truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-02-03 02:23:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

NAS-120452 / 23.10 / Add MinIO Enterprise (#1002)

Browse Source 
* Add minio to enterprise train

* Adjust hostnetwork based on multimode configuration

* add update strategy and explicitly set permissions at install time

* minor typo

* use new common

* bump common

* Add upgrade info json

* make immutable the run context and check backup permissions before chowning

* spacing
This commit is contained in:
Stavros Kois
2023-04-05 17:57:03 +03:00
committed by GitHub
parent 3d9794fe21
commit 3a6e29ae9e
28 changed files with 1538 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/common/Chart.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: v2
name: common
description: A library chart for iX Official Catalog
type: library
version: 1.0.2
version: 1.0.3
appVersion: v1
annotations:
title: Common Library Chart

6
library/common/templates/app_functions/_postgres.tpl
View File

@@ -7,11 +7,15 @@ name (optional): Name of the postgres pod/container (default: postgres)
secretName (required): Name of the secret containing the postgres credentials
backupPath (optional): Path to store the backup, it's the container's path (default: /postgres_backup)
resources (required): Resources for the postgres container
backupChownMode (optional): Whether to chown the backup directory or
check parent directory permissions and fix them if needed.
(default: check) Valid values: always, check
*/}}
{{- define "ix.v1.common.app.postgres" -}}
{{- $name := .name | default "postgres" -}}
{{- $secretName := (required "Postgres - Secret Name is required" .secretName) -}}
{{- $backupPath := .backupPath | default "/postgres_backup" -}}
{{- $backupChownMode := .backupChownMode | default "check" -}}
{{- $ixChartContext := .ixChartContext -}}
{{- $resources := (required "Postgres - Resources are required" .resources) }}
{{ $name }}:
@@ -112,7 +116,7 @@ postgresbackup:
pg_dump --dbname=${POSTGRES_URL} --file {{ $backupPath }}/${POSTGRES_DB}_$(date +%Y-%m-%d_%H-%M-%S).sql || echo "Failed to create backup"
echo "Backup finished"
initContainers:
{{- include "ix.v1.common.app.permissions" (dict "UID" 999 "GID" 999 "type" "init") | nindent 6 }}
{{- include "ix.v1.common.app.permissions" (dict "UID" 999 "GID" 999 "type" "init" "mode" $backupChownMode) | nindent 6 }}
{{- end -}}
{{/* Returns a postgres-wait container for waiting for postgres to be ready */}}

6
library/ix-dev/enterprise/minio/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../../common
version: 1.0.3
digest: sha256:1a090020cfa582aff29906320874ffe9b543fcc6c2423c281f434514f2653e02
generated: "2023-04-05T14:29:53.295151027Z"

25
library/ix-dev/enterprise/minio/Chart.yaml Normal file
View File

@@ -0,0 +1,25 @@
name: minio
description: High Performance, Kubernetes Native Object Storage
annotations:
title: MinIO
type: application
version: 1.0.0
apiVersion: v2
appVersion: '2023-02-17'
kubeVersion: '>=1.16.0-0'
maintainers:
- name: truenas
url: https://www.truenas.com/
dependencies:
- name: common
repository: file://../../../common
version: 1.0.3
home: https://min.io
icon: https://min.io/resources/img/logo/MINIO_wordmark.png
sources:
- https://github.com/minio/minio
- https://github.com/truenas/charts/tree/master/enterprise/minio
keywords:
- storage
- object-storage
- S3

16
library/ix-dev/enterprise/minio/README.md Normal file
View File

@@ -0,0 +1,16 @@
# MinIO
[MinIO](https://min.io) is a High Performance Object Storage released under Apache License v2.0.
It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure
for machine learning, analytics and application data workloads.
> During the installation process, a container will be launched with **root** privileges. This is required
> in order to apply the correct permissions to the MinIO data directory. Afterward, the `MinIO` container
> will run as a **non**-root user (`568`).
> Same applies to the `postgres` container. This will run afterwards as a **non**-root user (`999`).
> On each upgrade, a container will be launched with **root** privileges in order to apply the correct
> permissions to the `postgres` backups directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards.
> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update.
> But will only be changed once for the `MinIO` and `postgres` data directories.
When Multi Mode is enabled and entries contain `://` (url) will enable Host Networking. Regardless of the selection in the `Networking` section.

