zeaslity/CmiiDeploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add

Browse Source
This commit is contained in:
zeaslity
2024-10-30 16:30:51 +08:00
commit 437acbeb63
3363 changed files with 653948 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,77 @@
** Please be patient while the chart is being deployed **
{{- if .Values.gateway.enabled }}
MinIO(R) deployed as a {{ upper .Values.gateway.type }} Gateway
{{- end }}
MinIO(R) can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster:
{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}
To get your credentials run:
export ACCESS_KEY=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "minio.secretName" . }} -o jsonpath="{.data.access-key}" | base64 --decode)
export SECRET_KEY=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "minio.secretName" . }} -o jsonpath="{.data.secret-key}" | base64 --decode)
To connect to your MinIO(R) server using a client:
- Run a MinIO(R) Client pod and append the desired command (e.g. 'admin info'):
kubectl run --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-client \
--rm --tty -i --restart='Never' \
--env MINIO_SERVER_ACCESS_KEY=$ACCESS_KEY \
--env MINIO_SERVER_SECRET_KEY=$SECRET_KEY \
--env MINIO_SERVER_HOST={{ include "common.names.fullname" . }} \
--image {{ template "minio.clientImage" . }} -- admin info minio
{{- if or .Values.gateway.enabled (not .Values.disableWebUI) }}
To access the MinIO(R) web UI:
- Get the MinIO(R) URL:
{{- if .Values.ingress.enabled }}
You should be able to access your new MinIO(R) web UI through
{{ if .Values.ingress.tls }}https{{ else }}http{{ end }}://{{ .Values.ingress.hostname }}/minio/
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}'
{{- $port:=.Values.service.port | toString }}
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo "MinIO(R) web URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/minio"
{{- else if contains "ClusterIP" .Values.service.type }}
echo "MinIO(R) web URL: http://127.0.0.1:9000/minio"
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 9000:{{ .Values.service.port }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo "MinIO(R) web URL: http://$NODE_IP:$NODE_PORT/minio"
{{- end }}
{{- else }}
WARN: MinIO(R) Web UI is disabled.
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.clientImage }}
{{- include "minio.validateValues" . }}
{{- $requiredPassword := list -}}
{{- $secretName := include "minio.secretName" . -}}
{{- if and (not .Values.existingSecret) (not .Values.forceNewKeys) -}}
{{- $requiredAccessKey := dict "valueKey" "accessKey.password" "secret" $secretName "field" "access-key" -}}
{{- $requiredSecretKey := dict "valueKey" "secretKey.password" "secret" $secretName "field" "secret-key" -}}
{{- $requiredPassword = append $requiredPassword $requiredAccessKey -}}
{{- $requiredPassword = append $requiredPassword $requiredSecretKey -}}
{{- end -}}
{{- $requiredMinioPasswordErrors := include "common.validations.values.multiple.empty" (dict "required" $requiredPassword "context" $) -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredMinioPasswordErrors) "context" $) -}}

