diff --git a/library/ix-dev/charts/minio/Chart.lock b/library/ix-dev/charts/minio/Chart.lock index eca937d01e..f5ecd05fbb 100644 --- a/library/ix-dev/charts/minio/Chart.lock +++ b/library/ix-dev/charts/minio/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common - repository: file://../../../common/2304.0.1 - version: 2304.0.1 -digest: sha256:1ed155c6760e1166e2cb75b52bc5e81c6bdf0252c16ff5ede001157077c41670 -generated: "2023-07-14T11:04:04.184288265+03:00" + repository: file://../../../common + version: 1.2.9 +digest: sha256:af1a9a1f87e3e48453c9f25f909f5ebcd7fa6e25162b7b425448ba752bcdbc5c +generated: "2024-03-05T19:01:30.381261596+02:00" diff --git a/library/ix-dev/charts/minio/Chart.yaml b/library/ix-dev/charts/minio/Chart.yaml index 954d25a46d..d323589b77 100644 --- a/library/ix-dev/charts/minio/Chart.yaml +++ b/library/ix-dev/charts/minio/Chart.yaml @@ -3,18 +3,18 @@ description: High Performance, Kubernetes Native Object Storage annotations: title: MinIO type: application -version: 1.7.24 +version: 2.0.0 apiVersion: v2 -appVersion: '2023-03-13' -kubeVersion: '>=1.16.0-0' +appVersion: "2023-03-13" +kubeVersion: ">=1.16.0-0" maintainers: - name: truenas url: https://www.truenas.com/ email: dev@ixsystems.com dependencies: - name: common - repository: file://../../../common/2304.0.1 - version: 2304.0.1 + repository: file://../../../common + version: 1.2.9 home: https://min.io icon: https://media.sys.truenas.net/apps/minio/icons/icon.png sources: diff --git a/library/ix-dev/charts/minio/README.md b/library/ix-dev/charts/minio/README.md index d21b8c0107..6f8d5e1025 100755 --- a/library/ix-dev/charts/minio/README.md +++ b/library/ix-dev/charts/minio/README.md @@ -1,52 +1,8 @@ -MinIO -===== +# MinIO [MinIO](https://min.io) is a High Performance Object Storage released under Apache License v2.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads. -MinIO supports [distributed mode](https://docs.minio.io/docs/distributed-minio-quickstart-guide). In distributed mode, you can pool multiple drives (even on different machines) into a single object storage server. - -For more detailed documentation please visit [here](https://docs.minio.io/) - -Introduction ------------- - -This chart bootstraps MinIO deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - - -Configuration -------------- - -The following table lists the configurable parameters of the MinIO chart and their default values. - -| Parameter | Description | Default | -|:-------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------| -| `image.repository` | Image repository | `minio/minio` | -| `image.tag` | MinIO image tag. Possible values listed [here](https://hub.docker.com/r/minio/minio/tags/). | `RELEASE.2020-11-06T23-17-07Z` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `extraArgs` | Additional command line arguments to pass to the MinIO server | `[]` | -| `accessKey` | Default access key (5 to 20 characters) | random 20 chars | -| `secretKey` | Default secret key (8 to 40 characters) | random 40 chars | -| `persistence.enabled` | Use persistent volume to store data | `true` | -| `persistence.size` | Size of persistent volume claim | `500Gi` | -| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | -| `persistence.storageClass` | Storage class name of PVC | `nil` | -| `persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` | -| `persistence.subPath` | Mount a sub directory of the persistent volume if set | `""` | -| `environment` | Set MinIO server relevant environment variables in `values.yaml` file. MinIO containers will be passed these variables when they start. | `MINIO_STORAGE_CLASS_STANDARD: EC:4"` | - -Some parameters above map to the env variables defined in the [MinIO DockerHub image](https://hub.docker.com/r/minio/minio/). - -Pass environment variables to MinIO containers ----------------------------------------------- - -To pass environment variables to MinIO containers when deploying via Helm chart, use the below command line format - -```bash -$ helm install --set environment.MINIO_BROWSER=on,environment.MINIO_DOMAIN=domain-name minio/minio -``` - -You can add as many environment variables as required, using the above format. Just add `environment.=` under `set` flag. - **NOTE** + - On fresh installation, minIO data directory's ownership will be updated to minio:minio. - For existing installations that are exhibiting the upgrade to >=1.5.0, the minIO data directory's ownership will be migrated to minio:minio. diff --git a/library/ix-dev/charts/minio/app-readme.md b/library/ix-dev/charts/minio/app-readme.md index 648ed287e4..6f8d5e1025 100644 --- a/library/ix-dev/charts/minio/app-readme.md +++ b/library/ix-dev/charts/minio/app-readme.md @@ -1,5 +1,8 @@ +# MinIO + [MinIO](https://min.io) is a High Performance Object Storage released under Apache License v2.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads. **NOTE** -- On installation, minIO data directory's ownership will be updated to minio:minio. + +- On fresh installation, minIO data directory's ownership will be updated to minio:minio. - For existing installations that are exhibiting the upgrade to >=1.5.0, the minIO data directory's ownership will be migrated to minio:minio. diff --git a/library/ix-dev/charts/minio/charts/common-1.2.9.tgz b/library/ix-dev/charts/minio/charts/common-1.2.9.tgz new file mode 100644 index 0000000000..ae3f7de881 Binary files /dev/null and b/library/ix-dev/charts/minio/charts/common-1.2.9.tgz differ diff --git a/library/ix-dev/charts/minio/charts/common-2304.0.1.tgz b/library/ix-dev/charts/minio/charts/common-2304.0.1.tgz deleted file mode 100644 index 7c62d116a0..0000000000 Binary files a/library/ix-dev/charts/minio/charts/common-2304.0.1.tgz and /dev/null differ diff --git a/library/ix-dev/charts/minio/ci/basic-values.yaml b/library/ix-dev/charts/minio/ci/basic-values.yaml new file mode 100644 index 0000000000..ab33ace467 --- /dev/null +++ b/library/ix-dev/charts/minio/ci/basic-values.yaml @@ -0,0 +1,20 @@ +minioConfig: + rootUser: super-admin + rootPassword: super-admin-password + +minioNetwork: + apiPort: 31000 + consolePort: 31001 + +minioStorage: + export: + type: pvc + logSearchApi: true + logSearchDiskCapacityGB: 5 + pgData: + type: pvc + pgBackup: + type: emptyDir + emptyDirConfig: + medium: "" + size: "" diff --git a/library/ix-dev/charts/minio/ci/https-values.yaml b/library/ix-dev/charts/minio/ci/https-values.yaml index 4b67b27752..f7a6e2df6c 100644 --- a/library/ix-dev/charts/minio/ci/https-values.yaml +++ b/library/ix-dev/charts/minio/ci/https-values.yaml @@ -1,50 +1,25 @@ -appVolumeMounts: +minioStorage: export: - emptyDir: true - mountPath: /export -distributedIps: [] -distributedMode: false -dnsConfig: - options: [] -emptyDirVolumes: true -environmentVariables: [] -extraAppVolumeMounts: [] -extraArgs: [] -image: - pullPolicy: IfNotPresent - repository: minio/minio - tag: RELEASE.2023-03-13T19-46-17Z -ixChartContext: {} -logSearchImage: - pullPolicy: IfNotPresent - repository: minio/operator - tag: v4.5.4 -logsearchapi: - diskCapacityGB: 5 - enabled: true -minioDomain: null -postgresAppVolumeMounts: - postgres-backup: - emptyDir: true - mountPath: /postgres_backups - postgres-data: - emptyDir: true - mountPath: /var/lib/postgresql/data -postgresql: - backupVolume: - datasetName: ix-postgres_backups - mountPath: /postgres_backups - dataVolume: - datasetName: ix-postgres_data - mountPath: /var/lib/postgresql/data -runAsGroup: 473 -runAsUser: 473 -service: - consolePort: 32325 - nodePort: 32324 -updateStrategy: RollingUpdate + type: pvc + logSearchApi: true + logSearchDiskCapacityGB: 5 + pgData: + type: pvc + pgBackup: + type: emptyDir + emptyDirConfig: + medium: "" + size: "" + +minioConfig: + rootUser: super-admin + rootPassword: super-admin-password + +minioNetwork: + apiPort: 31000 + consolePort: 31001 + certificateID: 1 -certificate: "1" ixCertificates: "1": certificate: | @@ -74,7 +49,6 @@ ixCertificates: x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD diff --git a/library/ix-dev/charts/minio/ci/test-values.yaml b/library/ix-dev/charts/minio/ci/test-values.yaml deleted file mode 100644 index a16c1b8cf0..0000000000 --- a/library/ix-dev/charts/minio/ci/test-values.yaml +++ /dev/null @@ -1,45 +0,0 @@ -appVolumeMounts: - export: - emptyDir: true - mountPath: /export -distributedIps: [] -distributedMode: false -dnsConfig: - options: [] -emptyDirVolumes: true -environmentVariables: [] -extraAppVolumeMounts: [] -extraArgs: [] -image: - pullPolicy: IfNotPresent - repository: minio/minio - tag: RELEASE.2023-03-13T19-46-17Z -ixChartContext: {} -logSearchImage: - pullPolicy: IfNotPresent - repository: minio/operator - tag: v4.5.4 -logsearchapi: - diskCapacityGB: 5 - enabled: true -minioDomain: null -postgresAppVolumeMounts: - postgres-backup: - emptyDir: true - mountPath: /postgres_backups - postgres-data: - emptyDir: true - mountPath: /var/lib/postgresql/data -postgresql: - backupVolume: - datasetName: ix-postgres_backups - mountPath: /postgres_backups - dataVolume: - datasetName: ix-postgres_data - mountPath: /var/lib/postgresql/data -runAsGroup: 473 -runAsUser: 473 -service: - consolePort: 32325 - nodePort: 32324 -updateStrategy: RollingUpdate diff --git a/library/ix-dev/charts/minio/migrations/migrate b/library/ix-dev/charts/minio/migrations/migrate index 155c8ff372..5ec59c3e87 100755 --- a/library/ix-dev/charts/minio/migrations/migrate +++ b/library/ix-dev/charts/minio/migrations/migrate @@ -2,119 +2,101 @@ import json import os import sys -import subprocess -from pathlib import Path - -from middlewared.client import Client -from middlewared.service import ValidationErrors, CallError -def path_in_locked_datasets(path: str) -> bool: - with Client() as c: - return c.call('pool.dataset.path_in_locked_datasets', path) +def