16
library/ix-dev/enterprise/minio/app-readme.md Normal file
View File

@@ -0,0 +1,16 @@
# MinIO
[MinIO](https://min.io) is a High Performance Object Storage released under Apache License v2.0.
It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure
for machine learning, analytics and application data workloads.
> During the installation process, a container will be launched with **root** privileges. This is required
> in order to apply the correct permissions to the MinIO data directory. Afterward, the `MinIO` container
> will run as a **non**-root user (`568`).
> Same applies to the `postgres` container. This will run afterwards as a **non**-root user (`999`).
> On each upgrade, a container will be launched with **root** privileges in order to apply the correct
> permissions to the `postgres` backups directory. Container that performs the backup will run as a **non**-root user (`999`) afterwards.
> Keep in mind the permissions on the backup directory will be changed to `999:999` on **every** update.
> But will only be changed once for the `MinIO` and `postgres` data directories.
When Multi Mode is enabled and entries contain `://` (url) will enable Host Networking. Regardless of the selection in the `Networking` section.

BIN
library/ix-dev/enterprise/minio/charts/common-1.0.3.tgz Normal file
View File

Binary file not shown.

126
library/ix-dev/enterprise/minio/ci/snmd-https-values.yaml Normal file
View File

@@ -0,0 +1,126 @@
# When inside the versioned minio folder, run:
# helm dependency update
# helm template -f ix_values.yaml -f ci/basic-https-values.yaml .
# Always use a unique hostPath for each test
# Release.Namespace is guaranteed to be a unique value
# in the test environment (ct-install)
minioCreds:
rootUser: minio_test
rootPass: minio_test
minioRunAs:
user: 1000
group: 1000
minioNetwork:
certificateID: 1
minioMultiMode:
- /data{1...4}
minioStorage:
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data1
datasetName: ""
mountPath: /data1
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data2
datasetName: ""
mountPath: /data2
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data3
datasetName: ""
mountPath: /data3
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data4
datasetName: ""
mountPath: /data4
ixCertificates:
"1":
certificate: |
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL
MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV
BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX
Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1
P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW
2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H
PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t
AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3
AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB
hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E
AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww
CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH
DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB
FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/
BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD
KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR
h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx
fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj
x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx
CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE
CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt
2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf
iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd
M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL
Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H
VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID
AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE
wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T
AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw
pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL
MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG
SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr
zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql
PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX
TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d
2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/
+Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w
M7Y3vwxshpo=
-----END CERTIFICATE-----
privatekey: |
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT
HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk
H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI
4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d
NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB
+Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7
A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu
eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5
N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe
EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL
PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR
0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA
6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z
FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo
L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL
d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA
0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu
MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2
wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd
DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7
wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc
nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S
dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P
//L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY
qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc
3G15AKCXo7jjOUtHY01DCQ==
-----END PRIVATE KEY-----

139
library/ix-dev/enterprise/minio/ci/snmd-logsearch-https-values.yaml Normal file
View File

@@ -0,0 +1,139 @@
# When inside the versioned minio folder, run:
# helm dependency update
# helm template -f ix_values.yaml -f ci/logsearch-https-values.yaml .
# Always use a unique hostPath for each test
# Release.Namespace is guaranteed to be a unique value
# in the test environment (ct-install)
minioCreds:
rootUser: minio_test
rootPass: minio_test
minioNetwork:
certificateID: 1
minioRunAs:
user: 1000
group: 1000
minioMultiMode:
- /data{1...4}
minioStorage:
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data1
datasetName: ""
mountPath: /data1
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data2
datasetName: ""
mountPath: /data2
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data3
datasetName: ""
mountPath: /data3
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data4
datasetName: ""
mountPath: /data4
minioLogging:
logsearch:
enabled: true
diskCapacityGB: 5
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/postgres_data
datasetName: ""
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/postgres_backup
datasetName: ""
ixCertificates:
"1":
certificate: |
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL
MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV
BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX
Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1
P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW
2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H
PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t
AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3
AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB
hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E
AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww
CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH
DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB
FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/
BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD
KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR
h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx
fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj
x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx
CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE
CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt
2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf
iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd
M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL
Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H
VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID
AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE
wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T
AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw
pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL
MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG
SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr
zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql
PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX
TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d
2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/
+Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w
M7Y3vwxshpo=
-----END CERTIFICATE-----
privatekey: |
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT
HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk
H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI
4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d
NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB
+Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7
A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu
eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5
N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe
EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL
PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR
0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA
6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z
FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo
L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL
d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA
0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu
MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2
wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd
DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7
wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc
nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S
dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P
//L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY
qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc
3G15AKCXo7jjOUtHY01DCQ==
-----END PRIVATE KEY-----

43
library/ix-dev/enterprise/minio/ci/snmd-logsearch-values.yaml Normal file
View File