279
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,279 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper MinIO(R) image name
*/}}
{{- define "minio.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper MinIO(R) Client image name
*/}}
{{- define "minio.clientImage" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.clientImage "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "minio.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "minio.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.clientImage .Values.volumePermissions.image) "global" .Values.global) -}}
{{- end -}}
{{/*
Get the user to use to access MinIO(R)
*/}}
{{- define "minio.secret.userValue" -}}
{{- if .Values.gateway.enabled }}
{{- if eq .Values.gateway.type "azure" }}
{{- if .Values.gateway.auth.azure.accessKey }}
{{- .Values.gateway.auth.azure.accessKey -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- else if eq .Values.gateway.type "gcs" }}
{{- if .Values.gateway.auth.gcs.accessKey }}
{{- .Values.gateway.auth.gcs.accessKey -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- else if eq .Values.gateway.type "nas" }}
{{- if .Values.gateway.auth.nas.accessKey }}
{{- .Values.gateway.auth.nas.accessKey -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- else if eq .Values.gateway.type "s3" }}
{{- .Values.gateway.auth.s3.accessKey -}}
{{- end -}}
{{- else }}
{{- $accessKey := coalesce .Values.accessKey.password "woshinibaba" -}}
{{- if $accessKey }}
{{- $accessKey -}}
{{- else if (not .Values.accessKey.forcePassword) }}
{{- randAlphaNum 10 -}}
{{- else -}}
{{ required "An Access Key is required!" .Values.accessKey.password }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Get the password to use to access MinIO(R)
*/}}
{{- define "minio.secret.passwordValue" -}}
{{- if .Values.gateway.enabled }}
{{- if eq .Values.gateway.type "azure" }}
{{- if .Values.gateway.auth.azure.secretKey }}
{{- .Values.gateway.auth.azure.secretKey -}}
{{- else -}}
{{- randAlphaNum 40 -}}
{{- end -}}
{{- else if eq .Values.gateway.type "gcs" }}
{{- if .Values.gateway.auth.gcs.secretKey }}
{{- .Values.gateway.auth.gcs.secretKey -}}
{{- else -}}
{{- randAlphaNum 40 -}}
{{- end -}}
{{- else if eq .Values.gateway.type "nas" }}
{{- if .Values.gateway.auth.nas.secretKey }}
{{- .Values.gateway.auth.nas.secretKey -}}
{{- else -}}
{{- randAlphaNum 40 -}}
{{- end -}}
{{- else if eq .Values.gateway.type "s3" }}
{{- .Values.gateway.auth.s3.secretKey -}}
{{- end -}}
{{- else }}
{{- $secretKey := coalesce .Values.secretKey.password "tmp" -}}
{{- if $secretKey }}
{{- $secretKey -}}
{{- else if (not .Values.secretKey.forcePassword) }}
{{- randAlphaNum 40 -}}
{{- else -}}
{{ required "A Secret Key is required!" .Values.secretKey.password }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Get the credentials secret.
*/}}
{{- define "minio.secretName" -}}
{{- if .Values.existingSecret -}}
{{- printf "%s" .Values.existingSecret -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret object should be created
*/}}
{{- define "minio.createSecret" -}}
{{- if .Values.existingSecret }}
{{- else -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a PVC object should be created (only in standalone mode)
*/}}
{{- define "minio.createPVC" -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (or (and (eq .Values.mode "standalone") (not .Values.gateway.enabled)) (and .Values.gateway.enabled (eq .Values.gateway.type "nas"))) }}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the PVC name (only in standalone mode)
*/}}
{{- define "minio.claimName" -}}
{{- if and .Values.persistence.existingClaim }}
{{- printf "%s" (tpl .Values.persistence.existingClaim $) -}}
{{- else -}}
{{- printf "%s" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Returns the proper service account name depending if an explicit service account name is set
in the values file. If the name is not set it will default to either common.names.fullname if serviceAccount.create
is true or default otherwise.
*/}}
{{- define "minio.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "minio.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "minio.validateValues.mode" .) -}}
{{- $messages := append $messages (include "minio.validateValues.totalDrives" .) -}}
{{- $messages := append $messages (include "minio.validateValues.tls" .) -}}
{{- $messages := append $messages (include "minio.validateValues.gateway.type" .) -}}
{{- $messages := append $messages (include "minio.validateValues.gateway.azure.credentials" .) -}}
{{- $messages := append $messages (include "minio.validateValues.gateway.gcs.projectID" .) -}}