migrate_volume(volume): + return { + 'type': 'hostPath', + 'hostPathConfig': { + 'hostPath': volume['hostPath'] + }, + } if volume.get('hostPathEnabled', False) else { + 'type': 'ixVolume', + 'ixVolumeConfig': { + 'datasetName': volume['datasetName'], + }, + } -def get_configured_user_group(path: str) -> dict: - with Client() as c: - return c.call('filesystem.stat', path) +def migrate_common_lib(values): + delete_keys = [ + 'dnsConfig', 'updateStrategy', 'enableResourceLimits', 'cpuLimit', + 'memLimit', 'certificate', 'service', 'environmentVariables', 'minioDomain', + 'accessKey', 'secretKey', 'distributedMode', 'distributedIps', 'logsearchapi', + 'appVolumeMounts', 'extraAppVolumeMounts', 'postgresAppVolumeMounts' + ] + values.update({ + # Migrate Config + 'minioConfig': { + 'rootUser': values['accessKey'], + 'rootPassword': values['secretKey'], + 'domain': values.get('minioDomain', ''), + 'extraArgs': values.get('extraArgs', []), + 'additionalEnvs': [e for e in values.get('environmentVariables', []) if e['name'] not in ['PLEX_UID', 'PLEX_GID'] ], + }, + # Migrate Network + 'minioNetwork': { + 'apiPort': values['service']['nodePort'], + 'consolePort': values['service']['consolePort'], + 'certificateID': values['certificate'], + }, + # Migrate Resources + 'resources': { + 'limits': { + 'cpu': values.get('cpuLimit', '4000m'), + 'memory': values.get('memLimit', '8Gi'), + } + }, + # Migrate DNS + 'podOptions': { + 'dnsConfig': { + 'options': [ + {'name': opt['name'], 'value': opt['value']} + for opt in values.get('dnsConfig', {}).get('options', []) + ] + } + }, + # Migrate Storage + 'minioStorage': { + 'distributedMode': values['distributedMode'] + 'distributedIps': values['distributedIps'] if values['distributedMode'] else [], + 'logSearchApi': values['logsearchapi']['enabled'], + 'logSearchDiskCapacityGB': values['logsearchapi']['diskCapacityGB'] if values['logsearchapi']['enabled'] else 5, + 'export': migrate_volume(values['appVolumeMounts']['export']).update({ + mountPath: values['appVolumeMounts']['export'][mountPath] + }), + 'pgData': migrate_volume(values['postgresAppVolumeMounts']['postgres-data']), + 'pgBackup': migrate_volume(values['postgresAppVolumeMounts']['postgres-backup']), + 'additionalStorages': [ + { + 'type': 'hostPath', + 'hostPathConfig': {'hostPath': e['hostPath']}, + 'mountPath': e['mountPath'], + 'readOnly': e['readOnly'], + } + for e in values.get('extraAppVolumeMounts', []) + ], + }, + }) -def get_host_path_attachments(path: str) -> set: - with Client() as c: - return { - attachment['type'] - for attachment in c.call('pool.dataset.attachments_with_path', path) - if attachment['type'].lower() not in ['kubernetes', 'chart releases'] - } - - -def get_kubernetes_config() -> dict: - with Client() as c: - return c.call('kubernetes.config') - - -def validate_host_path(path: str, schema_name: str, verrors: ValidationErrors) -> None: - """ - These validations are taken from `FilesystemService._common_perm_path_validate`. - Including an additional validation that makes sure all the children under - a path are on same device. - """ - schema_name += ".migration.chown" - p = Path(path) - if not p.is_absolute(): - verrors.add(schema_name, f"Must be an absolute path: {path}") - - if p.is_file(): - verrors.add(schema_name, f"Recursive operations on a file are invalid: {path}") - - if not p.absolute().as_posix().startswith("/mnt/"): - verrors.add( - schema_name, - f"Changes to permissions on paths that are not beneath the directory /mnt are not permitted: {path}" - ) - elif len(p.resolve().parents) == 2: - verrors.add(schema_name, f"The specified path is a ZFS pool mountpoint: {path}") - - # Make sure that dataset is not locked - if path_in_locked_datasets(path): - verrors.add(schema_name, f"Dataset is locked at path: {path}.") - - # Validate attachments - if attachments := get_host_path_attachments(path): - verrors.add(schema_name, f"The path '{path}' is already attached to service(s): {', '.join(attachments)}.") - - # Make sure all the minio's data directory children are on same device. - device_id = os.stat(path).st_dev - for root, dirs, files in os.walk(path): - for child in dirs + files: - abs_path = os.path.join(root, child) - if os.stat(abs_path).st_dev != device_id: - verrors.add( - schema_name, - (f"All the children of MinIO data directory should be on " - f"same device as root: path={abs_path} device={os.stat(abs_path).st_dev}") - ) - break - - -def migrate(values: dict) -> dict: - # minio user / group ID - uid = gid = 473 - verrors = ValidationErrors() - k8s_config = get_kubernetes_config() - if values["appVolumeMounts"]["export"]["hostPathEnabled"]: - host_path = values["appVolumeMounts"]["export"]["hostPath"] - else: - app_dataset = values["appVolumeMounts"]["export"]["datasetName"] - host_path = os.path.join( - "/mnt", k8s_config['dataset'], "releases", values["release_name"], "volumes/ix_volumes", app_dataset - ) - - current_config = get_configured_user_group(host_path) - if current_config["uid"] == uid and current_config["gid"] == gid: - return values - - validate_host_path(host_path, values['release_name'], verrors) - verrors.check() - # chown the host path - acltool = subprocess.run([ - "/usr/bin/nfs4xdr_winacl", - "-a", "chown", - "-O", str(uid), "-G", str(gid), - "-r", - "-c", host_path, - "-p", host_path], check=False, capture_output=True - ) - if acltool.returncode != 0: - raise CallError(f"acltool [chown] on path {host_path} failed with error: [{acltool.stderr.decode().strip()}]") + for k in delete_keys: + values.pop(k, None) return values +def migrate(values): + # If this missing, we have already migrated + if not 'nodePort' in values.keys(): + return values -if __name__ == "__main__": + return migrate_common_lib(values) + + +if __name__ == '__main__': if len(sys.argv) != 2: exit(1) if os.path.exists(sys.argv[1]): - with open(sys.argv[1], "r") as f: + with open(sys.argv[1], 'r') as f: print(json.dumps(migrate(json.loads(f.read())))) diff --git a/library/ix-dev/charts/minio/migrations/migrate_from_1.0.0 b/library/ix-dev/charts/minio/migrations/migrate_from_1.0.0 deleted file mode 100755 index d9772faa1d..0000000000 --- a/library/ix-dev/charts/minio/migrations/migrate_from_1.0.0 +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/python3 -import json -import os -import sys - - -def migrate(values): - if values.get('appVolumeMounts'): - return values - - values.update({ - 'appVolumeMounts': { - 'export': { - 'hostPathEnabled': values['minioHostPathEnabled'], - **({'hostPath': values['minioHostPath']} if values.get('minioHostPath') else {}) - }, - }, - }) - return values - - -if __name__ == '__main__': - if len(sys.argv) != 2: - exit(1) - - if os.path.exists(sys.argv[1]): - with open(sys.argv[1], 'r') as f: - print(json.dumps(migrate(json.loads(f.read())))) diff --git a/library/ix-dev/charts/minio/questions.yaml b/library/ix-dev/charts/minio/questions.yaml index 1ac1e9bb82..587d04987f 100644 --- a/library/ix-dev/charts/minio/questions.yaml +++ b/library/ix-dev/charts/minio/questions.yaml @@ -1,380 +1,634 @@ groups: - - name: "Container Images" - description: "Image to be used for container" - - name: "Workload Configuration" - description: "Configure workload deployment" - - name: "Minio Configuration" - description: "Configure Minio credentials" - - name: "Storage" - description: "Configure Storage for Minio" - - name: "Advanced DNS Settings" - description: "Configure DNS settings" - - name: "Resource Limits" - description: "Set CPU/memory limits for Kubernetes Pod" + - name: Minio Configuration + description: Configure Minio + - name: Advanced Pod Configuration + description: Configure Advanced Pod Options for Minio + - name: Network Configuration + description: Configure Network for Minio + - name: Storage Configuration + description: Configure Storage for Minio + - name: Resources Configuration + description: Configure Resources for Minio portals: web_portal: protocols: - - "$kubernetes-resource_configmap_minio-config_protocol" + - "$kubernetes-resource_configmap_portal_protocol" host: - - "$node_ip" + - "$kubernetes-resource_configmap_portal_host" ports: - - "$variable-service.consolePort" + - "$kubernetes-resource_configmap_portal_port" + path: "$kubernetes-resource_configmap_portal_path" questions: - - - variable: dnsConfig - label: "DNS Configuration" - group: "Advanced DNS Settings" - schema: - type: dict - attrs: - - variable: options - label: "DNS Options" - schema: - type: list - items: - - variable: optionsEntry - label: "Option Entry Configuration" - schema: - type: dict - attrs: - - variable: name - label: "Option Name" - schema: - type: string - required: true - - variable: value - label: "Option Value" - schema: - type: string - required: true - - - variable: updateStrategy - label: "Minio update strategy" - group: "Workload Configuration" - schema: - type: string - default: "Recreate" - enum: - - value: "RollingUpdate" - description: "Create new pods and then kill old ones" - - value: "Recreate" - description: "Kill existing pods before creating new ones" - - - variable: distributedMode - label: "Enable Distributed Mode" - description: "Run Minio instance to connect to a distributed minio cluster" - group: "Minio Configuration" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: distributedIps - label: "Distributed Minio Instance URI(s)" - schema: - type: list - required: true - default: [] - items: - - variable: ip - label: "Distributed Minio Instance URI" - schema: - type: string - empty: false - - - - variable: extraArgs - label: "Minio Extra Arguments" - group: "Minio Configuration" - schema: - type: list - default: [] - items: - - variable: arg - label: "Argument" - schema: - type: string - - - variable: accessKey - label: "Root User" - group: "Minio Configuration" - description: "Enter the S3 Root User" - schema: - type: string - private: true - required: true - min_length: 5 - max_length: 20 - - - variable: secretKey - label: "Root Password" - group: "Minio Configuration" - description: "Enter the S3 Root Password" - schema: - type: string - private: true - required: true - min_length: 8 - max_length: 40 - - - variable: environmentVariables - label: "Minio image environment" - group: "Minio Configuration" - schema: - type: list - default: [] - items: - - variable: environmentVariable - label: "Environment Variable" - schema: - type: dict - attrs: - - variable: name - label: "Name" - schema: - type: string - - variable: value - label: "Value" - schema: - type: string - - - variable: service - description: "Minio Service Configuration" - label: "Minio Service Configuration" - group: "Minio Configuration" - schema: - type: dict - required: true - attrs: - - variable: nodePort - label: "Node Port to use for Minio API" - schema: - type: int - min: 9000 - max: 65535 - default: 9000 - required: true - - variable: consolePort - label: "Node Port to use for Minio UI Access" - schema: - type: int - min: 9000 - max: 65535 - default: 9002 - required: true - - - variable: certificate - description: "Minio Certificate" - label: "Minio Certificate" - group: "Minio Configuration" - schema: - type: int - $ref: - - "definitions/certificate" - - - variable: minioDomain - label: "Minio Domain Name" - description: | - Depending on your setup/environment, you may need to leave this blank. - Check MinIO documentation for more information. - group: "Minio Configuration" - schema: - type: string - default: null - "null": true - show_if: [["certificate", "!=", null]] - - - variable: logsearchapi - label: Log Search API Configuration - description: Log Search API Configuration + - variable: minioConfig + label: "" group: Minio Configuration schema: type: dict attrs: - - variable: enabled - label: Enable Log Search API - description: Enables Log Search API and configures MinIO to use it. It also deploys a postgres DB for it. + - variable: rootUser + label: Root User + description: The root user for Minio. + schema: + type: string + private: true + required: true + min_length: 5 + max_length: 20 + - variable: rootPassword + label: Root Password + description: The root password for Minio. + schema: + type: string + private: true + required: true + min_length: 8 + max_length: 40 + - variable: domain + label: Domain (Optional) + description: | + Depending on your setup/environment, you may need to leave this blank. + Check MinIO documentation for more information. + schema: + type: string + - variable: extraArgs + label: Extra Arguments + description: Extra arguments for Minio. + schema: + type: list + default: [] + items: + - variable: arg + label: Argument + schema: + type: string + required: true + + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for Netdata. + schema: + type: list + default: [] + items: + - variable: env + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: podOptions + label: "" + group: Advanced Pod Configuration + schema: + type: dict + attrs: + - variable: dnsConfig + label: Advanced DNS Configuration + schema: + type: dict + attrs: + - variable: options + label: DNS Options + schema: + type: list + items: + - variable: optionsEntry + label: DNS Option Entry + schema: + type: dict + attrs: + - variable: name + label: Option Name + schema: + type: string + required: true + - variable: value + label: Option Value + schema: + type: string + required: true + + - variable: minioNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: apiPort + label: API Port + description: The port for the Minio API. + schema: + type: int + default: 9000 + min: 9000 + max: 65535 + required: true + - variable: consolePort + label: Console Port + description: The port for the Minio WebUI. + schema: + type: int + default: 9002 + min: 9000 + max: 65535 + required: true + - variable: certificateID + label: Certificate + description: The certificate to use for Minio. + schema: + type: int + "null": true + $ref: + - "definitions/certificate" + + - variable: minioStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: distributedMode + label: Enable Distributed Mode schema: type: boolean default: false - - variable: diskCapacityGB - label: Disk Capacity in GB - description: Capacity in GB that logs are allowed to occupy. + - variable: distributedIps + label: Distributed Minio Instance URI(s) schema: - type: int - show_if: [["enabled", "=", true]] - default: 5 - - - variable: appVolumeMounts - label: "Minio Storage" - group: "Storage" - schema: - type: dict - show_if: [["distributedMode", "=", false]] - attrs: - - variable: export - label: "Data Volume" - schema: - type: dict - attrs: - - variable: datasetName - label: "Minio Data Volume Name" + type: list + show_if: [["distributedMode", "==", true]] + required: true + default: [] + items: + - variable: ip + label: Distributed Minio Instance URI schema: type: string - hidden: true + required: true + - variable: export + label: Minio Export Storage + description: The path to store Minio Export. + schema: + type: dict + show_if: [["distributedMode", "==", true]] + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: mountPath + label: Mount Path + description: The path inside the container to mount the storage. + schema: + type: path + default: /export + required: true + immutable: true + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] $ref: - "normalize/ixVolume" - show_if: [["hostPathEnabled", "=", false]] - default: "ix-minio" - editable: false - - variable: mountPath - label: "Minio Data Mount Path" - description: "Path where the volume will be mounted inside the pod" - schema: - type: path - default: "/export" - immutable: true - - variable: hostPathEnabled - label: "Enable Host Path for Minio Data Volume" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hostPath - label: "Host Path for Minio Data Volume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. schema: - type: hostpath + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string required: true immutable: true + hidden: true + default: "export" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Configuration + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true - - variable: extraAppVolumeMounts - label: "Extra Host Path Volumes" - group: "Storage" - schema: - type: list - items: - - variable: extraAppVolume - label: "Host Path Volume" - description: "Add an extra host path volume for Minio application" + - variable: logSearchApi + label: Enable Log Search API + schema: + type: boolean + default: false + - variable: logSearchDiskCapacityGB + label: Log Search Disk Capacity + schema: + type: int + show_if: [["logSearchApi", "==", true]] + default: 5 + - variable: pgData + label: Minio Postgres Data Storage + description: The path to store Minio Postgres Data. schema: type: dict + show_if: [["logSearchApi", "==", true]] attrs: - - variable: mountPath - label: "Mount Path in Pod" - description: "Path where the volume will be mounted inside the pod" + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. schema: - type: path + type: string required: true - - variable: hostPath - label: "Host Path" - description: "Host path" + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. schema: - type: hostpath + type: dict + # Nothing to show for the user + hidden: true + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + # Postgres does a CHMOD at startup + # Which fails with ACL + hidden: true + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "pgData" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Configuration + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + # Postgres does a CHMOD at startup + # Which fails with ACL + hidden: true + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + - variable: pgBackup + label: Minio Postgres Backup Storage + description: The path to store Minio Postgres Backup. + schema: + type: dict + show_if: [["logSearchApi", "==", true]] + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string required: true + immutable: true + default: ixVolume + enum: + - value: hostPath + description: Host Path (Path that already exists on the system) + - value: ixVolume + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + # Nothing to show for the user + hidden: true + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + # Postgres does a CHMOD at startup + # Which fails with ACL + hidden: true + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "pgBackup" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Configuration + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + # Postgres does a CHMOD at startup + # Which fails with ACL + hidden: true + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true - - variable: postgresAppVolumeMounts - label: Postgres Storage - group: Storage + - variable: additionalStorages + label: Additional Storage + description: Additional storage for Minio. + schema: + type: list + default: [] + items: + - variable: storageEntry + label: Storage Entry + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
