truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-05 11:48:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

charts/minio - migration (#2256)

Browse Source
This commit is contained in:
Stavros Kois
2024-03-19 14:50:20 +02:00
committed by GitHub
parent 6dbdb2e5c9
commit 4535f076cc
42 changed files with 1227 additions and 1257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
library/ix-dev/charts/minio/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: file://../../../common/2304.0.1
version: 2304.0.1
digest: sha256:1ed155c6760e1166e2cb75b52bc5e81c6bdf0252c16ff5ede001157077c41670
generated: "2023-07-14T11:04:04.184288265+03:00"
repository: file://../../../common
version: 1.2.9
digest: sha256:af1a9a1f87e3e48453c9f25f909f5ebcd7fa6e25162b7b425448ba752bcdbc5c
generated: "2024-03-05T19:01:30.381261596+02:00"

10
library/ix-dev/charts/minio/Chart.yaml
View File

@@ -3,18 +3,18 @@ description: High Performance, Kubernetes Native Object Storage
annotations:
title: MinIO
type: application
version: 1.7.24
version: 2.0.0
apiVersion: v2
appVersion: '2023-03-13'
kubeVersion: '>=1.16.0-0'
appVersion: "2023-03-13"
kubeVersion: ">=1.16.0-0"
maintainers:
- name: truenas
url: https://www.truenas.com/
email: dev@ixsystems.com
dependencies:
- name: common
repository: file://../../../common/2304.0.1
version: 2304.0.1
repository: file://../../../common
version: 1.2.9
home: https://min.io
icon: https://media.sys.truenas.net/apps/minio/icons/icon.png
sources:

48
library/ix-dev/charts/minio/README.md
View File

@@ -1,52 +1,8 @@
MinIO
=====
# MinIO
[MinIO](https://min.io) is a High Performance Object Storage released under Apache License v2.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads.
MinIO supports [distributed mode](https://docs.minio.io/docs/distributed-minio-quickstart-guide). In distributed mode, you can pool multiple drives (even on different machines) into a single object storage server.
For more detailed documentation please visit [here](https://docs.minio.io/)
Introduction
------------
This chart bootstraps MinIO deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Configuration
-------------
The following table lists the configurable parameters of the MinIO chart and their default values.
| Parameter | Description | Default |
|:-------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|
| `image.repository` | Image repository | `minio/minio` |
| `image.tag` | MinIO image tag. Possible values listed [here](https://hub.docker.com/r/minio/minio/tags/). | `RELEASE.2020-11-06T23-17-07Z` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `extraArgs` | Additional command line arguments to pass to the MinIO server | `[]` |
| `accessKey` | Default access key (5 to 20 characters) | random 20 chars |
| `secretKey` | Default secret key (8 to 40 characters) | random 40 chars |
| `persistence.enabled` | Use persistent volume to store data | `true` |
| `persistence.size` | Size of persistent volume claim | `500Gi` |
| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` |
| `persistence.storageClass` | Storage class name of PVC | `nil` |
| `persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` |
| `persistence.subPath` | Mount a sub directory of the persistent volume if set | `""` |
| `environment` | Set MinIO server relevant environment variables in `values.yaml` file. MinIO containers will be passed these variables when they start. | `MINIO_STORAGE_CLASS_STANDARD: EC:4"` |
Some parameters above map to the env variables defined in the [MinIO DockerHub image](https://hub.docker.com/r/minio/minio/).
Pass environment variables to MinIO containers
----------------------------------------------
To pass environment variables to MinIO containers when deploying via Helm chart, use the below command line format
```bash
$ helm install --set environment.MINIO_BROWSER=on,environment.MINIO_DOMAIN=domain-name minio/minio
```
You can add as many environment variables as required, using the above format. Just add `environment.<VARIABLE_NAME>=<value>` under `set` flag.
**NOTE**
- On fresh installation, minIO data directory's ownership will be updated to minio:minio.
- For existing installations that are exhibiting the upgrade to >=1.5.0, the minIO data directory's ownership will be migrated to minio:minio.

5
library/ix-dev/charts/minio/app-readme.md
View File

@@ -1,5 +1,8 @@
# MinIO
[MinIO](https://min.io) is a High Performance Object Storage released under Apache License v2.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads.
**NOTE**
- On installation, minIO data directory's ownership will be updated to minio:minio.
- On fresh installation, minIO data directory's ownership will be updated to minio:minio.
- For existing installations that are exhibiting the upgrade to >=1.5.0, the minIO data directory's ownership will be migrated to minio:minio.

BIN
library/ix-dev/charts/minio/charts/common-1.2.9.tgz Normal file
View File

Binary file not shown.

BIN
library/ix-dev/charts/minio/charts/common-2304.0.1.tgz
View File

Binary file not shown.

20
library/ix-dev/charts/minio/ci/basic-values.yaml Normal file
View File

@@ -0,0 +1,20 @@
minioConfig:
rootUser: super-admin
rootPassword: super-admin-password
minioNetwork:
apiPort: 31000
consolePort: 31001
minioStorage:
export:
type: pvc
logSearchApi: true
logSearchDiskCapacityGB: 5
pgData:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""

66
library/ix-dev/charts/minio/ci/https-values.yaml
View File

@@ -1,50 +1,25 @@
appVolumeMounts:
minioStorage:
export:
emptyDir: true
mountPath: /export
distributedIps: []
distributedMode: false
dnsConfig:
options: []
emptyDirVolumes: true
environmentVariables: []
extraAppVolumeMounts: []
extraArgs: []
image:
pullPolicy: IfNotPresent
repository: minio/minio
tag: RELEASE.2023-03-13T19-46-17Z
ixChartContext: {}
logSearchImage:
pullPolicy: IfNotPresent
repository: minio/operator
tag: v4.5.4
logsearchapi:
diskCapacityGB: 5
enabled: true
minioDomain: null
postgresAppVolumeMounts:
postgres-backup:
emptyDir: true
mountPath: /postgres_backups
postgres-data:
emptyDir: true
mountPath: /var/lib/postgresql/data
postgresql:
backupVolume:
datasetName: ix-postgres_backups
mountPath: /postgres_backups
dataVolume:
datasetName: ix-postgres_data
mountPath: /var/lib/postgresql/data
runAsGroup: 473
runAsUser: 473
service:
consolePort: 32325
nodePort: 32324
updateStrategy: RollingUpdate
type: pvc
logSearchApi: true
logSearchDiskCapacityGB: 5
pgData:
type: pvc
pgBackup:
type: emptyDir
emptyDirConfig:
medium: ""
size: ""
minioConfig:
rootUser: super-admin
rootPassword: super-admin-password
minioNetwork:
apiPort: 31000
consolePort: 31001
certificateID: 1
certificate: "1"
ixCertificates:
"1":
certificate: |
@@ -74,7 +49,6 @@ ixCertificates:
x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD

45
library/ix-dev/charts/minio/ci/test-values.yaml
View File

@@ -1,45 +0,0 @@
appVolumeMounts:
export:
emptyDir: true
mountPath: /export
distributedIps: []
distributedMode: false
dnsConfig:
options: []
emptyDirVolumes: true
environmentVariables: []
extraAppVolumeMounts: []
extraArgs: []
image:
pullPolicy: IfNotPresent
repository: minio/minio
tag: RELEASE.2023-03-13T19-46-17Z
ixChartContext: {}
logSearchImage:
pullPolicy: IfNotPresent
repository: minio/operator
tag: v4.5.4
logsearchapi:
diskCapacityGB: 5
enabled: true
minioDomain: null
postgresAppVolumeMounts:
postgres-backup:
emptyDir: true
mountPath: /postgres_backups
postgres-data:
emptyDir: true
mountPath: /var/lib/postgresql/data
postgresql:
backupVolume:
datasetName: ix-postgres_backups
mountPath: /postgres_backups
dataVolume:
datasetName: ix-postgres_data
mountPath: /var/lib/postgresql/data
runAsGroup: 473
runAsUser: 473
service:
consolePort: 32325
nodePort: 32324
updateStrategy: RollingUpdate