{{- $messages := append $messages (include "minio.validateValues.gateway.nas.persistence" .) -}}
{{- $messages := append $messages (include "minio.validateValues.gateway.s3.credentials" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - must provide a valid mode ("distributed" or "standalone")
*/}}
{{- define "minio.validateValues.mode" -}}
{{- $allowedValues := list "distributed" "standalone" }}
{{- if not (has .Values.mode $allowedValues) -}}
minio: mode
Invalid mode selected. Valid values are "distributed" and
"standalone". Please set a valid mode (--set mode="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - total number of drives should be multiple of 4
*/}}
{{- define "minio.validateValues.totalDrives" -}}
{{- $replicaCount := int .Values.statefulset.replicaCount }}
{{- $drivesPerNode := int .Values.statefulset.drivesPerNode }}
{{- $totalDrives := mul $replicaCount $drivesPerNode }}
{{- if and (eq .Values.mode "distributed") (or (not (eq (mod $totalDrives 4) 0)) (lt $totalDrives 4)) -}}
minio: total drives
The total number of drives should be multiple of 4 to guarantee erasure coding!
Please set a combination of nodes, and drives per node that match this condition.
For instance (--set statefulset.replicaCount=2 --set statefulset.drivesPerNode=2)
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - TLS secret must provided if TLS is enabled
*/}}
{{- define "minio.validateValues.tls" -}}
{{- if and .Values.tls.enabled (not .Values.tls.secretName) }}
minio: tls.secretName
The name of an existing secret containing the certificates must be provided
if TLS is enabled. Please set its name (--set tls.secretName=X)
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - must provide a valid gateway type ("azure", "gcs", "nas" or "s3")
*/}}
{{- define "minio.validateValues.gateway.type" -}}
{{- $allowedValues := list "azure" "gcs" "nas" "s3" }}
{{- if and .Values.gateway.enabled (not (has .Values.gateway.type $allowedValues)) -}}
minio: gateway.type
Invalid Gateway type. Valid values are "azure", "gcs", "nas" and "s3".
Please set a valid mode (--set gateway.type="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - when using MinIO(R) as an Azure Gateway, the StorageAccount Name/Key are required
*/}}
{{- define "minio.validateValues.gateway.azure.credentials" -}}
{{- if and .Values.gateway.enabled (eq .Values.gateway.type "azure") (or (empty .Values.gateway.auth.azure.storageAccountName) (empty .Values.gateway.auth.azure.storageAccountKey)) }}
minio: gateway.auth.azure
The StorageAccount name and key are required to use MinIO(R) as a Azure Gateway.
Please set a valid StorageAccount information (--set gateway.auth.azure.storageAccountName="xxxx",gateway.auth.azure.storageAccountKey="yyyy")
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - when using MinIO(R) as a GCS Gateway, the GCP project ID is required
*/}}
{{- define "minio.validateValues.gateway.gcs.projectID" -}}
{{- if and .Values.gateway.enabled (eq .Values.gateway.type "gcs") (empty .Values.gateway.auth.gcs.projectID) }}
minio: gateway.auth.gcs.projectID
A GCP project ID is required to use MinIO(R) as a GCS Gateway.
Please set a valid project ID (--set gateway.auth.gcs.projectID="xxxx")
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - when using MinIO(R) as a NAS Gateway, ReadWriteMany volumes are required
*/}}
{{- define "minio.validateValues.gateway.nas.persistence" -}}
{{- $replicaCount := int .Values.gateway.replicaCount }}
{{- if and .Values.gateway.enabled (eq .Values.gateway.type "nas") (gt $replicaCount 1) (not .Values.persistence.enabled) }}
minio: persistence.enabled
ReadWriteMany volumes are required to use MinIO(R) as a NAS Gateway with N replicas.
Please enable persistence (--set persistence.enabled=true)
{{- else if and .Values.gateway.enabled (eq .Values.gateway.type "nas") (gt $replicaCount 1) (include "minio.createPVC" .) (not (has "ReadWriteMany" .Values.persistence.accessModes)) }}
minio: persistence.accessModes
ReadWriteMany volumes are required to use MinIO(R) as a NAS Gateway with N replicas.
Please set a valid mode (--set persistence.accessModes[0]="ReadWriteMany")
{{- end -}}
{{- end -}}
{{/*
Validate values of MinIO(R) - when using MinIO(R) as a S3 Gateway, the Access & Secret keys are required
*/}}
{{- define "minio.validateValues.gateway.s3.credentials" -}}
{{- if and .Values.gateway.enabled (eq .Values.gateway.type "s3") (or (empty .Values.gateway.auth.s3.accessKey) (empty .Values.gateway.auth.s3.secretKey)) }}
minio: gateway.auth.s3
The Access & Secret keys are required to use MinIO(R) as a S3 Gateway.
Please set valid keys (--set gateway.auth.s3.accessKey="xxxx",gateway.auth.s3.secretKey="yyyy")
{{- end -}}
{{- end -}}

