charts/minio - migration (#2256)

library/ix-dev/charts/minio/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: common
-  repository: file://../../../common/2304.0.1
-  version: 2304.0.1
-digest: sha256:1ed155c6760e1166e2cb75b52bc5e81c6bdf0252c16ff5ede001157077c41670
-generated: "2023-07-14T11:04:04.184288265+03:00"
+  repository: file://../../../common
+  version: 1.2.9
+digest: sha256:af1a9a1f87e3e48453c9f25f909f5ebcd7fa6e25162b7b425448ba752bcdbc5c
+generated: "2024-03-05T19:01:30.381261596+02:00"

library/ix-dev/charts/minio/Chart.yaml

@@ -3,18 +3,18 @@ description: High Performance, Kubernetes Native Object Storage
 annotations:
   title: MinIO
 type: application
-version: 1.7.24
+version: 2.0.0
 apiVersion: v2
-appVersion: '2023-03-13'
-kubeVersion: '>=1.16.0-0'
+appVersion: "2023-03-13"
+kubeVersion: ">=1.16.0-0"
 maintainers:
   - name: truenas
     url: https://www.truenas.com/
     email: dev@ixsystems.com
 dependencies:
   - name: common
-    repository: file://../../../common/2304.0.1
-    version: 2304.0.1
+    repository: file://../../../common
+    version: 1.2.9
 home: https://min.io
 icon: https://media.sys.truenas.net/apps/minio/icons/icon.png
 sources:

library/ix-dev/charts/minio/README.md

@@ -1,52 +1,8 @@
-MinIO
-=====
+# MinIO
 
 [MinIO](https://min.io) is a High Performance Object Storage released under Apache License v2.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads.
 
-MinIO supports [distributed mode](https://docs.minio.io/docs/distributed-minio-quickstart-guide). In distributed mode, you can pool multiple drives (even on different machines) into a single object storage server.
-
-For more detailed documentation please visit [here](https://docs.minio.io/)
-
-Introduction
-------------
-
-This chart bootstraps MinIO deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-
-Configuration
--------------
-
-The following table lists the configurable parameters of the MinIO chart and their default values.
-
-| Parameter                                        | Description                                                                                                                             | Default                          |
-|:-------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|
-| `image.repository`                               | Image repository                                                                                                                        | `minio/minio`                    |
-| `image.tag`                                      | MinIO image tag. Possible values listed [here](https://hub.docker.com/r/minio/minio/tags/).                                             | `RELEASE.2020-11-06T23-17-07Z`   |
-| `image.pullPolicy`                               | Image pull policy                                                                                                                       | `IfNotPresent`                   |
-| `extraArgs`                                      | Additional command line arguments to pass to the MinIO server                                                                           | `[]`                             |
-| `accessKey`                                      | Default access key (5 to 20 characters)                                                                                                 | random 20 chars                  |
-| `secretKey`                                      | Default secret key (8 to 40 characters)                                                                                                 | random 40 chars                  |
-| `persistence.enabled`                            | Use persistent volume to store data                                                                                                     | `true`                           |
-| `persistence.size`                               | Size of persistent volume claim                                                                                                         | `500Gi`                          |
-| `persistence.existingClaim`                      | Use an existing PVC to persist data                                                                                                     | `nil`                            |
-| `persistence.storageClass`                       | Storage class name of PVC                                                                                                               | `nil`                            |
-| `persistence.accessMode`                         | ReadWriteOnce or ReadOnly                                                                                                               | `ReadWriteOnce`                  |
-| `persistence.subPath`                            | Mount a sub directory of the persistent volume if set                                                                                   | `""`                             |
-| `environment`                                    | Set MinIO server relevant environment variables in `values.yaml` file. MinIO containers will be passed these variables when they start. | `MINIO_STORAGE_CLASS_STANDARD: EC:4"` |
-
-Some parameters above map to the env variables defined in the [MinIO DockerHub image](https://hub.docker.com/r/minio/minio/).
-
-Pass environment variables to MinIO containers
-----------------------------------------------
-
-To pass environment variables to MinIO containers when deploying via Helm chart, use the below command line format
-
-```bash
-$ helm install --set environment.MINIO_BROWSER=on,environment.MINIO_DOMAIN=domain-name minio/minio
-```
-
-You can add as many environment variables as required, using the above format. Just add `environment.<VARIABLE_NAME>=<value>` under `set` flag.
-
 **NOTE**
+
 - On fresh installation, minIO data directory's ownership will be updated to minio:minio.
 - For existing installations that are exhibiting the upgrade to >=1.5.0, the minIO data directory's ownership will be migrated to minio:minio.

library/ix-dev/charts/minio/app-readme.md

@@ -1,5 +1,8 @@
+# MinIO
+
 [MinIO](https://min.io) is a High Performance Object Storage released under Apache License v2.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads.
 
 **NOTE**
-- On installation, minIO data directory's ownership will be updated to minio:minio.
+
+- On fresh installation, minIO data directory's ownership will be updated to minio:minio.
 - For existing installations that are exhibiting the upgrade to >=1.5.0, the minIO data directory's ownership will be migrated to minio:minio.

library/ix-dev/charts/minio/ci/basic-values.yaml

@@ -0,0 +1,20 @@
+minioConfig:
+  rootUser: super-admin
+  rootPassword: super-admin-password
+
+minioNetwork:
+  apiPort: 31000
+  consolePort: 31001
+
+minioStorage:
+  export:
+    type: pvc
+  logSearchApi: true
+  logSearchDiskCapacityGB: 5
+  pgData:
+    type: pvc
+  pgBackup:
+    type: emptyDir
+    emptyDirConfig:
+      medium: ""
+      size: ""

library/ix-dev/charts/minio/ci/https-values.yaml

@@ -1,50 +1,25 @@
-appVolumeMounts:
+minioStorage:
   export:
-    emptyDir: true
-    mountPath: /export
-distributedIps: []
-distributedMode: false
-dnsConfig:
-  options: []
-emptyDirVolumes: true
-environmentVariables: []
-extraAppVolumeMounts: []
-extraArgs: []
-image:
-  pullPolicy: IfNotPresent
-  repository: minio/minio
-  tag: RELEASE.2023-03-13T19-46-17Z
-ixChartContext: {}
-logSearchImage:
-  pullPolicy: IfNotPresent
-  repository: minio/operator
-  tag: v4.5.4
-logsearchapi:
-  diskCapacityGB: 5
-  enabled: true
-minioDomain: null
-postgresAppVolumeMounts:
-  postgres-backup:
-    emptyDir: true
-    mountPath: /postgres_backups
-  postgres-data:
-    emptyDir: true
-    mountPath: /var/lib/postgresql/data
-postgresql:
-  backupVolume:
-    datasetName: ix-postgres_backups
-    mountPath: /postgres_backups
-  dataVolume:
-    datasetName: ix-postgres_data
-    mountPath: /var/lib/postgresql/data
-runAsGroup: 473
-runAsUser: 473
-service:
-  consolePort: 32325
-  nodePort: 32324
-updateStrategy: RollingUpdate
+    type: pvc
+  logSearchApi: true
+  logSearchDiskCapacityGB: 5
+  pgData:
+    type: pvc
+  pgBackup:
+    type: emptyDir
+    emptyDirConfig:
+      medium: ""
+      size: ""
+
+minioConfig:
+  rootUser: super-admin
+  rootPassword: super-admin-password
+
+minioNetwork:
+  apiPort: 31000
+  consolePort: 31001
+  certificateID: 1
 
-certificate: "1"
 ixCertificates:
   "1":
     certificate: |
@@ -74,7 +49,6 @@ ixCertificates:
       x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz
       MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB
       -----END CERTIFICATE-----
-
       -----BEGIN CERTIFICATE-----
       MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz
       ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD

library/ix-dev/charts/minio/ci/test-values.yaml

@@ -1,45 +0,0 @@
-appVolumeMounts:
-  export:
-    emptyDir: true
-    mountPath: /export
-distributedIps: []
-distributedMode: false
-dnsConfig:
-  options: []
-emptyDirVolumes: true
-environmentVariables: []
-extraAppVolumeMounts: []
-extraArgs: []
-image:
-  pullPolicy: IfNotPresent
-  repository: minio/minio
-  tag: RELEASE.2023-03-13T19-46-17Z
-ixChartContext: {}
-logSearchImage:
-  pullPolicy: IfNotPresent
-  repository: minio/operator
-  tag: v4.5.4
-logsearchapi:
-  diskCapacityGB: 5
-  enabled: true
-minioDomain: null
-postgresAppVolumeMounts:
-  postgres-backup:
-    emptyDir: true
-    mountPath: /postgres_backups
-  postgres-data:
-    emptyDir: true
-    mountPath: /var/lib/postgresql/data
-postgresql:
-  backupVolume:
-    datasetName: ix-postgres_backups
-    mountPath: /postgres_backups
-  dataVolume:
-    datasetName: ix-postgres_data
-    mountPath: /var/lib/postgresql/data
-runAsGroup: 473
-runAsUser: 473
-service:
-  consolePort: 32325
-  nodePort: 32324
-updateStrategy: RollingUpdate

library/ix-dev/charts/minio/migrations/migrate

@@ -2,119 +2,101 @@
 import json
 import os
 import sys
-import subprocess
-from pathlib import Path
 
-from middlewared.client import Client
-from middlewared.service import ValidationErrors, CallError
 
+def migrate_volume(volume):
+    return {
+        'type': 'hostPath',
+        'hostPathConfig': {
+            'hostPath': volume['hostPath']
+        },
+    } if volume.get('hostPathEnabled', False) else {
+        'type': 'ixVolume',
+        'ixVolumeConfig': {
+            'datasetName': volume['datasetName'],
+        },
+    }
+
+
+def migrate_common_lib(values):
+    delete_keys = [
+        'dnsConfig', 'updateStrategy', 'enableResourceLimits', 'cpuLimit',
+        'memLimit', 'certificate', 'service', 'environmentVariables', 'minioDomain',
+        'accessKey', 'secretKey', 'distributedMode', 'distributedIps', 'logsearchapi',
+        'appVolumeMounts', 'extraAppVolumeMounts', 'postgresAppVolumeMounts'
+    ]
+
+    values.update({
+        # Migrate Config
+        'minioConfig': {
+            'rootUser': values['accessKey'],
+            'rootPassword': values['secretKey'],
+            'domain': values.get('minioDomain', ''),
+            'extraArgs': values.get('extraArgs', []),
+            'additionalEnvs': [e for e in values.get('environmentVariables', []) if e['name'] not in ['PLEX_UID', 'PLEX_GID'] ],
+        },
+        # Migrate Network
+        'minioNetwork': {
+            'apiPort': values['service']['nodePort'],
+            'consolePort': values['service']['consolePort'],
+            'certificateID': values['certificate'],
+        },
+        # Migrate Resources
+        'resources': {
+            'limits': {
+                'cpu': values.get('cpuLimit', '4000m'),
+                'memory': values.get('memLimit', '8Gi'),
+            }
+        },
+        # Migrate DNS
+        'podOptions': {
+            'dnsConfig': {
+                'options': [
+                    {'name': opt['name'], 'value': opt['value']}
+                    for opt in values.get('dnsConfig', {}).get('options', [])
+                ]
+            }
+        },
+        # Migrate Storage
+        'minioStorage': {
+            'distributedMode': values['distributedMode']
+            'distributedIps': values['distributedIps'] if values['distributedMode'] else [],
+            'logSearchApi': values['logsearchapi']['enabled'],
+            'logSearchDiskCapacityGB': values['logsearchapi']['diskCapacityGB'] if values['logsearchapi']['enabled'] else 5,
+            'export': migrate_volume(values['appVolumeMounts']['export']).update({
+                mountPath: values['appVolumeMounts']['export'][mountPath]
+            }),
+            'pgData': migrate_volume(values['postgresAppVolumeMounts']['postgres-data']),
+            'pgBackup': migrate_volume(values['postgresAppVolumeMounts']['postgres-backup']),
+            'additionalStorages': [
+                {
+                    'type': 'hostPath',
+                    'hostPathConfig': {'hostPath': e['hostPath']},
+                    'mountPath': e['mountPath'],
+                    'readOnly': e['readOnly'],
+                }
+                for e in values.get('extraAppVolumeMounts', [])
+            ],
+        },
+    })
+
+    for k in delete_keys:
+        values.pop(k, None)
 
