end }}
{{- if eq .Values.gateway.type "nas" }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "minio.claimName" . }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

0
bitnami/minio/templates/standalone/pvc.yaml → bitnami/minio/templates/pvc.yaml
View File

7
bitnami/minio/templates/secrets.yaml
View File

@@ -13,6 +13,9 @@ metadata:
{{- end }}
type: Opaque
data:
access-key: {{ include "minio.accessKey" . | b64enc | quote }}
secret-key: {{ include "minio.secretKey" . | b64enc | quote }}
{{ include "minio.secret.userKey" . }}: {{ include "minio.secret.userValue" . | b64enc | quote }}
{{ include "minio.secret.passwordKey" . }}: {{ include "minio.secret.passwordValue" . | b64enc | quote }}
{{- if and (eq .Values.gateway.type "gcs") .Values.gateway.auth.gcs.keyJSON }}
key.json: {{ .Values.gateway.auth.gcs.keyJSON | toString | b64enc }}
{{- end }}
{{- end }}

14
bitnami/minio/templates/standalone/deployment.yaml
View File

@@ -1,5 +1,5 @@
{{- if eq .Values.mode "standalone" }}
apiVersion: apps/v1
{{- if and (eq .Values.mode "standalone") (not .Values.gateway.enabled) }}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
@@ -13,7 +13,7 @@ metadata:
{{- end }}
spec:
{{- if .Values.deployment.updateStrategy }}
strategy: {{ toYaml .Values.deployment.updateStrategy | nindent 4 }}
strategy: {{- toYaml .Values.deployment.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
@@ -104,23 +104,23 @@ spec:
value: {{ ternary "yes" "no" .Values.forceNewKeys | quote }}
{{- if .Values.useCredentialsFile }}
- name: MINIO_ACCESS_KEY_FILE
value: "/opt/bitnami/minio/secrets/access-key"
value: {{ printf "/opt/bitnami/minio/secrets/%s" (include "minio.secret.userKey" .) | quote }}
{{- else }}
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: access-key
key: {{ include "minio.secret.userKey" . }}
{{- end }}
{{- if .Values.useCredentialsFile }}
- name: MINIO_SECRET_KEY_FILE
value: "/opt/bitnami/minio/secrets/secret-key"
value: {{ printf "/opt/bitnami/minio/secrets/%s" (include "minio.secret.passwordKey" .) | quote }}
{{- else }}
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: secret-key
key: {{ include "minio.secret.passwordKey" . }}
{{- end }}
{{- if .Values.defaultBuckets }}
- name: MINIO_DEFAULT_BUCKETS

56
bitnami/minio/values.yaml
View File

@@ -26,7 +26,7 @@ global:
image:
registry: docker.io
repository: bitnami/minio
tag: 2021.3.4-debian-10-r6
tag: 2021.3.4-debian-10-r9
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -50,7 +50,7 @@ image:
clientImage:
registry: docker.io
repository: bitnami/minio-client
tag: 2021.2.19-debian-10-r12
tag: 2021.3.10-debian-10-r1
## String to partially override common.names.fullname template (will maintain the release name)
##
@@ -164,10 +164,10 @@ args: []
# schedulerName: stork
## MinIO(R) deployment parameters
## Only when mode is 'standalone'
## Only when 'mode' is 'standalone' or 'gateway.enabled' is 'true'
##
deployment:
## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first.
## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## e.g:
## updateStrategy:
@@ -626,3 +626,51 @@ metrics:
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
##
additionalLabels: {}
## MinIO(R) Gateway configuration
##
gateway:
## Use MinIO(R) as Gateway for other storage systems
##
enabled: false
## Gateway type
## Current supported types are: azure, gcs, nas, and s3
## ref: https://docs.minio.io/docs/minio-gateway-for-azure
## ref: https://docs.minio.io/docs/minio-gateway-for-gcs
## ref: https://docs.minio.io/docs/minio-gateway-for-nas
## ref: https://docs.minio.io/docs/minio-gateway-for-s3
##
type: s3
## Number of Gateway replicas
##
replicaCount: 4
## Gateway authentication configuration
##
auth:
## Authentication configuration for Azure
## Ignored unless type=azure
##
azure:
storageAccountName: ""
storageAccountKey: ""
## Authentication configuration for GCS
## Ignored unless type=gcs
##
gcs:
accessKey: ""
secretKey: ""
keyJSON: ""
projectID: ""
## Authentication configuration for NAS
## Ignored unless type=nas
##
nas:
accessKey: ""
secretKey: ""
## Authentication configuration for S3
## Ignored unless type=s3
##
s3:
accessKey: ""
secretKey: ""
serviceEndpoint: https://s3.amazonaws.com