truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-28 20:42:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2770cc2e7faa3f36f94dea5c2c9a54be095e1296
chart/library/ix-dev/enterprise/minio/templates/_minio.tpl
Stavros Kois 3a6e29ae9e NAS-120452 / 23.10 / Add MinIO Enterprise (#1002) 
* Add minio to enterprise train

* Adjust hostnetwork based on multimode configuration

* add update strategy and explicitly set permissions at install time

* minor typo

* use new common

* bump common

* Add upgrade info json

* make immutable the run context and check backup permissions before chowning

* spacing
2023-04-05 17:57:03 +03:00

144 lines
4.3 KiB
Smarty
Raw Blame History

{{- define "minio.workload" -}}
workload:
minio:
enabled: true
primary: true
type: Deployment
podSpec:
hostNetwork: {{ include "minio.hostnetwork" $ }}
containers:
minio:
enabled: true
primary: true
imageSelector: image
securityContext:
runAsUser: {{ .Values.minioRunAs.user }}
runAsGroup: {{ .Values.minioRunAs.group }}
envFrom:
- secretRef:
name: minio-creds
args:
- server
- "--address"
- {{ printf ":%v" .Values.minioNetwork.apiPort | quote }}
- "--console-address"
- {{ printf ":%v" .Values.minioNetwork.webPort | quote }}
{{- if .Values.minioNetwork.certificateID }}
- "--certs-dir"
- "/.minio/certs"
{{- end -}}
{{- if .Values.minioLogging.anonymous }}
- "--anonymous"
{{- end -}}
{{- if .Values.minioLogging.quiet }}
- "--quiet"
{{- end }}
probes:
liveness:
enabled: true
type: {{ include "minio.scheme" $ }}
port: "{{ .Values.minioNetwork.apiPort }}"
path: /minio/health/live
readiness:
enabled: true
type: {{ include "minio.scheme" $ }}
port: "{{ .Values.minioNetwork.apiPort }}"
path: /minio/health/live
startup:
enabled: true
type: {{ include "minio.scheme" $ }}
port: "{{ .Values.minioNetwork.apiPort }}"
path: /minio/health/live
initContainers:
{{- include "ix.v1.common.app.permissions" (dict "UID" .Values.minioRunAs.user
"GID" .Values.minioRunAs.group
"type" "install") | nindent 8 -}}
{{- if .Values.minioLogging.logsearch.enabled }}
logsearch-wait:
enabled: true
type: init
imageSelector: bashImage
resources:
limits:
cpu: 500m
memory: 256Mi
envFrom:
- secretRef:
name: minio-creds
command: bash
args:
- -c
- |
echo "Pinging Logsearch API for readiness..."
until wget --spider --quiet --timeout=3 --tries=1 ${MINIO_LOG_QUERY_URL}/status; do
echo "Waiting for Logsearch API (${MINIO_LOG_QUERY_URL}/status) to be ready..."
sleep 2
done
echo "Logsearch API is ready"
{{- end }}
{{/* Service */}}
service:
minio:
enabled: true
primary: true
type: NodePort
targetSelector: minio
ports:
api:
enabled: true
primary: true
port: {{ .Values.minioNetwork.apiPort }}
nodePort: {{ .Values.minioNetwork.apiPort }}
targetSelector: minio
webui:
enabled: true
port: {{ .Values.minioNetwork.webPort }}
nodePort: {{ .Values.minioNetwork.webPort }}
targetSelector: minio
{{/* Persistence */}}
persistence:
{{- range $idx, $storage := .Values.minioStorage }}
{{ printf "data%v" (int $idx) }}:
enabled: true
type: {{ $storage.type }}
datasetName: {{ $storage.datasetName | default "" }}
hostPath: {{ $storage.hostPath | default "" }}
targetSelector:
minio:
minio:
mountPath: {{ $storage.mountPath }}
permissions:
mountPath: /mnt/directories{{ $storage.mountPath }}
{{- end }}
# Minio writes temporary files to this directory. Adding this as an emptyDir,
# So we don't have to set readOnlyRootFilesystem to false
tempdir:
enabled: true
type: emptyDir
targetSelector:
minio:
minio:
mountPath: /.minio
{{- if .Values.minioNetwork.certificateID }}
cert:
enabled: true
type: secret
objectName: minio-cert
defaultMode: "0600"
items:
- key: tls.key
path: private.key
- key: tls.crt
path: public.crt
- key: tls.crt
path: CAs/public.crt
targetSelector:
minio:
minio:
mountPath: /.minio/certs
readOnly: true
{{- end -}}
{{- end -}}
Reference in New Issue View Git Blame Copy Permalink