| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 |
- {{- define "minio.workload" -}}
- workload:
- minio:
- enabled: true
- primary: true
- type: Deployment
- podSpec:
- hostNetwork: {{ include "minio.hostnetwork" $ }}
- containers:
- minio:
- enabled: true
- primary: true
- imageSelector: image
- securityContext:
- runAsUser: {{ .Values.minioRunAs.user }}
- runAsGroup: {{ .Values.minioRunAs.group }}
- envFrom:
- - secretRef:
- name: minio-creds
- args:
- - server
- - "--address"
- - {{ printf ":%v" .Values.minioNetwork.apiPort | quote }}
- - "--console-address"
- - {{ printf ":%v" .Values.minioNetwork.webPort | quote }}
- {{- if .Values.minioNetwork.certificateID }}
- - "--certs-dir"
- - "/.minio/certs"
- {{- end -}}
- {{- if .Values.minioLogging.anonymous }}
- - "--anonymous"
- {{- end -}}
- {{- if .Values.minioLogging.quiet }}
- - "--quiet"
- {{- end }}
- probes:
- liveness:
- enabled: true
- type: {{ include "minio.scheme" $ }}
- port: "{{ .Values.minioNetwork.apiPort }}"
- path: /minio/health/live
- readiness:
- enabled: true
- type: {{ include "minio.scheme" $ }}
- port: "{{ .Values.minioNetwork.apiPort }}"
- path: /minio/health/live
- startup:
- enabled: true
- type: {{ include "minio.scheme" $ }}
- port: "{{ .Values.minioNetwork.apiPort }}"
- path: /minio/health/live
- initContainers:
- {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
- "UID" .Values.minioRunAs.user
- "GID" .Values.minioRunAs.group
- "type" "install") | nindent 8 -}}
- {{- if .Values.minioLogging.logsearch.enabled }}
- logsearch-wait:
- enabled: true
- type: init
- imageSelector: bashImage
- resources:
- limits:
- cpu: 500m
- memory: 256Mi
- envFrom:
- - secretRef:
- name: minio-creds
- command: bash
- args:
- - -c
- - |
- echo "Pinging Logsearch API for readiness..."
- until wget --spider --quiet --timeout=3 --tries=1 ${MINIO_LOG_QUERY_URL}/status; do
- echo "Waiting for Logsearch API (${MINIO_LOG_QUERY_URL}/status) to be ready..."
- sleep 2
- done
- echo "Logsearch API is ready"
- {{- end }}
- {{/* Service */}}
- service:
- minio:
- enabled: true
- primary: true
- type: NodePort
- targetSelector: minio
- ports:
- api:
- enabled: true
- primary: true
- port: {{ .Values.minioNetwork.apiPort }}
- nodePort: {{ .Values.minioNetwork.apiPort }}
- targetSelector: minio
- webui:
- enabled: true
- port: {{ .Values.minioNetwork.webPort }}
- nodePort: {{ .Values.minioNetwork.webPort }}
- targetSelector: minio
- {{/* Persistence */}}
- persistence:
- {{- range $idx, $storage := .Values.minioStorage }}
- {{ printf "data%v" (int $idx) }}:
- enabled: true
- {{- include "minio.storage.ci.migration" (dict "storage" $storage) }}
- {{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }}
- targetSelector:
- minio:
- minio:
- mountPath: {{ $storage.mountPath }}
- {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
- 01-permissions:
- mountPath: /mnt/directories{{ $storage.mountPath }}
- {{- end }}
- {{- end }}
- # Minio writes temporary files to this directory. Adding this as an emptyDir,
- # So we don't have to set readOnlyRootFilesystem to false
- tempdir:
- enabled: true
- type: emptyDir
- targetSelector:
- minio:
- minio:
- mountPath: /.minio
- {{- if .Values.minioNetwork.certificateID }}
- cert:
- enabled: true
- type: secret
- objectName: minio-cert
- defaultMode: "0600"
- items:
- - key: tls.key
- path: private.key
- - key: tls.crt
- path: public.crt
- - key: tls.crt
- path: CAs/public.crt
- targetSelector:
- minio:
- minio:
- mountPath: /.minio/certs
- readOnly: true
- {{- end -}}
- {{- end -}}
|
