Home Esplora Aiuto
Registrati Accedi
lcy
/
truenas
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

Mount minio configured cert inside pod using secret

Waqar Ahmed 4 anni fa
parent
31530457d0
commit
916fd6e625
4 ha cambiato i file con 36 aggiunte e 10 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 25 0
      test/minio/1.2.0/templates/_cert.tpl
  2. 3 3
      test/minio/1.2.0/templates/_helpers.tpl
  3. 4 3
      test/minio/1.2.0/templates/deployment.yaml
  4. 4 4
      test/minio/1.2.0/templates/secrets.yaml

+ 25 - 0
test/minio/1.2.0/templates/_cert.tpl
Vedi File 

@@ -0,0 +1,25 @@
 
+{{/*
 
+Formats volumeMount for Minio tls keys and trusted certs
 
+*/}}
 
+{{- define "minio.tlsKeysVolumeMount" -}}
 
+{{- if eq (include "minio.certAvailable" .) "true" -}}
 
+- name: cert-secret-volume
 
+  mountPath: "/etc/minio/certs"
 
+{{- end }}
 
+{{- end -}}
 
+
 
+{{/*
 
+Formats volume for Minio tls keys and trusted certs
 
+*/}}
 
+{{- define "minio.tlsKeysVolume" -}}
 
+{{- if eq (include "minio.certAvailable" .) "true" -}}
 
+- name: cert-secret-volume
 
+  secret:
 
+    secretName: {{ include "minio.secretName" . }}
 
+    items:
 
+    - key: certPublicKey
 
+      path: public.crt
 
+    - key: certPrivateKey
 
+      path: private.key
 
+{{- end }}
 
+{{- end -}}

+ 3 - 3
test/minio/1.2.0/templates/_helpers.tpl
Vedi File 

@@ -11,7 +11,7 @@ Retrieve true/false if minio certificate is configured
 
 */}}
 
 {{- define "minio.certAvailable" -}}
 
 {{- $values := (. | mustDeepCopy) -}}
 
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.certificate) -}}
 
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
 
 {{- template "common.resources.cert_present" $values -}}
 
 {{- end -}}
 
 
@@ -21,7 +21,7 @@ Retrieve public key of minio certificate
 
 */}}
 
 {{- define "minio.cert.publicKey" -}}
 
 {{- $values := (. | mustDeepCopy) -}}
 
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.certificate "publicKey" true) -}}
 
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}}
 
 {{ include "common.resources.cert" $values }}
 
 {{- end -}}
 
 
@@ -31,6 +31,6 @@ Retrieve private key of minio certificate
 
 */}}
 
 {{- define "minio.cert.privateKey" -}}
 
 {{- $values := (. | mustDeepCopy) -}}
 
-{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.certificate) -}}
 
+{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}}
 
 {{ include "common.resources.cert" $values }}
 
 {{- end -}}

+ 4 - 3
test/minio/1.2.0/templates/deployment.yaml
Vedi File 

@@ -1,4 +1,3 @@
 
-{{ $scheme := "http" }}
 
 apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
 
 kind: Deployment
 
 metadata:
 
@@ -29,13 +28,14 @@ spec:
 
       containers:
 
         - name: {{ .Chart.Name }}
 
           {{ include "common.containers.imageConfig" .Values.image | nindent 10 }}
 
-          {{ include "common.storage.allContainerVolumeMounts" .Values | nindent 10 }}
 
+          volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }}
 
+          {{- include "minio.tlsKeysVolumeMount" . | nindent 12 }}
 
           command:
 
             - "/bin/sh"
 
             - "-ce"
 
             - "/usr/bin/docker-entrypoint.sh minio server /export {{ (.Values.extraArgs | default list) | join " " }}"
 
           ports:
 
-            - name: {{ $scheme }}
 
+            - name: http
 
               containerPort: 9000
 
           env:
 
             {{ $secretName := (include "minio.secretName" .) }}
 
@@ -44,3 +44,4 @@ spec:
 
             {{ $envList = mustAppend $envList (dict "name" "MINIO_SECRET_KEY" "valueFromSecret" true "secretName" $secretName "secretKey" "secretkey") }}
 
             {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }}
 
 {{ include "common.storage.allAppVolumes" .Values | nindent 6 }}
 
+{{- include "minio.tlsKeysVolume" . | nindent 8 }}

+ 4 - 4
test/minio/1.2.0/templates/secrets.yaml
Vedi File 

@@ -7,7 +7,7 @@ type: Opaque
 
 data:
 
   accesskey: {{ if .Values.accessKey }}{{ .Values.accessKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 20 | b64enc | quote }}{{ end }}
 
   secretkey: {{ if .Values.secretKey }}{{ .Values.secretKey | toString | b64enc | quote }}{{ else }}{{ randAlphaNum 40 | b64enc | quote }}{{ end }}
 
-  {{- if eq (include "minio.certAvailable" .) true -}}
 
-  certPublicKey: {{ template "minio.cert.publicKey" . }}
 
-  certPrivateKey: {{ template "minio.cert.privateKey" . }}
 
-  {{- end -}}
 
+  {{ if eq (include "minio.certAvailable" .) "true" }}
 
+  certPublicKey: {{ (include "minio.cert.publicKey" .) | toString | b64enc | quote }}
 
+  certPrivateKey: {{ (include "minio.cert.privateKey" .) | toString | b64enc | quote }}
 
+  {{ end }}