23
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/distributed/headless-svc.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if and (eq .Values.mode "distributed") (not .Values.gateway.enabled) }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: minio
port: {{ .Values.service.port }}
targetPort: minio
publishNotReadyAddresses: true
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
{{- end }}

376
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/distributed/statefulset.yaml Normal file
View File

@@ -0,0 +1,376 @@
{{- if and (eq .Values.mode "distributed") (not .Values.gateway.enabled) }}
{{- $fullname := include "common.names.fullname" . }}
{{- $headlessService := printf "%s-headless" (include "common.names.fullname" .) | trunc 63 }}
{{- $releaseNamespace := .Release.Namespace }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $replicaCount := int .Values.statefulset.replicaCount }}
{{- $zoneCount := int .Values.statefulset.zones }}
{{- $drivesPerNode := int .Values.statefulset.drivesPerNode }}
{{- $mountPath := .Values.persistence.mountPath }}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ $fullname }}
namespace: {{ $releaseNamespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
serviceName: {{ $headlessService }}
replicas: {{ mul $zoneCount $replicaCount }}
podManagementPolicy: {{ .Values.statefulset.podManagementPolicy }}
updateStrategy:
type: {{ .Values.statefulset.updateStrategy }}
{{- if (eq "Recreate" .Values.statefulset.updateStrategy) }}
rollingUpdate: null
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
{{- if or .Values.podAnnotations (include "minio.createSecret" .) }}
annotations:
{{- if (include "minio.createSecret" .) }}
checksum/credentials-secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- end }}
spec:
{{- include "minio.imagePullSecrets" . | nindent 6 }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
serviceAccountName: {{ template "minio.serviceAccountName" . }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
initContainers:
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
image: {{ template "minio.volumePermissions.image" . }}
imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
{{- if and .Values.persistence.enabled (gt $drivesPerNode 1) }}
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ range $diskId := until $drivesPerNode }}{{ $mountPath }}-{{ $diskId }} {{ end }}
{{- else }}
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ $mountPath }}
{{- end }}
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if and .Values.persistence.enabled (gt $drivesPerNode 1) }}
{{- range $diskId := until $drivesPerNode }}
- name: data-{{ $diskId }}
mountPath: {{ $mountPath }}-{{ $diskId }}
{{- end }}
{{- else }}
- name: data
mountPath: {{ $mountPath }}
{{- end }}
{{- end }}
{{- end }}
containers:
- name: minio
image: {{ include "minio.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
{{- if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: MINIO_DISTRIBUTED_MODE_ENABLED
value: "yes"
- name: MINIO_DISTRIBUTED_NODES
{{- $clusters := list }}
{{- range $i := until $zoneCount }}
{{- $factor := mul $i $replicaCount }}
{{- $endIndex := sub (add $factor $replicaCount) 1 }}
{{- $beginIndex := mul $i $replicaCount }}
{{- $bucket := ternary (printf "%s-{0...%d}" $mountPath (sub $drivesPerNode 1)) $mountPath (gt $drivesPerNode 1) }}
{{- $clusters = append $clusters (printf "%s-{%d...%d}.%s.%s.svc.%s%s" $fullname $beginIndex $endIndex $headlessService $releaseNamespace $clusterDomain $bucket) }}
{{- end }}
value: {{ join "," $clusters | quote }}
- name: MINIO_SCHEME
value: {{ ternary "https" "http" .Values.tls.enabled | quote }}
- name: MINIO_FORCE_NEW_KEYS
value: {{ ternary "yes" "no" .Values.forceNewKeys | quote }}
{{- if .Values.useCredentialsFile }}
- name: MINIO_ACCESS_KEY_FILE
value: "/opt/bitnami/minio/secrets/access-key"
{{- else }}
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: access-key
{{- end }}
{{- if .Values.useCredentialsFile }}
- name: MINIO_SECRET_KEY_FILE
value: "/opt/bitnami/minio/secrets/secret-key"
{{- else }}
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: secret-key
{{- end }}