184
library/ix-dev/charts/minio/migrations/migrate
View File

@@ -2,119 +2,101 @@
import json
import os
import sys
import subprocess
from pathlib import Path
from middlewared.client import Client
from middlewared.service import ValidationErrors, CallError
def path_in_locked_datasets(path: str) -> bool:
with Client() as c:
return c.call('pool.dataset.path_in_locked_datasets', path)
def migrate_volume(volume):
return {
'type': 'hostPath',
'hostPathConfig': {
'hostPath': volume['hostPath']
},
} if volume.get('hostPathEnabled', False) else {
'type': 'ixVolume',
'ixVolumeConfig': {
'datasetName': volume['datasetName'],
},
}
def get_configured_user_group(path: str) -> dict:
with Client() as c:
return c.call('filesystem.stat', path)
def migrate_common_lib(values):
delete_keys = [
'dnsConfig', 'updateStrategy', 'enableResourceLimits', 'cpuLimit',
'memLimit', 'certificate', 'service', 'environmentVariables', 'minioDomain',
'accessKey', 'secretKey', 'distributedMode', 'distributedIps', 'logsearchapi',
'appVolumeMounts', 'extraAppVolumeMounts', 'postgresAppVolumeMounts'
]
values.update({
# Migrate Config
'minioConfig': {
'rootUser': values['accessKey'],
'rootPassword': values['secretKey'],
'domain': values.get('minioDomain', ''),
'extraArgs': values.get('extraArgs', []),
'additionalEnvs': [e for e in values.get('environmentVariables', []) if e['name'] not in ['PLEX_UID', 'PLEX_GID'] ],
},
# Migrate Network
'minioNetwork': {
'apiPort': values['service']['nodePort'],
'consolePort': values['service']['consolePort'],
'certificateID': values['certificate'],
},
# Migrate Resources
'resources': {
'limits': {
'cpu': values.get('cpuLimit', '4000m'),
'memory': values.get('memLimit', '8Gi'),
}
},
# Migrate DNS
'podOptions': {
'dnsConfig': {
'options': [
{'name': opt['name'], 'value': opt['value']}
for opt in values.get('dnsConfig', {}).get('options', [])
]
}
},
# Migrate Storage
'minioStorage': {
'distributedMode': values['distributedMode']
'distributedIps': values['distributedIps'] if values['distributedMode'] else [],
'logSearchApi': values['logsearchapi']['enabled'],
'logSearchDiskCapacityGB': values['logsearchapi']['diskCapacityGB'] if values['logsearchapi']['enabled'] else 5,
'export': migrate_volume(values['appVolumeMounts']['export']).update({
mountPath: values['appVolumeMounts']['export'][mountPath]
}),
'pgData': migrate_volume(values['postgresAppVolumeMounts']['postgres-data']),
'pgBackup': migrate_volume(values['postgresAppVolumeMounts']['postgres-backup']),
'additionalStorages': [
{
'type': 'hostPath',
'hostPathConfig': {'hostPath': e['hostPath']},
'mountPath': e['mountPath'],
'readOnly': e['readOnly'],
}
for e in values.get('extraAppVolumeMounts', [])
],
},
})
def get_host_path_attachments(path: str) -> set:
with Client() as c:
return {
attachment['type']
for attachment in c.call('pool.dataset.attachments_with_path', path)
if attachment['type'].lower() not in ['kubernetes', 'chart releases']
}
def get_kubernetes_config() -> dict:
with Client() as c:
return c.call('kubernetes.config')
def validate_host_path(path: str, schema_name: str, verrors: ValidationErrors) -> None:
"""
These validations are taken from `FilesystemService._common_perm_path_validate`.
Including an additional validation that makes sure all the children under
a path are on same device.
"""
schema_name += ".migration.chown"
p = Path(path)
if not p.is_absolute():
verrors.add(schema_name, f"Must be an absolute path: {path}")
if p.is_file():
verrors.add(schema_name, f"Recursive operations on a file are invalid: {path}")
if not p.absolute().as_posix().startswith("/mnt/"):
verrors.add(
schema_name,
f"Changes to permissions on paths that are not beneath the directory /mnt are not permitted: {path}"
)
elif len(p.resolve().parents) == 2:
verrors.add(schema_name, f"The specified path is a ZFS pool mountpoint: {path}")
# Make sure that dataset is not locked
if path_in_locked_datasets(path):
verrors.add(schema_name, f"Dataset is locked at path: {path}.")
# Validate attachments
if attachments := get_host_path_attachments(path):
verrors.add(schema_name, f"The path '{path}' is already attached to service(s): {', '.join(attachments)}.")
# Make sure all the minio's data directory children are on same device.
device_id = os.stat(path).st_dev
for root, dirs, files in os.walk(path):
for child in dirs + files:
abs_path = os.path.join(root, child)
if os.stat(abs_path).st_dev != device_id:
verrors.add(
schema_name,
(f"All the children of MinIO data directory should be on "
f"same device as root: path={abs_path} device={os.stat(abs_path).st_dev}")
)
break
def migrate(values: dict) -> dict:
# minio user / group ID
uid = gid = 473
verrors = ValidationErrors()
k8s_config = get_kubernetes_config()
if values["appVolumeMounts"]["export"]["hostPathEnabled"]:
host_path = values["appVolumeMounts"]["export"]["hostPath"]
else:
app_dataset = values["appVolumeMounts"]["export"]["datasetName"]
host_path = os.path.join(
"/mnt", k8s_config['dataset'], "releases", values["release_name"], "volumes/ix_volumes", app_dataset
)
current_config = get_configured_user_group(host_path)
if current_config["uid"] == uid and current_config["gid"] == gid:
return values
validate_host_path(host_path, values['release_name'], verrors)
verrors.check()
# chown the host path
acltool = subprocess.run([
"/usr/bin/nfs4xdr_winacl",
"-a", "chown",
"-O", str(uid), "-G", str(gid),
"-r",
"-c", host_path,
"-p", host_path], check=False, capture_output=True
)
if acltool.returncode != 0:
raise CallError(f"acltool [chown] on path {host_path} failed with error: [{acltool.stderr.decode().strip()}]")
for k in delete_keys:
values.pop(k, None)
return values
def migrate(values):
# If this missing, we have already migrated
if not 'nodePort' in values.keys():
return values
if __name__ == "__main__":
return migrate_common_lib(values)
if __name__ == '__main__':
if len(sys.argv) != 2:
exit(1)
if os.path.exists(sys.argv[1]):
with open(sys.argv[1], "r") as f:
with open(sys.argv[1], 'r') as f:
print(json.dumps(migrate(json.loads(f.read()))))

28
library/ix-dev/charts/minio/migrations/migrate_from_1.0.0
View File

@@ -1,28 +0,0 @@
#!/usr/bin/python3
import json
import os
import sys
def migrate(values):
if values.get('appVolumeMounts'):
return values
values.update({
'appVolumeMounts': {
'export': {
'hostPathEnabled': values['minioHostPathEnabled'],
**({'hostPath': values['minioHostPath']} if values.get('minioHostPath') else {})
},
},
})
return values
if __name__ == '__main__':
if len(sys.argv) != 2:
exit(1)
if os.path.exists(sys.argv[1]):
with open(sys.argv[1], 'r') as f:
print(json.dumps(migrate(json.loads(f.read()))))