@@ -0,0 +1,43 @@
# When inside the versioned minio folder, run:
# helm dependency update
# helm template -f ix_values.yaml -f ci/logsearch-values.yaml .
# Always use a unique hostPath for each test
minioCreds:
rootUser: minio_test
rootPass: minio_test
minioMultiMode:
- /data{1...4}
minioStorage:
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data1
datasetName: ""
mountPath: /data1
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data2
datasetName: ""
mountPath: /data2
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data3
datasetName: ""
mountPath: /data3
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data4
datasetName: ""
mountPath: /data4
minioLogging:
logsearch:
enabled: true
diskCapacityGB: 5
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/postgres_data
datasetName: ""
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/postgres_backup
datasetName: ""

30
library/ix-dev/enterprise/minio/ci/snmd-values.yaml Normal file
View File

@@ -0,0 +1,30 @@
# When inside the versioned minio folder, run:
# helm dependency update
# helm template -f ix_values.yaml -f ci/basic-values.yaml .
# Always use a unique hostPath for each test
minioCreds:
rootUser: minio_test
rootPass: minio_test
minioMultiMode:
- /data{1...4}
minioStorage:
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data1
datasetName: ""
mountPath: /data1
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data2
datasetName: ""
mountPath: /data2
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data3
datasetName: ""
mountPath: /data3
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data4
datasetName: ""
mountPath: /data4

106
library/ix-dev/enterprise/minio/ci/snsd-https-values.yaml Normal file
View File

@@ -0,0 +1,106 @@
# When inside the versioned minio folder, run:
# helm dependency update
# helm template -f ix_values.yaml -f ci/basic-https-values.yaml .
# Always use a unique hostPath for each test
minioCreds:
rootUser: minio_test
rootPass: minio_test
minioNetwork:
certificateID: 1
minioStorage:
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data1
datasetName: ""
mountPath: /data1
ixCertificates:
"1":
certificate: |
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL
MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV
BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX
Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1
P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW
2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H
PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t
AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3
AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB
hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E
AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww
CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH
DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB
FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/
BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD
KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR
h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx
fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj
x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx
CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE
CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt
2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf
iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd
M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL
Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H
VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID
AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE
wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T
AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw
pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL
MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG
SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr
zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql
PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX
TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d
2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/
+Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w
M7Y3vwxshpo=
-----END CERTIFICATE-----
privatekey: |
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT
HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk
H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI
4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d
NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB
+Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7
A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu
eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5
N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe
EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL
PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR
0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA
6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z
FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo
L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL
d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA
0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu
MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2
wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd
DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7
wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc
nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S
dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P
//L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY
qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc
3G15AKCXo7jjOUtHY01DCQ==
-----END PRIVATE KEY-----

118
library/ix-dev/enterprise/minio/ci/snsd-logsearch-https-values.yaml Normal file
View File

@@ -0,0 +1,118 @@
# When inside the versioned minio folder, run:
# helm dependency update
# helm template -f ix_values.yaml -f ci/logsearch-https-values.yaml .
# Always use a unique hostPath for each test
minioCreds:
rootUser: minio_test
rootPass: minio_test
minioNetwork:
certificateID: 1
minioStorage:
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data1
datasetName: ""
mountPath: /data1
minioLogging:
logsearch:
enabled: true
diskCapacityGB: 5
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/postgres_data
datasetName: ""
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/postgres_backup
datasetName: ""
ixCertificates:
"1":
certificate: |
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL
MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV
BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX
Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1
P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW
2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H
PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t
AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3
AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB
hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E
AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww
CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH
DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB
FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/
BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD
KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR
h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx
fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj
x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD
VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w
HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx
CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE
CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt
2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf
iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd
M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL
Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H
VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID
AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE
wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T
AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw
pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL
MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG
SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr
zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql
PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX
TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d
2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/
+Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w
M7Y3vwxshpo=
-----END CERTIFICATE-----
privatekey: |
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT
HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk
H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI
4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d
NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB
+Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7
A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu
eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5
N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe
EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL
PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR
0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA
6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z
FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo
L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL
d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA
0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu
MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2
wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd
DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7
wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc
nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S
dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P
//L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY
qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc
3G15AKCXo7jjOUtHY01DCQ==
-----END PRIVATE KEY-----

28
library/ix-dev/enterprise/minio/ci/snsd-logsearch-values.yaml Normal file
View File

@@ -0,0 +1,28 @@
# When inside the versioned minio folder, run:
# helm dependency update
# helm template -f ix_values.yaml -f ci/logsearch-values.yaml .
# Always use a unique hostPath for each test
minioCreds:
rootUser: minio_test
rootPass: minio_test
minioStorage:
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data1
datasetName: ""
mountPath: /data1
minioLogging:
logsearch:
enabled: true
diskCapacityGB: 5
pgData:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/postgres_data
datasetName: ""
pgBackup:
type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/postgres_backup
datasetName: ""