+ SMB Share: Is a SMB share that is mounted to a persistent volume claim. + schema: + type: string + required: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - value: "smb-pv-pvc" + description: SMB Share (Mounts a persistent volume claim to a SMB share) + - variable: readOnly + label: Read Only + description: Mount the volume as read only. + schema: + type: boolean + default: false + - variable: mountPath + label: Mount Path + description: The path inside the container to mount the storage. + schema: + type: path + required: true + - variable: hostPathConfig + label: Host Path Configuration + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + default: "storage_entry" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: smbConfig + label: SMB Share Configuration + description: The configuration for the SMB Share. + schema: + type: dict + show_if: [["type", "=", "smb-pv-pvc"]] + attrs: + - variable: server + label: Server + description: The server for the SMB share. + schema: + type: string + required: true + - variable: share + label: Share + description: The share name for the SMB share. + schema: + type: string + required: true + - variable: domain + label: Domain (Optional) + description: The domain for the SMB share. + schema: + type: string + - variable: username + label: Username + description: The username for the SMB share. + schema: + type: string + required: true + - variable: password + label: Password + description: The password for the SMB share. + schema: + type: string + required: true + private: true + - variable: size + label: Size (in Gi) + description: The size of the volume quota. + schema: + type: int + required: true + min: 1 + default: 1 + + - variable: resources + group: Resources Configuration + label: "" schema: type: dict attrs: - - variable: postgres-data - label: Postgres Data Volume + - variable: limits + label: Limits schema: type: dict attrs: - - variable: datasetName - label: Postgres Data Volume Name + - variable: cpu + label: CPU + description: CPU limit for WG-Easy. schema: type: string - hidden: true - $ref: - - normalize/ixVolume - default: ix-postgres_data - show_if: [["hostPathEnabled", "=", false]] - editable: false - - variable: mountPath - label: Postgresql Data Mount Path - description: Path where the volume will be mounted inside the pod - schema: - type: path - hidden: true - editable: false - default: /var/lib/postgresql/data - - variable: hostPathEnabled - label: Enable Host Path for Postgres Data Volume - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hostPath - label: Host Path for Postgres Data Volume - schema: - type: hostpath - required: true - immutable: true - - - variable: postgres-backup - label: Postgres Backup Volume - schema: - type: dict - attrs: - - variable: datasetName - label: Postgres Backup Volume Name + max_length: 6 + valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$' + valid_chars_error: | + Valid CPU limit formats are
+ - Plain Integer - eg. 1
+ - Float - eg. 0.5
+ - Milicpu - eg. 500m + default: "4000m" + required: true + - variable: memory + label: Memory + description: Memory limit for WG-Easy. schema: type: string - hidden: true - $ref: - - normalize/ixVolume - default: ix-postgres_backups - show_if: [["hostPathEnabled", "=", false]] - editable: false - - variable: mountPath - label: Postgresql Backup Mount Path - description: Path where the volume will be mounted inside the pod - schema: - type: path - hidden: true - editable: false - default: /postgres_backups - - variable: hostPathEnabled - label: Enable Host Path for Postgres Backup Volume - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hostPath - label: Host Path for Postgres Backup Volume - schema: - type: hostpath - required: true - - - variable: enableResourceLimits - label: "Enable Pod resource limits" - group: "Resource Limits" - schema: - type: boolean - default: false - - variable: cpuLimit - label: "CPU Limit" - description: "CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100." - group: "Resource Limits" - schema: - type: string - show_if: [["enableResourceLimits", "=", true]] - valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)" - default: "4000m" - - variable: memLimit - label: "Memory Limit" - group: "Resource Limits" - description: "Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi" - schema: - type: string - show_if: [["enableResourceLimits", "=", true]] - valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - default: "8Gi" + max_length: 12 + valid_chars: "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$" + valid_chars_error: | + Valid Memory limit formats are
+ - Suffixed with E/P/T/G/M/K - eg. 1G
+ - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
+ - Plain Integer in bytes - eg. 1024
+ - Exponent - eg. 134e6 + default: "8Gi" + required: true diff --git a/library/ix-dev/charts/minio/templates/NOTES.txt b/library/ix-dev/charts/minio/templates/NOTES.txt index 88e8e93ef8..ba4e01146c 100644 --- a/library/ix-dev/charts/minio/templates/NOTES.txt +++ b/library/ix-dev/charts/minio/templates/NOTES.txt @@ -1,2 +1 @@ -Minio can be accessed from the following URL: -http://$node_ip:{{ .Values.service.nodePort }}/ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/library/ix-dev/charts/minio/templates/_cert.tpl b/library/ix-dev/charts/minio/templates/_cert.tpl deleted file mode 100644 index f34777f65a..0000000000 --- a/library/ix-dev/charts/minio/templates/_cert.tpl +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -Formats volumeMount for Minio tls keys and trusted certs -*/}} -{{- define "minio.tlsKeysVolumeMount" -}} -{{- if eq (include "minio.certAvailable" .) "true" -}} -- name: cert-secret-volume - mountPath: "/etc/minio/certs" -- name: trusted-cert-secret-volume - mountPath: "/etc/minio/certs/CAs" -{{- end }} -{{- end -}} - -{{/* -Formats volume for Minio tls keys and trusted certs -*/}} -{{- define "minio.tlsKeysVolume" -}} -{{- if eq (include "minio.certAvailable" .) "true" -}} -- name: cert-secret-volume - secret: - secretName: {{ include "minio.secretName" . }} - items: - - key: certPublicKey - path: public.crt - - key: certPrivateKey - path: private.key -- name: trusted-cert-secret-volume - secret: - secretName: {{ include "minio.secretName" . }} - items: - - key: certPublicKey - path: public.crt -{{- end }} -{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/_configuration.tpl b/library/ix-dev/charts/minio/templates/_configuration.tpl new file mode 100644 index 0000000000..9e4d9f85df --- /dev/null +++ b/library/ix-dev/charts/minio/templates/_configuration.tpl @@ -0,0 +1,91 @@ +{{- define "minio.configuration" -}} + + {{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}} + + {{- $auditToken := randAlphaNum 32 -}} + {{- $queryToken := randAlphaNum 32 -}} + {{/* Fetch secrets from pre-migration secret */}} + {{- with (lookup "v1" "Secret" .Release.Namespace "logsearchapi-details") -}} + {{- $auditToken = ((index .data "auditToken") | b64dec) -}} + {{- $queryToken = ((index .data "queryToken") | b64dec) -}} + {{- end -}} + + {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-logsearch-creds" $fullname)) -}} + {{- $auditToken = ((index .data "LOGSEARCH_AUDIT_AUTH_TOKEN") | b64dec) -}} + {{- $queryToken = ((index .data "MINIO_LOG_QUERY_AUTH_TOKEN") | b64dec) -}} + {{- end -}} + {{- $queryURL := printf "http://%v-log:8080" $fullname -}} + {{- $webhookURL := printf "http://%v-log:8080/api/ingest?token=%v" $fullname $auditToken -}} + + {{/* DB details */}} + {{- $dbHost := (printf "%s-postgres" $fullname) -}} + {{- $dbUser := "logsearchapi" -}} + {{- $dbName := "logsearchapi" -}} + {{- $dbPass := randAlphaNum 32 -}} + + {{/* Fetch secrets from pre-migration secret */}} + {{- $tmpBackupHost := "" -}} + {{- with (lookup "v1" "Secret" .Release.Namespace "postgres-details") -}} + {{- $dbPass = ((index .data "db_password") | b64dec) -}} + {{- $tmpBackupHost = ((index .data "postgresHost") | b64dec) -}} + {{- end -}} + + {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}} + {{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}} + {{- end -}} + + {{/* Temporary set dynamic db details on values, + so we can print them on the notes */}} + {{- $_ := set .Values "minioDbPass" $dbPass -}} + {{- $_ := set .Values "minioDbHost" $dbHost -}} + + {{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }} +secret: + minio-creds: + enabled: true + data: + MINIO_ROOT_USER: {{ .Values.minioConfig.rootUser | quote }} + MINIO_ROOT_PASSWORD: {{ .Values.minioConfig.rootPassword | quote }} + + {{ if and .Values.minioNetwork.certificateID .Values.minioConfig.domain }} + MINIO_BROWSER_REDIRECT_URL: {{ printf "https://%s:%v" .Values.minioConfig.domain .Values.minioNetwork.consolePort }} + MINIO_SERVER_URL: {{ printf "https://%s:%v" .Values.minioConfig.domain .Values.minioNetwork.apiPort }} + {{ end }} + + {{ if .Values.minioStorage.logSearchApi }} + MINIO_LOG_QUERY_AUTH_TOKEN: {{ $queryToken }} + MINIO_LOG_QUERY_URL: {{ $queryURL }} + MINIO_AUDIT_WEBHOOK_ENDPOINT_ix-logsearch: {{ $webhookURL }} + MINIO_AUDIT_WEBHOOK_ENABLE_ix-logsearch: "on" + {{ end }} + + logsearch-creds: + enabled: true + data: + MINIO_LOG_QUERY_AUTH_TOKEN: {{ $queryToken | quote }} + LOGSEARCH_AUDIT_AUTH_TOKEN: {{ $auditToken | quote }} + LOGSEARCH_PG_CONN_STR: {{ $dbURL | quote }} + LOGSEARCH_DISK_CAPACITY_GB: {{ .Values.minioStorage.logSearchDiskCapacityGB | quote }} + postgres-creds: + enabled: true + data: + POSTGRES_USER: {{ $dbUser }} + POSTGRES_DB: {{ $dbName }} + POSTGRES_PASSWORD: {{ $dbPass }} + POSTGRES_HOST: {{ $dbHost }} + POSTGRES_URL: {{ $dbURL }} + {{- if eq (include "minio.is-migration" $) "true" }} + postgres-backup-creds: + enabled: true + annotations: + helm.sh/hook: "pre-upgrade" + helm.sh/hook-delete-policy: "hook-succeeded" + helm.sh/hook-weight: "1" + data: + POSTGRES_USER: {{ $dbUser }} + POSTGRES_DB: {{ $dbName }} + POSTGRES_PASSWORD: {{ $dbPass }} + POSTGRES_HOST: {{ $tmpBackupHost }} + POSTGRES_URL: {{ printf "postgres://%s:%s@%s-pg:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName }} + {{- end }} +{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/_helpers.tpl b/library/ix-dev/charts/minio/templates/_helpers.tpl deleted file mode 100644 index 4dcb8c5dd9..0000000000 --- a/library/ix-dev/charts/minio/templates/_helpers.