928
library/ix-dev/charts/minio/questions.yaml
View File

@@ -1,380 +1,634 @@
groups:
- name: "Container Images"
description: "Image to be used for container"
- name: "Workload Configuration"
description: "Configure workload deployment"
- name: "Minio Configuration"
description: "Configure Minio credentials"
- name: "Storage"
description: "Configure Storage for Minio"
- name: "Advanced DNS Settings"
description: "Configure DNS settings"
- name: "Resource Limits"
description: "Set CPU/memory limits for Kubernetes Pod"
- name: Minio Configuration
description: Configure Minio
- name: Advanced Pod Configuration
description: Configure Advanced Pod Options for Minio
- name: Network Configuration
description: Configure Network for Minio
- name: Storage Configuration
description: Configure Storage for Minio
- name: Resources Configuration
description: Configure Resources for Minio
portals:
web_portal:
protocols:
- "$kubernetes-resource_configmap_minio-config_protocol"
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$node_ip"
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$variable-service.consolePort"
- "$kubernetes-resource_configmap_portal_port"
path: "$kubernetes-resource_configmap_portal_path"
questions:
- variable: dnsConfig
label: "DNS Configuration"
group: "Advanced DNS Settings"
schema:
type: dict
attrs:
- variable: options
label: "DNS Options"
schema:
type: list
items:
- variable: optionsEntry
label: "Option Entry Configuration"
schema:
type: dict
attrs:
- variable: name
label: "Option Name"
schema:
type: string
required: true
- variable: value
label: "Option Value"
schema:
type: string
required: true
- variable: updateStrategy
label: "Minio update strategy"
group: "Workload Configuration"
schema:
type: string
default: "Recreate"
enum:
- value: "RollingUpdate"
description: "Create new pods and then kill old ones"
- value: "Recreate"
description: "Kill existing pods before creating new ones"
- variable: distributedMode
label: "Enable Distributed Mode"
description: "Run Minio instance to connect to a distributed minio cluster"
group: "Minio Configuration"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: distributedIps
label: "Distributed Minio Instance URI(s)"
schema:
type: list
required: true
default: []
items:
- variable: ip
label: "Distributed Minio Instance URI"
schema:
type: string
empty: false
- variable: extraArgs
label: "Minio Extra Arguments"
group: "Minio Configuration"
schema:
type: list
default: []
items:
- variable: arg
label: "Argument"
schema:
type: string
- variable: accessKey
label: "Root User"
group: "Minio Configuration"
description: "Enter the S3 Root User"
schema:
type: string
private: true
required: true
min_length: 5
max_length: 20
- variable: secretKey
label: "Root Password"
group: "Minio Configuration"
description: "Enter the S3 Root Password"
schema:
type: string
private: true
required: true
min_length: 8
max_length: 40
- variable: environmentVariables
label: "Minio image environment"
group: "Minio Configuration"
schema:
type: list
default: []
items:
- variable: environmentVariable
label: "Environment Variable"
schema:
type: dict
attrs:
- variable: name
label: "Name"
schema:
type: string
- variable: value
label: "Value"
schema:
type: string
- variable: service
description: "Minio Service Configuration"
label: "Minio Service Configuration"
group: "Minio Configuration"
schema:
type: dict
required: true
attrs:
- variable: nodePort
label: "Node Port to use for Minio API"
schema:
type: int
min: 9000
max: 65535
default: 9000
required: true
- variable: consolePort
label: "Node Port to use for Minio UI Access"
schema:
type: int
min: 9000
max: 65535
default: 9002
required: true
- variable: certificate
description: "Minio Certificate"
label: "Minio Certificate"
group: "Minio Configuration"
schema:
type: int
$ref:
- "definitions/certificate"
- variable: minioDomain
label: "Minio Domain Name"
description: |
Depending on your setup/environment, you may need to leave this blank.
Check MinIO documentation for more information.
group: "Minio Configuration"
schema:
type: string
default: null
"null": true
show_if: [["certificate", "!=", null]]
- variable: logsearchapi
label: Log Search API Configuration
description: Log Search API Configuration
- variable: minioConfig
label: ""
group: Minio Configuration
schema:
type: dict
attrs:
- variable: enabled
label: Enable Log Search API
description: Enables Log Search API and configures MinIO to use it. It also deploys a postgres DB for it.
- variable: rootUser
label: Root User
description: The root user for Minio.
schema:
type: string
private: true
required: true
min_length: 5
max_length: 20
- variable: rootPassword
label: Root Password
description: The root password for Minio.
schema:
type: string
private: true
required: true
min_length: 8
max_length: 40
- variable: domain
label: Domain (Optional)
description: |
Depending on your setup/environment, you may need to leave this blank.
Check MinIO documentation for more information.
schema:
type: string
- variable: extraArgs
label: Extra Arguments
description: Extra arguments for Minio.
schema:
type: list
default: []
items:
- variable: arg
label: Argument
schema:
type: string
required: true
- variable: additionalEnvs
label: Additional Environment Variables
description: Configure additional environment variables for Netdata.
schema:
type: list
default: []
items:
- variable: env
label: Environment Variable
schema:
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
- variable: podOptions
label: ""
group: Advanced Pod Configuration
schema:
type: dict
attrs:
- variable: dnsConfig
label: Advanced DNS Configuration
schema:
type: dict
attrs:
- variable: options
label: DNS Options
schema:
type: list
items:
- variable: optionsEntry
label: DNS Option Entry
schema:
type: dict
attrs:
- variable: name
label: Option Name
schema:
type: string
required: true
- variable: value
label: Option Value
schema:
type: string
required: true
- variable: minioNetwork
label: ""
group: Network Configuration
schema:
type: dict
attrs:
- variable: apiPort
label: API Port
description: The port for the Minio API.
schema:
type: int
default: 9000
min: 9000
max: 65535
required: true
- variable: consolePort
label: Console Port
description: The port for the Minio WebUI.
schema:
type: int
default: 9002
min: 9000
max: 65535
required: true
- variable: certificateID
label: Certificate
description: The certificate to use for Minio.
schema:
type: int
"null": true
$ref:
- "definitions/certificate"
- variable: minioStorage
label: ""
group: Storage Configuration
schema:
type: dict
attrs:
- variable: distributedMode
label: Enable Distributed Mode
schema:
type: boolean
default: false
- variable: diskCapacityGB
label: Disk Capacity in GB
description: Capacity in GB that logs are allowed to occupy.
- variable: distributedIps
label: Distributed Minio Instance URI(s)
schema:
type: int
show_if: [["enabled", "=", true]]
default: 5
- variable: appVolumeMounts
label: "Minio Storage"
group: "Storage"
schema:
type: dict
show_if: [["distributedMode", "=", false]]
attrs:
- variable: export
label: "Data Volume"
schema:
type: dict
attrs:
- variable: datasetName
label: "Minio Data Volume Name"
type: list
show_if: [["distributedMode", "==", true]]
required: true
default: []
items:
- variable: ip
label: Distributed Minio Instance URI
schema:
type: string
hidden: true
required: true
- variable: export
label: Minio Export Storage
description: The path to store Minio Export.
schema:
type: dict
show_if: [["distributedMode", "==", true]]
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: mountPath
label: Mount Path
description: The path inside the container to mount the storage.
schema:
type: path
default: /export
required: true
immutable: true
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: dict
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
show_if: [["hostPathEnabled", "=", false]]
default: "ix-minio"
editable: false
- variable: mountPath
label: "Minio Data Mount Path"
description: "Path where the volume will be mounted inside the pod"
schema:
type: path
default: "/export"
immutable: true
- variable: hostPathEnabled
label: "Enable Host Path for Minio Data Volume"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostPath
label: "Host Path for Minio Data Volume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: hostpath
type: boolean
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
hidden: true
default: "export"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: extraAppVolumeMounts
label: "Extra Host Path Volumes"
group: "Storage"
schema:
type: list
items:
- variable: extraAppVolume
label: "Host Path Volume"
description: "Add an extra host path volume for Minio application"
- variable: logSearchApi
label: Enable Log Search API
schema:
type: boolean
default: false
- variable: logSearchDiskCapacityGB
label: Log Search Disk Capacity
schema:
type: int
show_if: [["logSearchApi", "==", true]]
default: 5
- variable: pgData
label: Minio Postgres Data Storage
description: The path to store Minio Postgres Data.
schema:
type: dict
show_if: [["logSearchApi", "==", true]]
attrs:
- variable: mountPath
label: "Mount Path in Pod"
description: "Path where the volume will be mounted inside the pod"
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: path
type: string
required: true
- variable: hostPath
label: "Host Path"
description: "Host path"
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: hostpath
type: dict
# Nothing to show for the user
hidden: true
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
# Postgres does a CHMOD at startup
# Which fails with ACL
hidden: true
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
hidden: true
default: "pgData"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
# Postgres does a CHMOD at startup
# Which fails with ACL
hidden: true
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: pgBackup
label: Minio Postgres Backup Storage
description: The path to store Minio Postgres Backup.
schema:
type: dict
show_if: [["logSearchApi", "==", true]]
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.
schema:
type: string
required: true
immutable: true
default: ixVolume
enum:
- value: hostPath
description: Host Path (Path that already exists on the system)
- value: ixVolume
description: ixVolume (Dataset created automatically by the system)
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: dict
# Nothing to show for the user
hidden: true
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
# Postgres does a CHMOD at startup
# Which fails with ACL
hidden: true
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
hidden: true
default: "pgBackup"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
# Postgres does a CHMOD at startup
# Which fails with ACL
hidden: true
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: postgresAppVolumeMounts
label: Postgres Storage
group: Storage
- variable: additionalStorages
label: Additional Storage
description: Additional storage for Minio.
schema:
type: list
default: []
items:
- variable: storageEntry
label: Storage Entry
schema:
type: dict
attrs:
- variable: type
label: Type
description: |
ixVolume: Is dataset created automatically by the system.</br>
Host Path: Is a path that already exists on the system.</br>
SMB Share: Is a SMB share that is mounted to a persistent volume claim.
schema:
type: string
required: true
default: "ixVolume"
enum:
- value: "hostPath"
description: Host Path (Path that already exists on the system)
- value: "ixVolume"
description: ixVolume (Dataset created automatically by the system)
- value: "smb-pv-pvc"
description: SMB Share (Mounts a persistent volume claim to a SMB share)
- variable: readOnly
label: Read Only
description: Mount the volume as read only.
schema:
type: boolean
default: false
- variable: mountPath
label: Mount Path
description: The path inside the container to mount the storage.
schema:
type: path
required: true
- variable: hostPathConfig
label: Host Path Configuration
schema:
type: dict
show_if: [["type", "=", "hostPath"]]
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: acl
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
$ref:
- "normalize/acl"
- variable: hostPath
label: Host Path
description: The host path to use for storage.
schema:
type: hostpath
show_if: [["aclEnable", "=", false]]
required: true
- variable: ixVolumeConfig
label: ixVolume Configuration
description: The configuration for the ixVolume dataset.
schema:
type: dict
show_if: [["type", "=", "ixVolume"]]
$ref:
- "normalize/ixVolume"
attrs:
- variable: aclEnable
label: Enable ACL
description: Enable ACL for the dataset.
schema:
type: boolean
default: false
- variable: datasetName
label: Dataset Name
description: The name of the dataset to use for storage.
schema:
type: string
required: true
immutable: true
default: "storage_entry"
- variable: aclEntries
label: ACL Configuration
schema:
type: dict
show_if: [["aclEnable", "=", true]]
attrs: []
- variable: smbConfig
label: SMB Share Configuration
description: The configuration for the SMB Share.
schema:
type: dict
show_if: [["type", "=", "smb-pv-pvc"]]
attrs:
- variable: server
label: Server
description: The server for the SMB share.
schema:
type: string
required: true
- variable: share
label: Share
description: The share name for the SMB share.
schema:
type: string
required: true
- variable: domain
label: Domain (Optional)
description: The domain for the SMB share.
schema:
type: string
- variable: username
label: Username
description: The username for the SMB share.
schema:
type: string
required: true
- variable: password
label: Password
description: The password for the SMB share.
schema:
type: string
required: true
private: true
- variable: size
label: Size (in Gi)
description: The size of the volume quota.
schema:
type: int
required: true
min: 1
default: 1
- variable: resources
group: Resources Configuration
label: ""
schema:
type: dict
attrs:
- variable: postgres-data
label: Postgres Data Volume
- variable: limits
label: Limits
schema:
type: dict
attrs:
- variable: datasetName
label: Postgres Data Volume Name
- variable: cpu
label: CPU
description: CPU limit for WG-Easy.
schema:
type: string
hidden: true
$ref:
- normalize/ixVolume
default: ix-postgres_data
show_if: [["hostPathEnabled", "=", false]]
editable: false
- variable: mountPath
label: Postgresql Data Mount Path
description: Path where the volume will be mounted inside the pod
schema:
type: path
hidden: true
editable: false
default: /var/lib/postgresql/data
- variable: hostPathEnabled
label: Enable Host Path for Postgres Data Volume
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostPath
label: Host Path for Postgres Data Volume
schema:
type: hostpath
required: true
immutable: true
- variable: postgres-backup
label: Postgres Backup Volume
schema:
type: dict
attrs:
- variable: datasetName
label: Postgres Backup Volume Name
max_length: 6
valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$'
valid_chars_error: |
Valid CPU limit formats are</br>
- Plain Integer - eg. 1</br>
- Float - eg. 0.5</br>
- Milicpu - eg. 500m
default: "4000m"
required: true
- variable: memory
label: Memory
description: Memory limit for WG-Easy.
schema:
type: string
hidden: true
$ref:
- normalize/ixVolume
default: ix-postgres_backups
show_if: [["hostPathEnabled", "=", false]]
editable: false
- variable: mountPath
label: Postgresql Backup Mount Path
description: Path where the volume will be mounted inside the pod
schema:
type: path
hidden: true
editable: false
default: /postgres_backups
- variable: hostPathEnabled
label: Enable Host Path for Postgres Backup Volume
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostPath
label: Host Path for Postgres Backup Volume
schema:
type: hostpath
required: true
- variable: enableResourceLimits
label: "Enable Pod resource limits"
group: "Resource Limits"
schema:
type: boolean
default: false
- variable: cpuLimit
label: "CPU Limit"
description: "CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100."
group: "Resource Limits"
schema:
type: string
show_if: [["enableResourceLimits", "=", true]]
valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)"
default: "4000m"
- variable: memLimit
label: "Memory Limit"
group: "Resource Limits"
description: "Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi"
schema:
type: string
show_if: [["enableResourceLimits", "=", true]]
valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
default: "8Gi"
max_length: 12
valid_chars: "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$"
valid_chars_error: |
Valid Memory limit formats are</br>
- Suffixed with E/P/T/G/M/K - eg. 1G</br>
- Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi</br>
- Plain Integer in bytes - eg. 1024</br>
- Exponent - eg. 134e6
default: "8Gi"
required: true