-def path_in_locked_datasets(path: str) -> bool:
-    with Client() as c:
-        return c.call('pool.dataset.path_in_locked_datasets', path)
-
-
-def get_configured_user_group(path: str) -> dict:
-    with Client() as c:
-        return c.call('filesystem.stat', path)
-
-
-def get_host_path_attachments(path: str) -> set:
-    with Client() as c:
-        return {
-            attachment['type']
-            for attachment in c.call('pool.dataset.attachments_with_path', path)
-            if attachment['type'].lower() not in ['kubernetes', 'chart releases']
-        }
-
-
-def get_kubernetes_config() -> dict:
-    with Client() as c:
-        return c.call('kubernetes.config')
-
-
-def validate_host_path(path: str, schema_name: str, verrors: ValidationErrors) -> None:
-    """
-    These validations are taken from `FilesystemService._common_perm_path_validate`.
-    Including an additional validation that makes sure all the children under
-    a path are on same device.
-    """
-    schema_name += ".migration.chown"
-    p = Path(path)
-    if not p.is_absolute():
-        verrors.add(schema_name, f"Must be an absolute path: {path}")
-
-    if p.is_file():
-        verrors.add(schema_name, f"Recursive operations on a file are invalid: {path}")
-
-    if not p.absolute().as_posix().startswith("/mnt/"):
-        verrors.add(
-            schema_name,
-            f"Changes to permissions on paths that are not beneath the directory /mnt are not permitted: {path}"
-        )
-    elif len(p.resolve().parents) == 2:
-        verrors.add(schema_name, f"The specified path is a ZFS pool mountpoint: {path}")
-
-    # Make sure that dataset is not locked
-    if path_in_locked_datasets(path):
-        verrors.add(schema_name, f"Dataset is locked at path: {path}.")
-
-    # Validate attachments
-    if attachments := get_host_path_attachments(path):
-        verrors.add(schema_name, f"The path '{path}' is already attached to service(s): {', '.join(attachments)}.")
-
-    # Make sure all the minio's data directory children are on same device.
-    device_id = os.stat(path).st_dev
-    for root, dirs, files in os.walk(path):
-        for child in dirs + files:
-            abs_path = os.path.join(root, child)
-            if os.stat(abs_path).st_dev != device_id:
-                verrors.add(
-                    schema_name,
-                    (f"All the children of MinIO data directory should be on "
-                     f"same device as root: path={abs_path} device={os.stat(abs_path).st_dev}")
-                )
-                break
-
-
-def migrate(values: dict) -> dict:
-    # minio user / group ID
-    uid = gid = 473
-    verrors = ValidationErrors()
-    k8s_config = get_kubernetes_config()
-    if values["appVolumeMounts"]["export"]["hostPathEnabled"]:
-        host_path = values["appVolumeMounts"]["export"]["hostPath"]
-    else:
-        app_dataset = values["appVolumeMounts"]["export"]["datasetName"]
-        host_path = os.path.join(
-            "/mnt", k8s_config['dataset'], "releases", values["release_name"], "volumes/ix_volumes", app_dataset
-        )
+    return values
 
-    current_config = get_configured_user_group(host_path)
-    if current_config["uid"] == uid and current_config["gid"] == gid:
+def migrate(values):
+    # If this missing, we have already migrated
+    if not 'nodePort' in values.keys():
         return values
 
-    validate_host_path(host_path, values['release_name'], verrors)
-    verrors.check()
-    # chown the host path
-    acltool = subprocess.run([
-        "/usr/bin/nfs4xdr_winacl",
-        "-a", "chown",
-        "-O", str(uid), "-G", str(gid),
-        "-r",
-        "-c", host_path,
-        "-p", host_path], check=False, capture_output=True
-    )
-    if acltool.returncode != 0:
-        raise CallError(f"acltool [chown] on path {host_path} failed with error: [{acltool.stderr.decode().strip()}]")
-
-    return values
+    return migrate_common_lib(values)
 
 
-if __name__ == "__main__":
+if __name__ == '__main__':
     if len(sys.argv) != 2:
         exit(1)
 
     if os.path.exists(sys.argv[1]):
-        with open(sys.argv[1], "r") as f:
+        with open(sys.argv[1], 'r') as f:
             print(json.dumps(migrate(json.loads(f.read()))))

library/ix-dev/charts/minio/migrations/migrate_from_1.0.0

@@ -1,28 +0,0 @@
-#!/usr/bin/python3
-import json
-import os
-import sys
-
-
-def migrate(values):
-    if values.get('appVolumeMounts'):
-        return values
-
-    values.update({
-        'appVolumeMounts': {
-            'export': {
-                'hostPathEnabled': values['minioHostPathEnabled'],
-                **({'hostPath': values['minioHostPath']} if values.get('minioHostPath') else {})
-            },
-        },
-    })
-    return values
-
-
-if __name__ == '__main__':
-    if len(sys.argv) != 2:
-        exit(1)
-
-    if os.path.exists(sys.argv[1]):
-        with open(sys.argv[1], 'r') as f:
-            print(json.dumps(migrate(json.loads(f.read()))))

library/ix-dev/charts/minio/questions.yaml

@@ -1,380 +1,634 @@
 groups:
-  - name: "Container Images"
-    description: "Image to be used for container"
-  - name: "Workload Configuration"
-    description: "Configure workload deployment"
-  - name: "Minio Configuration"
-    description: "Configure Minio credentials"
-  - name: "Storage"
-    description: "Configure Storage for Minio"
-  - name: "Advanced DNS Settings"
-    description: "Configure DNS settings"
-  - name: "Resource Limits"
-    description: "Set CPU/memory limits for Kubernetes Pod"
+  - name: Minio Configuration
+    description: Configure Minio
+  - name: Advanced Pod Configuration
+    description: Configure Advanced Pod Options for Minio
+  - name: Network Configuration
+    description: Configure Network for Minio
+  - name: Storage Configuration
+    description: Configure Storage for Minio
+  - name: Resources Configuration
+    description: Configure Resources for Minio
 
 portals:
   web_portal:
     protocols:
-      - "$kubernetes-resource_configmap_minio-config_protocol"
+      - "$kubernetes-resource_configmap_portal_protocol"
     host:
-      - "$node_ip"
+      - "$kubernetes-resource_configmap_portal_host"
     ports:
-      - "$variable-service.consolePort"
+      - "$kubernetes-resource_configmap_portal_port"
+    path: "$kubernetes-resource_configmap_portal_path"
 
 questions:
-
-  - variable: dnsConfig
-    label: "DNS Configuration"
-    group: "Advanced DNS Settings"
+  - variable: minioConfig
+    label: ""
+    group: Minio Configuration
     schema:
       type: dict
       attrs:
-        - variable: options
-          label: "DNS Options"
+        - variable: rootUser
+          label: Root User
+          description: The root user for Minio.
+          schema:
+            type: string
+            private: true
+            required: true
+            min_length: 5
+            max_length: 20
+        - variable: rootPassword
+          label: Root Password
+          description: The root password for Minio.
+          schema:
+            type: string
+            private: true
+            required: true
+            min_length: 8
+            max_length: 40
+        - variable: domain
+          label: Domain (Optional)
+          description: |
+            Depending on your setup/environment, you may need to leave this blank.
+            Check MinIO documentation for more information.
+          schema:
+            type: string
+        - variable: extraArgs
+          label: Extra Arguments
+          description: Extra arguments for Minio.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: arg
+                label: Argument
+                schema:
+                  type: string
+                  required: true
+
+        - variable: additionalEnvs
+          label: Additional Environment Variables
+          description: Configure additional environment variables for Netdata.
           schema:
             type: list
+            default: []
             items:
-              - variable: optionsEntry
-                label: "Option Entry Configuration"
+              - variable: env
+                label: Environment Variable
                 schema:
                   type: dict
                   attrs:
                     - variable: name
-                      label: "Option Name"
+                      label: Name
                       schema:
                         type: string
                         required: true
                     - variable: value
-                      label: "Option Value"
+                      label: Value
                       schema:
                         type: string
                         required: true
 
-  - variable: updateStrategy
-    label: "Minio update strategy"
-    group: "Workload Configuration"
-    schema:
-      type: string
-      default: "Recreate"
-      enum:
-        - value: "RollingUpdate"
-          description: "Create new pods and then kill old ones"
-        - value: "Recreate"
-          description: "Kill existing pods before creating new ones"
-
-  - variable: distributedMode
-    label: "Enable Distributed Mode"
-    description: "Run Minio instance to connect to a distributed minio cluster"
-    group: "Minio Configuration"
+  - variable: podOptions
+    label: ""
+    group: Advanced Pod Configuration
     schema:
-      type: boolean
-      default: false
-      show_subquestions_if: true
-      subquestions:
-        - variable: distributedIps
-          label: "Distributed Minio Instance URI(s)"
-          schema:
-            type: list
-            required: true
-            default: []
-            items:
-              - variable: ip
-                label: "Distributed Minio Instance URI"
-                schema:
-                  type: string
-                  empty: false
-
-
-  - variable: extraArgs
-    label: "Minio Extra Arguments"
-    group: "Minio Configuration"
-    schema:
-      type: list
-      default: []
-      items:
-        - variable: arg
-          label: "Argument"
-          schema:
-            type: string
-
-  - variable: accessKey
-    label: "Root User"
-    group: "Minio Configuration"
-    description: "Enter the S3 Root User"
-    schema:
-      type: string
-      private: true
-      required: true
-      min_length: 5
-      max_length: 20
-
-  - variable: secretKey
-    label: "Root Password"
-    group: "Minio Configuration"
-    description: "Enter the S3 Root Password"
-    schema:
-      type: string
-      private: true
-      required: true
-      min_length: 8
-      max_length: 40
-
-  - variable: environmentVariables
-    label: "Minio image environment"
-    group: "Minio Configuration"
-    schema:
-      type: list
-      default: []
-      items:
-        - variable: environmentVariable
-          label: "Environment Variable"
+      type: dict
+      attrs:
+        - variable: dnsConfig
+          label: Advanced DNS Configuration
           schema:
             type: dict
             attrs:
-              - variable: name
-                label: "Name"
-                schema:
-                  type: string
-              - variable: value
-                label: "Value"
+              - variable: options
+                label: DNS Options
                 schema:
-                  type: string
+                  type: list
+                  items:
+                    - variable: optionsEntry
+                      label: DNS Option Entry
+                      schema:
+                        type: dict
+                        attrs:
+                          - variable: name
+                            label: Option Name
+                            schema:
+                              type: string
+                              required: true
+                          - variable: value
+                            label: Option Value
+                            schema:
+                              type: string
+                              required: true
 