- name: MINIO_SKIP_CLIENT
value: {{ ternary "yes" "no" (empty .Values.defaultBuckets) | quote }}
{{- if .Values.defaultBuckets }}
- name: MINIO_DEFAULT_BUCKETS
value: {{ .Values.defaultBuckets }}
{{- end }}
- name: MINIO_BROWSER
value: {{ ternary "off" "on" .Values.disableWebUI | quote }}
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: {{ .Values.metrics.prometheusAuthType | quote }}
{{- if .Values.tls.mountPath }}
- name: MINIO_CERTSDIR
value: {{ .Values.tls.mountPath | quote }}
{{- end }}
{{- if .Values.extraEnv }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnv "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.global.webhook.enabled }}
- name: MINIO_NOTIFY_WEBHOOK_ENABLE_1
valueFrom:
configMapKeyRef:
name: {{ include "common.names.fullname" . }}-webhook-config
key: minio_notify_webhook_enable_1
- name: MINIO_NOTIFY_WEBHOOK_ENDPOINT_1
valueFrom:
configMapKeyRef:
name: {{ include "common.names.fullname" . }}-webhook-config
key: minio_notify_webhook_endpoint_1
- name: MINIO_NOTIFY_WEBHOOK_QUEUE_DIR_1
valueFrom:
configMapKeyRef:
name: {{ include "common.names.fullname" . }}-webhook-config
key: minio_notify_webhook_queue_dir_1
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: minio
containerPort: {{ .Values.containerPort }}
protocol: TCP
{{- if .Values.global.webhook.enabled }}
- name: minio-webhook
containerPort: {{ .Values.global.webhook.port }}
protocol: TCP
{{- end }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /minio/health/live
port: minio
scheme: {{ ternary "HTTPS" "HTTP" .Values.tls.enabled | quote }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
tcpSocket:
port: minio
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
tcpSocket:
port: minio
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.useCredentialsFile }}
- name: minio-credentials
mountPath: /opt/bitnami/minio/secrets/
{{- end }}
{{- if .Values.tls.enabled }}
- name: minio-certs
mountPath: {{ default "/certs" .Values.tls.mountPath }}
{{- end }}
{{- if and .Values.persistence.enabled (gt $drivesPerNode 1) }}
{{- range $diskId := until $drivesPerNode }}
- name: data-{{ $diskId }}
mountPath: {{ $mountPath }}-{{ $diskId }}
{{- end }}
{{- else }}
- name: data
mountPath: {{ $mountPath }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.global.webhook.enabled }}
- name: webhook-config
mountPath: "/.mc/config.json"
readOnly: false
subPath: config.json
- name: webhook-download-config
mountPath: "/.mc/share/downloads.json"
readOnly: false
subPath: downloads.json
- name: webhook-uploads-config
mountPath: "/.mc/share/uploads.json"
readOnly: false
subPath: uploads.json
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.global.webhook.enabled }}
- name: webhook-config
configMap:
name: {{ include "common.names.fullname" . }}-webhook-config
items:
- key: config.json
path: "config.json"
- name: webhook-download-config
configMap:
name: {{ include "common.names.fullname" . }}-webhook-config
items:
- key: downloads.json
path: "downloads.json"
- name: webhook-uploads-config
configMap:
name: {{ include "common.names.fullname" . }}-webhook-config
items:
- key: uploads.json
path: "uploads.json"
{{- end }}
{{- if .Values.useCredentialsFile }}
- name: minio-credentials
secret:
secretName: {{ include "minio.secretName" . }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: minio-certs
secret:
secretName: {{ .Values.tls.secretName }}
items:
- key: tls.crt
path: public.crt
- key: tls.key
path: private.key
- key: ca.crt
path: CAs/public.crt
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
{{- if gt $drivesPerNode 1 }}
{{- range $diskId := until $drivesPerNode }}
- metadata:
name: data-{{ $diskId }}
labels: {{- include "common.labels.matchLabels" $ | nindent 10 }}
{{- if $.Values.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range $.Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ $.Values.persistence.size | quote }}
{{- include "common.storage.class" (dict "persistence" $.Values.persistence "global" $.Values.global) | nindent 8 }}
{{- end }}
{{- else }}
- metadata:
name: data
labels: {{- include "common.labels.matchLabels" . | nindent 10 }}
{{- if .Values.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

