From ff1af901e992a0f2949c2c38c12b653f046bf7a0 Mon Sep 17 00:00:00 2001
From: dnskr <dnskrv88@gmail.com>
Date: Wed, 14 Apr 2021 22:29:47 +0200
Subject: [PATCH] Add tiny tenant example

---
 examples/tenant-tiny.yaml | 191 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 191 insertions(+)
 create mode 100644 examples/tenant-tiny.yaml

diff --git a/examples/tenant-tiny.yaml b/examples/tenant-tiny.yaml
new file mode 100644
index 00000000000..1912be6bc54
--- /dev/null
+++ b/examples/tenant-tiny.yaml
@@ -0,0 +1,191 @@
+## Secret to be used as MinIO Root Credentials
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-creds-secret
+type: Opaque
+data:
+  ## Access Key for MinIO Tenant, base64 encoded (echo -n 'minio' | base64)
+  accesskey: bWluaW8=
+  ## Secret Key for MinIO Tenant, base64 encoded (echo -n 'minio123' | base64)
+  secretkey: bWluaW8xMjM=
+---
+## Secret to be used for MinIO Console
+apiVersion: v1
+kind: Secret
+metadata:
+  name: console-secret
+type: Opaque
+data:
+  ## Passphrase to encrypt jwt payload, base64 encoded (echo -n 'SECRET' | base64)
+  CONSOLE_PBKDF_PASSPHRASE: U0VDUkVU
+  ## Salt to encrypt jwt payload, base64 encoded (echo -n 'SECRET' | base64)
+  CONSOLE_PBKDF_SALT: U0VDUkVU
+  ## MinIO User Access Key (used for Console Login), base64 encoded (echo -n 'YOURCONSOLEACCESS' | base64)
+  CONSOLE_ACCESS_KEY: WU9VUkNPTlNPTEVBQ0NFU1M=
+  ## MinIO User Secret Key (used for Console Login), base64 encoded (echo -n 'YOURCONSOLESECRET' | base64)
+  CONSOLE_SECRET_KEY: WU9VUkNPTlNPTEVTRUNSRVQ=
+---
+## MinIO Tenant Definition
+apiVersion: minio.min.io/v2
+kind: Tenant
+metadata:
+  name: minio
+  ## Optionally pass labels to be applied to the statefulset pods
+  labels:
+    app: minio
+  ## Annotations for MinIO Tenant Pods
+  annotations:
+    prometheus.io/path: /minio/prometheus/metrics
+    prometheus.io/port: "9000"
+    prometheus.io/scrape: "true"
+
+## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler.
+## If not specified, the Tenant pods will be dispatched by default scheduler.
+# scheduler:
+#  name: my-custom-scheduler
+
+spec:
+  ## Registry location and Tag to download MinIO Server image
+  image: minio/minio:RELEASE.2021-04-06T23-11-00Z 
+  imagePullPolicy: IfNotPresent
+
+  ## Secret with credentials to be used by MinIO Tenant.
+  ## Refers to the secret object created above.
+  credsSecret:
+    name: minio-creds-secret
+
+  ## Specification for MinIO Pool(s) in this Tenant.
+  pools:
+      ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool.
+      ## For standalone mode, supply 1. For distributed mode, supply 4 or more.
+      ## Note that the operator does not support upgrading from standalone to distributed mode.
+    - servers: 1
+
+      ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server.
+      volumesPerServer: 4
+
+      ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this
+      ## Pool.
+      volumeClaimTemplate:
+        metadata:
+          name: data
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 10Gi
+
+      ## Used to specify a toleration for a pod
+      # tolerations:
+      #  - effect: NoSchedule
+      #    key: dedicated
+      #    operator: Equal
+      #    value: storage
+
+      ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
+      ## eligible to run on a node, the node must have each of the
+      ## indicated key-value pairs as labels.
+      ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+      # nodeSelector:
+      #   disktype: ssd
+
+      ## Affinity settings for MinIO pods. Read more about affinity
+      ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity.
+      # affinity:
+      #   nodeAffinity:
+      #     requiredDuringSchedulingIgnoredDuringExecution:
+      #       nodeSelectorTerms:
+      #       - matchExpressions:
+      #         - key: kubernetes.io/hostname
+      #           operator: In
+      #           values:
+      #           - hostname1
+      #           - hostname2
+
+      ## Configure resource requests and limits for MinIO containers
+      # resources:
+      #   requests:
+      #     cpu: 250m
+      #     memory: 16Gi
+      #   limits:
+      #     cpu: 500m
+      #      memory: 16Gi
+
+      ## Configure security context 
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        runAsNonRoot: true
+
+  ## Mount path where PV will be mounted inside container(s).
+  mountPath: /export
+  ## Sub path inside Mount path where MinIO stores data.
+  # subPath: /data
+
+  ## Use this field to provide a list of Secrets with external certificates. This can be used to to configure
+  ## TLS for MinIO Tenant pods. Create secrets as explained here:
+  ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
+  # externalCertSecret:
+  #   - name: tls-ssl-minio
+  #     type: kubernetes.io/tls
+
+  ## Enable automatic Kubernetes based certificate generation and signing as explained in
+  ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster
+  requestAutoCert: false
+
+  ## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be
+  ## accessible as DNS entries of form `<bucketname>.minio.default.svc.cluster.local`
+  s3:
+    ## This feature is turned off by default
+    bucketDNS: false
+
+  ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName
+  ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is
+  ## not provided. DNS name format is *.minio.default.svc.cluster.local
+  certConfig:
+    commonName: ""
+    organizationName: []
+    dnsNames: []
+
+  ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel"
+  ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
+  ## for details.
+  podManagementPolicy: Parallel
+
+  ## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific 
+  ## services created by the operator.
+  serviceMetadata:
+    minioServiceLabels:
+      label: minio-svc
+    minioServiceAnnotations:
+      v2.min.io: minio-svc
+    consoleServiceLabels:
+      label: console-svc
+    consoleServiceAnnotations:
+      v2.min.io: console-svc
+
+  ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
+  # env:
+  # - name: MINIO_BROWSER
+  #   value: "off" # to turn-off browser
+  # - name: MINIO_STORAGE_CLASS_STANDARD
+  #   value: "EC:2"
+
+  ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods.
+  ## This is applied to MinIO pods only.
+  ## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/
+  # priorityClassName: high-priority
+
+  ## Define configuration for Console (Graphical user interface for MinIO)
+  ## Refer https://github.com/minio/console
+  console:
+    image: minio/console:v0.6.6
+    replicas: 2
+    consoleSecret:
+      name: console-secret
+    securityContext:
+      runAsUser: 1000
+      runAsGroup: 2000
+      runAsNonRoot: true