diff options
Diffstat (limited to 'vnfs/DAaaS/deploy/minio/templates')
-rw-r--r-- | vnfs/DAaaS/deploy/minio/templates/NOTES.txt | 44 | ||||
-rwxr-xr-x | vnfs/DAaaS/deploy/minio/templates/_helper_create_bucket.txt | 89 | ||||
-rw-r--r-- | vnfs/DAaaS/deploy/minio/templates/_helpers.tpl | 43 | ||||
-rw-r--r-- | vnfs/DAaaS/deploy/minio/templates/configmap.yaml | 12 | ||||
-rw-r--r-- | vnfs/DAaaS/deploy/minio/templates/deployment.yaml | 195 | ||||
-rw-r--r-- | vnfs/DAaaS/deploy/minio/templates/ingress.yaml | 39 | ||||
-rw-r--r-- | vnfs/DAaaS/deploy/minio/templates/networkpolicy.yaml | 25 | ||||
-rwxr-xr-x | vnfs/DAaaS/deploy/minio/templates/post-install-create-bucket-job.yaml | 59 | ||||
-rw-r--r-- | vnfs/DAaaS/deploy/minio/templates/pvc.yaml | 27 | ||||
-rw-r--r-- | vnfs/DAaaS/deploy/minio/templates/secrets.yaml | 18 | ||||
-rw-r--r-- | vnfs/DAaaS/deploy/minio/templates/service.yaml | 46 | ||||
-rw-r--r-- | vnfs/DAaaS/deploy/minio/templates/statefulset.yaml | 141 |
12 files changed, 738 insertions, 0 deletions
diff --git a/vnfs/DAaaS/deploy/minio/templates/NOTES.txt b/vnfs/DAaaS/deploy/minio/templates/NOTES.txt new file mode 100644 index 00000000..b690f502 --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/NOTES.txt @@ -0,0 +1,44 @@ +{{- if eq .Values.service.type "ClusterIP" "NodePort" }} +Minio can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: +{{ template "minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + +To access Minio from localhost, run the below commands: + + 1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + + 2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} + +Read more about port forwarding here: http://kubernetes.io/docs/user-guide/kubectl/kubectl_port-forward/ + +You can now access Minio server on http://localhost:9000. Follow the below steps to connect to Minio server with mc client: + + 1. Download the Minio mc client - https://docs.minio.io/docs/minio-client-quickstart-guide + + 2. mc config host add {{ template "minio.fullname" . }}-local http://localhost:9000 {{ .Values.accessKey }} {{ .Values.secretKey }} S3v4 + + 3. mc ls {{ template "minio.fullname" . }}-local + +Alternately, you can use your browser or the Minio SDK to access the server - https://docs.minio.io/categories/17 +{{- end }} +{{- if eq .Values.service.type "LoadBalancer" }} +Minio can be accessed via port {{ .Values.service.port }} on an external IP address. Get the service external IP address by: +kubectl get svc --namespace {{ .Release.Namespace }} -l app={{ template "minio.fullname" . }} + +Note that the public IP may take a couple of minutes to be available. + +You can now access Minio server on http://<External-IP>:9000. Follow the below steps to connect to Minio server with mc client: + + 1. Download the Minio mc client - https://docs.minio.io/docs/minio-client-quickstart-guide + + 2. mc config host add {{ template "minio.fullname" . }}-local http://<External-IP>:{{ .Values.service.port }} {{ .Values.accessKey }} {{ .Values.secretKey }} S3v4 + + 3. mc ls {{ template "minio.fullname" . }}-local + +Alternately, you can use your browser or the Minio SDK to access the server - https://docs.minio.io/categories/17 +{{- end }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label +{{ template "minio.fullname" . }}-client=true" +will be able to connect to this minio cluster. +{{- end }} diff --git a/vnfs/DAaaS/deploy/minio/templates/_helper_create_bucket.txt b/vnfs/DAaaS/deploy/minio/templates/_helper_create_bucket.txt new file mode 100755 index 00000000..95528793 --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/_helper_create_bucket.txt @@ -0,0 +1,89 @@ +#!/bin/sh +set -e ; # Have script exit in the event of a failed command. + +# connectToMinio +# Use a check-sleep-check loop to wait for Minio service to be available +connectToMinio() { + SCHEME=$1 + ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts + set -e ; # fail if we can't read the keys. + ACCESS=$(cat /config/accesskey) ; SECRET=$(cat /config/secretkey) ; + set +e ; # The connections to minio are allowed to fail. + echo "Connecting to Minio server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ; + MC_COMMAND="mc config host add myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ; + $MC_COMMAND ; + STATUS=$? ; + until [ $STATUS = 0 ] + do + ATTEMPTS=`expr $ATTEMPTS + 1` ; + echo \"Failed attempts: $ATTEMPTS\" ; + if [ $ATTEMPTS -gt $LIMIT ]; then + exit 1 ; + fi ; + sleep 2 ; # 1 second intervals between attempts + $MC_COMMAND ; + STATUS=$? ; + done ; + set -e ; # reset `e` as active + return 0 +} + +# checkBucketExists ($bucket) +# Check if the bucket exists, by using the exit code of `mc ls` +checkBucketExists() { + BUCKET=$1 + CMD=$(/usr/bin/mc ls myminio/$BUCKET > /dev/null 2>&1) + return $? +} + +# createBucket ($bucket, $policy, $purge) +# Ensure bucket exists, purging if asked to +createBucket() { + BUCKET=$1 + POLICY=$2 + PURGE=$3 + + # Purge the bucket, if set & exists + # Since PURGE is user input, check explicitly for `true` + if [ $PURGE = true ]; then + if checkBucketExists $BUCKET ; then + echo "Purging bucket '$BUCKET'." + set +e ; # don't exit if this fails + /usr/bin/mc rm -r --force myminio/$BUCKET + set -e ; # reset `e` as active + else + echo "Bucket '$BUCKET' does not exist, skipping purge." + fi + fi + + # Create the bucket if it does not exist + if ! checkBucketExists $BUCKET ; then + echo "Creating bucket '$BUCKET'" + /usr/bin/mc mb myminio/$BUCKET + else + echo "Bucket '$BUCKET' already exists." + fi + + # At this point, the bucket should exist, skip checking for existence + # Set policy on the bucket + echo "Setting policy of bucket '$BUCKET' to '$POLICY'." + /usr/bin/mc policy $POLICY myminio/$BUCKET +} + +# Try connecting to Minio instance +{{- if .Values.tls.enabled }} +scheme=https +{{- else }} +scheme=http +{{- end }} +connectToMinio $scheme + +{{- if or .Values.defaultBucket.enabled }} +# Create the bucket +createBucket {{ .Values.defaultBucket.name }} {{ .Values.defaultBucket.policy }} {{ .Values.defaultBucket.purge }} +{{ else if .Values.buckets }} +# Create the buckets +{{- range .Values.buckets }} +createBucket {{ .name }} {{ .policy }} {{ .purge }} +{{- end }} +{{- end }} diff --git a/vnfs/DAaaS/deploy/minio/templates/_helpers.tpl b/vnfs/DAaaS/deploy/minio/templates/_helpers.tpl new file mode 100644 index 00000000..c8fe9ba7 --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "minio.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "minio.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "minio.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "minio.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} diff --git a/vnfs/DAaaS/deploy/minio/templates/configmap.yaml b/vnfs/DAaaS/deploy/minio/templates/configmap.yaml new file mode 100644 index 00000000..cb11fcd7 --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + initialize: |- +{{ include (print $.Template.BasePath "/_helper_create_bucket.txt") . | indent 4 }} diff --git a/vnfs/DAaaS/deploy/minio/templates/deployment.yaml b/vnfs/DAaaS/deploy/minio/templates/deployment.yaml new file mode 100644 index 00000000..af335b2d --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/deployment.yaml @@ -0,0 +1,195 @@ +{{- if eq .Values.mode "standalone" }} +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + strategy: + type: {{ .Values.DeploymentUpdate.type }} + rollingUpdate: + maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} + maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} + {{- if .Values.nasgateway.enabled }} + replicas: {{ .Values.nasgateway.replicas }} + {{- end }} + {{- if .Values.s3gateway.enabled }} + replicas: {{ .Values.s3gateway.replicas }} + {{- end }} + {{- if .Values.azuregateway.enabled }} + replicas: {{ .Values.azuregateway.replicas }} + {{- end }} + {{- if .Values.gcsgateway.enabled }} + replicas: {{ .Values.gcsgateway.replicas }} + {{- end }} + {{- if .Values.ossgateway.enabled }} + replicas: {{ .Values.ossgateway.replicas }} + {{- end }} + selector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.s3gateway.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -C {{ .Values.configPath }} gateway s3 {{ .Values.s3gateway.serviceEndpoint }}" ] + {{- else }} + {{- if .Values.azuregateway.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -C {{ .Values.configPath }} gateway azure" ] + {{- else }} + {{- if .Values.gcsgateway.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -C {{ .Values.configPath }} gateway gcs {{ .Values.gcsgateway.projectId }}" ] + {{- else }} + {{- if .Values.ossgateway.enabled }} + command: [ "/bin/sh", + "-ce", + "cp /tmp/config.json {{ .Values.configPath }} && + /usr/bin/docker-entrypoint.sh minio -C {{ .Values.configPath }} gateway oss {{ .Values.ossgateway.endpointURL }}" ] + {{- else }} + {{- if .Values.nasgateway.