From 1ef1b2ba50a2f668a2394b2f48abfac3b598f423 Mon Sep 17 00:00:00 2001 From: dorman <37854724+dormanze@users.noreply.github.com> Date: Tue, 6 Dec 2022 11:22:31 +0800 Subject: [PATCH] helm: modify the job create order (#15696) --- .../post-install-create-bucket-job.yaml | 101 -------- .../post-install-create-policy-job.yaml | 101 -------- .../post-install-create-svcacct-job.yaml | 111 --------- .../post-install-create-user-job.yaml | 111 --------- .../post-install-custom-command.yaml | 92 ------- helm/minio/templates/post-job.yaml | 231 ++++++++++++++++++ helm/minio/values.yaml | 44 +--- 7 files changed, 243 insertions(+), 548 deletions(-) delete mode 100644 helm/minio/templates/post-install-create-bucket-job.yaml delete mode 100644 helm/minio/templates/post-install-create-policy-job.yaml delete mode 100644 helm/minio/templates/post-install-create-svcacct-job.yaml delete mode 100644 helm/minio/templates/post-install-create-user-job.yaml delete mode 100644 helm/minio/templates/post-install-custom-command.yaml create mode 100644 helm/minio/templates/post-job.yaml diff --git a/helm/minio/templates/post-install-create-bucket-job.yaml b/helm/minio/templates/post-install-create-bucket-job.yaml deleted file mode 100644 index 643313d51..000000000 --- a/helm/minio/templates/post-install-create-bucket-job.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if .Values.buckets }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-make-bucket-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-make-bucket-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- with .Values.makeBucketJob.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} -{{- if .Values.makeBucketJob.podAnnotations }} - annotations: -{{ toYaml .Values.makeBucketJob.podAnnotations | indent 8 }} -{{- end }} - spec: - restartPolicy: OnFailure -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.makeBucketJob.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.makeBucketJob.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.makeBucketJob.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} -{{- if .Values.makeBucketJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeBucketJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeBucketJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeBucketJob.securityContext.fsGroup }} -{{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - {{- if .Values.makeBucketJob.extraVolumes }} - {{- toYaml .Values.makeBucketJob.extraVolumes | nindent 8 }} - {{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: minio-mc - image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeBucketJob.exitCommand }} - command: ["/bin/sh", "-c"] - args: ["/bin/sh /config/initialize; x=$(echo $?); {{ .Values.makeBucketJob.exitCommand }} && exit $x" ] - {{- else }} - command: ["/bin/sh", "/config/initialize"] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - {{- if .Values.makeBucketJob.extraVolumeMounts }} - {{- toYaml .Values.makeBucketJob.extraVolumeMounts | nindent 10 }} - {{- end }} - resources: -{{ toYaml .Values.makeBucketJob.resources | indent 10 }} -{{- end }} diff --git a/helm/minio/templates/post-install-create-policy-job.yaml b/helm/minio/templates/post-install-create-policy-job.yaml deleted file mode 100644 index 288bf751a..000000000 --- a/helm/minio/templates/post-install-create-policy-job.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if .Values.policies }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-make-policies-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-make-policies-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- with .Values.makePolicyJob.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} -{{- if .Values.makePolicyJob.podAnnotations }} - annotations: -{{ toYaml .Values.makePolicyJob.podAnnotations | indent 8 }} -{{- end }} - spec: - restartPolicy: OnFailure -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.makePolicyJob.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.makePolicyJob.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.makePolicyJob.