19
library/ix-dev/enterprise/minio/ci/snsd-values.yaml Normal file
View File

@@ -0,0 +1,19 @@
# When inside the versioned minio folder, run:
# helm dependency update
# helm template -f ix_values.yaml -f ci/basic-values.yaml .
# Always use a unique hostPath for each test
minioCreds:
rootUser: minio_test
rootPass: minio_test
minioRunAs:
user: 1000
group: 1000
minioStorage:
- type: hostPath
hostPath: /mnt/{{ .Release.Namespace }}/data1
datasetName: ""
mountPath: /data1

5
library/ix-dev/enterprise/minio/item.yaml Normal file
View File

@@ -0,0 +1,5 @@
icon_url: https://min.io/resources/img/logo/MINIO_wordmark.png
categories:
- storage
- object-storage
- S3

351
library/ix-dev/enterprise/minio/questions.yaml Normal file
View File

@@ -0,0 +1,351 @@
groups:
- name: MinIO Credentials
description: Configure Credentials for MinIO
- name: User and Group Configuration
description: Configure User and Group for MinIO
- name: Network Configuration
description: Configure Network for MinIO
- name: Storage Configuration
description: Configure Storage for MinIO
- name: MultiMode Configuration
description: Configure MultiMode for MinIO
- name: MinIO Logging
description: Configure Logging for MinIO
- name: Resources Configuration
description: Configure Resources for MinIO
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
path: "$kubernetes-resource_configmap_portal_path"
questions:
- variable: minioCreds
label: ""
group: MinIO Credentials
schema:
type: dict
attrs:
- variable: rootUser
label: Root User
description: The access key for the root user.
schema:
type: string
min_length: 5
required: true
- variable: rootPass
label: Root Password
description: The secret key for the root user.
schema:
type: string
required: true
min_length: 8
private: true
- variable: minioRunAs
label: ""
group: User and Group Configuration
schema:
type: dict
attrs:
- variable: user
label: User ID
description: |
The user id that MinIO will run as. <br/>
Can't be changed after initial install.
schema:
type: int
min: 1
default: 568
immutable: true
required: true
- variable: group
label: Group ID
description: |
The group id that MinIO will run as. <br/>
Can't be changed after initial install.
schema:
type: int
min: 1
default: 568
immutable: true
required: true
- variable: minioNetwork
label: ""
group: Network Configuration
schema:
type: dict
attrs:
- variable: apiPort
label: API Port
description: The port for the MinIO API.
schema:
type: int
default: 30000
min: 9000
max: 65535
required: true
- variable: webPort
label: Web Port
description: The port for the MinIO Web UI.
schema:
type: int
default: 30001
min: 9000
max: 65535
required: true
- variable: hostNetwork
label: Host Network
description: |
Bind to the host network. It's recommended to keep this disabled.</br>
schema:
type: boolean
default: false
- variable: certificateID
label: Certificate
description: The certificate to use for MinIO
schema:
type: int
"null": true
$ref:
- "definitions/certificate"
- variable: serverUrl
label: MinIO Server URL (API)
description: |
The URL that console will use to reach API</br>
For example https;//minio1.example.com.</br></br>
This field is optional.
schema:
type: string
- variable: consoleUrl
label: MinIO Browser Redirect URL
description: |
The URL that console will provide as a redirect URL</br>
For example https;//console.example.com.</br></br>
This field is optional.
schema:
type: string
- variable: enableMultiMode
label: Enable Multi Mode (SNMD or MNMD)
group: MultiMode Configuration
description: |
For Single Node Multi Drive (SNMD), the entry will look like this:</br>
Example Entry - /data{1...4}</br></br>
For Multi Node Multi Drive (MNMD), the entry will look like this:</br>
Example Entry - https://minio{1...3}.example.com:30000/data{1...4}</br></br>
Note that each host must use the same port number and the same number of storage items.</br>
In both cases /data{1..4} is the directories to be used for MinIO.
You have to add additional storage for each data entry.
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: minioMultiMode
label: Multi Mode (SNMD or MNMD)
group: MultiMode Configuration
schema:
type: list
default: []
items:
- variable: item
label: ""
schema:
type: string
required: true
- variable: minioStorage
label: ""
group: Storage Configuration
schema:
type: list
default: []
items:
- variable: item
label: Storage Item
schema:
type: dict
attrs:
- variable: type
label: Type
schema:
type: string
immutable: true
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path
- value: ixVolume
description: ixVolume
- variable: mountPath
label: Mount Path
description: The path inside the container to mount the storage.
schema:
type: path
required: true
immutable: true
default: /data1
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
required: true
immutable: true
default: ""
show_if: [["type", "=", "hostPath"]]
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
immutable: true
# Can we make this dynamic, so we can hide it?!
default: data1
$ref:
- "normalize/ixVolume"
- variable: minioLogging
label: ""
group: MinIO Logging
schema:
type: dict
attrs:
- variable: anonymous
label: Anonymous
description: Hides sensitive information from logging.
schema:
type: boolean
default: false
- variable: quiet
label: Quiet
description: Disables startup information.
schema:
type: boolean
default: false
- variable: logsearch
label: LogSearch Configuration
schema:
type: dict
attrs:
- variable: enabled
label: Enable LogSearch
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: diskCapacityGB
label: Disk Capacity (GB)
description: The disk capacity for LogSearch.
schema:
type: int
default: 5
required: true
- variable: pgData
label: Postgres Data Storage
description: The path to store Postgres data.
schema:
type: dict
attrs:
- variable: type
label: Type
schema:
type: string
required: true
immutable: true
default: ixVolume
enum:
- value: hostPath
description: Host Path
- value: ixVolume
description: ixVolume
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: postgres-data
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
immutable: true
required: true
- variable: pgBackup
label: Postgres Backup Storage
description: The path to store Postgres backups.
schema:
type: dict
attrs:
- variable: type
label: Type
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path
- value: ixVolume
description: ixVolume
- variable: datasetName
label: Dataset Name
schema:
type: string
show_if: [["type", "=", "ixVolume"]]
required: true
hidden: true
immutable: true
default: postgres-backup
$ref:
- "normalize/ixVolume"
- variable: hostPath
label: Host Path
schema:
type: hostpath
show_if: [["type", "=", "hostPath"]]
required: true
- variable: resources
label: ""
group: Resources Configuration
schema:
type: dict
attrs:
- variable: limits
label: Limits
schema:
type: dict
attrs:
- variable: cpu
label: CPU
description: CPU limit for MinIO.
schema:
type: string
default: 4000m
required: true
- variable: memory
label: Memory
description: Memory limit for MinIO.
schema:
type: string
default: 8Gi
required: true