4
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

197
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/gateway/deployment.yaml Normal file
View File

@@ -0,0 +1,197 @@
{{- if .Values.gateway.enabled }}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.gateway.replicaCount }}
{{- if .Values.deployment.updateStrategy }}
strategy: {{- toYaml .Values.deployment.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
{{- if or .Values.podAnnotations (include "minio.createSecret" .) }}
annotations:
{{- if (include "minio.createSecret" .) }}
checksum/credentials-secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- end }}
spec:
{{- include "minio.imagePullSecrets" . | nindent 6 }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
serviceAccountName: {{ template "minio.serviceAccountName" . }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{- if .Values.initContainers }}
initContainers: {- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: minio
image: {{ include "minio.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
command:
{{- if .Values.command }}
{{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- else }}
- minio
{{- end }}
args:
{{- if .Values.args }}
{{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- else }}
- --certs-dir
- /opt/bitnami/minio/certs
- gateway
- {{ .Values.gateway.type }}
{{- if eq .Values.gateway.type "gcs" }}
- {{ .Values.gateway.auth.gcs.projectID }}
{{- else if eq .Values.gateway.type "nas" }}
- {{ .Values.persistence.mountPath }}
{{- else if eq .Values.gateway.type "s3" }}
- {{ .Values.gateway.auth.s3.serviceEndpoint }}
{{- end }}
{{- end }}
env:
{{- if eq .Values.gateway.type "azure" }}
- name: AZURE_STORAGE_ACCOUNT
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: azure-storage-account-name
- name: AZURE_STORAGE_KEY
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: azure-storage-account-key
{{- else if and (eq .Values.gateway.type "gcs") .Values.gateway.auth.gcs.keyJSON }}
- name: GOOGLE_APPLICATION_CREDENTIALS
value: "/opt/bitnami/minio/secrets/key.json"
{{- end }}
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: access-key
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: secret-key
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: {{ .Values.metrics.prometheusAuthType | quote }}
{{- if .Values.extraEnv }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnv "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: minio
containerPort: {{ .Values.containerPort }}
protocol: TCP
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if and (eq .Values.gateway.type "gcs") .Values.gateway.auth.gcs.keyJSON }}
- name: minio-credentials
mountPath: /opt/bitnami/minio/secrets/
readOnly: true
{{- end }}
{{- if eq .Values.gateway.type "nas" }}
- name: data
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Release.Namespace }}/{{ include "common.names.fullname" . }}
{{- if .Values.global.srs.pvc }}
- name: srs-vol
mountPath: /data/live-cluster-hls
subPath: {{ .Values.global.srs.mpath.cluster.hls }}
- name: srs-vol
mountPath: /data/live-cluster-dvr
subPath: {{ .Values.global.srs.mpath.cluster.dvr }}
- name: srs-vol
mountPath: /data/live-rtc-hls
subPath: {{ .Values.global.srs.mpath.rtc.hls }}
- name: srs-vol
mountPath: /data/live-rtc-dvr
subPath: {{ .Values.global.srs.mpath.rtc.dvr }}
{{- end }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if and (eq .Values.gateway.type "gcs") .Values.gateway.auth.gcs.keyJSON }}
- name: minio-credentials
secret:
secretName: {{ include "minio.secretName" . }}
{{- end }}
{{- if eq .Values.gateway.type "nas" }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "minio.claimName" . }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.global.srs.pvc }}
- name: srs-vol
persistentVolumeClaim:
claimName: {{ .Values.global.srs.pvc }}
{{- end }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