3
library/ix-dev/charts/minio/templates/NOTES.txt
View File

@@ -1,2 +1 @@
Minio can be accessed from the following URL:
http://$node_ip:{{ .Values.service.nodePort }}/
{{ include "ix.v1.common.lib.chart.notes" $ }}

33
library/ix-dev/charts/minio/templates/_cert.tpl
View File

@@ -1,33 +0,0 @@
{{/*
Formats volumeMount for Minio tls keys and trusted certs
*/}}
{{- define "minio.tlsKeysVolumeMount" -}}
{{- if eq (include "minio.certAvailable" .) "true" -}}
- name: cert-secret-volume
mountPath: "/etc/minio/certs"
- name: trusted-cert-secret-volume
mountPath: "/etc/minio/certs/CAs"
{{- end }}
{{- end -}}
{{/*
Formats volume for Minio tls keys and trusted certs
*/}}
{{- define "minio.tlsKeysVolume" -}}
{{- if eq (include "minio.certAvailable" .) "true" -}}
- name: cert-secret-volume
secret:
secretName: {{ include "minio.secretName" . }}
items:
- key: certPublicKey
path: public.crt
- key: certPrivateKey
path: private.key
- name: trusted-cert-secret-volume
secret:
secretName: {{ include "minio.secretName" . }}
items:
- key: certPublicKey
path: public.crt
{{- end }}
{{- end -}}

91
library/ix-dev/charts/minio/templates/_configuration.tpl Normal file
View File

@@ -0,0 +1,91 @@
{{- define "minio.configuration" -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- $auditToken := randAlphaNum 32 -}}
{{- $queryToken := randAlphaNum 32 -}}
{{/* Fetch secrets from pre-migration secret */}}
{{- with (lookup "v1" "Secret" .Release.Namespace "logsearchapi-details") -}}
{{- $auditToken = ((index .data "auditToken") | b64dec) -}}
{{- $queryToken = ((index .data "queryToken") | b64dec) -}}
{{- end -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-logsearch-creds" $fullname)) -}}
{{- $auditToken = ((index .data "LOGSEARCH_AUDIT_AUTH_TOKEN") | b64dec) -}}
{{- $queryToken = ((index .data "MINIO_LOG_QUERY_AUTH_TOKEN") | b64dec) -}}
{{- end -}}
{{- $queryURL := printf "http://%v-log:8080" $fullname -}}
{{- $webhookURL := printf "http://%v-log:8080/api/ingest?token=%v" $fullname $auditToken -}}
{{/* DB details */}}
{{- $dbHost := (printf "%s-postgres" $fullname) -}}
{{- $dbUser := "logsearchapi" -}}
{{- $dbName := "logsearchapi" -}}
{{- $dbPass := randAlphaNum 32 -}}
{{/* Fetch secrets from pre-migration secret */}}
{{- $tmpBackupHost := "" -}}
{{- with (lookup "v1" "Secret" .Release.Namespace "postgres-details") -}}
{{- $dbPass = ((index .data "db_password") | b64dec) -}}
{{- $tmpBackupHost = ((index .data "postgresHost") | b64dec) -}}
{{- end -}}
{{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}}
{{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}}
{{- end -}}
{{/* Temporary set dynamic db details on values,
so we can print them on the notes */}}
{{- $_ := set .Values "minioDbPass" $dbPass -}}
{{- $_ := set .Values "minioDbHost" $dbHost -}}
{{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }}
secret:
minio-creds:
enabled: true
data:
MINIO_ROOT_USER: {{ .Values.minioConfig.rootUser | quote }}
MINIO_ROOT_PASSWORD: {{ .Values.minioConfig.rootPassword | quote }}
{{ if and .Values.minioNetwork.certificateID .Values.minioConfig.domain }}
MINIO_BROWSER_REDIRECT_URL: {{ printf "https://%s:%v" .Values.minioConfig.domain .Values.minioNetwork.consolePort }}
MINIO_SERVER_URL: {{ printf "https://%s:%v" .Values.minioConfig.domain .Values.minioNetwork.apiPort }}
{{ end }}
{{ if .Values.minioStorage.logSearchApi }}
MINIO_LOG_QUERY_AUTH_TOKEN: {{ $queryToken }}
MINIO_LOG_QUERY_URL: {{ $queryURL }}
MINIO_AUDIT_WEBHOOK_ENDPOINT_ix-logsearch: {{ $webhookURL }}
MINIO_AUDIT_WEBHOOK_ENABLE_ix-logsearch: "on"
{{ end }}
logsearch-creds:
enabled: true
data:
MINIO_LOG_QUERY_AUTH_TOKEN: {{ $queryToken | quote }}
LOGSEARCH_AUDIT_AUTH_TOKEN: {{ $auditToken | quote }}
LOGSEARCH_PG_CONN_STR: {{ $dbURL | quote }}
LOGSEARCH_DISK_CAPACITY_GB: {{ .Values.minioStorage.logSearchDiskCapacityGB | quote }}
postgres-creds:
enabled: true
data:
POSTGRES_USER: {{ $dbUser }}
POSTGRES_DB: {{ $dbName }}
POSTGRES_PASSWORD: {{ $dbPass }}
POSTGRES_HOST: {{ $dbHost }}
POSTGRES_URL: {{ $dbURL }}
{{- if eq (include "minio.is-migration" $) "true" }}
postgres-backup-creds:
enabled: true
annotations:
helm.sh/hook: "pre-upgrade"
helm.sh/hook-delete-policy: "hook-succeeded"
helm.sh/hook-weight: "1"
data:
POSTGRES_USER: {{ $dbUser }}
POSTGRES_DB: {{ $dbName }}
POSTGRES_PASSWORD: {{ $dbPass }}
POSTGRES_HOST: {{ $tmpBackupHost }}
POSTGRES_URL: {{ printf "postgres://%s:%s@%s-pg:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName }}
{{- end }}
{{- end -}}