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Determine secret name. -*/}} -{{- define "minio.secretName" -}} -{{- include "common.names.fullname" . -}} -{{- end -}} - - -{{/* -Retrieve true/false if minio certificate is configured -*/}} -{{- define "minio.certAvailable" -}} -{{- if .Values.certificate -}} -{{- $values := (. | mustDeepCopy) -}} -{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} -{{- template "common.resources.cert_present" $values -}} -{{- else -}} -{{- false -}} -{{- end -}} -{{- end -}} - - -{{/* -Retrieve public key of minio certificate -*/}} -{{- define "minio.cert.publicKey" -}} -{{- $values := (. | mustDeepCopy) -}} -{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}} -{{ include "common.resources.cert" $values }} -{{- end -}} - - -{{/* -Retrieve private key of minio certificate -*/}} -{{- define "minio.cert.privateKey" -}} -{{- $values := (. | mustDeepCopy) -}} -{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} -{{ include "common.resources.cert" $values }} -{{- end -}} - - -{{/* -Retrieve scheme/protocol for minio -*/}} -{{- define "minio.scheme" -}} -{{- if eq (include "minio.certAvailable" .) "true" -}} -{{- print "https" -}} -{{- else -}} -{{- print "http" -}} -{{- end -}} -{{- end -}} - - -{{/* -Retrieve command for minio application -*/}} -{{- define "minio.commandArgs" -}} -{{- $arg := (printf "/usr/bin/docker-entrypoint.sh minio -S /etc/minio/certs server --console-address=':%d'" (.Values.service.consolePort | int)) -}} -{{- if .Values.distributedMode -}} -{{- cat $arg (join " " (concat (.Values.distributedIps | default list) (.Values.extraArgs | default list))) -}} -{{- else -}} -{{- cat $arg ((concat (list (printf "--address ':%d'" (.Values.service.nodePort | int))) (list (printf "%s" .Values.appVolumeMounts.export.mountPath)) (.Values.extraArgs | default list)) | join " ") -}} -{{- end -}} -{{- end -}} - - -{{/* -Enable host networking -*/}} -{{- define "minio.hostNetworking" -}} -{{- if .Values.distributedMode -}} -{{- print "true" -}} -{{- else -}} -{{- print "false" -}} -{{- end -}} -{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/_logsearch.tpl b/library/ix-dev/charts/minio/templates/_logsearch.tpl new file mode 100644 index 0000000000..67ff197641 --- /dev/null +++ b/library/ix-dev/charts/minio/templates/_logsearch.tpl @@ -0,0 +1,40 @@ +{{- define "logsearchapi.workload" -}} +workload: + logsearchapi: + enabled: true + type: Deployment + podSpec: + hostNetwork: false + containers: + logsearchapi: + enabled: true + primary: true + imageSelector: logSearchImage + securityContext: + runAsUser: 473 + runAsGroup: 473 + command: + - /logsearchapi + envFrom: + - secretRef: + name: logsearch-creds + probes: + liveness: + enabled: true + type: http + path: /status + port: 8080 + readiness: + enabled: true + type: http + path: /status + port: 8080 + startup: + enabled: true + type: http + path: /status + port: 8080 + initContainers: + {{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait" + "secretName" "postgres-creds") | nindent 8 }} +{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/_logsearchapi.tpl b/library/ix-dev/charts/minio/templates/_logsearchapi.tpl deleted file mode 100644 index 7ca162d970..0000000000 --- a/library/ix-dev/charts/minio/templates/_logsearchapi.tpl +++ /dev/null @@ -1,34 +0,0 @@ -{{- define "logsearchapi.imageName" -}} -{{- printf "%s:%s" .Values.logSearchImage.repository .Values.logSearchImage.tag -}} -{{- end -}} - -{{- define "logsearchapi.nameSuffix" -}} -{{- print "logsearchapi" -}} -{{- end -}} - -{{- define "logsearchapi.command" -}} -{{- print "/logsearchapi" -}} -{{- end -}} - -{{- define "logsearchapi.secretName" -}} -{{- print "logsearchapi-details" -}} -{{- end -}} - -{{- define "logsearchapi.envVariableConfiguration" -}} -{{- $envList := list -}} -{{- $secretName := (include "logsearchapi.secretName" .) -}} -{{- $postgresSecretName := (include "postgres.secretName" .) -}} -{{- $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_AUTH_TOKEN" "valueFromSecret" true "secretName" $secretName "secretKey" "queryToken") -}} -{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_AUDIT_AUTH_TOKEN" "valueFromSecret" true "secretName" $secretName "secretKey" "auditToken") -}} -{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_PG_CONN_STR" "valueFromSecret" true "secretName" $postgresSecretName "secretKey" "postgresURL") -}} -{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_DISK_CAPACITY_GB" "value" .Values.logsearchapi.diskCapacityGB) -}} -{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}} -{{- end -}} - -{{/* Used in the minio init container (checks that logsearchapi is available) */}} -{{- define "logsearchapiInit.envVariableConfiguration" -}} -{{- $envList := list -}} -{{- $secretName := (include "logsearchapi.secretName" .) -}} -{{- $envList = mustAppend $envList (dict "name" "apiURL" "valueFromSecret" true "secretName" $secretName "secretKey" "logQueryURL") -}} -{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}} -{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/_migration.tpl b/library/ix-dev/charts/minio/templates/_migration.tpl new file mode 100644 index 0000000000..dfd7eb5a15 --- /dev/null +++ b/library/ix-dev/charts/minio/templates/_migration.tpl @@ -0,0 +1,48 @@ +{{- define "minio.get-versions" -}} + {{- $oldChartVersion := "" -}} + {{- $newChartVersion := "" -}} + + {{/* Safely access the context, so it wont block CI */}} + {{- if hasKey .Values.global "ixChartContext" -}} + {{- if .Values.global.ixChartContext.upgradeMetadata -}} + + {{- $oldChartVersion = .Values.global.ixChartContext.upgradeMetadata.oldChartVersion -}} + {{- $newChartVersion = .Values.global.ixChartContext.upgradeMetadata.newChartVersion -}} + {{- if and (not $oldChartVersion) (not $newChartVersion) -}} + {{- fail "Upgrade Metadata is missing. Cannot proceed" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- toYaml (dict "old" $oldChartVersion "new" $newChartVersion) -}} +{{- end -}} + +{{- define "minio.migration" -}} + {{- $versions := (fromYaml (include "minio.get-versions" $)) -}} + {{- if and $versions.old $versions.new -}} + {{- $oldV := semver $versions.old -}} + {{- $newV := semver $versions.new -}} + + {{/* If new is v2.x.x */}} + {{- if eq ($newV.Major | int) 2 -}} + {{/* And old is v1.x.x, but lower than .7.24 */}} + {{- if and (eq $oldV.Major 1) (or (ne $oldV.Minor 7) (lt ($oldV.Patch | int) 24)) -}} + {{/* Block the upgrade */}} + {{- fail "Migration to 2.x.x is only allowed from 1.7.24 or higher" -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "minio.is-migration" -}} + {{- $isMigration := "" -}} + {{- $versions := (fromYaml (include "minio.get-versions" $)) -}} + {{- if $versions.old -}} + {{- $oldV := semver $versions.old -}} + {{- if and (eq $oldV.Major 1) (or (ne $oldV.Minor 7) (lt ($oldV.Patch | int) 24)) -}} + {{- $isMigration = "true" -}} + {{- end -}} + {{- end -}} + + {{- $isMigration -}} +{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/_minio.tpl b/library/ix-dev/charts/minio/templates/_minio.tpl new file mode 100644 index 0000000000..3ed1143ace --- /dev/null +++ b/library/ix-dev/charts/minio/templates/_minio.tpl @@ -0,0 +1,93 @@ +{{- define "minio.workload" -}} +{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}} +{{- $logapi := printf "http://%v-log:8080" $fullname -}} +workload: + minio: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: {{ .Values.minioStorage.distributedMode }} + containers: + minio: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: 473 + runAsGroup: 473 + # readOnlyRootFilesystem: false + env: + MINIO_VOLUMES: /export + args: + - server + - --console-address + - {{ printf ":%v" .Values.minioNetwork.consolePort | quote }} + {{- if .Values.minioStorage.distributedMode }} + {{- range .Values.minioStorage.distributedIps }} + - {{ quote . }} + {{- end }} + {{- else }} + - "--address" + - {{ printf ":%v" .Values.minioNetwork.apiPort | quote }} + {{- end }} + {{- if .Values.minioNetwork.certificateID }} + - "--certs-dir" + - "/etc/minio/certs" + {{- end }} + {{- range .Values.minioConfig.extraArgs }} + - {{ quote . }} + {{ end }} + envFrom: + - secretRef: + name: minio-creds + {{ with .Values.minioConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + {{- $proto := "http" -}} + {{- if .Values.minioNetwork.certificateID -}} + {{- $proto = "https" -}} + {{- end }} + liveness: + enabled: true + type: {{ $proto }} + path: /minio/health/live + port: {{ .Values.minioNetwork.consolePort }} + readiness: + enabled: true + type: {{ $proto }} + path: /minio/health/live + port: {{ .Values.minioNetwork.consolePort }} + startup: + enabled: true + type: {{ $proto }} + path: /minio/health/live + port: {{ .Values.minioNetwork.consolePort }} + initContainers: + {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions" + "UID" 473 + "GID" 473 + "mode" "check" + "type" "init") | nindent 8 }} + wait-api: + enabled: true + type: init + imageSelector: bashImage + command: + - bash + args: + - -c + - | + echo "Waiting for [{{ $logapi }}]"; + until wget --spider --quiet --timeout=3 --tries=1 {{ $logapi }}/status; + do + echo "Waiting for [{{ $logapi }}]"; + sleep 2; + done + echo "API is up: {{ $logapi }}"; +{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/_persistence.tpl b/library/ix-dev/charts/minio/templates/_persistence.tpl new file mode 100644 index 0000000000..b08b941a2c --- /dev/null +++ b/library/ix-dev/charts/minio/templates/_persistence.tpl @@ -0,0 +1,77 @@ +{{- define "minio.persistence" -}} +persistence: + export: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.minioStorage.export) | nindent 4 }} + targetSelector: + minio: + minio: + mountPath: {{ .Values.minioStorage.export.mountPath }} + {{- if