1
library/ix-dev/enterprise/minio/templates/NOTES.txt Normal file
View File

@@ -0,0 +1 @@
{{ include "ix.v1.common.lib.chart.notes" $ }}

61
library/ix-dev/enterprise/minio/templates/_configuration.tpl Normal file
View File

@@ -0,0 +1,61 @@
{{- define "minio.configuration" -}}
{{/* Validation */}}
{{ include "minio.validation" $ }}
{{ $config := fromJson (include "minio.prepare.config" $) }}
{{/* Secrets */}}
secret:
minio-creds:
enabled: true
data:
MINIO_ROOT_USER: {{ .Values.minioCreds.rootUser }}
MINIO_ROOT_PASSWORD: {{ .Values.minioCreds.rootPass }}
MINIO_VOLUMES: {{ $config.volumes }}
{{ with .Values.minioNetwork.serverUrl }}
MINIO_SERVER_URL: {{ . | quote }}
{{ end }}
{{ with .Values.minioNetwork.consoleUrl }}
MINIO_BROWSER_REDIRECT_URL: {{ . | quote }}
{{ end }}
{{ if .Values.minioLogging.logsearch.enabled }}
MINIO_AUDIT_WEBHOOK_ENABLE_ix_logsearch: "on"
MINIO_AUDIT_WEBHOOK_ENDPOINT_ix_logsearch: {{ $config.webhookURL }}
MINIO_LOG_QUERY_AUTH_TOKEN: {{ $config.queryToken }}
MINIO_LOG_QUERY_URL: {{ $config.logQueryURL }}
{{ end }}
# Always create the logsearch and postgres secret, even if logsearch is disabled.
# Because autogenerated passwords are stored in the secret, and disabling logsearch after
# the secret is created will cause the passwords to be lost (if the secret is conditionally rendered).
logsearch-creds:
enabled: true
data:
LOGSEARCH_PG_CONN_STR: {{ $config.postgresURL }}
LOGSEARCH_AUDIT_AUTH_TOKEN: {{ $config.auditToken }}
MINIO_LOG_QUERY_AUTH_TOKEN: {{ $config.queryToken }}
{{ if .Values.minioLogging.logsearch.enabled }}
LOGSEARCH_DISK_CAPACITY_GB: {{ $config.diskCapacity | quote }}
{{ end }}
postgres-creds:
enabled: true
data:
POSTGRES_PASSWORD: {{ $config.dbPass }}
POSTGRES_USER: {{ $config.dbUser }}
POSTGRES_DB: {{ $config.dbName }}
POSTGRES_HOST: {{ $config.dbHost }}
POSTGRES_URL: {{ $config.postgresURL }}
{{/* MinIO Certificate */}}
{{ if .Values.minioNetwork.certificateID }}
scaleCertificate:
minio-cert:
enabled: true
labels: {}
annotations: {}
id: {{ .Values.minioNetwork.certificateID }}
{{ end }}
{{- end -}}