77
library/ix-dev/charts/minio/templates/_helpers.tpl
View File

@@ -1,77 +0,0 @@
{{/*
Determine secret name.
*/}}
{{- define "minio.secretName" -}}
{{- include "common.names.fullname" . -}}
{{- end -}}
{{/*
Retrieve true/false if minio certificate is configured
*/}}
{{- define "minio.certAvailable" -}}
{{- if .Values.certificate -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
{{- template "common.resources.cert_present" $values -}}
{{- else -}}
{{- false -}}
{{- end -}}
{{- end -}}
{{/*
Retrieve public key of minio certificate
*/}}
{{- define "minio.cert.publicKey" -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
{{ include "common.resources.cert" $values }}
{{- end -}}
{{/*
Retrieve private key of minio certificate
*/}}
{{- define "minio.cert.privateKey" -}}
{{- $values := (. | mustDeepCopy) -}}
{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
{{ include "common.resources.cert" $values }}
{{- end -}}
{{/*
Retrieve scheme/protocol for minio
*/}}
{{- define "minio.scheme" -}}
{{- if eq (include "minio.certAvailable" .) "true" -}}
{{- print "https" -}}
{{- else -}}
{{- print "http" -}}
{{- end -}}
{{- end -}}
{{/*
Retrieve command for minio application
*/}}
{{- define "minio.commandArgs" -}}
{{- $arg := (printf "/usr/bin/docker-entrypoint.sh minio -S /etc/minio/certs server --console-address=':%d'" (.Values.service.consolePort | int)) -}}
{{- if .Values.distributedMode -}}
{{- cat $arg (join " " (concat (.Values.distributedIps | default list) (.Values.extraArgs | default list))) -}}
{{- else -}}
{{- cat $arg ((concat (list (printf "--address ':%d'" (.Values.service.nodePort | int))) (list (printf "%s" .Values.appVolumeMounts.export.mountPath)) (.Values.extraArgs | default list)) | join " ") -}}
{{- end -}}
{{- end -}}
{{/*
Enable host networking
*/}}
{{- define "minio.hostNetworking" -}}
{{- if .Values.distributedMode -}}
{{- print "true" -}}
{{- else -}}
{{- print "false" -}}
{{- end -}}
{{- end -}}

40
library/ix-dev/charts/minio/templates/_logsearch.tpl Normal file
View File

@@ -0,0 +1,40 @@
{{- define "logsearchapi.workload" -}}
workload:
logsearchapi:
enabled: true
type: Deployment
podSpec:
hostNetwork: false
containers:
logsearchapi:
enabled: true
primary: true
imageSelector: logSearchImage
securityContext:
runAsUser: 473
runAsGroup: 473
command:
- /logsearchapi
envFrom:
- secretRef:
name: logsearch-creds
probes:
liveness:
enabled: true
type: http
path: /status
port: 8080
readiness:
enabled: true
type: http
path: /status
port: 8080
startup:
enabled: true
type: http
path: /status
port: 8080
initContainers:
{{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
"secretName" "postgres-creds") | nindent 8 }}
{{- end -}}

34
library/ix-dev/charts/minio/templates/_logsearchapi.tpl
View File

@@ -1,34 +0,0 @@
{{- define "logsearchapi.imageName" -}}
{{- printf "%s:%s" .Values.logSearchImage.repository .Values.logSearchImage.tag -}}
{{- end -}}
{{- define "logsearchapi.nameSuffix" -}}
{{- print "logsearchapi" -}}
{{- end -}}
{{- define "logsearchapi.command" -}}
{{- print "/logsearchapi" -}}
{{- end -}}
{{- define "logsearchapi.secretName" -}}
{{- print "logsearchapi-details" -}}
{{- end -}}
{{- define "logsearchapi.envVariableConfiguration" -}}
{{- $envList := list -}}
{{- $secretName := (include "logsearchapi.secretName" .) -}}
{{- $postgresSecretName := (include "postgres.secretName" .) -}}
{{- $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_AUTH_TOKEN" "valueFromSecret" true "secretName" $secretName "secretKey" "queryToken") -}}
{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_AUDIT_AUTH_TOKEN" "valueFromSecret" true "secretName" $secretName "secretKey" "auditToken") -}}
{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_PG_CONN_STR" "valueFromSecret" true "secretName" $postgresSecretName "secretKey" "postgresURL") -}}
{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_DISK_CAPACITY_GB" "value" .Values.logsearchapi.diskCapacityGB) -}}
{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
{{- end -}}
{{/* Used in the minio init container (checks that logsearchapi is available) */}}
{{- define "logsearchapiInit.envVariableConfiguration" -}}
{{- $envList := list -}}
{{- $secretName := (include "logsearchapi.secretName" .) -}}
{{- $envList = mustAppend $envList (dict "name" "apiURL" "valueFromSecret" true "secretName" $secretName "secretKey" "logQueryURL") -}}
{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
{{- end -}}

48
library/ix-dev/charts/minio/templates/_migration.tpl Normal file
View File

@@ -0,0 +1,48 @@
{{- define "minio.get-versions" -}}
{{- $oldChartVersion := "" -}}
{{- $newChartVersion := "" -}}
{{/* Safely access the context, so it wont block CI */}}
{{- if hasKey .Values.global "ixChartContext" -}}
{{- if .Values.global.ixChartContext.upgradeMetadata -}}
{{- $oldChartVersion = .Values.global.ixChartContext.upgradeMetadata.oldChartVersion -}}
{{- $newChartVersion = .Values.global.ixChartContext.upgradeMetadata.newChartVersion -}}
{{- if and (not $oldChartVersion) (not $newChartVersion) -}}
{{- fail "Upgrade Metadata is missing. Cannot proceed" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- toYaml (dict "old" $oldChartVersion "new" $newChartVersion) -}}
{{- end -}}
{{- define "minio.migration" -}}
{{- $versions := (fromYaml (include "minio.get-versions" $)) -}}
{{- if and $versions.old $versions.new -}}
{{- $oldV := semver $versions.old -}}
{{- $newV := semver $versions.new -}}
{{/* If new is v2.x.x */}}
{{- if eq ($newV.Major | int) 2 -}}
{{/* And old is v1.x.x, but lower than .7.24 */}}
{{- if and (eq $oldV.Major 1) (or (ne $oldV.Minor 7) (lt ($oldV.Patch | int) 24)) -}}
{{/* Block the upgrade */}}
{{- fail "Migration to 2.x.x is only allowed from 1.7.24 or higher" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "minio.is-migration" -}}
{{- $isMigration := "" -}}
{{- $versions := (fromYaml (include "minio.get-versions" $)) -}}
{{- if $versions.old -}}
{{- $oldV := semver $versions.old -}}
{{- if and (eq $oldV.Major 1) (or (ne $oldV.Minor 7) (lt ($oldV.Patch | int) 24)) -}}
{{- $isMigration = "true" -}}
{{- end -}}
{{- end -}}
{{- $isMigration -}}
{{- end -}}

93
library/ix-dev/charts/minio/templates/_minio.tpl Normal file
View File

@@ -0,0 +1,93 @@
{{- define "minio.workload" -}}
{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
{{- $logapi := printf "http://%v-log:8080" $fullname -}}
workload:
minio:
enabled: true
primary: true
type: Deployment
podSpec:
hostNetwork: {{ .Values.minioStorage.distributedMode }}
containers:
minio:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: 473
runAsGroup: 473
# readOnlyRootFilesystem: false
env:
MINIO_VOLUMES: /export
args:
- server
- --console-address
- {{ printf ":%v" .Values.minioNetwork.consolePort | quote }}
{{- if .Values.minioStorage.distributedMode }}
{{- range .Values.minioStorage.distributedIps }}
- {{ quote . }}
{{- end }}
{{- else }}
- "--address"
- {{ printf ":%v" .Values.minioNetwork.apiPort | quote }}
{{- end }}
{{- if .Values.minioNetwork.certificateID }}
- "--certs-dir"
- "/etc/minio/certs"
{{- end }}
{{- range .Values.minioConfig.extraArgs }}
- {{ quote . }}
{{ end }}
envFrom:
- secretRef:
name: minio-creds
{{ with .Values.minioConfig.additionalEnvs }}
envList:
{{ range $env := . }}
- name: {{ $env.name }}
value: {{ $env.value }}
{{ end }}
{{ end }}
probes:
{{- $proto := "http" -}}
{{- if .Values.minioNetwork.certificateID -}}
{{- $proto = "https" -}}
{{- end }}
liveness:
enabled: true
type: {{ $proto }}
path: /minio/health/live
port: {{ .Values.minioNetwork.consolePort }}
readiness:
enabled: true
type: {{ $proto }}
path: /minio/health/live
port: {{ .Values.minioNetwork.consolePort }}
startup:
enabled: true
type: {{ $proto }}
path: /minio/health/live
port: {{ .Values.minioNetwork.consolePort }}
initContainers:
{{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
"UID" 473
"GID" 473
"mode" "check"
"type" "init") | nindent 8 }}
wait-api:
enabled: true
type: init
imageSelector: bashImage
command:
- bash
args:
- -c
- |
echo "Waiting for [{{ $logapi }}]";
until wget --spider --quiet --timeout=3 --tries=1 {{ $logapi }}/status;
do
echo "Waiting for [{{ $logapi }}]";
sleep 2;
done
echo "API is up: {{ $logapi }}";
{{- end -}}