and (eq .Values.minioStorage.export.type "ixVolume") + (not (.Values.minioStorage.export.ixVolumeConfig | default dict).aclEnable) }} + 01-permissions: + mountPath: /mnt/directories/export + {{- end }} + tmp: + enabled: true + type: emptyDir + targetSelector: + minio: + minio: + mountPath: /tmp + {{- range $idx, $storage := .Values.minioStorage.additionalStorages }} + {{ printf "minio-%v:" (int $idx) }} + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }} + targetSelector: + minio: + minio: + mountPath: {{ $storage.mountPath }} + {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }} + 01-permissions: + mountPath: /mnt/directories{{ $storage.mountPath }} + {{- end }} + {{- end }} + + {{- include "ix.v1.common.app.postgresPersistence" + (dict "pgData" .Values.minioStorage.pgData + "pgBackup" .Values.minioStorage.pgBackup + ) | nindent 2 }} + + {{- if .Values.minioNetwork.certificateID }} + cert: + enabled: true + type: secret + objectName: minio-cert + defaultMode: "0600" + items: + - key: tls.key + path: private.key + - key: tls.crt + path: public.crt + targetSelector: + minio: + minio: + mountPath: /etc/minio/certs + readOnly: true + certca: + enabled: true + type: secret + objectName: minio-cert + defaultMode: "0600" + items: + - key: tls.crt + path: public.crt + targetSelector: + minio: + minio: + mountPath: /etc/minio/certs/CAs + readOnly: true + +scaleCertificate: + minio-cert: + enabled: true + id: {{ .Values.minioNetwork.certificateID }} + {{- end }} + +{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/_portal.tpl b/library/ix-dev/charts/minio/templates/_portal.tpl new file mode 100644 index 0000000000..66cfecf247 --- /dev/null +++ b/library/ix-dev/charts/minio/templates/_portal.tpl @@ -0,0 +1,16 @@ +{{- define "minio.portal" -}} + {{- $proto := "http" -}} + {{- if .Values.minioNetwork.certificateID -}} + {{- $proto = "https" -}} + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal +data: + path: / + port: {{ .Values.minioNetwork.consolePort | quote }} + protocol: {{ $proto }} + host: "$node_ip" +{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/_postgres.tpl b/library/ix-dev/charts/minio/templates/_postgres.tpl index 63b577ee1c..c1f3f393df 100644 --- a/library/ix-dev/charts/minio/templates/_postgres.tpl +++ b/library/ix-dev/charts/minio/templates/_postgres.tpl @@ -1,71 +1,12 @@ -{{- define "postgres.imageName" -}} -{{- print "postgres:14.5" -}} -{{- end -}} - -{{- define "postgres.nameSuffix" -}} -{{- print "postgres" -}} -{{- end -}} - -{{- define "postgres.secretName" -}} -{{- print "postgres-details" -}} -{{- end -}} - -{{- define "postgres.dbName" -}} -{{- print "logsearchapi" -}} -{{- end -}} - -{{- define "postgres.dbUser" -}} -{{- print "logsearchapi" -}} -{{- end -}} - -{{/* -Retrieve postgres backup name -This will return a unique name based on revision and chart numbers specified. -*/}} -{{- define "postgres.backupName" -}} -{{- $upgradeDict := .Values.ixChartContext.upgradeMetadata -}} -{{- printf "postgres-backup-from-%s-to-%s-revision-%d" $upgradeDict.oldChartVersion $upgradeDict.newChartVersion (int64 $upgradeDict.preUpgradeRevision) -}} -{{- end -}} - -{{- define "postgres.envVariableConfiguration" -}} -{{- $envList := list -}} -{{- $secretName := (include "postgres.secretName" .) -}} -{{- $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "db_user") -}} -{{- $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "valueFromSecret" true "secretName" $secretName "secretKey" "db_name") -}} -{{- $envList = mustAppend $envList (dict "name" "POSTGRES_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "db_password") -}} -{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}} -{{- end -}} - -{{- define "postgresBackup.envVariableConfiguration" -}} -{{- $envList := list -}} -{{- $secretName := (include "postgres.secretName" .) -}} -{{- $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "db_user") -}} -{{- $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "valueFromSecret" true "secretName" $secretName "secretKey" "db_name") -}} -{{/* PGPASSWORD is used by pg_dump */}} -{{- $envList = mustAppend $envList (dict "name" "PGPASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "db_password") -}} -{{- $envList = mustAppend $envList (dict "name" "pgHost" "valueFromSecret" true "secretName" $secretName "secretKey" "postgresHost") -}} -{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}} -{{- end -}} - -{{/* Used in the logsearchapi init container (checks that postgres is available) */}} -{{- define "postgresInit.envVariableConfiguration" -}} -{{- $envList := list -}} -{{- $secretName := (include "postgres.secretName" .) -}} -{{- $envList = mustAppend $envList (dict "name" "pgHost" "valueFromSecret" true "secretName" $secretName "secretKey" "postgresHost") -}} -{{- $envList = mustAppend $envList (dict "name" "pguser" "valueFromSecret" true "secretName" $secretName "secretKey" "db_user") -}} -{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}} -{{- end -}} - -{{/* -Retrieve postgres volume configuration -*/}} -{{- define "postgres.volumeConfiguration" -}} -{{ include "common.storage.configureAppVolumes" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts "emptyDirVolumes" .Values.emptyDirVolumes "ixVolumes" .Values.ixVolumes) | nindent 0 }} -{{- end -}} - -{{/* -Retrieve postgres volume mounts configuration -*/}} -{{- define "postgres.volumeMountsConfiguration" -}} -{{ include "common.storage.configureAppVolumeMountsInContainer" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts ) | nindent 0 }} +{{- define "postgres.workload" -}} + {{- $backupSecretName := "postgres-creds" -}} + {{- if eq (include "minio.is-migration" $) "true" }} + {{- $backupSecretName = "postgres-backup-creds" -}} + {{- end }} +workload: +{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds" + "backupSecretName" $backupSecretName + "resources" .Values.resources + "imageSelector" "logPostgresImage" + "ixChartContext" .Values.ixChartContext) | nindent 2 }} {{- end -}} diff --git a/library/ix-dev/charts/minio/templates/_service.tpl b/library/ix-dev/charts/minio/templates/_service.tpl new file mode 100644 index 0000000000..5ca378174d --- /dev/null +++ b/library/ix-dev/charts/minio/templates/_service.tpl @@ -0,0 +1,33 @@ +{{- define "minio.service" -}} +service: + minio: + enabled: true + primary: true + type: NodePort + targetSelector: minio + ports: + console: + enabled: true + primary: true + port: {{ .Values.minioNetwork.consolePort }} + nodePort: {{ .Values.minioNetwork.consolePort }} + targetSelector: minio + api: + enabled: true + port: {{ .Values.minioNetwork.apiPort }} + nodePort: {{ .Values.minioNetwork.apiPort }} + targetSelector: minio + {{ if .Values.minioStorage.logSearchApi }} + log: + enabled: true + type: ClusterIP + targetSelector: logsearchapi + ports: + log: + enabled: true + port: 8080 + targetPort: 8080 + targetSelector: logsearchapi + {{- include "ix.v1.common.app.postgresService" $ | nindent 2 }} + {{ end }} +{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/backup-postgres-config.yaml b/library/ix-dev/charts/minio/templates/backup-postgres-config.yaml deleted file mode 100644 index e5892b8222..0000000000 --- a/library/ix-dev/charts/minio/templates/backup-postgres-config.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: postgres-backup-hook-config-map - annotations: - rollme: {{ randAlphaNum 5 | quote }} -data: - entrypoint.sh: |- - #!/bin/sh - cmd="/docker-entrypoint.sh postgres" - eval "${cmd}" & disown; - until pg_isready -U "$POSTGRES_USER" -h "$pgHost"; do - sleep 5; - done; - pg_dump -U "$POSTGRES_USER" -d "$POSTGRES_DB" -h "$pgHost" -f /postgres_backups/$BACKUP_NAME.sql; diff --git a/library/ix-dev/charts/minio/templates/backup-postgres-hook.yaml b/library/ix-dev/charts/minio/templates/backup-postgres-hook.yaml deleted file mode 100644 index 5a576900b3..0000000000 --- a/library/ix-dev/charts/minio/templates/backup-postgres-hook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.logsearchapi.enabled -}} -{{- if .Values.ixChartContext.isUpgrade -}} -{{ $values := (. | mustDeepCopy) }} -{{ $_ := set $values "common" (dict "nameSuffix" (include "postgres.nameSuffix" .)) }} -apiVersion: batch/v1 -kind: Job -metadata: - name: pre-upgrade-hook - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded - rollme: {{ randAlphaNum 5 | quote }} -spec: - template: - metadata: - name: pre-upgrade-hook - spec: - restartPolicy: Never - containers: - - name: {{ .Chart.Name }}-postgres-backup - image: {{ include "postgres.imageName" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: {{ include "postgresBackup.envVariableConfiguration" $values | nindent 10 }} - - name: BACKUP_NAME - value: {{ include "postgres.backupName" . }} - volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }} - - name: backup-script-configmap - mountPath: /bin/backup_entrypoint.sh - readOnly: true - subPath: entrypoint.sh - command: - - /bin/backup_entrypoint.sh - volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }} - - name: backup-script-configmap - configMap: - defaultMode: 0700 - name: postgres-backup-hook-config-map -{{- end -}} -{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/common.yaml b/library/ix-dev/charts/minio/templates/common.yaml new file mode 100644 index 0000000000..cf48d7d300 --- /dev/null +++ b/library/ix-dev/charts/minio/templates/common.yaml @@ -0,0 +1,18 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{- include "minio.migration" $ -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "minio.service" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "minio.