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} -{{- if .Values.makePolicyJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makePolicyJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makePolicyJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makePolicyJob.securityContext.fsGroup }} -{{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - {{- if .Values.makePolicyJob.extraVolumes }} - {{- toYaml .Values.makePolicyJob.extraVolumes | nindent 8 }} - {{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: minio-mc - image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makePolicyJob.exitCommand }} - command: ["/bin/sh", "-c"] - args: ["/bin/sh /config/add-policy; x=$(echo $?); {{ .Values.makePolicyJob.exitCommand }} && exit $x" ] - {{- else }} - command: ["/bin/sh", "/config/add-policy"] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - {{- if .Values.makePolicyJob.extraVolumeMounts }} - {{- toYaml .Values.makePolicyJob.extraVolumeMounts | nindent 10 }} - {{- end }} - resources: -{{ toYaml .Values.makePolicyJob.resources | indent 10 }} -{{- end }} diff --git a/helm/minio/templates/post-install-create-svcacct-job.yaml b/helm/minio/templates/post-install-create-svcacct-job.yaml deleted file mode 100644 index ddda34b72..000000000 --- a/helm/minio/templates/post-install-create-svcacct-job.yaml +++ /dev/null @@ -1,111 +0,0 @@ -{{- $global := . -}} -{{- if .Values.svcaccts }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-make-svcacct-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-make-svcacct-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- with .Values.makeServiceAccountJob.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} -{{- if .Values.makeServiceAccountJob.podAnnotations }} - annotations: -{{ toYaml .Values.makeServiceAccountJob.podAnnotations | indent 8 }} -{{- end }} - spec: - restartPolicy: OnFailure -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.makeServiceAccountJob.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.makeServiceAccountJob.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.makeServiceAccountJob.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} -{{- if .Values.makeServiceAccountJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeServiceAccountJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeServiceAccountJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeServiceAccountJob.securityContext.fsGroup }} -{{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- range .Values.svcaccts }} - {{- if .existingSecret }} - - secret: - name: {{ tpl .existingSecret $global }} - items: - - key: {{ .existingSecretKey }} - path: secrets/{{ tpl .existingSecret $global }}/{{ tpl .existingSecretKey $global }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - {{- if .Values.makeServiceAccountJob.extraVolumes }} - {{- toYaml .Values.makeServiceAccountJob.extraVolumes | nindent 8 }} - {{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: minio-mc - image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeServiceAccountJob.exitCommand }} - command: ["/bin/sh", "-c"] - args: ["/bin/sh /config/add-svcacct; x=$(echo $?); {{ .Values.makeServiceAccountJob.exitCommand }} && exit $x" ] - {{- else }} - command: ["/bin/sh", "/config/add-svcacct"] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - {{- if .Values.makeServiceAccountJob.extraVolumeMounts }} - {{- toYaml .Values.makeServiceAccountJob.extraVolumeMounts | nindent 10 }} - {{- end }} - resources: -{{ toYaml .Values.makeServiceAccountJob.resources | indent 10 }} -{{- end }} diff --git a/helm/minio/templates/post-install-create-user-job.yaml b/helm/minio/templates/post-install-create-user-job.yaml deleted file mode 100644 index 01e0dba9c..000000000 --- a/helm/minio/templates/post-install-create-user-job.yaml +++ /dev/null @@ -1,111 +0,0 @@ -{{- $global := . -}} -{{- if .Values.users }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-make-user-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-make-user-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- with .Values.makeUserJob.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} -{{- if .Values.makeUserJob.podAnnotations }} - annotations: -{{ toYaml .Values.makeUserJob.podAnnotations | indent 8 }} -{{- end }} - spec: - restartPolicy: OnFailure -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.makeUserJob.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.makeUserJob.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.makeUserJob.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} -{{- if .Values.makeUserJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.makeUserJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.makeUserJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.makeUserJob.securityContext.fsGroup }} -{{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- range .Values.users }} - {{- if .existingSecret }} - - secret: - name: {{ tpl .existingSecret $global }} - items: - - key: {{ .existingSecretKey }} - path: secrets/{{ tpl .existingSecret $global }}/{{ tpl .existingSecretKey $global }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - {{- if .Values.makeUserJob.extraVolumes }} - {{- toYaml .Values.makeUserJob.extraVolumes | nindent 8 }} - {{- end }} -{{ if .Values.serviceAccount.create }} - serviceAccountName: {{ .Values.serviceAccount.name }} -{{- end }} - containers: - - name: minio-mc - image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.makeUserJob.exitCommand }} - command: ["/bin/sh", "-c"] - args: ["/bin/sh /config/add-user; x=$(echo $?); {{ .Values.makeUserJob.exitCommand }} && exit $x" ] - {{- else }} - command: ["/bin/sh", "/config/add-user"] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - {{- if .Values.makeUserJob.extraVolumeMounts }} - {{- toYaml .Values.makeUserJob.extraVolumeMounts | nindent 10 }} - {{- end }} - resources: -{{ toYaml .Values.makeUserJob.resources | indent 10 }} -{{- end }} diff --git a/helm/minio/templates/post-install-custom-command.yaml b/helm/minio/templates/post-install-custom-command.yaml deleted file mode 100644 index 48cbd7578..000000000 --- a/helm/minio/templates/post-install-custom-command.yaml +++ /dev/null @@ -1,92 +0,0 @@ -{{- if .Values.customCommands }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "minio.fullname" . }}-custom-command-job - namespace: {{ .Release.Namespace | quote }} - labels: - app: {{ template "minio.name" . }}-custom-command-job - chart: {{ template "minio.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- with .Values.customCommandJob.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - template: - metadata: - labels: - app: {{ template "minio.name" . }}-job - release: {{ .Release.Name }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} -{{- end }} -{{- if .Values.customCommandJob.podAnnotations }} - annotations: -{{ toYaml .Values.customCommandJob.podAnnotations | indent 8 }} -{{- end }} - spec: - restartPolicy: OnFailure -{{- include "minio.imagePullSecrets" . | indent 6 }} -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.customCommandJob.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.customCommandJob.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} -{{- with .Values.customCommandJob.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} -{{- if .Values.customCommandJob.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.customCommandJob.securityContext.runAsUser }} - runAsGroup: {{ .Values.customCommandJob.securityContext.runAsGroup }} - fsGroup: {{ .Values.customCommandJob.securityContext.fsGroup }} -{{- end }} - volumes: - - name: minio-configuration - projected: - sources: - - configMap: - name: {{ template "minio.fullname" . }} - - secret: - name: {{ template "minio.secretName" . }} - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - secret: - secretName: {{ .Values.tls.certSecret }} - items: - - key: {{ .Values.tls.publicCrt }} - path: CAs/public.crt - {{ end }} - containers: - - name: minio-mc - image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" - imagePullPolicy: {{ .Values.mcImage.pullPolicy }} - {{- if .Values.customCommandJob.exitCommand }} - command: ["/bin/sh", "-c"] - args: ["/bin/sh /config/custom-command; x=$(echo $?); {{ .Values.customCommandJob.exitCommand }} && exit $x" ] - {{- else }} - command: ["/bin/sh", "/config/custom-command"] - {{- end }} - env: - - name: MINIO_ENDPOINT - value: {{ template "minio.fullname" . }} - - name: MINIO_PORT - value: {{ .Values.service.port | quote }} - volumeMounts: - - name: minio-configuration - mountPath: /config - {{- if .Values.tls.enabled }} - - name: cert-secret-volume-mc - mountPath: {{ .Values.configPathmc }}certs - {{ end }} - resources: -{{ toYaml .Values.customCommandJob.resources | indent 10 }} -{{- end }} diff --git a/helm/minio/templates/post-job.yaml b/helm/minio/templates/post-job.yaml new file mode 100644 index 000000000..ef546ebe8 --- /dev/null +++ b/helm/minio/templates/post-job.yaml @@ -0,0 +1,231 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: { { template "minio.fullname" . } }-post-job + namespace: { { .Release.Namespace | quote } } + labels: + app: { { template "minio.name" . } }-post-job + chart: { { template "minio.chart" . } } + release: { { .Release.Name } } + heritage: { { .Release.Service } } + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + { { - with .Values.postJob.annotations } } + { { toYaml . | indent 4 } } + { { - end } } +spec: + template: + metadata: + labels: + app: { { template "minio.name" . } }-job + release: { { .Release.Name } } + { { - if .Values.podLabels } } + { { toYaml .Values.podLabels | indent 8 } } + { { - end } } + { { - if .Values.postJob.podAnnotations } } +annotations: + { { toYaml .Values.postJob.podAnnotations | indent 8 } } + { { - end } } +spec: + restartPolicy: OnFailure + { { - include "minio.imagePullSecrets" . | indent 6 } } + { { - if .Values.nodeSelector } } +nodeSelector: + { { toYaml .Values.postJob.nodeSelector | indent 8 } } + { { - end } } + { { - with .Values.postJob.affinity } } +affinity: + { { toYaml . | indent 8 } } + { { - end } } + { { - with .Values.postJob.tolerations } } +tolerations: + { { toYaml . | indent 8 } } + { { - end } } + { { - if .Values.postJob.securityContext.enabled } } +securityContext: + runAsUser: { { .Values.postJob.securityContext.runAsUser } } + runAsGroup: { { .Values.postJob.securityContext.runAsGroup } } + fsGroup: { { .Values.postJob.securityContext.fsGroup } } + { { - end } } +volumes: + - name: minio-configuration + projected: + sources: + - configMap: + name: { { template "minio.fullname" . } } + - secret: + name: { { template "minio.secretName" . } } + { { - range .Values.users } } + { { - if .existingSecret } } + - secret: + name: { { tpl .existingSecret $global } } + items: + - key: { { .existingSecretKey } } + path: secrets/{{ tpl .existingSecretKey $global }} + { { - end } } + { { - end } } + { { - if .Values.tls.enabled } } + - name: cert-secret-volume-mc + secret: + secretName: { { .Values.tls.certSecret } } + items: + - key: { { .Values.tls.publicCrt } } + path: CAs/public.crt + { { end } } +containers: + { { - if .Values.buckets } } +- name: minio-makeBucket + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + { { - if .Values.makeBucketJob.securityContext.enabled } } + securityContext: + runAsUser: { { .Values.makeBucketJob.securityContext.runAsUser } } + runAsGroup: { { .Values.makeBucketJob.securityContext.runAsGroup } } + fsGroup: { { .Values.makeBucketJob.securityContext.fsGroup } } + { { - end } } + imagePullPolicy: { { .Values.mcImage.pullPolicy } } + { { - if .Values.makeBucketJob.exitCommand } } + command: [ "/bin/sh", "-c" ] + args: [ "/bin/sh /config/initialize; x=$(echo $?); {{ .Values.makeBucketJob.exitCommand }} && exit $x" ] + { { - else } } + command: [ "/bin/sh", "/config/initialize" ] + { { - end } } + env: + - name: MINIO_ENDPOINT + value: { { template "minio.fullname" . } } + - name: MINIO_PORT + value: { { .Values.service.port | quote } } + volumeMounts: + - name: minio-configuration + mountPath: /config + { { - if .Values.tls.enabled } } + - name: cert-secret-volume-mc + mountPath: { { .Values.configPathmc } }certs + {{ end }} + resources: + { { toYaml .Values.makeBucketJob.resources | indent 10 } } + { { - end } } + { { - if .Values.users } } +- name: minio-makeUser + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + { { - if .Values.makeUserJob.securityContext.enabled } } + securityContext: + runAsUser: { { .Values.makeUserJob.securityContext.runAsUser } } + runAsGroup: { { .Values.makeUserJob.securityContext.runAsGroup } } + fsGroup: { { .Values.makeUserJob.securityContext.fsGroup } } + { { - end } } + imagePullPolicy: { { .Values.mcImage.pullPolicy } } + { { - if .Values.makeUserJob.exitCommand } } + command: [ "/bin/sh", "-c" ] + args: [ "/bin/sh /config/add-user; x=$(echo $?); {{ .Values.makeUserJob.exitCommand }} && exit $x" ] + { { - else } } + command: [ "/bin/sh", "/config/add-user" ] + { { - end } } + env: + - name: MINIO_ENDPOINT + value: { { template "minio.fullname" . } } + - name: MINIO_PORT + value: { { .Values.service.port | quote } } + volumeMounts: + - name: minio-configuration + mountPath: /config + { { - if .Values.tls.enabled } } + - name: cert-secret-volume-mc + mountPath: { { .Values.configPathmc } }certs + {{ end }} + resources: + { { toYaml .Values.makeUserJob.resources | indent 10 } } + { { - end } } + { { - if .Values.policies } } +- name: minio-makePolicy + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + { { - if .Values.makePolicyJob.securityContext.enabled } } + securityContext: + runAsUser: { { .Values.makePolicyJob.securityContext.runAsUser } } + runAsGroup: { { .Values.makePolicyJob.securityContext.runAsGroup } } + fsGroup: { { .Values.makePolicyJob.securityContext.fsGroup } } + { { - end } } + imagePullPolicy: { { .Values.mcImage.pullPolicy } } + { { - if .Values.makePolicyJob.exitCommand } } + command: [ "/bin/sh", "-c" ] + args: [ "/bin/sh /config/add-policy; x=$(echo $?); {{ .Values.makePolicyJob.exitCommand }} && exit $x" ] + { { - else } } + command: [ "/bin/sh", "/config/add-policy" ] + { { - end } } + env: + - name: MINIO_ENDPOINT + value: { { template "minio.fullname" . } } + - name: MINIO_PORT + value: { { .Values.service.port | quote } } + volumeMounts: + - name: minio-configuration + mountPath: /config + { { - if .Values.tls.enabled } } + - name: cert-secret-volume-mc + mountPath: { { .Values.configPathmc } }certs + {{ end }} + resources: + { { toYaml .Values.makePolicyJob.resources | indent 10 } } + { { - end } } + { { - if .Values.customCommands } } +- name: minio-customCommand + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + { { - if .Values.customCommandJob.securityContext.enabled } } + securityContext: + runAsUser: { { .Values.customCommandJob.securityContext.runAsUser } } + runAsGroup: { { .Values.customCommandJob.securityContext.runAsGroup } } + fsGroup: { { .Values.customCommandJob.securityContext.fsGroup } } + { { - end } } + imagePullPolicy: { { .Values.mcImage.pullPolicy } } + { { - if .Values.customCommandJob.exitCommand } } + command: [ "/bin/sh", "-c" ] + args: [ "/bin/sh /config/custom-command; x=$(echo $?); {{ .Values.customCommandJob.exitCommand }} && exit $x" ] + { { - else } } + command: [ "/bin/sh", "/config/custom-command" ] + { { - end } } + env: + - name: MINIO_ENDPOINT + value: { { template "minio.fullname" . } } + - name: MINIO_PORT + value: { { .Values.service.port | quote } } + volumeMounts: + - name: minio-configuration + mountPath: /config + { { - if .Values.tls.enabled } } + - name: cert-secret-volume-mc + mountPath: { { .Values.configPathmc } }certs + {{ end }} + resources: + { { toYaml .Values.customCommandJob.resources | indent 10 } } + { { - end } } + { { - if .Values.svcaccts } } +- name: minio-make-svcacct + image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" + { { - if .Values.makeServiceAccountJob.securityContext.enabled } } + securityContext: + runAsUser: { { .Values.makeServiceAccountJob.securityContext.runAsUser } } + runAsGroup: { { .Values.makeServiceAccountJob.securityContext.runAsGroup } } + fsGroup: { { .Values.makeServiceAccountJob.securityContext.fsGroup } } + { { - end } } + imagePullPolicy: { { .Values.mcImage.pullPolicy } } + { { - if .Values.makeServiceAccountJob.exitCommand } } + command: [ "/bin/sh", "-c" ] + args: ["/bin/sh /config/add-svcacct; x=$(echo $?); {{ .Values.makeServiceAccountJob.exitCommand }} && exit $x" ] + { { - else } } + command: ["/bin/sh", "/config/add-svcacct"] + { { - end } } + env: + - name: MINIO_ENDPOINT + value: { { template "minio.fullname" . } } + - name: MINIO_PORT + value: { { .Values.service.port | quote } } + volumeMounts: + - name: minio-configuration + mountPath: /config + { { - if .Values.tls.enabled } } + - name: cert-secret-volume-mc + mountPath: { { .Values.configPathmc } }certs + {{ end }} + resources: + {{ toYaml .Values.makeServiceAccountJob.resources | indent 10 }} + { { - end } } diff --git a/helm/minio/values.yaml b/helm/minio/values.yaml index 34d120d08..948a5d514 100644 --- a/helm/minio/values.yaml +++ b/helm/minio/values.yaml @@ -316,8 +316,6 @@ policies: [] # ## Additional Annotations for the Kubernetes Job makePolicyJob makePolicyJob: - podAnnotations: {} - annotations: {} securityContext: enabled: false runAsUser: 1000 @@ -326,11 +324,6 @@ makePolicyJob: resources: requests: memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - extraVolumes: [] - extraVolumeMounts: [] # Command to run after the main command on exit exitCommand: "" @@ -353,8 +346,6 @@ users: ## Additional Annotations for the Kubernetes Job makeUserJob makeUserJob: - podAnnotations: {} - annotations: {} securityContext: enabled: false runAsUser: 1000 @@ -363,11 +354,6 @@ makeUserJob: resources: requests: memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - extraVolumes: [] - extraVolumeMounts: [] # Command to run after the main command on exit exitCommand: "" @@ -386,8 +372,6 @@ makeUserJob: # user: console makeServiceAccountJob: - podAnnotations: {} - annotations: {} securityContext: enabled: false runAsUser: 1000 @@ -396,11 +380,6 @@ makeServiceAccountJob: resources: requests: memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - extraVolumes: [] - extraVolumeMounts: [] # Command to run after the main command on exit exitCommand: "" @@ -430,8 +409,6 @@ buckets: ## Additional Annotations for the Kubernetes Job makeBucketJob makeBucketJob: - podAnnotations: {} - annotations: {} securityContext: enabled: false runAsUser: 1000 @@ -440,11 +417,6 @@ makeBucketJob: resources: requests: memory: 128Mi - nodeSelector: {} - tolerations: [] - affinity: {} - extraVolumes: [] - extraVolumeMounts: [] # Command to run after the main command on exit exitCommand: "" @@ -455,8 +427,6 @@ customCommands: ## Additional Annotations for the Kubernetes Job customCommandJob customCommandJob: - podAnnotations: {} - annotations: {} securityContext: enabled: false runAsUser: 1000 @@ -465,11 +435,21 @@ customCommandJob: resources: requests: memory: 128Mi + # Command to run after the main command on exit + exitCommand: "" + +## Merge jobs +postJob: + podAnnotations: {} + annotations: {} + securityContext: + enabled: false + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 nodeSelector: {} tolerations: [] affinity: {} - # Command to run after the main command on exit - exitCommand: "" ## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s) ## when Chart is deployed