-  - variable: service
-    description: "Minio Service Configuration"
-    label: "Minio Service Configuration"
-    group: "Minio Configuration"
+  - variable: minioNetwork
+    label: ""
+    group: Network Configuration
     schema:
       type: dict
-      required: true
       attrs:
-        - variable: nodePort
-          label: "Node Port to use for Minio API"
+        - variable: apiPort
+          label: API Port
+          description: The port for the Minio API.
           schema:
             type: int
+            default: 9000
             min: 9000
             max: 65535
-            default: 9000
             required: true
         - variable: consolePort
-          label: "Node Port to use for Minio UI Access"
+          label: Console Port
+          description: The port for the Minio WebUI.
           schema:
             type: int
+            default: 9002
             min: 9000
             max: 65535
-            default: 9002
             required: true
+        - variable: certificateID
+          label: Certificate
+          description: The certificate to use for Minio.
+          schema:
+            type: int
+            "null": true
+            $ref:
+              - "definitions/certificate"
 
-  - variable: certificate
-    description: "Minio Certificate"
-    label: "Minio Certificate"
-    group: "Minio Configuration"
-    schema:
-      type: int
-      $ref:
-        - "definitions/certificate"
-
-  - variable: minioDomain
-    label: "Minio Domain Name"
-    description: |
-      Depending on your setup/environment, you may need to leave this blank.
-      Check MinIO documentation for more information.
-    group: "Minio Configuration"
-    schema:
-      type: string
-      default: null
-      "null": true
-      show_if: [["certificate", "!=", null]]
-
-  - variable: logsearchapi
-    label: Log Search API Configuration
-    description: Log Search API Configuration
-    group: Minio Configuration
+  - variable: minioStorage
+    label: ""
+    group: Storage Configuration
     schema:
       type: dict
       attrs:
-        - variable: enabled
-          label: Enable Log Search API
-          description: Enables Log Search API and configures MinIO to use it. It also deploys a postgres DB for it.
+        - variable: distributedMode
+          label: Enable Distributed Mode
           schema:
             type: boolean
             default: false
-        - variable: diskCapacityGB
-          label: Disk Capacity in GB
-          description: Capacity in GB that logs are allowed to occupy.
+        - variable: distributedIps
+          label: Distributed Minio Instance URI(s)
           schema:
-            type: int
-            show_if: [["enabled", "=", true]]
-            default: 5
-
-  - variable: appVolumeMounts
-    label: "Minio Storage"
-    group: "Storage"
-    schema:
-      type: dict
-      show_if: [["distributedMode", "=", false]]
-      attrs:
+            type: list
+            show_if: [["distributedMode", "==", true]]
+            required: true
+            default: []
+            items:
+              - variable: ip
+                label: Distributed Minio Instance URI
+                schema:
+                  type: string
+                  required: true
         - variable: export
-          label: "Data Volume"
+          label: Minio Export Storage
+          description: The path to store Minio Export.
           schema:
             type: dict
+            show_if: [["distributedMode", "==", true]]
             attrs:
-              - variable: datasetName
-                label: "Minio Data Volume Name"
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
                 schema:
                   type: string
-                  hidden: true
-                  $ref:
-                    - "normalize/ixVolume"
-                  show_if: [["hostPathEnabled", "=", false]]
-                  default: "ix-minio"
-                  editable: false
+                  required: true
+                  default: ixVolume
+                  enum:
+                    - value: hostPath
+                      description: Host Path (Path that already exists on the system)
+                    - value: ixVolume
+                      description: ixVolume (Dataset created automatically by the system)
               - variable: mountPath
-                label: "Minio Data Mount Path"
-                description: "Path where the volume will be mounted inside the pod"
+                label: Mount Path
+                description: The path inside the container to mount the storage.
                 schema:
                   type: path
-                  default: "/export"
+                  default: /export
+                  required: true
                   immutable: true
-              - variable: hostPathEnabled
-                label: "Enable Host Path for Minio Data Volume"
+              - variable: ixVolumeConfig
+                label: ixVolume Configuration
+                description: The configuration for the ixVolume dataset.
                 schema:
-                  type: boolean
-                  default: false
-                  show_subquestions_if: true
-                  subquestions:
+                  type: dict
+                  show_if: [["type", "=", "ixVolume"]]
+                  $ref:
+                    - "normalize/ixVolume"
+                  attrs:
+                    - variable: aclEnable
+                      label: Enable ACL
+                      description: Enable ACL for the dataset.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: datasetName
+                      label: Dataset Name
+                      description: The name of the dataset to use for storage.
+                      schema:
+                        type: string
+                        required: true
+                        immutable: true
+                        hidden: true
+                        default: "export"
+                    - variable: aclEntries
+                      label: ACL Configuration
+                      schema:
+                        type: dict
+                        show_if: [["aclEnable", "=", true]]
+                        attrs: []
+              - variable: hostPathConfig
+                label: Host Path Configuration
+                schema:
+                  type: dict
+                  show_if: [["type", "=", "hostPath"]]
+                  attrs:
+                    - variable: aclEnable
+                      label: Enable ACL
+                      description: Enable ACL for the dataset.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: acl
+                      label: ACL Configuration
+                      schema:
+                        type: dict
+                        show_if: [["aclEnable", "=", true]]
+                        attrs: []
+                        $ref:
+                          - "normalize/acl"
                     - variable: hostPath
-                      label: "Host Path for Minio Data Volume"
+                      label: Host Path
+                      description: The host path to use for storage.
                       schema:
                         type: hostpath
+                        show_if: [["aclEnable", "=", false]]
                         required: true
-                        immutable: true
 
-  - variable: extraAppVolumeMounts
-    label: "Extra Host Path Volumes"
-    group: "Storage"
-    schema:
-      type: list
-      items:
-        - variable: extraAppVolume
-          label: "Host Path Volume"
-          description: "Add an extra host path volume for Minio application"
+        - variable: logSearchApi
+          label: Enable Log Search API
           schema:
-            type: dict
-            attrs:
-              - variable: mountPath
-                label: "Mount Path in Pod"
-                description: "Path where the volume will be mounted inside the pod"
-                schema:
-                  type: path
-                  required: true
-              - variable: hostPath
-                label: "Host Path"
-                description: "Host path"
-                schema:
-                  type: hostpath
-                  required: true
-
-  - variable: postgresAppVolumeMounts
-    label: Postgres Storage
-    group: Storage
-    schema:
-      type: dict
-      attrs:
-        - variable: postgres-data
-          label: Postgres Data Volume
+            type: boolean
+            default: false
+        - variable: logSearchDiskCapacityGB
+          label: Log Search Disk Capacity
+          schema:
+            type: int
+            show_if: [["logSearchApi", "==", true]]
+            default: 5
+        - variable: pgData
+          label: Minio Postgres Data Storage
+          description: The path to store Minio Postgres Data.
           schema:
             type: dict
+            show_if: [["logSearchApi", "==", true]]
             attrs:
-              - variable: datasetName
-                label: Postgres Data Volume Name
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
                 schema:
                   type: string
-                  hidden: true
-                  $ref:
-                    - normalize/ixVolume
-                  default: ix-postgres_data
-                  show_if: [["hostPathEnabled", "=", false]]
-                  editable: false
-              - variable: mountPath
-                label: Postgresql Data Mount Path
-                description: Path where the volume will be mounted inside the pod
+                  required: true
+                  default: ixVolume
+                  enum:
+                    - value: hostPath
+                      description: Host Path (Path that already exists on the system)
+                    - value: ixVolume
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: ixVolumeConfig
+                label: ixVolume Configuration
+                description: The configuration for the ixVolume dataset.
                 schema:
-                  type: path
+                  type: dict
+                  # Nothing to show for the user
                   hidden: true
-                  editable: false
-                  default: /var/lib/postgresql/data
-              - variable: hostPathEnabled
-                label: Enable Host Path for Postgres Data Volume
+                  show_if: [["type", "=", "ixVolume"]]
+                  $ref:
+                    - "normalize/ixVolume"
+                  attrs:
+                    - variable: aclEnable
+                      label: Enable ACL
+                      description: Enable ACL for the dataset.
+                      schema:
+                        type: boolean
+                        # Postgres does a CHMOD at startup
+                        # Which fails with ACL
+                        hidden: true
+                        default: false
+                    - variable: datasetName
+                      label: Dataset Name
+                      description: The name of the dataset to use for storage.
+                      schema:
+                        type: string
+                        required: true
+                        immutable: true
+                        hidden: true
+                        default: "pgData"
+                    - variable: aclEntries
+                      label: ACL Configuration
+                      schema:
+                        type: dict
+                        show_if: [["aclEnable", "=", true]]
+                        attrs: []
+              - variable: hostPathConfig
+                label: Host Path Configuration
                 schema:
-                  type: boolean
-                  default: false
-                  show_subquestions_if: true
-                  subquestions:
+                  type: dict
+                  show_if: [["type", "=", "hostPath"]]
+                  attrs:
+                    - variable: aclEnable
+                      label: Enable ACL
+                      description: Enable ACL for the dataset.
+                      schema:
+                        type: boolean
+                        # Postgres does a CHMOD at startup
+                        # Which fails with ACL
+                        hidden: true
+                        default: false
+                    - variable: acl
+                      label: ACL Configuration
+                      schema:
+                        type: dict
+                        show_if: [["aclEnable", "=", true]]
+                        attrs: []
+                        $ref:
+                          - "normalize/acl"
                     - variable: hostPath
-                      label: Host Path for Postgres Data Volume
+                      label: Host Path
+                      description: The host path to use for storage.
                       schema:
                         type: hostpath
+                        show_if: [["aclEnable", "=", false]]
                         required: true
-                        immutable: true
-
-        - variable: postgres-backup
-          label: Postgres Backup Volume
+        - variable: pgBackup
+          label: Minio Postgres Backup Storage
+          description: The path to store Minio Postgres Backup.
           schema:
             type: dict
+            show_if: [["logSearchApi", "==", true]]
             attrs:
-              - variable: datasetName
-                label: Postgres Backup Volume Name
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
                 schema:
                   type: string
-                  hidden: true
-                  $ref:
-                    - normalize/ixVolume
-                  default: ix-postgres_backups
-                  show_if: [["hostPathEnabled", "=", false]]
-                  editable: false
-              - variable: mountPath
-                label: Postgresql Backup Mount Path
-                description: Path where the volume will be mounted inside the pod
+                  required: true
+                  immutable: true
+                  default: ixVolume
+                  enum:
+                    - value: hostPath
+                      description: Host Path (Path that already exists on the system)
+                    - value: ixVolume
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: ixVolumeConfig
+                label: ixVolume Configuration
+                description: The configuration for the ixVolume dataset.
                 schema:
-                  type: path
+                  type: dict
+                  # Nothing to show for the user
                   hidden: true
-                  editable: false
-                  default: /postgres_backups
-              - variable: hostPathEnabled
-                label: Enable Host Path for Postgres Backup Volume
+                  show_if: [["type", "=", "ixVolume"]]
+                  $ref:
+                    - "normalize/ixVolume"
+                  attrs:
+                    - variable: aclEnable
+                      label: Enable ACL
+                      description: Enable ACL for the dataset.
+                      schema:
+                        type: boolean
+                        # Postgres does a CHMOD at startup
+                        # Which fails with ACL
+                        hidden: true
+                        default: false
+                    - variable: datasetName
+                      label: Dataset Name
+                      description: The name of the dataset to use for storage.
+                      schema:
+                        type: string
+                        required: true
+                        immutable: true
+                        hidden: true
+                        default: "pgBackup"
+                    - variable: aclEntries
+                      label: ACL Configuration
+                      schema:
+                        type: dict
+                        show_if: [["aclEnable", "=", true]]
+                        attrs: []
+              - variable: hostPathConfig
+                label: Host Path Configuration
                 schema:
-                  type: boolean
-                  default: false
-                  show_subquestions_if: true
-                  subquestions:
+                  type: dict
+                  show_if: [["type", "=", "hostPath"]]
+                  attrs:
+                    - variable: aclEnable
+                      label: Enable ACL
+                      description: Enable ACL for the dataset.
+                      schema:
+                        type: boolean
+                        # Postgres does a CHMOD at startup
+                        # Which fails with ACL
+                        hidden: true
+                        default: false
+                    - variable: acl
+                      label: ACL Configuration
+                      schema:
+                        type: dict
+                        show_if: [["aclEnable", "=", true]]
+                        attrs: []
+                        $ref:
+                          - "normalize/acl"
                     - variable: hostPath
-                      label: Host Path for Postgres Backup Volume
+                      label: Host Path
+                      description: The host path to use for storage.
                       schema:
                         type: hostpath
+                        show_if: [["aclEnable", "=", false]]
                         required: true
 
