diff --git a/helm/tenant/templates/tenant.yaml b/helm/tenant/templates/tenant.yaml index e21e9247712..8697f2cf5d7 100644 --- a/helm/tenant/templates/tenant.yaml +++ b/helm/tenant/templates/tenant.yaml @@ -1,35 +1,35 @@ -{{- with .Values.tenant }} +{{- with .Values }} apiVersion: minio.min.io/v2 kind: Tenant metadata: - name: {{ .name }} + name: {{ .tenant.name }} ## Optionally pass labels to be applied to the statefulset pods labels: app: minio - {{- if dig "metrics" "enabled" false . }} + {{- if dig "metrics" "enabled" false .tenant }} ## Annotations for MinIO Tenant Pods annotations: prometheus.io/path: /minio/v2/metrics/cluster - prometheus.io/port: {{ dig "metrics" "port" 9000 . | quote }} + prometheus.io/port: {{ dig "metrics" "port" 9000 .tenant | quote }} prometheus.io/scrape: "true" - prometheus.io/scheme: {{ dig "metrics" "protocol" "http" . | quote }} + prometheus.io/scheme: {{ dig "metrics" "protocol" "http" .tenant | quote }} {{- end }} -{{- if dig "scheduler" "name" "" . }} +{{- if dig "scheduler" "name" "" .tenant }} scheduler: - name: {{ dig "scheduler" "name" "" . }} + name: {{ dig "scheduler" "name" "" .tenant }} {{- end }} spec: - image: "{{ .image.repository }}:{{ .image.digest | default .image.tag }}" - imagePullPolicy: {{ dig "image" "pullPolicy" "IfNotPresent" . }} - {{- if dig "imagePullSecret" "name" "" . }} + image: "{{ .tenant.image.repository }}:{{ .tenant.image.digest | default .tenant.image.tag }}" + imagePullPolicy: {{ dig "image" "pullPolicy" "IfNotPresent" .tenant }} + {{- if dig "imagePullSecret" "name" "" .tenant }} imagePullSecret: - name: {{ dig "imagePullSecret" "name" "" . }} + name: {{ dig "imagePullSecret" "name" "" .tenant }} {{- end }} ## Secret with default environment variable configurations configuration: - name: {{ .configuration.name }} + name: {{ .secrets.existingSecret | default .secrets.name }} pools: - {{- range (dig "pools" (list) .) }} + {{- range (dig "pools" (list) .tenant) }} - servers: {{ dig "servers" 4 . }} name: {{ dig "name" "" . }} volumesPerServer: {{ dig "volumesPerServer" 4 . }} @@ -74,84 +74,84 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - mountPath: {{ dig "mountPath" "/export" . }} - subPath: {{ dig "subPath" "/data" . }} - {{- with (dig "certificate" "externalCaCertSecret" (list) .) }} + mountPath: {{ dig "mountPath" "/export" .tenant }} + subPath: {{ dig "subPath" "/data" .tenant }} + {{- with (dig "certificate" "externalCaCertSecret" (list) .tenant) }} externalCaCertSecret: {{- toYaml . | nindent 6 }} {{- end }} - {{- with (dig "certificate" "externalCertSecret" (list) .) }} + {{- with (dig "certificate" "externalCertSecret" (list) .tenant) }} externalCertSecret: {{- toYaml . | nindent 6 }} {{- end }} - requestAutoCert: {{ dig "certificate" "requestAutoCert" false . }} - {{- if dig "s3" "bucketDNS" false . }} + requestAutoCert: {{ dig "certificate" "requestAutoCert" false .tenant }} + {{- if dig "s3" "bucketDNS" false .tenant }} {{- fail "Value 'tenant.s3.bucketDNS' is deprecated since Operator v4.3.2, use 'tenant.features.bucketDNS' instead" }} {{- end }} features: - bucketDNS: {{ dig "features" "bucketDNS" false . }} - {{- with (dig "features" "domains" (dict) .) }} + bucketDNS: {{ dig "features" "bucketDNS" false .tenant }} + {{- with (dig "features" "domains" (dict) .tenant) }} domains: {{- toYaml . | nindent 6 }} {{- end }} - enableSFTP: {{ dig "features" "enableSFTP" false . }} - {{- with (dig "buckets" (list) .) }} + enableSFTP: {{ dig "features" "enableSFTP" false .tenant }} + {{- with (dig "buckets" (list) .tenant) }} buckets: {{- toYaml . | nindent 4 }} {{- end }} - {{- with (dig "users" (list) .) }} + {{- with (dig "users" (list) .tenant) }} users: {{- toYaml . | nindent 4 }} {{- end }} - {{- with (dig "certificate" "certConfig" (dict) .) }} + {{- with (dig "certificate" "certConfig" (dict) .tenant) }} certConfig: {{- toYaml . | nindent 4 }} {{- end }} - podManagementPolicy: {{ dig "podManagementPolicy" "Parallel" . }} - {{- with (dig "readiness" (dict) .) }} + podManagementPolicy: {{ dig "podManagementPolicy" "Parallel" .tenant }} + {{- with (dig "readiness" (dict) .tenant) }} readiness: {{- toYaml . | nindent 4 }} {{- end }} - {{- with (dig "liveness" (dict) .) }} + {{- with (dig "liveness" (dict) .tenant) }} liveness: {{- toYaml . | nindent 4 }} {{- end }} - {{- with (dig "startup" (dict) .) }} + {{- with (dig "startup" (dict) .tenant) }} startup: {{- toYaml . | nindent 4 }} {{- end }} - {{- with (dig "exposeServices" (dict) .) }} + {{- with (dig "exposeServices" (dict) .tenant) }} exposeServices: {{- toYaml . | nindent 4 }} {{- end }} - {{- if dig "serviceAccountName" "" . }} - serviceAccountName: {{ dig "serviceAccountName" "" . }} + {{- if dig "serviceAccountName" "" .tenant }} + serviceAccountName: {{ dig "serviceAccountName" "" .tenant }} {{- end }} - prometheusOperator: {{ dig "prometheusOperator" "false" . }} - {{- with (dig "logging" (dict) .) }} + prometheusOperator: {{ dig "prometheusOperator" "false" .tenant }} + {{- with (dig "logging" (dict) .tenant) }} logging: {{- toYaml . | nindent 4 }} {{- end }} - {{- with (dig "serviceMetadata" (dict) .) }} + {{- with (dig "serviceMetadata" (dict) .tenant) }} serviceMetadata: {{- toYaml . | nindent 4 }} {{- end }} - {{- with (dig "env" (list) .) }} + {{- with (dig "env" (list) .tenant) }} env: {{- toYaml . | nindent 4 }} {{- end }} - {{- if dig "priorityClassName" "" . }} - priorityClassName: {{ dig "priorityClassName" "" . }} + {{- if dig "priorityClassName" "" .tenant }} + priorityClassName: {{ dig "priorityClassName" "" .tenant }} {{- end }} - {{- if dig "kes" "configuration" false . }} + {{- if dig "kes" "configuration" false .tenant }} kes: - image: "{{ .kes.image.repository }}:{{ .kes.image.digest | default .kes.image.tag }}" - {{- with (dig "kes" "env" (list) .) }} + image: "{{ .tenant.kes.image.repository }}:{{ .tenant.kes.image.digest | default .tenant.kes.image.tag }}" + {{- with (dig "kes" "env" (list) .tenant) }} env: {{- toYaml . | nindent 4 }} {{- end }} - replicas: {{ .kes.replicas | int }} + replicas: {{ .tenant.kes.replicas | int }} kesSecret: name: "kes-configuration" - imagePullPolicy: {{ .kes.imagePullPolicy | quote }} - {{- with (dig "kes" "externalCertSecret" (dict) .) }} + imagePullPolicy: {{ .tenant.kes.imagePullPolicy | quote }} + {{- with (dig "kes" "externalCertSecret" (dict) .tenant) }} externalCertSecret: {{- toYaml . | nindent 6 }} {{- end }} - {{- with (dig "kes" "clientCertSecret" (dict) .) }} + {{- with (dig "kes" "clientCertSecret" (dict) .tenant) }} clientCertSecret: {{- toYaml . | nindent 6 }} {{- end }} ## Key name to be created on the KMS, default is "my-minio-key" - keyName: {{ .kes.keyName | quote }} - {{- with (dig "resources" (dict) .) }} + keyName: {{ .tenant.kes.keyName | quote }} + {{- with (dig "resources" (dict) .tenant) }} resources: {{- toYaml . | nindent 4 }} {{- end }} - {{- with (dig "nodeSelector" (dict) .) }} + {{- with (dig "nodeSelector" (dict) .tenant) }} nodeSelector: {{- toYaml . | nindent 4 }} {{- end }} affinity: @@ -159,17 +159,17 @@ spec: podAffinity: {} podAntiAffinity: {} tolerations: [] - {{- with (dig "annotations" (dict) .) }} + {{- with (dig "annotations" (dict) .tenant) }} annotations: {{- toYaml . | nindent 4 }} {{- end }} - {{- with (dig "labels" (dict) .) }} + {{- with (dig "labels" (dict) .tenant) }} labels: {{- toYaml . | nindent 4 }} {{- end }} - serviceAccountName: {{ .kes.serviceAccountName | quote }} + serviceAccountName: {{ .tenant.kes.serviceAccountName | quote }} securityContext: - runAsUser: {{ .kes.securityContext.runAsUser | int }} - runAsGroup: {{ .kes.securityContext.runAsGroup | int }} - runAsNonRoot: {{ .kes.securityContext.runAsNonRoot }} - fsGroup: {{ .kes.securityContext.fsGroup | int }} + runAsUser: {{ .tenant.kes.securityContext.runAsUser | int }} + runAsGroup: {{ .tenant.kes.securityContext.runAsGroup | int }} + runAsNonRoot: {{ .tenant.kes.securityContext.runAsNonRoot }} + fsGroup: {{ .tenant.kes.securityContext.fsGroup | int }} {{- end }} {{- end }} diff --git a/helm/tenant/values.yaml b/helm/tenant/values.yaml index 996eb246fef..e80ee31f7ac 100644 --- a/helm/tenant/values.yaml +++ b/helm/tenant/values.yaml @@ -28,14 +28,12 @@ tenant: pullPolicy: IfNotPresent ## Customize any private registry image pull secret. ## currently only one secret registry is supported - imagePullSecret: { } + imagePullSecret: {} ## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. ## If not specified, the Tenant pods will be dispatched by default scheduler. - scheduler: { } + scheduler: {} ## Secret name that contains additional environment variable configurations. ## The secret is expected to have a key named config.env containing environment variables exports. - configuration: - name: myminio-env-configuration ## Specification for MinIO Pool(s) in this Tenant. pools: ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. @@ -55,21 +53,21 @@ tenant: ### Docs: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/parameters.md storageClassName: standard ## Used to specify annotations for pods - annotations: { } + annotations: {} ## Used to specify labels for pods - labels: { } + labels: {} ## Used to specify a toleration for a pod - tolerations: [ ] + tolerations: [] ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be ## eligible to run on a node, the node must have each of the ## indicated key-value pairs as labels. ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - nodeSelector: { } + nodeSelector: {} ## Affinity settings for MinIO pods. Read more about affinity ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. - affinity: { } + affinity: {} ## Configure resource requests and limits for MinIO containers - resources: { } + resources: {} ## Configure Pod's security context ## We recommend to skip the recursive permission change by using ## fsGroupChangePolicy as OnRootMismatch because it can be pretty @@ -86,7 +84,7 @@ tenant: runAsGroup: 1000 runAsNonRoot: true ## Configure topology constraints - topologySpreadConstraints: [ ] + topologySpreadConstraints: [] ## Configure Runtime Class # runtimeClassName: "" ## Mount path where PV will be mounted inside container(s). @@ -108,48 +106,48 @@ tenant: ## Use this field to provide one or more external CA certificates. This is used by MinIO ## to verify TLS connections with other applications: ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret - externalCaCertSecret: [ ] + externalCaCertSecret: [] ## Use this field to provide a list of Secrets with external certificates. This can be used to configure ## TLS for MinIO Tenant pods. Create secrets as explained here: ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret - externalCertSecret: [ ] + externalCertSecret: [] ## Enable automatic Kubernetes based certificate generation and signing as explained in ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster requestAutoCert: true ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is ## not provided. DNS name format is *.minio.default.svc.cluster.local - certConfig: { } + certConfig: {} ## MinIO features to enable or disable in the MinIO Tenant ## https://github.com/minio/operator/blob/master/docs/tenant_crd.adoc#features features: bucketDNS: false - domains: { } + domains: {} enableSFTP: false ## List of bucket definitions to create during tenant provisioning. ## Example: # - name: my-minio-bucket # objectLock: false # optional # region: us-east-1 # optional - buckets: [ ] + buckets: [] ## List of secret names to use for generating MinIO users during tenant provisioning - users: [ ] + users: [] ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel" ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## for details. podManagementPolicy: Parallel # Liveness Probe for container liveness. Container will be restarted if the probe fails. # Refer https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes. - liveness: { } + liveness: {} # Readiness Probe for container readiness. Container will be removed from service endpoints if the probe fails. # Refer https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - readiness: { } + readiness: {} # Startup Probe for container startup. Container will be restarted if the probe fails. # Refer https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - startup: { } + startup: {} ## exposeServices defines the exposure of the MinIO object storage and Console services. ## service is exposed as a loadbalancer in k8s service. - exposeServices: { } + exposeServices: {} # kubernetes service account associated with a specific tenant # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ serviceAccountName: "" @@ -167,9 +165,9 @@ tenant: quiet: true ## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific ## services created by the operator. - serviceMetadata: { } + serviceMetadata: {} ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) - env: [ ] + env: [] ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods. ## This is applied to MinIO pods only. ## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/ @@ -273,22 +271,21 @@ ingress: api: enabled: false ingressClassName: "" - labels: { } - annotations: { } - tls: [ ] + labels: {} + annotations: {} + tls: [] host: minio.local path: / pathType: Prefix console: enabled: false ingressClassName: "" - labels: { } - annotations: { } - tls: [ ] + labels: {} + annotations: {} + tls: [] host: minio-console.local path: / pathType: Prefix - ## Use an extraResources template section to include additional Kubernetes resources ## with the Helm deployment. ## Example: the following creates the config secret together with the tenant: