{{ include "common.storage.hostPathValidate" .Values }} {{ $logsearchValues := (. | mustDeepCopy) }} {{ $_ := set $logsearchValues "common" (dict "nameSuffix" (include "logsearchapi.nameSuffix" .)) }} apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: name: {{ template "common.names.fullname" . }}-minio labels: app: {{ template "common.names.name" . }} release: {{ .Release.Name }} app.kubernetes.io/name: {{ template "common.names.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} annotations: rollme: {{ randAlphaNum 5 | quote }} spec: replicas: {{ (default 1 .Values.replicas) }} strategy: type: {{ (default "Recreate" .Values.updateStrategy ) }} selector: matchLabels: app: {{ template "common.names.name" . }} release: {{ .Release.Name }} app.kubernetes.io/name: {{ template "common.names.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: name: {{ template "common.names.fullname" . }} labels: {{- include "common.labels.selectorLabels" . | nindent 8 }} annotations: {{ include "common.annotations" . | nindent 8 }} spec: securityContext: runAsUser: {{ .Values.runAsUser }} runAsGroup: {{ .Values.runAsGroup }} serviceAccountName: {{ include "common.names.serviceAccountName" . | quote }} hostNetwork: {{ include "minio.hostNetworking" . }} {{ if .Values.logsearchapi.enabled }} initContainers: - name: {{ .Chart.Name }}-waitapi image: alpine/curl imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{ include "logsearchapiInit.envVariableConfiguration" $logsearchValues | nindent 10 }} command: - sh - -c - "until curl --silent $apiURL/status; do sleep 2; done" {{ end }} containers: - name: {{ .Chart.Name }} {{ include "common.resources.limitation" . | nindent 10 }} {{ include "common.containers.imageConfig" .Values.image | nindent 10 }} {{ if hasKey .Values "appVolumeMounts" }} volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} {{ else }} volumeMounts: {{ end }} {{- include "minio.tlsKeysVolumeMount" . | nindent 12 }} {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - name: extrappvolume-{{ $index }} mountPath: {{ $hostPathConfiguration.mountPath }} {{ end }} command: - "/bin/sh" - "-ce" - {{ include "minio.commandArgs" . }} ports: - name: api containerPort: {{ .Values.service.nodePort | int }} - name: console containerPort: {{ .Values.service.consolePort | int }} readinessProbe: httpGet: path: /minio/health/live port: {{ .Values.service.consolePort | int }} scheme: {{ include "minio.scheme" . | upper }} initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 5 successThreshold: 2 livenessProbe: httpGet: path: /minio/health/live port: {{ .Values.service.consolePort | int }} scheme: {{ include "minio.scheme" . | upper }} initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 5 successThreshold: 1 startupProbe: httpGet: path: /minio/health/live port: {{ .Values.service.consolePort | int }} scheme: {{ include "minio.scheme" . | upper }} initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 2 failureThreshold: 60 successThreshold: 1 env: {{ $secretName := (include "minio.secretName" .) }} {{ $envList := (default list .Values.environmentVariables) }} {{ if and (eq (include "minio.certAvailable" .) "true") .Values.minioDomain }} {{ $envList = mustAppend $envList (dict "name" "MINIO_BROWSER_REDIRECT_URL" "value" (printf "%s://%s:%d" (include "minio.scheme" .) .Values.minioDomain (.Values.service.consolePort | int))) }} {{ $envList = mustAppend $envList (dict "name" "MINIO_SERVER_URL" "value" (printf "%s://%s:%d" (include "minio.scheme" .) .Values.minioDomain (.Values.service.nodePort | int))) }} {{ end }} {{ $envList = mustAppend $envList (dict "name" "MINIO_ROOT_USER" "valueFromSecret" true "secretName" $secretName "secretKey" "accesskey") }} {{ $envList = mustAppend $envList (dict "name" "MINIO_ROOT_PASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "secretkey") }} {{ if .Values.logsearchapi.enabled }} {{/* We can put any ID we want here. Just make sure it's unique It can be rolled on each startup without problems, or se can set a static one. */}} {{ $webhookID := (printf "ix-%v" (randAlphaNum 5)) }} {{ $logsearchSecretName := (include "logsearchapi.secretName" .) }} {{ $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_AUTH_TOKEN" "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "queryToken") }} {{ $envList = mustAppend $envList (dict "name" "MINIO_LOG_QUERY_URL" "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "logQueryURL") }} {{ $envList = mustAppend $envList (dict "name" (printf "MINIO_AUDIT_WEBHOOK_ENDPOINT_%v" $webhookID) "valueFromSecret" true "secretName" $logsearchSecretName "secretKey" "webhookURL") }} {{ $envList = mustAppend $envList (dict "name" (printf "MINIO_AUDIT_WEBHOOK_ENABLE_%v" $webhookID) "value" "on") }} {{ end }} {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }} {{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} {{ if hasKey .Values "appVolumeMounts" }} volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} {{ else }} volumes: {{ end }} {{- include "minio.tlsKeysVolume" . | nindent 8 }} {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - name: extrappvolume-{{ $index }} hostPath: path: {{ $hostPathConfiguration.hostPath }} {{ end }}