-  - variable: enableResourceLimits
-    label: "Enable Pod resource limits"
-    group: "Resource Limits"
-    schema:
-      type: boolean
-      default: false
-  - variable: cpuLimit
-    label: "CPU Limit"
-    description: "CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100."
-    group: "Resource Limits"
-    schema:
-      type: string
-      show_if: [["enableResourceLimits", "=", true]]
-      valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)"
-      default: "4000m"
-  - variable: memLimit
-    label: "Memory Limit"
-    group: "Resource Limits"
-    description: "Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M,  128974848000m, 123Mi"
+        - variable: additionalStorages
+          label: Additional Storage
+          description: Additional storage for Minio.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: storageEntry
+                label: Storage Entry
+                schema:
+                  type: dict
+                  attrs:
+                    - variable: type
+                      label: Type
+                      description: |
+                        ixVolume: Is dataset created automatically by the system.</br>
+                        Host Path: Is a path that already exists on the system.</br>
+                        SMB Share: Is a SMB share that is mounted to a persistent volume claim.
+                      schema:
+                        type: string
+                        required: true
+                        default: "ixVolume"
+                        enum:
+                          - value: "hostPath"
+                            description: Host Path (Path that already exists on the system)
+                          - value: "ixVolume"
+                            description: ixVolume (Dataset created automatically by the system)
+                          - value: "smb-pv-pvc"
+                            description: SMB Share (Mounts a persistent volume claim to a SMB share)
+                    - variable: readOnly
+                      label: Read Only
+                      description: Mount the volume as read only.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: mountPath
+                      label: Mount Path
+                      description: The path inside the container to mount the storage.
+                      schema:
+                        type: path
+                        required: true
+                    - variable: hostPathConfig
+                      label: Host Path Configuration
+                      schema:
+                        type: dict
+                        show_if: [["type", "=", "hostPath"]]
+                        attrs:
+                          - variable: aclEnable
+                            label: Enable ACL
+                            description: Enable ACL for the dataset.
+                            schema:
+                              type: boolean
+                              default: false
+                          - variable: acl
+                            label: ACL Configuration
+                            schema:
+                              type: dict
+                              show_if: [["aclEnable", "=", true]]
+                              attrs: []
+                              $ref:
+                                - "normalize/acl"
+                          - variable: hostPath
+                            label: Host Path
+                            description: The host path to use for storage.
+                            schema:
+                              type: hostpath
+                              show_if: [["aclEnable", "=", false]]
+                              required: true
+                    - variable: ixVolumeConfig
+                      label: ixVolume Configuration
+                      description: The configuration for the ixVolume dataset.
+                      schema:
+                        type: dict
+                        show_if: [["type", "=", "ixVolume"]]
+                        $ref:
+                          - "normalize/ixVolume"
+                        attrs:
+                          - variable: aclEnable
+                            label: Enable ACL
+                            description: Enable ACL for the dataset.
+                            schema:
+                              type: boolean
+                              default: false
+                          - variable: datasetName
+                            label: Dataset Name
+                            description: The name of the dataset to use for storage.
+                            schema:
+                              type: string
+                              required: true
+                              immutable: true
+                              default: "storage_entry"
+                          - variable: aclEntries
+                            label: ACL Configuration
+                            schema:
+                              type: dict
+                              show_if: [["aclEnable", "=", true]]
+                              attrs: []
+                    - variable: smbConfig
+                      label: SMB Share Configuration
+                      description: The configuration for the SMB Share.
+                      schema:
+                        type: dict
+                        show_if: [["type", "=", "smb-pv-pvc"]]
+                        attrs:
+                          - variable: server
+                            label: Server
+                            description: The server for the SMB share.
+                            schema:
+                              type: string
+                              required: true
+                          - variable: share
+                            label: Share
+                            description: The share name for the SMB share.
+                            schema:
+                              type: string
+                              required: true
+                          - variable: domain
+                            label: Domain (Optional)
+                            description: The domain for the SMB share.
+                            schema:
+                              type: string
+                          - variable: username
+                            label: Username
+                            description: The username for the SMB share.
+                            schema:
+                              type: string
+                              required: true
+                          - variable: password
+                            label: Password
+                            description: The password for the SMB share.
+                            schema:
+                              type: string
+                              required: true
+                              private: true
+                          - variable: size
+                            label: Size (in Gi)
+                            description: The size of the volume quota.
+                            schema:
+                              type: int
+                              required: true
+                              min: 1
+                              default: 1
+
+  - variable: resources
+    group: Resources Configuration
+    label: ""
     schema:
-      type: string
-      show_if: [["enableResourceLimits", "=", true]]
-      valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
-      default: "8Gi"
+      type: dict
+      attrs:
+        - variable: limits
+          label: Limits
+          schema:
+            type: dict
+            attrs:
+              - variable: cpu
+                label: CPU
+                description: CPU limit for WG-Easy.
+                schema:
+                  type: string
+                  max_length: 6
+                  valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$'
+                  valid_chars_error: |
+                    Valid CPU limit formats are</br>
+                    - Plain Integer - eg. 1</br>
+                    - Float - eg. 0.5</br>
+                    - Milicpu - eg. 500m
+                  default: "4000m"
+                  required: true
+              - variable: memory
+                label: Memory
+                description: Memory limit for WG-Easy.
+                schema:
+                  type: string
+                  max_length: 12
+                  valid_chars: "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$"
+                  valid_chars_error: |
+                    Valid Memory limit formats are</br>
+                    - Suffixed with E/P/T/G/M/K - eg. 1G</br>
+                    - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi</br>
+                    - Plain Integer in bytes - eg. 1024</br>
+                    - Exponent - eg. 134e6
+                  default: "8Gi"
+                  required: true

library/ix-dev/charts/minio/templates/NOTES.txt

@@ -1,2 +1 @@
-Minio can be accessed from the following URL:
-http://$node_ip:{{ .Values.service.nodePort }}/
+{{ include "ix.v1.common.lib.chart.notes" $ }}

library/ix-dev/charts/minio/templates/_cert.tpl

@@ -1,33 +0,0 @@
-{{/*
-Formats volumeMount for Minio tls keys and trusted certs
-*/}}
-{{- define "minio.tlsKeysVolumeMount" -}}
-{{- if eq (include "minio.certAvailable" .) "true" -}}
-- name: cert-secret-volume
-  mountPath: "/etc/minio/certs"
-- name: trusted-cert-secret-volume
-  mountPath: "/etc/minio/certs/CAs"
-{{- end }}
-{{- end -}}
-
-{{/*
-Formats volume for Minio tls keys and trusted certs
-*/}}
-{{- define "minio.tlsKeysVolume" -}}
-{{- if eq (include "minio.certAvailable" .) "true" -}}
-- name: cert-secret-volume
-  secret:
-    secretName: {{ include "minio.secretName" . }}
-    items:
-    - key: certPublicKey
-      path: public.crt
-    - key: certPrivateKey
-      path: private.key
-- name: trusted-cert-secret-volume
-  secret:
-    secretName: {{ include "minio.secretName" . }}
-    items:
-    - key: certPublicKey
-      path: public.crt
-{{- end }}
-{{- end -}}

library/ix-dev/charts/minio/templates/_configuration.tpl

@@ -0,0 +1,91 @@
+{{- define "minio.configuration" -}}
+
+  {{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
+
+  {{- $auditToken := randAlphaNum 32 -}}
+  {{- $queryToken := randAlphaNum 32 -}}
+  {{/* Fetch secrets from pre-migration secret */}}
+  {{- with (lookup "v1" "Secret" .Release.Namespace "logsearchapi-details") -}}
+    {{- $auditToken = ((index .data "auditToken") | b64dec) -}}
+    {{- $queryToken = ((index .data "queryToken") | b64dec) -}}
+  {{- end -}}
+
+  {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-logsearch-creds" $fullname)) -}}
+    {{- $auditToken = ((index .data "LOGSEARCH_AUDIT_AUTH_TOKEN") | b64dec) -}}
+    {{- $queryToken = ((index .data "MINIO_LOG_QUERY_AUTH_TOKEN") | b64dec) -}}
+  {{- end -}}
+  {{- $queryURL := printf "http://%v-log:8080" $fullname -}}
+  {{- $webhookURL := printf "http://%v-log:8080/api/ingest?token=%v" $fullname $auditToken -}}
+
+  {{/* DB details */}}
+  {{- $dbHost := (printf "%s-postgres" $fullname) -}}
+  {{- $dbUser := "logsearchapi" -}}
+  {{- $dbName := "logsearchapi" -}}
+  {{- $dbPass := randAlphaNum 32 -}}
+
+  {{/* Fetch secrets from pre-migration secret */}}
+  {{- $tmpBackupHost := "" -}}
+  {{- with (lookup "v1" "Secret" .Release.Namespace "postgres-details") -}}
+    {{- $dbPass = ((index .data "db_password") | b64dec) -}}
+    {{- $tmpBackupHost = ((index .data "postgresHost") | b64dec) -}}
+  {{- end -}}
+
+  {{- with (lookup "v1" "Secret" .Release.Namespace (printf "%s-postgres-creds" $fullname)) -}}
+    {{- $dbPass = ((index .data "POSTGRES_PASSWORD") | b64dec) -}}
+  {{- end -}}
+
+  {{/* Temporary set dynamic db details on values,
+  so we can print them on the notes */}}
+  {{- $_ := set .Values "minioDbPass" $dbPass -}}
+  {{- $_ := set .Values "minioDbHost" $dbHost -}}
+
+  {{- $dbURL := (printf "postgres://%s:%s@%s:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName) }}
+secret:
+  minio-creds:
+    enabled: true
+    data:
+      MINIO_ROOT_USER: {{ .Values.minioConfig.rootUser | quote }}
+      MINIO_ROOT_PASSWORD: {{ .Values.minioConfig.rootPassword | quote }}
+
+    {{ if and .Values.minioNetwork.certificateID .Values.minioConfig.domain }}
+      MINIO_BROWSER_REDIRECT_URL: {{ printf "https://%s:%v" .Values.minioConfig.domain .Values.minioNetwork.consolePort }}
+      MINIO_SERVER_URL: {{ printf "https://%s:%v" .Values.minioConfig.domain .Values.minioNetwork.apiPort }}
+    {{ end }}
+
+    {{ if .Values.minioStorage.logSearchApi }}
+      MINIO_LOG_QUERY_AUTH_TOKEN: {{ $queryToken }}
+      MINIO_LOG_QUERY_URL: {{ $queryURL }}
+      MINIO_AUDIT_WEBHOOK_ENDPOINT_ix-logsearch: {{ $webhookURL }}
+      MINIO_AUDIT_WEBHOOK_ENABLE_ix-logsearch: "on"
+    {{ end }}
+
+  logsearch-creds:
+    enabled: true
+    data:
+      MINIO_LOG_QUERY_AUTH_TOKEN: {{ $queryToken | quote }}
+      LOGSEARCH_AUDIT_AUTH_TOKEN: {{ $auditToken | quote }}
+      LOGSEARCH_PG_CONN_STR: {{ $dbURL | quote }}
+      LOGSEARCH_DISK_CAPACITY_GB: {{ .Values.minioStorage.logSearchDiskCapacityGB | quote }}
+  postgres-creds:
+    enabled: true
+    data:
+      POSTGRES_USER: {{ $dbUser }}
+      POSTGRES_DB: {{ $dbName }}
+      POSTGRES_PASSWORD: {{ $dbPass }}
+      POSTGRES_HOST: {{ $dbHost }}
+      POSTGRES_URL: {{ $dbURL }}
+  {{- if eq (include "minio.is-migration" $) "true" }}
+  postgres-backup-creds:
+    enabled: true
+    annotations:
+      helm.sh/hook: "pre-upgrade"
+      helm.sh/hook-delete-policy: "hook-succeeded"
+      helm.sh/hook-weight: "1"
+    data:
+      POSTGRES_USER: {{ $dbUser }}
+      POSTGRES_DB: {{ $dbName }}
+      POSTGRES_PASSWORD: {{ $dbPass }}
+      POSTGRES_HOST: {{ $tmpBackupHost }}
+      POSTGRES_URL: {{ printf "postgres://%s:%s@%s-pg:5432/%s?sslmode=disable" $dbUser $dbPass $dbHost $dbName }}
+  {{- end }}
+{{- end -}}

library/ix-dev/charts/minio/templates/_helpers.tpl

@@ -1,77 +0,0 @@
-{{/*
-Determine secret name.
-*/}}
-{{- define "minio.secretName" -}}
-{{- include "common.names.fullname" . -}}
-{{- end -}}
-
-
-{{/*
-Retrieve true/false if minio certificate is configured
-*/}}
-{{- define "minio.certAvailable" -}}
-{{- if .Values.certificate -}}
-{{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
-{{- template "common.resources.cert_present" $values -}}
-{{- else -}}
-{{- false -}}
-{{- end -}}
-{{- end -}}
-
-
-{{/*
-Retrieve public key of minio certificate
-*/}}
-{{- define "minio.cert.publicKey" -}}
-{{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
-{{ include "common.resources.cert" $values }}
-{{- end -}}
-
-
-{{/*
-Retrieve private key of minio certificate
-*/}}
-{{- define "minio.cert.privateKey" -}}
-{{- $values := (. | mustDeepCopy) -}}
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
-{{ include "common.resources.cert" $values }}
-{{- end -}}
-
-
-{{/*
-Retrieve scheme/protocol for minio
-*/}}
-{{- define "minio.scheme" -}}
-{{- if eq (include "minio.certAvailable" .) "true" -}}
-{{- print "https" -}}
-{{- else -}}
-{{- print "http" -}}
-{{- end -}}
-{{- end -}}
-
-
-{{/*
-Retrieve command for minio application
-*/}}
-{{- define "minio.commandArgs" -}}
-{{- $arg := (printf "/usr/bin/docker-entrypoint.sh minio -S /etc/minio/certs server --console-address=':%d'" (.Values.service.consolePort | int)) -}}
-{{- if .Values.distributedMode -}}
-{{- cat $arg (join " " (concat (.Values.distributedIps | default list) (.Values.extraArgs | default list))) -}}
-{{- else -}}
-{{- cat $arg ((concat (list (printf "--address ':%d'" (.Values.service.nodePort | int))) (list (printf "%s" .Values.appVolumeMounts.export.mountPath)) (.Values.extraArgs | default list)) | join " ") -}}
-{{- end -}}
-{{- end -}}
-
-
-{{/*
-Enable host networking
-*/}}
-{{- define "minio.hostNetworking" -}}
-{{- if .Values.distributedMode -}}
-{{- print "true" -}}
-{{- else -}}
-{{- print "false" -}}
-{{- end -}}
-{{- end -}}

library/ix-dev/charts/minio/templates/_logsearch.tpl

@@ -0,0 +1,40 @@
+{{- define "logsearchapi.workload" -}}
+workload:
+  logsearchapi:
+    enabled: true
+    type: Deployment
+    podSpec:
+      hostNetwork: false
+      containers:
+        logsearchapi:
+          enabled: true
+          primary: true
+          imageSelector: logSearchImage
+          securityContext:
+            runAsUser: 473
+            runAsGroup: 473
+          command:
+            - /logsearchapi
+          envFrom:
+            - secretRef:
+                name: logsearch-creds
+          probes:
+            liveness:
+              enabled: true
+              type: http
+              path: /status
+              port: 8080
+            readiness:
+              enabled: true
+              type: http
+              path: /status
+              port: 8080
+            startup:
+              enabled: true
+              type: http
+              path: /status
+              port: 8080
+      initContainers:
+      {{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
+                                                        "secretName" "postgres-creds") | nindent 8 }}
+{{- end -}}

library/ix-dev/charts/minio/templates/_logsearchapi.tpl

@@ -1,34 +0,0 @@
-{{- define "logsearchapi.imageName" -}}
-{{- printf "%s:%s" .Values.logSearchImage.repository .Values.logSearchImage.tag -}}
-{{- end -}}
-
-{{- define "logsearchapi.nameSuffix" -}}
-{{- print "logsearchapi" -}}
-{{- end -}}
-
-{{- define "logsearchapi.command" -}}
-{{- print "/logsearchapi" -}}
-{{- end -}}
-
-{{- define "logsearchapi.secretName" -}}
-{{- print "logsearchapi-details" -}}
-{{- end -}}
-
-{{- define "logsearchapi.envVariableConfiguration" -}}
-{{- $envList := list -}}
-{{- $secretName := (include "logsearchapi.secretName" .) -}}
-{{- $postgresSecretName := (include "postgres.secretName" .) -}}
-{{- $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_AUTH_TOKEN" "valueFromSecret" true "secretName" $secretName "secretKey" "queryToken") -}}
-{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_AUDIT_AUTH_TOKEN" "valueFromSecret" true "secretName" $secretName "secretKey" "auditToken") -}}
-{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_PG_CONN_STR" "valueFromSecret" true "secretName" $postgresSecretName "secretKey" "postgresURL") -}}
-{{- $envList = mustAppend $envList (dict "name" "LOGSEARCH_DISK_CAPACITY_GB" "value" .Values.logsearchapi.diskCapacityGB) -}}
-{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
-{{- end -}}
-
-{{/* Used in the minio init container (checks that logsearchapi is available) */}}
-{{- define "logsearchapiInit.envVariableConfiguration" -}}
-{{- $envList := list -}}
-{{- $secretName := (include "logsearchapi.secretName" .) -}}
-{{- $envList = mustAppend $envList (dict "name" "apiURL" "valueFromSecret" true "secretName" $secretName "secretKey" "logQueryURL") -}}
-{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
-{{- end -}}

library/ix-dev/charts/minio/templates/_migration.tpl

@@ -0,0 +1,48 @@
+{{- define "minio.get-versions" -}}
+  {{- $oldChartVersion := "" -}}
+  {{- $newChartVersion := "" -}}
+
+  {{/* Safely access the context, so it wont block CI */}}
+  {{- if hasKey .Values.global "ixChartContext" -}}
+    {{- if .Values.global.ixChartContext.upgradeMetadata -}}
+
+      {{- $oldChartVersion = .Values.global.ixChartContext.upgradeMetadata.oldChartVersion -}}
+      {{- $newChartVersion = .Values.global.ixChartContext.upgradeMetadata.newChartVersion -}}
+      {{- if and (not $oldChartVersion) (not $newChartVersion) -}}
+        {{- fail "Upgrade Metadata is missing. Cannot proceed" -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- toYaml (dict "old" $oldChartVersion "new" $newChartVersion) -}}
+{{- end -}}
+
+{{- define "minio.migration" -}}
+  {{- $versions := (fromYaml (include "minio.get-versions" $)) -}}
+  {{- if and $versions.old $versions.new -}}
+    {{- $oldV := semver $versions.old -}}
+    {{- $newV := semver $versions.new -}}
+
+    {{/* If new is v2.x.x */}}
+    {{- if eq ($newV.Major | int) 2 -}}
+      {{/* And old is v1.x.x, but lower than .7.24 */}}
+      {{- if and (eq $oldV.Major 1) (or (ne $oldV.Minor 7) (lt ($oldV.Patch | int) 24)) -}}
+        {{/* Block the upgrade */}}
+        {{- fail "Migration to 2.x.x is only allowed from 1.7.24 or higher" -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "minio.is-migration" -}}
+  {{- $isMigration := "" -}}
+  {{- $versions := (fromYaml (include "minio.get-versions" $)) -}}
+  {{- if $versions.old -}}
+    {{- $oldV := semver $versions.old -}}
+    {{- if and (eq $oldV.Major 1) (or (ne $oldV.Minor 7) (lt ($oldV.Patch | int) 24)) -}}
+      {{- $isMigration = "true" -}}
+    {{- end -}}
+  {{- end -}}
+
+  {{- $isMigration -}}
+{{- end -}}