91
library/ix-dev/enterprise/minio/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,91 @@
{{/* Scheme */}}
{{- define "minio.scheme" -}}
{{- $scheme := "http" -}}
{{- if .Values.minioNetwork.certificateID -}}
{{- $scheme = "https" -}}
{{- end -}}
{{- $scheme -}}
{{- end -}}
{{- define "minio.hostnetwork" -}}
{{- $hostNet := .Values.minioNetwork.hostNetwork -}}
{{- range $entry := .Values.minioMultiMode -}}
{{/*
Only if multi mode has urls set hostnetwork,
Multi Mode can be used for single node, multi disk setup
*/}}
{{- if contains "://" $entry -}}
{{- $hostNet = true -}}
{{- end -}}
{{- end -}}
{{- $hostNet -}}
{{- end -}}
{{/* Validation */}}
{{- define "minio.validation" -}}
{{- if not .Values.minioCreds.rootUser -}}
{{- fail "Expected non-empty <rootUser>" -}}
{{- end -}}
{{- if not .Values.minioCreds.rootPass -}}
{{- fail "Expected non-empty <rootPass>" -}}
{{- end -}}
{{- if not .Values.minioStorage -}}
{{- fail "Expected at least 1 storage item added" -}}
{{- end -}}
{{- if and (ne (len .Values.minioStorage) 1) (not .Values.minioMultiMode) -}}
{{- fail "Expected Multi Mode to be enabled, when more than 1 storage items added" -}}
{{- end -}}
{{- end -}}
{{/* Config preparation */}}
{{- define "minio.prepare.config" -}}
{{/* Prepare logsearch related config, shared across different configmaps */}}
{{- $config := dict -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- if .Values.minioLogging.logsearch.enabled -}}
{{- $_ := set $config "diskCapacity" (required "Expected non-empty <disk_capacity_gb>" .Values.minioLogging.logsearch.diskCapacityGB) -}}
{{- end -}}
{{- $_ := set $config "dbUser" "logsearch" -}}
{{- $_ := set $config "dbName" "logsearch" -}}
{{- $_ := set $config "dbPass" (randAlphaNum 32) -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}}
{{- $_ := set $config "dbPass" ((index .data "POSTGRES_PASSWORD") | b64dec) -}}
{{- end -}}
{{- $_ := set $config "auditToken" (randAlphaNum 32) -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-logsearch-creds" $fullname)) -}}
{{- $_ := set $config "auditToken" ((index .data "LOGSEARCH_AUDIT_AUTH_TOKEN") | b64dec) -}}
{{- end -}}
{{- $_ := set $config "queryToken" (randAlphaNum 32) -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-logsearch-creds" $fullname)) -}}
{{- $_ := set $config "queryToken" ((index .data "MINIO_LOG_QUERY_AUTH_TOKEN") | b64dec) -}}
{{- end -}}
{{- $_ := set $config "dbHost" (printf "%s-postgres" $fullname ) -}}
{{- $_ := set $config "logQueryURL" (printf "http://%s-logsearch:8080" $fullname) -}}
{{- $_ := set $config "webhookURL" (printf "%s/api/ingest?token=%v" $config.logQueryURL $config.auditToken) -}}
{{- $_ := set $config "postgresURL" (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $config.dbUser $config.dbPass $config.dbHost $config.dbName) -}}
{{/* When no multi mode, use the first storage entry */}}
{{- $_ := set $config "volumes" (.Values.minioStorage | first).mountPath -}}
{{- if .Values.minioMultiMode -}}
{{- $_ := set $config "volumes" (join " " .Values.minioMultiMode) -}}
{{- end -}}
{{- if not $config.volumes -}}
{{- fail "ERROR: Volumes can't be empty" -}}
{{- end -}}
{{- $config | toJson -}}
{{- end -}}

51
library/ix-dev/enterprise/minio/templates/_logsearch.tpl Normal file
View File