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -C {{ .Values.configPath }} gateway nas {{ .Values.mountPath }}" ] + {{- else }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -C {{ .Values.configPath }} server {{ .Values.mountPath }}" ] + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + volumeMounts: + {{- if and .Values.persistence.enabled (not .Values.gcsgateway.enabled) (not .Values.azuregateway.enabled) (not .Values.s3gateway.enabled) }} + - name: export + mountPath: {{ .Values.mountPath }} + {{- if .Values.persistence.subPath }} + subPath: "{{ .Values.persistence.subPath }}" + {{- end }} + {{- end }} + {{- if .Values.gcsgateway.enabled }} + - name: minio-user + mountPath: "/etc/credentials" + readOnly: true + {{- end }} + - name: minio-config-dir + mountPath: {{ .Values.configPath }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume + mountPath: {{ .Values.configPath }}certs + {{ end }} + ports: + - name: service + containerPort: 9000 + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + key: secretkey + {{- if .Values.gcsgateway.enabled }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/gcs_key.json" + {{- end }} + {{- range $key, $val := .Values.environment }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + livenessProbe: + httpGet: + path: /minio/health/live + port: service + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{ else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{- end }} + path: /minio/health/ready + port: service + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + resources: +{{ toYaml .Values.resources | indent 12 }} +{{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + {{- if and (not .Values.gcsgateway.enabled) (not .Values.azuregateway.enabled) (not .Values.s3gateway.enabled) }} + - name: export + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + - name: minio-user + secret: + secretName: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + - name: minio-config-dir + emptyDir: {} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: public.crt + - key: {{ .Values.tls.privateKey }} + path: private.key + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{ end }} +{{- end }} diff --git a/vnfs/DAaaS/deploy/minio/templates/ingress.yaml b/vnfs/DAaaS/deploy/minio/templates/ingress.yaml new file mode 100644 index 00000000..5168b861 --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/ingress.yaml @@ -0,0 +1,39 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "minio.fullname" . -}} +{{- $servicePort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $servicePort }} + {{- end }} +{{- end }} diff --git a/vnfs/DAaaS/deploy/minio/templates/networkpolicy.yaml b/vnfs/DAaaS/deploy/minio/templates/networkpolicy.yaml new file mode 100644 index 00000000..de57f485 --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/networkpolicy.yaml @@ -0,0 +1,25 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "minio.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + podSelector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + ingress: + - ports: + - port: {{ .Values.service.port }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "minio.name" . }}-client: "true" + {{- end }} +{{- end }} diff --git a/vnfs/DAaaS/deploy/minio/templates/post-install-create-bucket-job.yaml b/vnfs/DAaaS/deploy/minio/templates/post-install-create-bucket-job.yaml new file mode 100755 index 00000000..c581338a --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/post-install-create-bucket-job.yaml @@ -0,0 +1,59 @@ +{{- if or .Values.defaultBucket.enabled .Values.buckets }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "minio.fullname" . }}-make-bucket-job + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + spec: + restartPolicy: OnFailure +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + volumes: + - name: minio-configuration + projected: + sources: + - configMap: + name: {{ template "minio.fullname" . }} + - secret: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{ end }} + containers: + - name: minio-mc + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + imagePullPolicy: {{ .Values.mcImage.pullPolicy }} + command: ["/bin/sh", "/config/initialize"] + env: + - name: MINIO_ENDPOINT + value: {{ template "minio.fullname" . }} + - name: MINIO_PORT + value: {{ .Values.service.port | quote }} + volumeMounts: + - name: minio-configuration + mountPath: /config + {{- if .Values.tls.enabled }} + - name: cert-secret-volume-mc + mountPath: {{ .Values.configPathmc }}certs + {{ end }} +{{- end }} diff --git a/vnfs/DAaaS/deploy/minio/templates/pvc.yaml b/vnfs/DAaaS/deploy/minio/templates/pvc.yaml new file mode 100644 index 00000000..3f4cbb03 --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if eq .Values.mode "standalone" }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if and .Values.nasgateway.enabled .Values.nasgateway.pv }} + selector: + matchLabels: + pv: {{ .Values.nasgateway.pv | quote }} +{{- end }} + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/vnfs/DAaaS/deploy/minio/templates/secrets.yaml b/vnfs/DAaaS/deploy/minio/templates/secrets.yaml new file mode 100644 index 00000000..b01e0d3c --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/secrets.yaml @@ -0,0 +1,18 @@ +{{- if not .Values.