library/ix-dev/charts/minio/templates/_minio.tpl

@@ -0,0 +1,93 @@
+{{- define "minio.workload" -}}
+{{- $fullname := (include "ix.v1.common.lib.chart.names.fullname" $) -}}
+{{- $logapi := printf "http://%v-log:8080" $fullname -}}
+workload:
+  minio:
+    enabled: true
+    primary: true
+    type: Deployment
+    podSpec:
+      hostNetwork: {{ .Values.minioStorage.distributedMode }}
+      containers:
+        minio:
+          enabled: true
+          primary: true
+          imageSelector: image
+          securityContext:
+            runAsUser: 473
+            runAsGroup: 473
+            # readOnlyRootFilesystem: false
+          env:
+            MINIO_VOLUMES: /export
+          args:
+            - server
+            - --console-address
+            - {{ printf ":%v" .Values.minioNetwork.consolePort | quote }}
+            {{- if .Values.minioStorage.distributedMode }}
+              {{- range .Values.minioStorage.distributedIps }}
+            - {{ quote . }}
+              {{- end }}
+            {{- else }}
+            - "--address"
+            - {{ printf ":%v" .Values.minioNetwork.apiPort | quote }}
+            {{- end }}
+            {{- if .Values.minioNetwork.certificateID }}
+            - "--certs-dir"
+            - "/etc/minio/certs"
+            {{- end }}
+            {{- range .Values.minioConfig.extraArgs }}
+            - {{ quote . }}
+            {{ end }}
+          envFrom:
+            - secretRef:
+                name: minio-creds
+          {{ with .Values.minioConfig.additionalEnvs }}
+          envList:
+            {{ range $env := . }}
+            - name: {{ $env.name }}
+              value: {{ $env.value }}
+            {{ end }}
+          {{ end }}
+          probes:
+            {{- $proto := "http" -}}
+            {{- if .Values.minioNetwork.certificateID -}}
+              {{- $proto = "https" -}}
+            {{- end }}
+            liveness:
+              enabled: true
+              type: {{ $proto }}
+              path: /minio/health/live
+              port: {{ .Values.minioNetwork.consolePort }}
+            readiness:
+              enabled: true
+              type: {{ $proto }}
+              path: /minio/health/live
+              port: {{ .Values.minioNetwork.consolePort }}
+            startup:
+              enabled: true
+              type: {{ $proto }}
+              path: /minio/health/live
+              port: {{ .Values.minioNetwork.consolePort }}
+      initContainers:
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                        "UID" 473
+                                                        "GID" 473
+                                                        "mode" "check"
+                                                        "type" "init") | nindent 8 }}
+        wait-api:
+          enabled: true
+          type: init
+          imageSelector: bashImage
+          command:
+            - bash
+          args:
+            - -c
+            - |
+              echo "Waiting for [{{ $logapi }}]";
+              until wget --spider --quiet --timeout=3 --tries=1 {{ $logapi }}/status;
+              do
+                echo "Waiting for [{{ $logapi }}]";
+                sleep 2;
+              done
+              echo "API is up: {{ $logapi }}";
+{{- end -}}

library/ix-dev/charts/minio/templates/_persistence.tpl

@@ -0,0 +1,77 @@
+{{- define "minio.persistence" -}}
+persistence:
+  export:
+    enabled: true
+    {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.minioStorage.export) | nindent 4 }}
+    targetSelector:
+      minio:
+        minio:
+          mountPath: {{ .Values.minioStorage.export.mountPath }}
+        {{- if and (eq .Values.minioStorage.export.type "ixVolume")
+                  (not (.Values.minioStorage.export.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/export
+        {{- end }}
+  tmp:
+    enabled: true
+    type: emptyDir
+    targetSelector:
+      minio:
+        minio:
+          mountPath: /tmp
+  {{- range $idx, $storage := .Values.minioStorage.additionalStorages }}
+  {{ printf "minio-%v:" (int $idx) }}
+    enabled: true
+    {{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }}
+    targetSelector:
+      minio:
+        minio:
+          mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
+  {{- end }}
+
+  {{- include "ix.v1.common.app.postgresPersistence"
+      (dict "pgData" .Values.minioStorage.pgData
+            "pgBackup" .Values.minioStorage.pgBackup
+      ) | nindent 2 }}
+
+  {{- if .Values.minioNetwork.certificateID }}
+  cert:
+    enabled: true
+    type: secret
+    objectName: minio-cert
+    defaultMode: "0600"
+    items:
+      - key: tls.key
+        path: private.key
+      - key: tls.crt
+        path: public.crt
+    targetSelector:
+      minio:
+        minio:
+          mountPath: /etc/minio/certs
+          readOnly: true
+  certca:
+    enabled: true
+    type: secret
+    objectName: minio-cert
+    defaultMode: "0600"
+    items:
+      - key: tls.crt
+        path: public.crt
+    targetSelector:
+      minio:
+        minio:
+          mountPath: /etc/minio/certs/CAs
+          readOnly: true
+
+scaleCertificate:
+  minio-cert:
+    enabled: true
+    id: {{ .Values.minioNetwork.certificateID }}
+  {{- end }}
+
+{{- end -}}

library/ix-dev/charts/minio/templates/_portal.tpl

@@ -0,0 +1,16 @@
+{{- define "minio.portal" -}}
+  {{- $proto := "http" -}}
+  {{- if .Values.minioNetwork.certificateID -}}
+    {{- $proto = "https" -}}
+  {{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: portal
+data:
+  path: /
+  port: {{ .Values.minioNetwork.consolePort | quote }}
+  protocol: {{ $proto }}
+  host: "$node_ip"
+{{- end -}}

library/ix-dev/charts/minio/templates/_postgres.tpl

@@ -1,71 +1,12 @@
-{{- define "postgres.imageName" -}}
-{{- print "postgres:14.5" -}}
-{{- end -}}
-
-{{- define "postgres.nameSuffix" -}}
-{{- print "postgres" -}}
-{{- end -}}
-
-{{- define "postgres.secretName" -}}
-{{- print "postgres-details" -}}
-{{- end -}}
-
-{{- define "postgres.dbName" -}}
-{{- print "logsearchapi" -}}
-{{- end -}}
-
-{{- define "postgres.dbUser" -}}
-{{- print "logsearchapi" -}}
-{{- end -}}
-
-{{/*
-Retrieve postgres backup name
-This will return a unique name based on revision and chart numbers specified.
-*/}}
-{{- define "postgres.backupName" -}}
-{{- $upgradeDict := .Values.ixChartContext.upgradeMetadata -}}
-{{- printf "postgres-backup-from-%s-to-%s-revision-%d" $upgradeDict.oldChartVersion $upgradeDict.newChartVersion (int64 $upgradeDict.preUpgradeRevision) -}}
-{{- end -}}
-
-{{- define "postgres.envVariableConfiguration" -}}
-{{- $envList := list -}}
-{{- $secretName := (include "postgres.secretName" .) -}}
-{{- $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "db_user") -}}
-{{- $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "valueFromSecret" true "secretName" $secretName "secretKey" "db_name") -}}
-{{- $envList = mustAppend $envList (dict "name" "POSTGRES_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "db_password") -}}
-{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
-{{- end -}}
-
-{{- define "postgresBackup.envVariableConfiguration" -}}
-{{- $envList := list -}}
-{{- $secretName := (include "postgres.secretName" .) -}}
-{{- $envList = mustAppend $envList (dict "name" "POSTGRES_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "db_user") -}}
-{{- $envList = mustAppend $envList (dict "name" "POSTGRES_DB" "valueFromSecret" true "secretName" $secretName "secretKey" "db_name") -}}
-{{/* PGPASSWORD is used by pg_dump */}}
-{{- $envList = mustAppend $envList (dict "name" "PGPASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "db_password") -}}
-{{- $envList = mustAppend $envList (dict "name" "pgHost" "valueFromSecret" true "secretName" $secretName "secretKey" "postgresHost") -}}
-{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
-{{- end -}}
-
-{{/* Used in the logsearchapi init container (checks that postgres is available) */}}
-{{- define "postgresInit.envVariableConfiguration" -}}
-{{- $envList := list -}}
-{{- $secretName := (include "postgres.secretName" .) -}}
-{{- $envList = mustAppend $envList (dict "name" "pgHost" "valueFromSecret" true "secretName" $secretName "secretKey" "postgresHost") -}}
-{{- $envList = mustAppend $envList (dict "name" "pguser" "valueFromSecret" true "secretName" $secretName "secretKey" "db_user") -}}
-{{- include "common.containers.environmentVariables" (dict "environmentVariables" $envList) -}}
-{{- end -}}
-
-{{/*
-Retrieve postgres volume configuration
-*/}}
-{{- define "postgres.volumeConfiguration" -}}
-{{ include "common.storage.configureAppVolumes" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts "emptyDirVolumes" .Values.emptyDirVolumes "ixVolumes" .Values.ixVolumes) | nindent 0 }}
-{{- end -}}
-
-{{/*
-Retrieve postgres volume mounts configuration
-*/}}
-{{- define "postgres.volumeMountsConfiguration" -}}
-{{ include "common.storage.configureAppVolumeMountsInContainer" (dict "appVolumeMounts" .Values.postgresAppVolumeMounts ) | nindent 0 }}
+{{- define "postgres.workload" -}}
+  {{- $backupSecretName := "postgres-creds" -}}
+  {{- if eq (include "minio.is-migration" $) "true" }}
+    {{- $backupSecretName = "postgres-backup-creds" -}}
+  {{- end }}
+workload:
+{{- include "ix.v1.common.app.postgres" (dict "secretName" "postgres-creds"
+                                              "backupSecretName" $backupSecretName
+                                              "resources" .Values.resources
+                                              "imageSelector" "logPostgresImage"
+                                              "ixChartContext" .Values.ixChartContext) | nindent 2 }}
 {{- end -}}

library/ix-dev/charts/minio/templates/_service.tpl

@@ -0,0 +1,33 @@
+{{- define "minio.service" -}}
+service:
+  minio:
+    enabled: true
+    primary: true
+    type: NodePort
+    targetSelector: minio
+    ports:
+      console:
+        enabled: true
+        primary: true
+        port: {{ .Values.minioNetwork.consolePort }}
+        nodePort: {{ .Values.minioNetwork.consolePort }}
+        targetSelector: minio
+      api:
+        enabled: true
+        port: {{ .Values.minioNetwork.apiPort }}
+        nodePort: {{ .Values.minioNetwork.apiPort }}
+        targetSelector: minio
+  {{ if .Values.minioStorage.logSearchApi }}
+  log:
+    enabled: true
+    type: ClusterIP
+    targetSelector: logsearchapi
+    ports:
+      log:
+        enabled: true
+        port: 8080
+        targetPort: 8080
+        targetSelector: logsearchapi
+  {{- include "ix.v1.common.app.postgresService" $ | nindent 2 }}
+  {{ end }}
+{{- end -}}