57
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,57 @@
{{- if and .Values.ingress.enabled (not .Values.disableWebUI ) -}}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
annotations:
{{- if .Values.ingress.certManager }}
kubernetes.io/tls-acme: "true"
{{- end }}
{{- if .Values.ingress.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
rules:
{{- if .Values.ingress.hostname }}
- host: {{ .Values.ingress.hostname }}
http:
paths:
{{- if .Values.ingress.extraPaths }}
{{- toYaml .Values.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "minio" "context" $) | nindent 14 }}
{{- end }}
{{- range .Values.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "minio" "context" $) | nindent 14 }}
{{- end }}
{{- if or .Values.ingress.tls .Values.ingress.extraTls }}
tls:
{{- if .Values.ingress.tls }}
- hosts:
- {{ .Values.ingress.hostname }}
secretName: {{ default (printf "%s-tls" .Values.ingress.hostname) .Values.ingress.existing.secretName }}
{{- end }}
{{- if .Values.ingress.extraTls }}
{{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

29
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- if (include "minio.createPVC" .) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.persistence.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.persistence.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }}
{{- end }}

18
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/secrets.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if (include "minio.createSecret" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
access-key: {{ include "minio.secret.userValue" . | b64enc | quote }}
secret-key: {{ include "minio.secret.passwordValue" . | b64enc | quote }}
{{- end }}

45
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/service.yaml Normal file
View File

@@ -0,0 +1,45 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.middleware.minio" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if eq .Values.service.type "LoadBalancer" }}
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
{{ end }}
{{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: minio
port: {{ .Values.service.port }}
targetPort: {{ .Values.containerPort }}
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }}
nodePort: {{ .Values.service.nodePort }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.global.webhook.enabled }}
- name: minio-webhook
port: {{ .Values.global.webhook.port }}
targetPort: minio-webhook
protocol: TCP
{{- end }}
selector: {{- include "common.labels.matchLabels.minio" . | nindent 4 }}

16
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "minio.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
secrets:
- name: {{ include "common.names.fullname" . }}
{{- end }}

42
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,42 @@
{{- if .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "common.names.fullname" . }}
{{- if .Values.metrics.serviceMonitor.namespace }}
namespace: {{ .Values.metrics.serviceMonitor.namespace }}
{{- else }}
namespace: {{ .Release.Namespace }}
{{- end }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
endpoints:
- port: minio
path: {{ .Values.metrics.serviceMonitor.path }}
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.relabellings }}
metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- end }}

235
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/standalone/deployment.yaml Normal file
View File