77
library/ix-dev/charts/minio/templates/_persistence.tpl Normal file
View File

@@ -0,0 +1,77 @@
{{- define "minio.persistence" -}}
persistence:
export:
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.minioStorage.export) | nindent 4 }}
targetSelector:
minio:
minio:
mountPath: {{ .Values.minioStorage.export.mountPath }}
{{- if and (eq .Values.minioStorage.export.type "ixVolume")
(not (.Values.minioStorage.export.ixVolumeConfig | default dict).aclEnable) }}
01-permissions:
mountPath: /mnt/directories/export
{{- end }}
tmp:
enabled: true
type: emptyDir
targetSelector:
minio:
minio:
mountPath: /tmp
{{- range $idx, $storage := .Values.minioStorage.additionalStorages }}
{{ printf "minio-%v:" (int $idx) }}
enabled: true
{{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }}
targetSelector:
minio:
minio:
mountPath: {{ $storage.mountPath }}
{{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
01-permissions:
mountPath: /mnt/directories{{ $storage.mountPath }}
{{- end }}
{{- end }}
{{- include "ix.v1.common.app.postgresPersistence"
(dict "pgData" .Values.minioStorage.pgData
"pgBackup" .Values.minioStorage.pgBackup
) | nindent 2 }}
{{- if .Values.minioNetwork.certificateID }}
cert:
enabled: true
type: secret
objectName: minio-cert
defaultMode: "0600"
items:
- key: tls.key
path: private.key
- key: tls.crt
path: public.crt
targetSelector:
minio:
minio:
mountPath: /etc/minio/certs
readOnly: true
certca:
enabled: true
type: secret
objectName: minio-cert
defaultMode: "0600"
items:
- key: tls.crt
path: public.crt
targetSelector:
minio:
minio:
mountPath: /etc/minio/certs/CAs
readOnly: true
scaleCertificate:
minio-cert:
enabled: true
id: {{ .Values.minioNetwork.certificateID }}
{{- end }}
{{- end -}}

16
library/ix-dev/charts/minio/templates/_portal.tpl Normal file
View File

@@ -0,0 +1,16 @@
{{- define "minio.portal" -}}
{{- $proto := "http" -}}
{{- if .Values.minioNetwork.certificateID -}}
{{- $proto = "https" -}}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portal
data:
path: /
port: {{ .Values.minioNetwork.consolePort | quote }}
protocol: {{ $proto }}
host: "$node_ip"
{{- end -}}

81
library/ix-dev/charts/minio/templates/_postgres.tpl
View File

@@ -1,71 +1,12 @@
{{- define "postgres.imageName" -}}
{{- print "postgres:14.5" -}}
{{- end -}}
{{- define "postgres.nameSuffix" -}}
{{- print "postgres" -}}
{{- end -}}
{{- define "postgres.secretName" -}}
{{- print "postgres-details" -}}
{{- end -}}
{{- define "postgres.dbName" -}}
{{- print "logsearchapi" -}}
{{- end -}}
{{- define "postgres.dbUser" -}}
{{- print "logsearchapi" -}}
{{- end -}}
{{/*
Retrieve postgres backup name
This will return a unique name based on revision and chart numbers specified.
*/}}
{{- define "postgres.backupName" -}}
{{- $upgradeDict := .Values.ixChartContext.upgradeMetadata -}}
{{- printf "postgres-backup-from-%s-to-%s-revision-%d" $upgradeDict.oldChartVersion $upgradeDict.newChartVersion (int64 $upgradeDict.preUpgradeRevision) -}}
{{- end -}}
{{- define "postgres.envVariableConfiguration" -}}
{{- $envList := list -}}
{{- $secretName := (include "postgres.secretName" .) -}}
{{- $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "db_user") -}}
{{- $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "valueFromSecret" true "secretName" $secretName "secretKey" "db_name") -}}
{{- $envList = mustAppend $envList (dict "name" "POSTGRES_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "db_password") -}}
{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
{{- end -}}
{{- define "postgresBackup.envVariableConfiguration" -}}
{{- $envList := list -}}
{{- $secretName := (include "postgres.secretName" .) -}}
{{- $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "db_user") -}}
{{- $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "valueFromSecret" true "secretName" $secretName "secretKey" "db_name") -}}
{{/* PGPASSWORD is used by pg_dump */}}
{{- $envList = mustAppend $envList (dict "name" "PGPASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "db_password") -}}
{{- $envList = mustAppend $envList (dict "name" "pgHost" "valueFromSecret" true "secretName" $secretName "secretKey" "postgresHost") -}}
{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
{{- end -}}
{{/* Used in the logsearchapi init container (checks that postgres is available) */}}
{{- define "postgresInit.envVariableConfiguration" -}}
{{- $envList := list -}}
{{- $secretName := (include "postgres.secretName" .) -}}
{{- $envList = mustAppend $envList (dict "name" "pgHost" "valueFromSecret" true "secretName" $secretName "secretKey" "postgresHost") -}}
{{- $envList = mustAppend $envList (dict "name" "pguser" "valueFromSecret" true "secretName" $secretName "secretKey" "db_user") -}}
{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
{{- end -}}
{{/*
Retrieve postgres volume configuration
*/}}
{{- define "postgres.volumeConfiguration" -}}
{{ include "common.storage.configureAppVolumes" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts "emptyDirVolumes" .Values.emptyDirVolumes "ixVolumes" .Values.ixVolumes) | nindent 0 }}
{{- end -}}
{{/*
Retrieve postgres volume mounts configuration
*/}}
{{- define "postgres.volumeMountsConfiguration" -}}
{{ include "common.storage.configureAppVolumeMountsInContainer" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts ) | nindent 0 }}
{{- define "postgres.workload" -}}
{{- $backupSecretName := "postgres-creds" -}}
{{- if eq (include "minio.is-migration" $) "true" }}
{{- $backupSecretName = "postgres-backup-creds" -}}
{{- end }}
workload:
{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds"
"backupSecretName" $backupSecretName
"resources" .Values.resources
"imageSelector" "logPostgresImage"
"ixChartContext" .Values.ixChartContext) | nindent 2 }}
{{- end -}}

33
library/ix-dev/charts/minio/templates/_service.tpl Normal file
View File

@@ -0,0 +1,33 @@
{{- define "minio.service" -}}
service:
minio:
enabled: true
primary: true
type: NodePort
targetSelector: minio
ports:
console:
enabled: true
primary: true
port: {{ .Values.minioNetwork.consolePort }}
nodePort: {{ .Values.minioNetwork.consolePort }}
targetSelector: minio
api:
enabled: true
port: {{ .Values.minioNetwork.apiPort }}
nodePort: {{ .Values.minioNetwork.apiPort }}
targetSelector: minio
{{ if .Values.minioStorage.logSearchApi }}
log:
enabled: true
type: ClusterIP
targetSelector: logsearchapi
ports:
log:
enabled: true
port: 8080
targetPort: 8080
targetSelector: logsearchapi
{{- include "ix.v1.common.app.postgresService" $ | nindent 2 }}
{{ end }}
{{- end -}}

15
library/ix-dev/charts/minio/templates/backup-postgres-config.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-backup-hook-config-map
annotations:
rollme: {{ randAlphaNum 5 | quote }}
data:
entrypoint.sh: |-
#!/bin/sh
cmd="/docker-entrypoint.sh postgres"
eval "${cmd}" & disown;
until pg_isready -U "$POSTGRES_USER" -h "$pgHost"; do
sleep 5;
done;
pg_dump -U "$POSTGRES_USER" -d "$POSTGRES_DB" -h "$pgHost" -f /postgres_backups/$BACKUP_NAME.sql;

40
library/ix-dev/charts/minio/templates/backup-postgres-hook.yaml
View File

@@ -1,40 +0,0 @@
{{- if .Values.logsearchapi.enabled -}}
{{- if .Values.ixChartContext.isUpgrade -}}
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" (include "postgres.nameSuffix" .)) }}
apiVersion: batch/v1
kind: Job
metadata:
name: pre-upgrade-hook
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded
rollme: {{ randAlphaNum 5 | quote }}
spec:
template:
metadata:
name: pre-upgrade-hook
spec:
restartPolicy: Never
containers:
- name: {{ .Chart.Name }}-postgres-backup
image: {{ include "postgres.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env: {{ include "postgresBackup.envVariableConfiguration" $values | nindent 10 }}
- name: BACKUP_NAME
value: {{ include "postgres.backupName" . }}
volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }}
- name: backup-script-configmap
mountPath: /bin/backup_entrypoint.sh
readOnly: true
subPath: entrypoint.sh
command:
- /bin/backup_entrypoint.sh
volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }}
- name: backup-script-configmap
configMap:
defaultMode: 0700
name: postgres-backup-hook-config-map
{{- end -}}
{{- end -}}