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "minio.persistence" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "minio.configuration" $ | fromYaml) -}} +{{- if .Values.minioStorage.logSearchApi -}} + {{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}} + {{- $_ := mustMergeOverwrite .Values (include "logsearchapi.workload" $ | fromYaml) -}} +{{- end -}} + +{{/* Create the configmap for portal manually*/}} +{{- include "minio.portal" $ -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/library/ix-dev/charts/minio/templates/configmap.yaml b/library/ix-dev/charts/minio/templates/configmap.yaml deleted file mode 100644 index 98a62a3890..0000000000 --- a/library/ix-dev/charts/minio/templates/configmap.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: minio-config -data: - protocol: {{ include "minio.scheme" . }} diff --git a/library/ix-dev/charts/minio/templates/deployment.yaml b/library/ix-dev/charts/minio/templates/deployment.yaml deleted file mode 100644 index 2eaee3d75c..0000000000 --- a/library/ix-dev/charts/minio/templates/deployment.yaml +++ /dev/null @@ -1,134 +0,0 @@ -{{ include "common.storage.hostPathValidate" .Values }} -{{ $logsearchValues := (. | mustDeepCopy) }} -{{ $_ := set $logsearchValues "common" (dict "nameSuffix" (include "logsearchapi.nameSuffix" .)) }} -apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }}-minio - labels: - app: {{ template "common.names.name" . }} - release: {{ .Release.Name }} - app.kubernetes.io/name: {{ template "common.names.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - annotations: - rollme: {{ randAlphaNum 5 | quote }} -spec: - replicas: {{ (default 1 .Values.replicas) }} - strategy: - type: {{ (default "Recreate" .Values.updateStrategy ) }} - selector: - matchLabels: - app: {{ template "common.names.name" . }} - release: {{ .Release.Name }} - app.kubernetes.io/name: {{ template "common.names.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.selectorLabels" . | nindent 8 }} - annotations: {{ include "common.annotations" . | nindent 8 }} - spec: - securityContext: - runAsUser: {{ .Values.runAsUser }} - runAsGroup: {{ .Values.runAsGroup }} - serviceAccountName: {{ include "common.names.serviceAccountName" . | quote }} - hostNetwork: {{ include "minio.hostNetworking" . }} - {{ if .Values.logsearchapi.enabled }} - initContainers: - - name: {{ .Chart.Name }}-waitapi - image: alpine/curl - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: {{ include "logsearchapiInit.envVariableConfiguration" $logsearchValues | nindent 10 }} - command: - - sh - - -c - - "until curl --silent $apiURL/status; do sleep 2; done" - {{ end }} - containers: - - name: {{ .Chart.Name }} - {{ include "common.resources.limitation" . | nindent 10 }} - {{ include "common.containers.imageConfig" .Values.image | nindent 10 }} - {{ if hasKey .Values "appVolumeMounts" }} - volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} - {{ else }} - volumeMounts: - {{ end }} - {{- include "minio.tlsKeysVolumeMount" . | nindent 12 }} - {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - - name: extrappvolume-{{ $index }} - mountPath: {{ $hostPathConfiguration.mountPath }} - {{ end }} - command: - - "/bin/sh" - - "-ce" - - {{ include "minio.commandArgs" . }} - ports: - - name: api - containerPort: {{ .Values.service.nodePort | int }} - - name: console - containerPort: {{ .Values.service.consolePort | int }} - readinessProbe: - httpGet: - path: /minio/health/live - port: {{ .Values.service.consolePort | int }} - scheme: {{ include "minio.scheme" . | upper }} - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 2 - livenessProbe: - httpGet: - path: /minio/health/live - port: {{ .Values.service.consolePort | int }} - scheme: {{ include "minio.scheme" . | upper }} - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 1 - startupProbe: - httpGet: - path: /minio/health/live - port: {{ .Values.service.consolePort | int }} - scheme: {{ include "minio.scheme" . | upper }} - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 2 - failureThreshold: 60 - successThreshold: 1 - env: - {{ $secretName := (include "minio.secretName" .) }} - {{ $envList := (default list .Values.environmentVariables) }} - {{ if and (eq (include "minio.certAvailable" .) "true") .Values.minioDomain }} - {{ $envList = mustAppend $envList (dict "name" "MINIO_BROWSER_REDIRECT_URL" "value" (printf "%s://%s:%d" (include "minio.scheme" .) .Values.minioDomain (.Values.service.consolePort | int))) }} - {{ $envList = mustAppend $envList (dict "name" "MINIO_SERVER_URL" "value" (printf "%s://%s:%d" (include "minio.scheme" .) .Values.minioDomain (.Values.service.nodePort | int))) }} - {{ end }} - {{ $envList = mustAppend $envList (dict "name" "MINIO_ROOT_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "accesskey") }} - {{ $envList = mustAppend $envList (dict "name" "MINIO_ROOT_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "secretkey") }} - {{ if .Values.logsearchapi.enabled }} - {{/* - We can put any ID we want here. Just make sure it's unique - It can be rolled on each startup without problems, or se can set a static one. - */}} - {{ $webhookID := (printf "ix-%v" (randAlphaNum 5)) }} - {{ $logsearchSecretName := (include "logsearchapi.secretName" .) }} - {{ $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_AUTH_TOKEN" "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "queryToken") }} - {{ $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_URL" "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "logQueryURL") }} - {{ $envList = mustAppend $envList (dict "name" (printf "MINIO_AUDIT_WEBHOOK_ENDPOINT_%v" $webhookID) "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "webhookURL") }} - {{ $envList = mustAppend $envList (dict "name" (printf "MINIO_AUDIT_WEBHOOK_ENABLE_%v" $webhookID) "value" "on") }} - {{ end }} - {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }} -{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} - {{ if hasKey .Values "appVolumeMounts" }} - volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} - {{ else }} - volumes: - {{ end }} - {{- include "minio.tlsKeysVolume" . | nindent 8 }} - {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - - name: extrappvolume-{{ $index }} - hostPath: - path: {{ $hostPathConfiguration.hostPath }} - {{ end }} diff --git a/library/ix-dev/charts/minio/templates/logsearchapi-deployment.yaml b/library/ix-dev/charts/minio/templates/logsearchapi-deployment.yaml deleted file mode 100644 index abe0e2774d..0000000000 --- a/library/ix-dev/charts/minio/templates/logsearchapi-deployment.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{ if .Values.logsearchapi.enabled }} -{{ $values := (. | mustDeepCopy) }} -{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-log" (include "logsearchapi.nameSuffix" .))) }} -{{ $pg_values := (. | mustDeepCopy) }} -{{ $_ := set $pg_values "common" (dict "nameSuffix" (include "postgres.nameSuffix" .)) }} -{{ include "common.deployment.common_config" $values | nindent 0 }} -spec: {{ include "common.deployment.common_spec" $values | nindent 2 }} - template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }} - spec: - initContainers: - - name: {{ .Chart.Name }}-{{ include "logsearchapi.nameSuffix" . }}-waitdb - image: {{ include "postgres.imageName" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: {{ include "postgresInit.envVariableConfiguration" $pg_values | nindent 10 }} - command: - - sh - - -c - - 'until pg_isready -U "$pgUser" -h "$pgHost"; do sleep 2; done' - containers: - - name: {{ .Chart.Name }}-{{ include "logsearchapi.nameSuffix" . }} - image: {{ include "logsearchapi.imageName" . }} - imagePullPolicy: {{ .Values.logSearchImage.pullPolicy }} - env: {{ include "logsearchapi.envVariableConfiguration" $values | nindent 10 }} - command: - - {{ include "logsearchapi.command" . }} - ports: - - name: logsearchapi - containerPort: 8080 - protocol: TCP - readinessProbe: - httpGet: - path: /status - port: 8080 - failureThreshold: 5 - periodSeconds: 15 - initialDelaySeconds: 15 - livenessProbe: - httpGet: - path: /status - port: 8080 - failureThreshold: 5 - periodSeconds: 15 - initialDelaySeconds: 15 - startupProbe: - httpGet: - path: /status - port: 8080 - failureThreshold: 5 - periodSeconds: 15 - initialDelaySeconds: 15 -{{ end }} diff --git a/library/ix-dev/charts/minio/templates/logsearchapi-secret.yaml b/library/ix-dev/charts/minio/templates/logsearchapi-secret.yaml deleted file mode 100644 index 0478e5bc04..0000000000 --- a/library/ix-dev/charts/minio/templates/logsearchapi-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{ $logSearchValues := (. | mustDeepCopy) }} -{{ $_ := set $logSearchValues "common" (dict "nameSuffix" (include "logsearchapi.nameSuffix" .)) }} - -{{ $auditToken := randAlphaNum 32 | b64enc }} -{{ $queryToken := randAlphaNum 32 | b64enc }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "logsearchapi.secretName" . }} -data: - {{ with (lookup "v1" "Secret" .Release.Namespace (include "logsearchapi.secretName" .)) }} - {{ $auditToken = (index .data "auditToken") }} - {{ end }} - auditToken: {{ $auditToken }} - - {{ with (lookup "v1" "Secret" .Release.Namespace (include "logsearchapi.secretName" .)) }} - {{ $queryToken = (index .data "queryToken") }} - {{ end }} - queryToken: {{ $queryToken }} - - logQueryURL: {{ (printf "http://%v-log:8080" (include "common.names.fullname" $logSearchValues)) | b64enc }} - webhookURL: {{ (printf "http://%v-log:8080/api/ingest?token=%v" (include "common.names.fullname" $logSearchValues) ($auditToken | b64dec)) | b64enc }} diff --git a/library/ix-dev/charts/minio/templates/logsearchapi-service.yaml b/library/ix-dev/charts/minio/templates/logsearchapi-service.yaml deleted file mode 100644 index 0ddfa91c4e..0000000000 --- a/library/ix-dev/charts/minio/templates/logsearchapi-service.