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + accesskey: {{ .Values.accessKey | b64enc }} + secretkey: {{ .Values.secretKey | b64enc }} +{{- if .Values.gcsgateway.enabled }} + gcs_key.json: {{ .Values.gcsgateway.gcsKeyJson | b64enc }} +{{- end }} +{{- end }} diff --git a/vnfs/DAaaS/deploy/minio/templates/service.yaml b/vnfs/DAaaS/deploy/minio/templates/service.yaml new file mode 100644 index 00000000..0799b287 --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/service.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }} + {{- if eq .Values.mode "distributed" }} + clusterIP: None + {{- else }} + type: ClusterIP + {{- end }} + {{- if not (empty .Values.service.clusterIP) }} + clusterIP: {{ .Values.service.clusterIP }} + {{end}} +{{- else if eq .Values.service.type "LoadBalancer" }} + type: {{ .Values.service.type }} + loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} +{{- else }} + type: {{ .Values.service.type }} +{{- end }} + ports: + - name: service + port: 9000 + targetPort: {{ .Values.service.port }} + protocol: TCP +{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort }} +{{- end}} +{{- if .Values.service.externalIPs }} + externalIPs: +{{- range $i , $ip := .Values.service.externalIPs }} + - {{ $ip }} +{{- end }} +{{- end }} + selector: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} diff --git a/vnfs/DAaaS/deploy/minio/templates/statefulset.yaml b/vnfs/DAaaS/deploy/minio/templates/statefulset.yaml new file mode 100644 index 00000000..447b671d --- /dev/null +++ b/vnfs/DAaaS/deploy/minio/templates/statefulset.yaml @@ -0,0 +1,141 @@ +{{- if eq .Values.mode "distributed" }} +{{ $nodeCount := .Values.replicas | int }} +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + chart: {{ template "minio.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + updateStrategy: + type: {{ .Values.StatefulSetUpdate.updateStrategy }} + serviceName: {{ template "minio.fullname" . }} + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "minio.fullname" . }} + labels: + app: {{ template "minio.name" . }} + release: {{ .Release.Name }} + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.tls.enabled }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -C {{ .Values.configPath }} server + {{- range $i := until $nodeCount }} + https://{{ template `minio.fullname` $ }}-{{ $i }}.{{ template `minio.fullname` $ }}.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{ $.Values.mountPath }} + {{- end }}" ] + {{ else }} + command: [ "/bin/sh", + "-ce", + "/usr/bin/docker-entrypoint.sh minio -C {{ .Values.configPath }} server + {{- range $i := until $nodeCount }} + http://{{ template `minio.fullname` $ }}-{{ $i }}.{{ template `minio.fullname` $ }}.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}{{ $.Values.mountPath }} + {{- end }}" ] + {{ end }} + volumeMounts: + - name: export + mountPath: {{ .Values.mountPath }} + {{- if and .Values.persistence.enabled .Values.persistence.subPath }} + subPath: "{{ .Values.persistence.subPath }}" + {{- end }} + - name: minio-config-dir + mountPath: {{ .Values.configPath }} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume + mountPath: {{ .Values.configPath }}certs + {{ end }} + ports: + - name: service + containerPort: 9000 + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + key: secretkey + {{- range $key, $val := .Values.environment }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end}} + livenessProbe: + httpGet: + path: /minio/health/live + port: service + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{ else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: minio-user + secret: + secretName: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} + - name: minio-config-dir + emptyDir: {} + {{- if .Values.tls.enabled }} + - name: cert-secret-volume + secret: + secretName: {{ .Values.tls.certSecret }} + items: + - key: {{ .Values.tls.publicCrt }} + path: public.crt + - key: {{ .Values.tls.privateKey }} + path: private.key + - key: {{ .Values.tls.publicCrt }} + path: CAs/public.crt + {{ end }} + volumeClaimTemplates: + - metadata: + name: export + spec: + accessModes: [ {{ .Values.persistence.accessMode | quote }} ] + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- end }} |