18
library/ix-dev/charts/minio/templates/common.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- include "ix.v1.common.loader.init" . -}}
{{- include "minio.migration" $ -}}
{{/* Merge the templates with Values */}}
{{- $_ := mustMergeOverwrite .Values (include "minio.service" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "minio.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "minio.persistence" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "minio.configuration" $ | fromYaml) -}}
{{- if .Values.minioStorage.logSearchApi -}}
{{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}}
{{- $_ := mustMergeOverwrite .Values (include "logsearchapi.workload" $ | fromYaml) -}}
{{- end -}}
{{/* Create the configmap for portal manually*/}}
{{- include "minio.portal" $ -}}
{{- include "ix.v1.common.loader.apply" . -}}

6
library/ix-dev/charts/minio/templates/configmap.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: minio-config
data:
protocol: {{ include "minio.scheme" . }}

134
library/ix-dev/charts/minio/templates/deployment.yaml
View File

@@ -1,134 +0,0 @@
{{ include "common.storage.hostPathValidate" .Values }}
{{ $logsearchValues := (. | mustDeepCopy) }}
{{ $_ := set $logsearchValues "common" (dict "nameSuffix" (include "logsearchapi.nameSuffix" .)) }}
apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "common.names.fullname" . }}-minio
labels:
app: {{ template "common.names.name" . }}
release: {{ .Release.Name }}
app.kubernetes.io/name: {{ template "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
spec:
replicas: {{ (default 1 .Values.replicas) }}
strategy:
type: {{ (default "Recreate" .Values.updateStrategy ) }}
selector:
matchLabels:
app: {{ template "common.names.name" . }}
release: {{ .Release.Name }}
app.kubernetes.io/name: {{ template "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
name: {{ template "common.names.fullname" . }}
labels:
{{- include "common.labels.selectorLabels" . | nindent 8 }}
annotations: {{ include "common.annotations" . | nindent 8 }}
spec:
securityContext:
runAsUser: {{ .Values.runAsUser }}
runAsGroup: {{ .Values.runAsGroup }}
serviceAccountName: {{ include "common.names.serviceAccountName" . | quote }}
hostNetwork: {{ include "minio.hostNetworking" . }}
{{ if .Values.logsearchapi.enabled }}
initContainers:
- name: {{ .Chart.Name }}-waitapi
image: alpine/curl
imagePullPolicy: {{ .Values.image.pullPolicy }}
env: {{ include "logsearchapiInit.envVariableConfiguration" $logsearchValues | nindent 10 }}
command:
- sh
- -c
- "until curl --silent $apiURL/status; do sleep 2; done"
{{ end }}
containers:
- name: {{ .Chart.Name }}
{{ include "common.resources.limitation" . | nindent 10 }}
{{ include "common.containers.imageConfig" .Values.image | nindent 10 }}
{{ if hasKey .Values "appVolumeMounts" }}
volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }}
{{ else }}
volumeMounts:
{{ end }}
{{- include "minio.tlsKeysVolumeMount" . | nindent 12 }}
{{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
- name: extrappvolume-{{ $index }}
mountPath: {{ $hostPathConfiguration.mountPath }}
{{ end }}
command:
- "/bin/sh"
- "-ce"
- {{ include "minio.commandArgs" . }}
ports:
- name: api
containerPort: {{ .Values.service.nodePort | int }}
- name: console
containerPort: {{ .Values.service.consolePort | int }}
readinessProbe:
httpGet:
path: /minio/health/live
port: {{ .Values.service.consolePort | int }}
scheme: {{ include "minio.scheme" . | upper }}
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 2
livenessProbe:
httpGet:
path: /minio/health/live
port: {{ .Values.service.consolePort | int }}
scheme: {{ include "minio.scheme" . | upper }}
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
successThreshold: 1
startupProbe:
httpGet:
path: /minio/health/live
port: {{ .Values.service.consolePort | int }}
scheme: {{ include "minio.scheme" . | upper }}
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 60
successThreshold: 1
env:
{{ $secretName := (include "minio.secretName" .) }}
{{ $envList := (default list .Values.environmentVariables) }}
{{ if and (eq (include "minio.certAvailable" .) "true") .Values.minioDomain }}
{{ $envList = mustAppend $envList (dict "name" "MINIO_BROWSER_REDIRECT_URL" "value" (printf "%s://%s:%d" (include "minio.scheme" .) .Values.minioDomain (.Values.service.consolePort | int))) }}
{{ $envList = mustAppend $envList (dict "name" "MINIO_SERVER_URL" "value" (printf "%s://%s:%d" (include "minio.scheme" .) .Values.minioDomain (.Values.service.nodePort | int))) }}
{{ end }}
{{ $envList = mustAppend $envList (dict "name" "MINIO_ROOT_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "accesskey") }}
{{ $envList = mustAppend $envList (dict "name" "MINIO_ROOT_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "secretkey") }}
{{ if .Values.logsearchapi.enabled }}
{{/*
We can put any ID we want here. Just make sure it's unique
It can be rolled on each startup without problems, or se can set a static one.
*/}}
{{ $webhookID := (printf "ix-%v" (randAlphaNum 5)) }}
{{ $logsearchSecretName := (include "logsearchapi.secretName" .) }}
{{ $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_AUTH_TOKEN" "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "queryToken") }}
{{ $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_URL" "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "logQueryURL") }}
{{ $envList = mustAppend $envList (dict "name" (printf "MINIO_AUDIT_WEBHOOK_ENDPOINT_%v" $webhookID) "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "webhookURL") }}
{{ $envList = mustAppend $envList (dict "name" (printf "MINIO_AUDIT_WEBHOOK_ENABLE_%v" $webhookID) "value" "on") }}
{{ end }}
{{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }}
{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }}
{{ if hasKey .Values "appVolumeMounts" }}
volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
{{ else }}
volumes:
{{ end }}
{{- include "minio.tlsKeysVolume" . | nindent 8 }}
{{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
- name: extrappvolume-{{ $index }}
hostPath:
path: {{ $hostPathConfiguration.hostPath }}
{{ end }}

51
library/ix-dev/charts/minio/templates/logsearchapi-deployment.yaml
View File

@@ -1,51 +0,0 @@
{{ if .Values.logsearchapi.enabled }}
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-log" (include "logsearchapi.nameSuffix" .))) }}
{{ $pg_values := (. | mustDeepCopy) }}
{{ $_ := set $pg_values "common" (dict "nameSuffix" (include "postgres.nameSuffix" .)) }}
{{ include "common.deployment.common_config" $values | nindent 0 }}
spec: {{ include "common.deployment.common_spec" $values | nindent 2 }}
template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }}
spec:
initContainers:
- name: {{ .Chart.Name }}-{{ include "logsearchapi.nameSuffix" . }}-waitdb
image: {{ include "postgres.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env: {{ include "postgresInit.envVariableConfiguration" $pg_values | nindent 10 }}
command:
- sh
- -c
- 'until pg_isready -U "$pgUser" -h "$pgHost"; do sleep 2; done'
containers:
- name: {{ .Chart.Name }}-{{ include "logsearchapi.nameSuffix" . }}
image: {{ include "logsearchapi.imageName" . }}
imagePullPolicy: {{ .Values.logSearchImage.pullPolicy }}
env: {{ include "logsearchapi.envVariableConfiguration" $values | nindent 10 }}
command:
- {{ include "logsearchapi.command" . }}
ports:
- name: logsearchapi
containerPort: 8080
protocol: TCP
readinessProbe:
httpGet:
path: /status
port: 8080
failureThreshold: 5
periodSeconds: 15
initialDelaySeconds: 15
livenessProbe:
httpGet:
path: /status
port: 8080
failureThreshold: 5
periodSeconds: 15
initialDelaySeconds: 15
startupProbe:
httpGet:
path: /status
port: 8080
failureThreshold: 5
periodSeconds: 15
initialDelaySeconds: 15
{{ end }}

23
library/ix-dev/charts/minio/templates/logsearchapi-secret.yaml
View File

@@ -1,23 +0,0 @@
{{ $logSearchValues := (. | mustDeepCopy) }}
{{ $_ := set $logSearchValues "common" (dict "nameSuffix" (include "logsearchapi.nameSuffix" .)) }}
{{ $auditToken := randAlphaNum 32 | b64enc }}
{{ $queryToken := randAlphaNum 32 | b64enc }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "logsearchapi.secretName" . }}
data:
{{ with (lookup "v1" "Secret" .Release.Namespace (include "logsearchapi.secretName" .)) }}
{{ $auditToken = (index .data "auditToken") }}
{{ end }}
auditToken: {{ $auditToken }}
{{ with (lookup "v1" "Secret" .Release.Namespace (include "logsearchapi.secretName" .)) }}
{{ $queryToken = (index .data "queryToken") }}
{{ end }}
queryToken: {{ $queryToken }}
logQueryURL: {{ (printf "http://%v-log:8080" (include "common.names.fullname" $logSearchValues)) | b64enc }}
webhookURL: {{ (printf "http://%v-log:8080/api/ingest?token=%v" (include "common.names.fullname" $logSearchValues) ($auditToken | b64dec)) | b64enc }}