library/ix-dev/charts/minio/templates/backup-postgres-config.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: postgres-backup-hook-config-map
-  annotations:
-    rollme: {{ randAlphaNum 5 | quote }}
-data:
-  entrypoint.sh: |-
-    #!/bin/sh
-    cmd="/docker-entrypoint.sh postgres"
-    eval "${cmd}" & disown;
-    until pg_isready -U "$POSTGRES_USER" -h "$pgHost"; do
-      sleep 5;
-    done;
-    pg_dump -U "$POSTGRES_USER" -d "$POSTGRES_DB" -h "$pgHost" -f /postgres_backups/$BACKUP_NAME.sql;

library/ix-dev/charts/minio/templates/backup-postgres-hook.yaml

@@ -1,40 +0,0 @@
-{{- if .Values.logsearchapi.enabled -}}
-{{- if .Values.ixChartContext.isUpgrade -}}
-{{ $values := (. | mustDeepCopy) }}
-{{ $_ := set $values "common" (dict "nameSuffix" (include "postgres.nameSuffix" .)) }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: pre-upgrade-hook
-  annotations:
-    "helm.sh/hook": pre-upgrade
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded
-    rollme: {{ randAlphaNum 5 | quote }}
-spec:
-  template:
-    metadata:
-      name: pre-upgrade-hook
-    spec:
-      restartPolicy: Never
-      containers:
-      - name: {{ .Chart.Name }}-postgres-backup
-        image: {{ include "postgres.imageName" . }}
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        env: {{ include "postgresBackup.envVariableConfiguration" $values | nindent 10 }}
-          - name: BACKUP_NAME
-            value: {{ include "postgres.backupName" . }}
-        volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }}
-          - name: backup-script-configmap
-            mountPath: /bin/backup_entrypoint.sh
-            readOnly: true
-            subPath: entrypoint.sh
-        command:
-          - /bin/backup_entrypoint.sh
-      volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }}
-        - name: backup-script-configmap
-          configMap:
-            defaultMode: 0700
-            name: postgres-backup-hook-config-map
-{{- end -}}
-{{- end -}}

library/ix-dev/charts/minio/templates/common.yaml

@@ -0,0 +1,18 @@
+{{- include "ix.v1.common.loader.init" . -}}
+
+{{- include "minio.migration" $ -}}
+
+{{/* Merge the templates with Values */}}
+{{- $_ := mustMergeOverwrite .Values (include "minio.service" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "minio.workload" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "minio.persistence" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "minio.configuration" $ | fromYaml) -}}
+{{- if .Values.minioStorage.logSearchApi -}}
+  {{- $_ := mustMergeOverwrite .Values (include "postgres.workload" $ | fromYaml) -}}
+  {{- $_ := mustMergeOverwrite .Values (include "logsearchapi.workload" $ | fromYaml) -}}
+{{- end -}}
+
+{{/* Create the configmap for portal manually*/}}
+{{- include "minio.portal" $ -}}
+
+{{- include "ix.v1.common.loader.apply" . -}}

library/ix-dev/charts/minio/templates/configmap.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: minio-config
-data:
-  protocol: {{ include "minio.scheme" . }}

library/ix-dev/charts/minio/templates/deployment.yaml

@@ -1,134 +0,0 @@
-{{ include "common.storage.hostPathValidate" .Values }}
-{{ $logsearchValues := (. | mustDeepCopy) }}
-{{ $_ := set $logsearchValues "common" (dict "nameSuffix" (include "logsearchapi.nameSuffix" .)) }}
-apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
-kind: Deployment
-metadata:
-  name: {{ template "common.names.fullname" . }}-minio
-  labels:
-    app: {{ template "common.names.name" . }}
-    release: {{ .Release.Name }}
-    app.kubernetes.io/name: {{ template "common.names.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-  annotations:
-    rollme: {{ randAlphaNum 5 | quote }}
-spec:
-  replicas: {{ (default 1 .Values.replicas) }}
-  strategy:
-    type: {{ (default "Recreate" .Values.updateStrategy ) }}
-  selector:
-    matchLabels:
-      app: {{ template "common.names.name" . }}
-      release: {{ .Release.Name }}
-      app.kubernetes.io/name: {{ template "common.names.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      name: {{ template "common.names.fullname" . }}
-      labels:
-        {{- include "common.labels.selectorLabels" . | nindent 8 }}
-      annotations: {{ include "common.annotations" . | nindent 8 }}
-    spec:
-      securityContext:
-        runAsUser: {{ .Values.runAsUser }}
-        runAsGroup: {{ .Values.runAsGroup }}
-      serviceAccountName: {{ include "common.names.serviceAccountName" . | quote }}
-      hostNetwork: {{ include "minio.hostNetworking" . }}
-      {{ if .Values.logsearchapi.enabled }}
-      initContainers:
-        - name: {{ .Chart.Name }}-waitapi
-          image: alpine/curl
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env: {{ include "logsearchapiInit.envVariableConfiguration" $logsearchValues | nindent 10 }}
-          command:
-            - sh
-            - -c
-            - "until curl --silent $apiURL/status; do sleep 2; done"
-      {{ end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          {{ include "common.resources.limitation" . | nindent 10 }}
-          {{ include "common.containers.imageConfig" .Values.image | nindent 10 }}
-          {{ if hasKey .Values "appVolumeMounts" }}
-          volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }}
-          {{ else }}
-          volumeMounts:
-          {{ end }}
-          {{- include "minio.tlsKeysVolumeMount" . | nindent 12 }}
-          {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
-            - name: extrappvolume-{{ $index }}
-              mountPath: {{ $hostPathConfiguration.mountPath }}
-          {{ end }}
-          command:
-            - "/bin/sh"
-            - "-ce"
-            - {{ include "minio.commandArgs" . }}
-          ports:
-            - name: api
-              containerPort: {{ .Values.service.nodePort | int }}
-            - name: console
-              containerPort: {{ .Values.service.consolePort | int }}
-          readinessProbe:
-            httpGet:
-              path: /minio/health/live
-              port: {{ .Values.service.consolePort | int }}
-              scheme: {{ include "minio.scheme" . | upper }}
-            initialDelaySeconds: 10
-            periodSeconds: 10
-            timeoutSeconds: 5
-            failureThreshold: 5
-            successThreshold: 2
-          livenessProbe:
-            httpGet:
-              path: /minio/health/live
-              port: {{ .Values.service.consolePort | int }}
-              scheme: {{ include "minio.scheme" . | upper }}
-            initialDelaySeconds: 10
-            periodSeconds: 10
-            timeoutSeconds: 5
-            failureThreshold: 5
-            successThreshold: 1
-          startupProbe:
-            httpGet:
-              path: /minio/health/live
-              port: {{ .Values.service.consolePort | int }}
-              scheme: {{ include "minio.scheme" . | upper }}
-            initialDelaySeconds: 10
-            periodSeconds: 5
-            timeoutSeconds: 2
-            failureThreshold: 60
-            successThreshold: 1
-          env:
-            {{ $secretName := (include "minio.secretName" .) }}
-            {{ $envList := (default list .Values.environmentVariables) }}
-            {{ if and (eq (include "minio.certAvailable" .) "true") .Values.minioDomain }}
-            {{ $envList = mustAppend $envList (dict "name" "MINIO_BROWSER_REDIRECT_URL" "value" (printf "%s://%s:%d" (include "minio.scheme" .) .Values.minioDomain (.Values.service.consolePort | int))) }}
-            {{ $envList = mustAppend $envList (dict "name" "MINIO_SERVER_URL" "value" (printf "%s://%s:%d" (include "minio.scheme" .) .Values.minioDomain (.Values.service.nodePort | int))) }}
-            {{ end }}
-            {{ $envList = mustAppend $envList (dict "name" "MINIO_ROOT_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "accesskey") }}
-            {{ $envList = mustAppend $envList (dict "name" "MINIO_ROOT_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "secretkey") }}
-            {{ if .Values.logsearchapi.enabled }}
-            {{/*
-            We can put any ID we want here. Just make sure it's unique
-            It can be rolled on each startup without problems, or se can set a static one.
-            */}}
-            {{ $webhookID := (printf "ix-%v" (randAlphaNum 5)) }}
-            {{ $logsearchSecretName := (include "logsearchapi.secretName" .) }}
-            {{ $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_AUTH_TOKEN" "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "queryToken") }}
-            {{ $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_URL" "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "logQueryURL") }}
-            {{ $envList = mustAppend $envList (dict "name" (printf "MINIO_AUDIT_WEBHOOK_ENDPOINT_%v" $webhookID) "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "webhookURL") }}
-            {{ $envList = mustAppend $envList (dict "name" (printf "MINIO_AUDIT_WEBHOOK_ENABLE_%v" $webhookID) "value" "on") }}
-            {{ end }}
-            {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }}
-{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }}
-      {{ if hasKey .Values "appVolumeMounts" }}
-      volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
-      {{ else }}
-      volumes:
-      {{ end }}
-      {{- include "minio.tlsKeysVolume" . | nindent 8 }}
-      {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
-        - name: extrappvolume-{{ $index }}
-          hostPath:
-            path: {{ $hostPathConfiguration.hostPath }}
-    {{ end }}

library/ix-dev/charts/minio/templates/logsearchapi-deployment.yaml

@@ -1,51 +0,0 @@
-{{ if .Values.logsearchapi.enabled }}
-{{ $values := (. | mustDeepCopy) }}
-{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-log" (include "logsearchapi.nameSuffix" .))) }}
-{{ $pg_values := (. | mustDeepCopy) }}
-{{ $_ := set $pg_values "common" (dict "nameSuffix" (include "postgres.nameSuffix" .)) }}
-{{ include "common.deployment.common_config" $values | nindent 0 }}
-spec: {{ include "common.deployment.common_spec" $values | nindent 2 }}
-  template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }}
-    spec:
-      initContainers:
-        - name: {{ .Chart.Name }}-{{ include "logsearchapi.nameSuffix" . }}-waitdb
-          image: {{ include "postgres.imageName" . }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env: {{ include "postgresInit.envVariableConfiguration" $pg_values | nindent 10 }}
-          command:
-            - sh
-            - -c
-            - 'until pg_isready -U "$pgUser" -h "$pgHost"; do sleep 2; done'
-      containers:
-        - name: {{ .Chart.Name }}-{{ include "logsearchapi.nameSuffix" . }}
-          image: {{ include "logsearchapi.imageName" . }}
-          imagePullPolicy: {{ .Values.logSearchImage.pullPolicy }}
-          env: {{ include "logsearchapi.envVariableConfiguration" $values | nindent 10 }}
-          command:
-            - {{ include "logsearchapi.command" . }}
-          ports:
-            - name: logsearchapi
-              containerPort: 8080
-              protocol: TCP
-          readinessProbe:
-            httpGet:
-              path: /status
-              port: 8080
-            failureThreshold: 5
-            periodSeconds: 15
-            initialDelaySeconds: 15
-          livenessProbe:
-            httpGet:
-              path: /status
-              port: 8080
-            failureThreshold: 5
-            periodSeconds: 15
-            initialDelaySeconds: 15
-          startupProbe:
-            httpGet:
-              path: /status
-              port: 8080
-            failureThreshold: 5
-            periodSeconds: 15
-            initialDelaySeconds: 15
-{{ end }}