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{ if .Values.logsearchapi.enabled }} -{{ $ports := list }} -{{ $ports = mustAppend $ports (dict "name" "logsearchapi-tcp" "port" 8080 "targetPort" 8080) }} -{{ $values := (. | mustDeepCopy) }} -{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-log" (include "logsearchapi.nameSuffix" .))) }} -{{ $_1 := set $values "commonService" (dict "type" "ClusterIP" "ports" $ports ) }} -{{ include "common.classes.service" $values }} -{{ end }} diff --git a/library/ix-dev/charts/minio/templates/postgres-deployment.yaml b/library/ix-dev/charts/minio/templates/postgres-deployment.yaml deleted file mode 100644 index 204ff44fdb..0000000000 --- a/library/ix-dev/charts/minio/templates/postgres-deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{ if .Values.logsearchapi.enabled }} -{{ $values := (. | mustDeepCopy) }} -{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-pg" (include "postgres.nameSuffix" .))) }} -{{ include "common.deployment.common_config" $values | nindent 0 }} -spec: - replicas: {{ (default 1 .Values.replicas) }} - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/name: {{ template "common.names.name" $values }} - app.kubernetes.io/instance: {{ .Release.Name }}-postgres-pg - app: {{ template "common.names.name" . }} - release: {{ .Release.Name }} - template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }} - spec: - containers: - - name: {{ .Chart.Name }}-{{ include "postgres.nameSuffix" .}} - image: {{ template "postgres.imageName" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }} - volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }} - ports: - - name: postgres-tcp - containerPort: 5432 - protocol: TCP - readinessProbe: - exec: - command: - - sh - - -c - - "until pg_isready -U${POSTGRES_USER} -h localhost; do sleep 2; done" - initialDelaySeconds: 15 - failureThreshold: 5 - periodSeconds: 15 - timeoutSeconds: 2 - livenessProbe: - exec: - command: - - sh - - -c - - "until pg_isready -U${POSTGRES_USER} -h localhost; do sleep 2; done" - initialDelaySeconds: 15 - failureThreshold: 5 - periodSeconds: 15 - timeoutSeconds: 2 - startupProbe: - exec: - command: - - sh - - -c - - "until pg_isready -U${POSTGRES_USER} -h localhost; do sleep 2; done" - initialDelaySeconds: 15 - failureThreshold: 20 - periodSeconds: 15 - timeoutSeconds: 2 - volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }} -{{ end }} diff --git a/library/ix-dev/charts/minio/templates/postgres-secret.yaml b/library/ix-dev/charts/minio/templates/postgres-secret.yaml deleted file mode 100644 index 2d7a4fac37..0000000000 --- a/library/ix-dev/charts/minio/templates/postgres-secret.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ $pgValues := (. | mustDeepCopy) }} -{{ $_ := set $pgValues "common" (dict "nameSuffix" (include "postgres.nameSuffix" .)) }} - -{{ $dbPass := randAlphaNum 32 | b64enc }} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "postgres.secretName" . }} -data: - {{ with (lookup "v1" "Secret" .Release.Namespace (include "postgres.secretName" .)) }} - {{ $dbPass = (index .data "db_password") }} - {{ end }} - db_password: {{ $dbPass }} - - db_user: {{ include "postgres.dbUser" . | b64enc }} - db_name: {{ include "postgres.dbName" . | b64enc }} - - postgresURL: {{ printf "postgres://%v:%v@%v-pg:5432/%v?sslmode=disable" (include "postgres.dbUser" .) ($dbPass | b64dec) (include "common.names.fullname" $pgValues) (include "postgres.dbName" .) | b64enc }} - postgresHost: {{ printf "%v-pg" (include "common.names.fullname" $pgValues) | b64enc }} diff --git a/library/ix-dev/charts/minio/templates/postgres-service.yaml b/library/ix-dev/charts/minio/templates/postgres-service.yaml deleted file mode 100644 index d5de40df64..0000000000 --- a/library/ix-dev/charts/minio/templates/postgres-service.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{ if .Values.logsearchapi.enabled }} -{{ $ports := list }} -{{ $ports = mustAppend $ports (dict "name" "postgres-tcp" "port" 5432 "targetPort" 5432) }} -{{ $values := (. | mustDeepCopy) }} -{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-pg" (include "postgres.nameSuffix" .))) }} -{{ $_1 := set $values "commonService" (dict "type" "ClusterIP" "ports" $ports ) }} -{{ include "common.classes.service" $values }} -{{ end }} diff --git a/library/ix-dev/charts/minio/templates/pre-install-job.yaml b/library/ix-dev/charts/minio/templates/pre-install-job.yaml deleted file mode 100644 index e6b94e35db..0000000000 --- a/library/ix-dev/charts/minio/templates/pre-install-job.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.appVolumeMounts -}} -{{- if hasKey .Values.appVolumeMounts "export" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ template "common.names.fullname" . }}-preinstall-job" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: {{ template "common.names.chart" . }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{ template "common.names.fullname" . }}-preinstall-hook" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: {{ template "common.names.chart" . }} - spec: - restartPolicy: Never - containers: - - name: pre-install-job - image: "alpine:latest" - command: ["chown", "-R", "{{ .Values.runAsUser }}:{{ .Values.runAsGroup }}", "{{ .Values.appVolumeMounts.export.mountPath }}"] - volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} - volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} -{{- end -}} -{{- end -}} diff --git a/library/ix-dev/charts/minio/templates/secrets.yaml b/library/ix-dev/charts/minio/templates/secrets.yaml deleted file mode 100644 index 4085fd585b..0000000000 --- a/library/ix-dev/charts/minio/templates/secrets.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "minio.secretName" . }} - labels: {{ include "common.labels" . | nindent 4 }} -type: Opaque -data: - accesskey: {{ if .Values.accessKey }}{{ .Values.accessKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }} - secretkey: {{ if .Values.secretKey }}{{ .Values.secretKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }} - {{ if eq (include "minio.certAvailable" .) "true" }} - certPublicKey: {{ (include "minio.cert.publicKey" .) | toString | b64enc | quote }} - certPrivateKey: {{ (include "minio.cert.privateKey" .) | toString | b64enc | quote }} - {{ end }} diff --git a/library/ix-dev/charts/minio/templates/service.yaml b/library/ix-dev/charts/minio/templates/service.yaml deleted file mode 100644 index 8bb8fdb9d3..0000000000 --- a/library/ix-dev/charts/minio/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{ $selectors := list }} -{{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }} -{{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }} -{{ $_1 := set .Values "extraSelectorLabels" $selectors }} - -{{ if eq (include "minio.hostNetworking" .) "false" }} -{{ $svc := .Values.service }} -{{ $ports := list }} -{{ $ports = mustAppend $ports (dict "name" "api" "port" $svc.nodePort "nodePort" $svc.nodePort "targetPort" (.Values.service.nodePort | int)) }} -{{ $ports = mustAppend $ports (dict "name" "console" "port" $svc.consolePort "nodePort" $svc.consolePort "targetPort" (.Values.service.consolePort | int)) }} -{{ $params := . }} -{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} -{{ include "common.classes.service" $params }} -{{ end }} diff --git a/library/ix-dev/charts/minio/templates/serviceaccount.yaml b/library/ix-dev/charts/minio/templates/serviceaccount.yaml deleted file mode 100644 index 12bd3f4a39..0000000000 --- a/library/ix-dev/charts/minio/templates/serviceaccount.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.serviceaccount" . }} diff --git a/library/ix-dev/charts/minio/to_keep_versions.md b/library/ix-dev/charts/minio/to_keep_versions.md new file mode 100644 index 0000000000..dcb388200a --- /dev/null +++ b/library/ix-dev/charts/minio/to_keep_versions.md @@ -0,0 +1,4 @@ +# 1.7.24 + +This version is kept because it contains a fix that is needed for migration to v2.x.x +It should be safe to remove few months after v2.x.x is released. diff --git a/library/ix-dev/charts/minio/to_keep_versions.yaml b/library/ix-dev/charts/minio/to_keep_versions.yaml new file mode 100644 index 0000000000..fac9431849 --- /dev/null +++ b/library/ix-dev/charts/minio/to_keep_versions.yaml @@ -0,0 +1 @@ +- 1.7.24 diff --git a/library/ix-dev/charts/minio/values.yaml b/library/ix-dev/charts/minio/values.yaml index b0729d9939..8b5d55eb22 100644 --- a/library/ix-dev/charts/minio/values.yaml +++ b/library/ix-dev/charts/minio/values.yaml @@ -6,8 +6,68 @@ logSearchImage: pullPolicy: IfNotPresent repository: minio/operator tag: v4.5.4 -logsearchapi: - diskCapacityGB: 5 - enabled: false -runAsGroup: 473 -runAsUser: 473 +logPostgresImage: + pullPolicy: IfNotPresent + repository: postgres + tag: "14.5" + +resources: + limits: + cpu: 4000m + memory: 8Gi + +podOptions: + dnsConfig: + options: [] + +minioConfig: + rootUser: "" + rootPassword: "" + domain: "" + extraArgs: [] + additionalEnvs: [] + +minioNetwork: + apiPort: 9000 + consolePort: 9002 + certificateID: + +minioStorage: + distributedMode: false + distributedIps: [] + export: + type: ixVolume + mountPath: /export + ixVolumeConfig: + datasetName: export + logSearchApi: false + logSearchDiskCapacityGB: 5 + pgData: + type: ixVolume + ixVolumeConfig: + datasetName: pgData + pgBackup: + type: ixVolume + ixVolumeConfig: + datasetName: pgBackup + additionalStorages: [] + +notes: + custom: | + {{ if .Values.minioStorage.logSearchApi }} + ## Database + You can connect to the database using the pgAdmin App from the catalog + +
+ Database Details + + - Database: `logsearchapi` + - Username: `logsearchapi` + - Password: `{{ .Values.minioDbPass }}` + - Host: `{{ .Values.minioDbHost }}.{{ .Release.Namespace }}.svc.cluster.local` + - Port: `5432` + +
+ {{ end }} + {{- $_ := unset .Values "haDbPass" }} + {{- $_ := unset .Values "haDbHost" }}