8
library/ix-dev/charts/minio/templates/logsearchapi-service.yaml
View File

@@ -1,8 +0,0 @@
{{ if .Values.logsearchapi.enabled }}
{{ $ports := list }}
{{ $ports = mustAppend $ports (dict "name" "logsearchapi-tcp" "port" 8080 "targetPort" 8080) }}
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-log" (include "logsearchapi.nameSuffix" .))) }}
{{ $_1 := set $values "commonService" (dict "type" "ClusterIP" "ports" $ports ) }}
{{ include "common.classes.service" $values }}
{{ end }}

58
library/ix-dev/charts/minio/templates/postgres-deployment.yaml
View File

@@ -1,58 +0,0 @@
{{ if .Values.logsearchapi.enabled }}
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-pg" (include "postgres.nameSuffix" .))) }}
{{ include "common.deployment.common_config" $values | nindent 0 }}
spec:
replicas: {{ (default 1 .Values.replicas) }}
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: {{ template "common.names.name" $values }}
app.kubernetes.io/instance: {{ .Release.Name }}-postgres-pg
app: {{ template "common.names.name" . }}
release: {{ .Release.Name }}
template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }}
spec:
containers:
- name: {{ .Chart.Name }}-{{ include "postgres.nameSuffix" .}}
image: {{ template "postgres.imageName" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }}
volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }}
ports:
- name: postgres-tcp
containerPort: 5432
protocol: TCP
readinessProbe:
exec:
command:
- sh
- -c
- "until pg_isready -U${POSTGRES_USER} -h localhost; do sleep 2; done"
initialDelaySeconds: 15
failureThreshold: 5
periodSeconds: 15
timeoutSeconds: 2
livenessProbe:
exec:
command:
- sh
- -c
- "until pg_isready -U${POSTGRES_USER} -h localhost; do sleep 2; done"
initialDelaySeconds: 15
failureThreshold: 5
periodSeconds: 15
timeoutSeconds: 2
startupProbe:
exec:
command:
- sh
- -c
- "until pg_isready -U${POSTGRES_USER} -h localhost; do sleep 2; done"
initialDelaySeconds: 15
failureThreshold: 20
periodSeconds: 15
timeoutSeconds: 2
volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }}
{{ end }}

20
library/ix-dev/charts/minio/templates/postgres-secret.yaml
View File

@@ -1,20 +0,0 @@
{{ $pgValues := (. | mustDeepCopy) }}
{{ $_ := set $pgValues "common" (dict "nameSuffix" (include "postgres.nameSuffix" .)) }}
{{ $dbPass := randAlphaNum 32 | b64enc }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "postgres.secretName" . }}
data:
{{ with (lookup "v1" "Secret" .Release.Namespace (include "postgres.secretName" .)) }}
{{ $dbPass = (index .data "db_password") }}
{{ end }}
db_password: {{ $dbPass }}
db_user: {{ include "postgres.dbUser" . | b64enc }}
db_name: {{ include "postgres.dbName" . | b64enc }}
postgresURL: {{ printf "postgres://%v:%v@%v-pg:5432/%v?sslmode=disable" (include "postgres.dbUser" .) ($dbPass | b64dec) (include "common.names.fullname" $pgValues) (include "postgres.dbName" .) | b64enc }}
postgresHost: {{ printf "%v-pg" (include "common.names.fullname" $pgValues) | b64enc }}

8
library/ix-dev/charts/minio/templates/postgres-service.yaml
View File

@@ -1,8 +0,0 @@
{{ if .Values.logsearchapi.enabled }}
{{ $ports := list }}
{{ $ports = mustAppend $ports (dict "name" "postgres-tcp" "port" 5432 "targetPort" 5432) }}
{{ $values := (. | mustDeepCopy) }}
{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-pg" (include "postgres.nameSuffix" .))) }}
{{ $_1 := set $values "commonService" (dict "type" "ClusterIP" "ports" $ports ) }}
{{ include "common.classes.service" $values }}
{{ end }}

32
library/ix-dev/charts/minio/templates/pre-install-job.yaml
View File

@@ -1,32 +0,0 @@
{{- if .Values.appVolumeMounts -}}
{{- if hasKey .Values.appVolumeMounts "export" }}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ template "common.names.fullname" . }}-preinstall-job"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: {{ template "common.names.chart" . }}
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
metadata:
name: "{{ template "common.names.fullname" . }}-preinstall-hook"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: {{ template "common.names.chart" . }}
spec:
restartPolicy: Never
containers:
- name: pre-install-job
image: "alpine:latest"
command: ["chown", "-R", "{{ .Values.runAsUser }}:{{ .Values.runAsGroup }}", "{{ .Values.appVolumeMounts.export.mountPath }}"]
volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }}
volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
{{- end -}}
{{- end -}}

13
library/ix-dev/charts/minio/templates/secrets.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ template "minio.secretName" . }}
labels: {{ include "common.labels" . | nindent 4 }}
type: Opaque
data:
accesskey: {{ if .Values.accessKey }}{{ .Values.accessKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }}
secretkey: {{ if .Values.secretKey }}{{ .Values.secretKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }}
{{ if eq (include "minio.certAvailable" .) "true" }}
certPublicKey: {{ (include "minio.cert.publicKey" .) | toString | b64enc | quote }}
certPrivateKey: {{ (include "minio.cert.privateKey" .) | toString | b64enc | quote }}
{{ end }}

14
library/ix-dev/charts/minio/templates/service.yaml
View File

@@ -1,14 +0,0 @@
{{ $selectors := list }}
{{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }}
{{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }}
{{ $_1 := set .Values "extraSelectorLabels" $selectors }}
{{ if eq (include "minio.hostNetworking" .) "false" }}
{{ $svc := .Values.service }}
{{ $ports := list }}
{{ $ports = mustAppend $ports (dict "name" "api" "port" $svc.nodePort "nodePort" $svc.nodePort "targetPort" (.Values.service.nodePort | int)) }}
{{ $ports = mustAppend $ports (dict "name" "console" "port" $svc.consolePort "nodePort" $svc.consolePort "targetPort" (.Values.service.consolePort | int)) }}
{{ $params := . }}
{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }}
{{ include "common.classes.service" $params }}
{{ end }}

1
library/ix-dev/charts/minio/templates/serviceaccount.yaml
View File

@@ -1 +0,0 @@
{{ include "common.serviceaccount" . }}

4
library/ix-dev/charts/minio/to_keep_versions.md Normal file
View File

@@ -0,0 +1,4 @@
# 1.7.24
This version is kept because it contains a fix that is needed for migration to v2.x.x
It should be safe to remove few months after v2.x.x is released.

1
library/ix-dev/charts/minio/to_keep_versions.yaml Normal file
View File

@@ -0,0 +1 @@
- 1.7.24

70
library/ix-dev/charts/minio/values.yaml
View File

@@ -6,8 +6,68 @@ logSearchImage:
pullPolicy: IfNotPresent
repository: minio/operator
tag: v4.5.4
logsearchapi:
diskCapacityGB: 5
enabled: false
runAsGroup: 473
runAsUser: 473
logPostgresImage:
pullPolicy: IfNotPresent
repository: postgres
tag: "14.5"
resources:
limits:
cpu: 4000m
memory: 8Gi
podOptions:
dnsConfig:
options: []
minioConfig:
rootUser: ""
rootPassword: ""
domain: ""
extraArgs: []
additionalEnvs: []
minioNetwork:
apiPort: 9000
consolePort: 9002
certificateID:
minioStorage:
distributedMode: false
distributedIps: []
export:
type: ixVolume
mountPath: /export
ixVolumeConfig:
datasetName: export
logSearchApi: false
logSearchDiskCapacityGB: 5
pgData:
type: ixVolume
ixVolumeConfig:
datasetName: pgData
pgBackup:
type: ixVolume
ixVolumeConfig:
datasetName: pgBackup
additionalStorages: []
notes:
custom: |
{{ if .Values.minioStorage.logSearchApi }}
## Database
You can connect to the database using the pgAdmin App from the catalog
<details>
<summary>Database Details</summary>
- Database: `logsearchapi`
- Username: `logsearchapi`
- Password: `{{ .Values.minioDbPass }}`
- Host: `{{ .Values.minioDbHost }}.{{ .Release.Namespace }}.svc.cluster.local`
- Port: `5432`
</details>
{{ end }}
{{- $_ := unset .Values "haDbPass" }}
{{- $_ := unset .Values "haDbHost" }}