library/ix-dev/charts/minio/templates/logsearchapi-secret.yaml

@@ -1,23 +0,0 @@
-{{ $logSearchValues := (. | mustDeepCopy) }}
-{{ $_ := set $logSearchValues "common" (dict "nameSuffix" (include "logsearchapi.nameSuffix" .)) }}
-
-{{ $auditToken := randAlphaNum 32 | b64enc }}
-{{ $queryToken := randAlphaNum 32 | b64enc }}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "logsearchapi.secretName" . }}
-data:
-  {{ with (lookup "v1" "Secret" .Release.Namespace (include "logsearchapi.secretName" .)) }}
-  {{ $auditToken = (index .data "auditToken") }}
-  {{ end }}
-  auditToken: {{ $auditToken }}
-
-  {{ with (lookup "v1" "Secret" .Release.Namespace (include "logsearchapi.secretName" .)) }}
-  {{ $queryToken = (index .data "queryToken") }}
-  {{ end }}
-  queryToken: {{ $queryToken }}
-
-  logQueryURL: {{ (printf "http://%v-log:8080" (include "common.names.fullname" $logSearchValues)) | b64enc }}
-  webhookURL: {{ (printf "http://%v-log:8080/api/ingest?token=%v" (include "common.names.fullname" $logSearchValues) ($auditToken | b64dec)) | b64enc }}

library/ix-dev/charts/minio/templates/logsearchapi-service.yaml

@@ -1,8 +0,0 @@
-{{ if .Values.logsearchapi.enabled }}
-{{ $ports := list }}
-{{ $ports = mustAppend $ports (dict "name" "logsearchapi-tcp" "port" 8080 "targetPort" 8080) }}
-{{ $values := (. | mustDeepCopy) }}
-{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-log" (include "logsearchapi.nameSuffix" .))) }}
-{{ $_1 := set $values "commonService" (dict "type" "ClusterIP" "ports" $ports ) }}
-{{ include "common.classes.service" $values }}
-{{ end }}

library/ix-dev/charts/minio/templates/postgres-deployment.yaml

@@ -1,58 +0,0 @@
-{{ if .Values.logsearchapi.enabled }}
-{{ $values := (. | mustDeepCopy) }}
-{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-pg" (include "postgres.nameSuffix" .))) }}
-{{ include "common.deployment.common_config" $values | nindent 0 }}
-spec:
-  replicas: {{ (default 1 .Values.replicas) }}
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ template "common.names.name" $values }}
-      app.kubernetes.io/instance: {{ .Release.Name }}-postgres-pg
-      app: {{ template "common.names.name" . }}
-      release: {{ .Release.Name }}
-  template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }}
-    spec:
-      containers:
-      - name: {{ .Chart.Name }}-{{ include "postgres.nameSuffix" .}}
-        image: {{ template "postgres.imageName" . }}
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        env: {{ include "postgres.envVariableConfiguration" $values | nindent 10 }}
-        volumeMounts: {{ include "postgres.volumeMountsConfiguration" $values | nindent 10 }}
-        ports:
-        - name: postgres-tcp
-          containerPort: 5432
-          protocol: TCP
-        readinessProbe:
-          exec:
-            command:
-              - sh
-              - -c
-              - "until pg_isready -U${POSTGRES_USER} -h localhost; do sleep 2; done"
-          initialDelaySeconds: 15
-          failureThreshold: 5
-          periodSeconds: 15
-          timeoutSeconds: 2
-        livenessProbe:
-          exec:
-            command:
-              - sh
-              - -c
-              - "until pg_isready -U${POSTGRES_USER} -h localhost; do sleep 2; done"
-          initialDelaySeconds: 15
-          failureThreshold: 5
-          periodSeconds: 15
-          timeoutSeconds: 2
-        startupProbe:
-          exec:
-            command:
-              - sh
-              - -c
-              - "until pg_isready -U${POSTGRES_USER} -h localhost; do sleep 2; done"
-          initialDelaySeconds: 15
-          failureThreshold: 20
-          periodSeconds: 15
-          timeoutSeconds: 2
-      volumes: {{ include "postgres.volumeConfiguration" $values | nindent 8 }}
-{{ end }}

library/ix-dev/charts/minio/templates/postgres-secret.yaml

@@ -1,20 +0,0 @@
-{{ $pgValues := (. | mustDeepCopy) }}
-{{ $_ := set $pgValues "common" (dict "nameSuffix" (include "postgres.nameSuffix" .)) }}
-
-{{ $dbPass := randAlphaNum 32 | b64enc }}
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "postgres.secretName" . }}
-data:
-  {{ with (lookup "v1" "Secret" .Release.Namespace (include "postgres.secretName" .)) }}
-  {{ $dbPass = (index .data "db_password") }}
-  {{ end }}
-  db_password: {{ $dbPass }}
-
-  db_user: {{ include "postgres.dbUser" . | b64enc }}
-  db_name: {{ include "postgres.dbName" . | b64enc }}
-
-  postgresURL: {{ printf "postgres://%v:%v@%v-pg:5432/%v?sslmode=disable" (include "postgres.dbUser" .) ($dbPass | b64dec) (include "common.names.fullname" $pgValues) (include "postgres.dbName" .) | b64enc }}
-  postgresHost: {{ printf "%v-pg" (include "common.names.fullname" $pgValues) | b64enc }}

library/ix-dev/charts/minio/templates/postgres-service.yaml

@@ -1,8 +0,0 @@
-{{ if .Values.logsearchapi.enabled }}
-{{ $ports := list }}
-{{ $ports = mustAppend $ports (dict "name" "postgres-tcp" "port" 5432 "targetPort" 5432) }}
-{{ $values := (. | mustDeepCopy) }}
-{{ $_ := set $values "common" (dict "nameSuffix" (printf "%s-pg" (include "postgres.nameSuffix" .))) }}
-{{ $_1 := set $values "commonService" (dict "type" "ClusterIP" "ports" $ports ) }}
-{{ include "common.classes.service" $values }}
-{{ end }}

library/ix-dev/charts/minio/templates/pre-install-job.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.appVolumeMounts -}}
-{{- if hasKey .Values.appVolumeMounts "export" }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "{{ template "common.names.fullname" . }}-preinstall-job"
-  labels:
-    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
-    app.kubernetes.io/instance: {{ .Release.Name | quote }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    helm.sh/chart: {{ template "common.names.chart" . }}
-  annotations:
-    "helm.sh/hook": pre-install
-    "helm.sh/hook-delete-policy": hook-succeeded
-spec:
-  template:
-    metadata:
-      name: "{{ template "common.names.fullname" . }}-preinstall-hook"
-      labels:
-        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
-        app.kubernetes.io/instance: {{ .Release.Name | quote }}
-        helm.sh/chart: {{ template "common.names.chart" . }}
-    spec:
-      restartPolicy: Never
-      containers:
-      - name: pre-install-job
-        image: "alpine:latest"
-        command: ["chown", "-R", "{{ .Values.runAsUser }}:{{ .Values.runAsGroup }}", "{{ .Values.appVolumeMounts.export.mountPath }}"]
-        volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }}
-      volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
-{{- end -}}
-{{- end -}}

library/ix-dev/charts/minio/templates/secrets.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "minio.secretName" . }}
-  labels: {{ include "common.labels" . | nindent 4 }}
-type: Opaque
-data:
-  accesskey: {{ if .Values.accessKey }}{{ .Values.accessKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }}
-  secretkey: {{ if .Values.secretKey }}{{ .Values.secretKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }}
-  {{ if eq (include "minio.certAvailable" .) "true" }}
-  certPublicKey: {{ (include "minio.cert.publicKey" .) | toString | b64enc | quote }}
-  certPrivateKey: {{ (include "minio.cert.privateKey" .) | toString | b64enc | quote }}
-  {{ end }}

library/ix-dev/charts/minio/templates/service.yaml

@@ -1,14 +0,0 @@
-{{ $selectors := list }}
-{{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }}
-{{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }}
-{{ $_1 := set .Values "extraSelectorLabels" $selectors }}
-
-{{ if eq (include "minio.hostNetworking" .) "false" }}
-{{ $svc := .Values.service }}
-{{ $ports := list }}
-{{ $ports = mustAppend $ports (dict "name" "api" "port" $svc.nodePort "nodePort" $svc.nodePort "targetPort" (.Values.service.nodePort | int)) }}
-{{ $ports = mustAppend $ports (dict "name" "console" "port" $svc.consolePort "nodePort" $svc.consolePort "targetPort" (.Values.service.consolePort | int)) }}
-{{ $params := . }}
-{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }}
-{{ include "common.classes.service" $params }}
-{{ end }}

library/ix-dev/charts/minio/templates/serviceaccount.yaml

@@ -1 +0,0 @@
-{{ include "common.serviceaccount" . }}

library/ix-dev/charts/minio/to_keep_versions.md

@@ -0,0 +1,4 @@
+# 1.7.24
+
+This version is kept because it contains a fix that is needed for migration to v2.x.x
+It should be safe to remove few months after v2.x.x is released.

library/ix-dev/charts/minio/to_keep_versions.yaml

@@ -0,0 +1 @@
+- 1.7.24

library/ix-dev/charts/minio/values.yaml

@@ -6,8 +6,68 @@ logSearchImage:
   pullPolicy: IfNotPresent
   repository: minio/operator
   tag: v4.5.4
-logsearchapi:
-  diskCapacityGB: 5
-  enabled: false
-runAsGroup: 473
-runAsUser: 473
+logPostgresImage:
+  pullPolicy: IfNotPresent
+  repository: postgres
+  tag: "14.5"
+
+resources:
+  limits:
+    cpu: 4000m
+    memory: 8Gi
+
+podOptions:
+  dnsConfig:
+    options: []
+
+minioConfig:
+  rootUser: ""
+  rootPassword: ""
+  domain: ""
+  extraArgs: []
+  additionalEnvs: []
+
+minioNetwork:
+  apiPort: 9000
+  consolePort: 9002
+  certificateID:
+
+minioStorage:
+  distributedMode: false
+  distributedIps: []
+  export:
+    type: ixVolume
+    mountPath: /export
+    ixVolumeConfig:
+      datasetName: export
+  logSearchApi: false
+  logSearchDiskCapacityGB: 5
+  pgData:
+    type: ixVolume
+    ixVolumeConfig:
+      datasetName: pgData
+  pgBackup:
+    type: ixVolume
+    ixVolumeConfig:
+      datasetName: pgBackup
+  additionalStorages: []
+
+notes:
+  custom: |
+    {{ if .Values.minioStorage.logSearchApi }}
+    ## Database
+    You can connect to the database using the pgAdmin App from the catalog
+
+    <details>
+      <summary>Database Details</summary>
+
+      - Database: `logsearchapi`
+      - Username: `logsearchapi`
+      - Password: `{{ .Values.minioDbPass }}`
+      - Host:     `{{ .Values.minioDbHost }}.{{ .Release.Namespace }}.svc.cluster.local`
+      - Port:     `5432`
+
+    </details>
+    {{ end }}
+    {{- $_ := unset .Values "haDbPass" }}
+    {{- $_ := unset .Values "haDbHost" }}