@@ -0,0 +1,51 @@
{{- define "logsearch.workload" -}}
workload:
logsearch:
enabled: true
type: Deployment
podSpec:
containers:
logsearch:
enabled: true
primary: true
imageSelector: logsearchImage
securityContext:
runAsUser: {{ .Values.minioRunAs.user }}
runAsGroup: {{ .Values.minioRunAs.group }}
envFrom:
- secretRef:
name: logsearch-creds
command: /logsearchapi
probes:
liveness:
enabled: true
type: http
port: 8080
path: /status
readiness:
enabled: true
type: http
port: 8080
path: /status
startup:
enabled: true
type: http
port: 8080
path: /status
initContainers:
{{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
"secretName" "postgres-creds") | nindent 8 }}
{{/* Service */}}
service:
logsearch:
enabled: true
type: ClusterIP
targetSelector: logsearch
ports:
logsearch:
enabled: true
primary: true
port: 8080
targetSelector: logsearch
{{- end -}}

143
library/ix-dev/enterprise/minio/templates/_minio.tpl Normal file
View File

@@ -0,0 +1,143 @@
{{- define "minio.workload" -}}
workload:
minio:
enabled: true
primary: true
type: Deployment
podSpec:
hostNetwork: {{ include "minio.hostnetwork" $ }}
containers:
minio:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: {{ .Values.minioRunAs.user }}
runAsGroup: {{ .Values.minioRunAs.group }}
envFrom:
- secretRef:
name: minio-creds
args:
- server
- "--address"
- {{ printf ":%v" .Values.minioNetwork.apiPort | quote }}
- "--console-address"
- {{ printf ":%v" .Values.minioNetwork.webPort | quote }}
{{- if .Values.minioNetwork.certificateID }}
- "--certs-dir"
- "/.minio/certs"
{{- end -}}
{{- if .Values.minioLogging.anonymous }}
- "--anonymous"
{{- end -}}
{{- if .Values.minioLogging.quiet }}
- "--quiet"
{{- end }}
probes:
liveness:
enabled: true
type: {{ include "minio.scheme" $ }}
port: "{{ .Values.minioNetwork.apiPort }}"
path: /minio/health/live
readiness:
enabled: true
type: {{ include "minio.scheme" $ }}
port: "{{ .Values.minioNetwork.apiPort }}"
path: /minio/health/live
startup:
enabled: true
type: {{ include "minio.scheme" $ }}
port: "{{ .Values.minioNetwork.apiPort }}"
path: /minio/health/live
initContainers:
{{- include "ix.v1.common.app.permissions" (dict "UID" .Values.minioRunAs.user
"GID" .Values.minioRunAs.group
"type" "install") | nindent 8 -}}
{{- if .Values.minioLogging.logsearch.enabled }}
logsearch-wait:
enabled: true
type: init
imageSelector: bashImage
resources:
limits:
cpu: 500m
memory: 256Mi
envFrom:
- secretRef:
name: minio-creds
command: bash
args:
- -c
- |
echo "Pinging Logsearch API for readiness..."
until wget --spider --quiet --timeout=3 --tries=1 ${MINIO_LOG_QUERY_URL}/status; do
echo "Waiting for Logsearch API (${MINIO_LOG_QUERY_URL}/status) to be ready..."
sleep 2
done
echo "Logsearch API is ready"
{{- end }}
{{/* Service */}}
service:
minio:
enabled: true
primary: true
type: NodePort
targetSelector: minio
ports:
api:
enabled: true
primary: true
port: {{ .Values.minioNetwork.apiPort }}
nodePort: {{ .Values.minioNetwork.apiPort }}
targetSelector: minio
webui:
enabled: true
port: {{ .Values.minioNetwork.webPort }}
nodePort: {{ .Values.minioNetwork.webPort }}
targetSelector: minio
{{/* Persistence */}}
persistence:
{{- range $idx, $storage := .Values.minioStorage }}
{{ printf "data%v" (int $idx) }}:
enabled: true
type: {{ $storage.type }}
datasetName: {{ $storage.datasetName | default "" }}
hostPath: {{ $storage.hostPath | default "" }}
targetSelector:
minio:
minio:
mountPath: {{ $storage.mountPath }}
permissions:
mountPath: /mnt/directories{{ $storage.mountPath }}
{{- end }}
# Minio writes temporary files to this directory. Adding this as an emptyDir,
# So we don't have to set readOnlyRootFilesystem to false
tempdir:
enabled: true
type: emptyDir
targetSelector:
minio:
minio:
mountPath: /.minio
{{- if .Values.minioNetwork.certificateID }}
cert:
enabled: true
type: secret
objectName: minio-cert
defaultMode: "0600"
items:
- key: tls.key
path: private.key
- key: tls.crt
path: public.crt
- key: tls.crt
path: CAs/public.crt
targetSelector:
minio:
minio:
mountPath: /.minio/certs
readOnly: true
{{- end -}}
{{- end -}}