@@ -0,0 +1,235 @@
{{- if .Values.enabled }}
{{- if and (eq .Values.mode "standalone") (not .Values.gateway.enabled) }}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.middleware.minio" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.deployment.updateStrategy }}
strategy: {{- toYaml .Values.deployment.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels.minio" . | nindent 6 }}
template:
metadata:
labels: {{- include "common.labels.middleware.minio" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
{{- if or .Values.podAnnotations (include "minio.createSecret" .) }}
annotations:
{{- if (include "minio.createSecret" .) }}
checksum/credentials-secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
{{- end }}
spec:
{{- include "minio.imagePullSecrets" . | nindent 6 }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end -}}
serviceAccountName: {{ template "minio.serviceAccountName" . -}}
{{- if .Values.global.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.global.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
{{- /* podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAffinityPreset "context" $) | nindent 10 -}}*/}}
{{- /* podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.global.podAntiAffinityPreset "context" $) | nindent 10 }}*/}}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.global.nodeAffinityPreset.type "key" .Values.global.nodeAffinityPreset.key "values" .Values.global.nodeAffinityPreset.values) | nindent 10 -}}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
{{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
initContainers:
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
image: {{ template "minio.volumePermissions.image" . }}
imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
- |
chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }}
securityContext:
runAsUser: 0
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.persistence.mountPath }}
{{- end }}
{{- end }}
containers:
- name: minio
image: "{{ .Values.global.image.repository | default .Values.image.repository }}/{{ .Values.image.name }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
{{- if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
- name: MINIO_FORCE_NEW_KEYS
value: {{ ternary "yes" "no" .Values.forceNewKeys | quote }}
{{- if .Values.useCredentialsFile }}
- name: MINIO_ACCESS_KEY_FILE
value: "/opt/bitnami/minio/secrets/access-key"
{{- else }}
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: access-key
{{- end }}
{{- if .Values.useCredentialsFile }}
- name: MINIO_SECRET_KEY_FILE
value: "/opt/bitnami/minio/secrets/secret-key"
{{- else }}
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "minio.secretName" . }}
key: secret-key
{{- end }}
{{- if .Values.defaultBuckets }}
- name: MINIO_DEFAULT_BUCKETS
value: {{ .Values.defaultBuckets }}
{{- end }}
- name: MINIO_BROWSER
value: {{ ternary "off" "on" .Values.disableWebUI | quote }}
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: {{ .Values.metrics.prometheusAuthType | quote }}
{{- if .Values.extraEnv }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnv "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
ports:
- name: minio
containerPort: {{ .Values.containerPort }}
protocol: TCP
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /minio/health/live
port: minio
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
tcpSocket:
port: minio
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
tcpSocket:
port: minio
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.useCredentialsFile }}
- name: minio-credentials
mountPath: /opt/bitnami/minio/secrets/
{{- end }}
- name: data
mountPath: {{ .Values.persistence.mountPath }}
- name: srs-vol
mountPath: /data/live-cluster-hls
subPath: {{ .Release.Namespace }}/helm-srs/cluster/hls/default
- name: srs-vol
mountPath: /data/live-cluster-dvr
subPath: {{ .Release.Namespace }}/helm-srs/cluster/dvr
- name: srs-vol
mountPath: /data/live-rtc-hls
subPath: {{ .Release.Namespace }}/helm-srs/rtc/hls/default
- name: srs-vol
mountPath: /data/live-rtc-dvr
subPath: {{ .Release.Namespace }}/helm-srs/rtc/dvr
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.useCredentialsFile }}
- name: minio-credentials
secret:
secretName: {{ include "minio.secretName" . }}
{{- end }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "minio.claimName" . }}
{{- else }}
emptyDir: {}
{{- end }}
- name: srs-vol
persistentVolumeClaim:
claimName: glusterfs-middleware-srs-pvc
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

46
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/tls-secrets.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- if .Values.ingress.enabled }}
{{- if .Values.ingress.secrets }}
{{- if not .Values.ingress.existing.secretName }}
{{- range .Values.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ $.Release.Namespace }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
{{- if $.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.ingress.tls (not .Values.ingress.certManager) }}
{{- $ca := genCA "minio-ca" 365 }}
{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-tls" .Values.ingress.hostname }}
namespace: {{ .Release.Namespace }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

40
1-outside-deploy/2-helm-chart/charts/minio-storage/templates/webhook/webhook-configmap.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.global.webhook.enabled }}
{{- $namespace := .Release.Namespace -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-webhook-config
namespace: {{ $namespace }}
labels:
cmii.additional: webhook
{{- include "common.labels.standard" . | nindent 4 }}
data:
minio_notify_webhook_enable_1: "on"
minio_notify_webhook_endpoint_1: "http://127.0.0.1:{{ .Values.global.webhook.port }}/minio/events"
minio_notify_webhook_queue_dir_1: ""
config.json: |
{
"version": "10",
"aliases": {
"server": {
"url": "http://127.0.0.1:{{ .Values.containerPort }}",
"accessKey": "{{ .Values.gateway.auth.nas.accessKey }}",
"secretKey": "{{ .Values.gateway.auth.nas.secretKey }}",
"api": "S3v4",
"path": "auto"
}
}
}
downloads.json: |
{
"version": "1",
"shares": {}
}
uploads.json: |
{
"version": "1",
"shares": {}
}
---
{{- end }}