15
library/ix-dev/enterprise/minio/templates/_portal.tpl Normal file
View File

@@ -0,0 +1,15 @@
{{- define "minio.portal" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portal
data:
{{- $host := .Values.minioNetwork.consoleUrl | default "$node_ip" -}}
{{- $host = $host | replace "https://" "" -}}
{{- $host = $host | replace "http://" "" }}
path: "/"
port: {{ .Values.minioNetwork.webPort | quote }}
protocol: {{ include "minio.scheme" $ }}
host: {{ $host }}
{{- end -}}

48
library/ix-dev/enterprise/minio/templates/_postgres.tpl Normal file
View File

@@ -0,0 +1,48 @@
{{- define "postgres.workload" -}}
workload:
{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds" "resources" .Values.resources) | nindent 2 }}
{{/* Service */}}
service:
postgres:
enabled: true
type: ClusterIP
targetSelector: postgres
ports:
postgres:
enabled: true
primary: true
port: 5432
targetSelector: postgres
{{/* Persistence */}}
persistence:
postgresdata:
enabled: true
type: {{ .Values.minioLogging.logsearch.pgData.type }}
datasetName: {{ .Values.minioLogging.logsearch.pgData.datasetName | default "" }}
hostPath: {{ .Values.minioLogging.logsearch.pgData.hostPath | default "" }}
targetSelector:
# Postgres pod
postgres:
# Postgres container
postgres:
mountPath: /var/lib/postgresql/data
# Permissions container
permissions:
mountPath: /mnt/directories/postgres_data
postgresbackup:
enabled: true
type: {{ .Values.minioLogging.logsearch.pgBackup.type }}
datasetName: {{ .Values.minioLogging.logsearch.pgBackup.datasetName | default "" }}
hostPath: {{ .Values.minioLogging.logsearch.pgBackup.hostPath | default "" }}
targetSelector:
# Postgres backup pod
postgresbackup:
# Postgres backup container
postgresbackup:
mountPath: /postgres_backup
# Permissions container
permissions:
mountPath: /mnt/directories/postgres_backup
{{- end -}}

15
library/ix-dev/enterprise/minio/templates/common.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- include "ix.v1.common.loader.init" . -}}
{{/* Merge the templates with Values */}}
{{- $_ := mustMergeOverwrite .Values (include "minio.configuration" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "minio.workload" $ | fromYaml) -}}
{{- if .Values.minioLogging.logsearch.enabled -}}
{{- $_ := mustMergeOverwrite .Values (include "logsearch.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}}
{{- end -}}
{{/* Create the configmap for portal manually*/}}
{{- include "minio.portal" $ -}}
{{- include "ix.v1.common.loader.apply" . -}}

1
library/ix-dev/enterprise/minio/upgrade_info.json Normal file
View File

@@ -0,0 +1 @@
{"filename": "values.yaml", "keys": ["image"]}

28
library/ix-dev/enterprise/minio/upgrade_strategy Executable file
View File

@@ -0,0 +1,28 @@
#!/usr/bin/python3
import json
import sys
from catalog_update.upgrade_strategy import datetime_versioning
def newer_mapping(image_tags):
key = list(image_tags.keys())[0]
tags = {t.strip('RELEASE.'): t for t in image_tags[key] if t.startswith(
'RELEASE.') and t.endswith('Z')}
version = datetime_versioning(list(tags), '%Y-%m-%dT%H-%M-%SZ')
if not version:
return {}
return {
'tags': {key: tags[version]},
'app_version': version.split('T')[0],
}
if __name__ == '__main__':
try:
versions_json = json.loads(sys.stdin.read())
except ValueError:
raise ValueError('Invalid json specified')
print(json.dumps(newer_mapping(versions_json)))

50
library/ix-dev/enterprise/minio/values.yaml Normal file
View File

@@ -0,0 +1,50 @@
image:
repository: minio/minio
tag: RELEASE.2023-02-27T18-10-45Z
pullPolicy: IfNotPresent
logsearchImage:
repository: minio/operator
tag: v4.5.8
pullPolicy: IfNotPresent
resources:
limits:
cpu: 4000m
memory: 8Gi
minioCreds:
rootUser: ""
rootPass: ""
minioRunAs:
user: 568
group: 568
minioNetwork:
apiPort: 30000
webPort: 30001
certificateID: ""
hostNetwork: false
serverUrl: ""
consoleUrl: ""
minioMultiMode: []
minioStorage: []
minioLogging:
anonymous: false
quiet: false
logsearch:
enabled: false
diskCapacityGB: 5
pgData:
type: ixVolume
hostPath: ""
datasetName: postgres-data
pgBackup:
type: ixVolume
hostPath: ""
datasetName: postgres-backup