This repository has been archived by the owner on Feb 14, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 115
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Source is now mino repo, not helm repo, because helm github repo is deprecated [#175806310](https://www.pivotaltracker.com/story/show/175806310) Co-authored-by: Renee Chu <rchu@vmware.com>
- Loading branch information
1 parent
15b6a12
commit ad77c6f
Showing
36 changed files
with
1,566 additions
and
961 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,3 +19,5 @@ | |
.project | ||
.idea/ | ||
*.tmproj | ||
# OWNERS file for Kubernetes | ||
OWNERS |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../README.md |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,182 @@ | ||
{{/* vim: set filetype=mustache: */}} | ||
{{/* | ||
Expand the name of the chart. | ||
*/}} | ||
{{- define "minio.name" -}} | ||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create a default fully qualified app name. | ||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
If release name contains chart name it will be used as a full name. | ||
*/}} | ||
{{- define "minio.fullname" -}} | ||
{{- if .Values.fullnameOverride -}} | ||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- $name := default .Chart.Name .Values.nameOverride -}} | ||
{{- if contains $name .Release.Name -}} | ||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create chart name and version as used by the chart label. | ||
*/}} | ||
{{- define "minio.chart" -}} | ||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Return the appropriate apiVersion for networkpolicy. | ||
*/}} | ||
{{- define "minio.networkPolicy.apiVersion" -}} | ||
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}} | ||
{{- print "extensions/v1beta1" -}} | ||
{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.Version -}} | ||
{{- print "networking.k8s.io/v1beta1" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Return the appropriate apiVersion for deployment. | ||
*/}} | ||
{{- define "minio.deployment.apiVersion" -}} | ||
{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}} | ||
{{- print "apps/v1beta2" -}} | ||
{{- else -}} | ||
{{- print "apps/v1" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Return the appropriate apiVersion for statefulset. | ||
*/}} | ||
{{- define "minio.statefulset.apiVersion" -}} | ||
{{- if semverCompare "<1.17-0" .Capabilities.KubeVersion.Version -}} | ||
{{- print "apps/v1beta2" -}} | ||
{{- else -}} | ||
{{- print "apps/v1" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Return the appropriate apiVersion for ingress. | ||
*/}} | ||
{{- define "minio.ingress.apiVersion" -}} | ||
{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} | ||
{{- print "extensions/v1beta1" -}} | ||
{{- else -}} | ||
{{- print "networking.k8s.io/v1beta1" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Determine secret name. | ||
*/}} | ||
{{- define "minio.secretName" -}} | ||
{{- if .Values.existingSecret -}} | ||
{{- .Values.existingSecret }} | ||
{{- else -}} | ||
{{- include "minio.fullname" . -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Determine service account name for deployment or statefulset. | ||
*/}} | ||
{{- define "minio.serviceAccountName" -}} | ||
{{- if .Values.serviceAccount.create -}} | ||
{{- default (include "minio.fullname" .) .Values.serviceAccount.name | replace "+" "_" | trunc 63 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- default "default" .Values.serviceAccount.name -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Determine name for scc role and rolebinding | ||
*/}} | ||
{{- define "minio.sccRoleName" -}} | ||
{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Properly format optional additional arguments to Minio binary | ||
*/}} | ||
{{- define "minio.extraArgs" -}} | ||
{{- range .Values.extraArgs -}} | ||
{{ " " }}{{ . }} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Return the proper Docker Image Registry Secret Names | ||
*/}} | ||
{{- define "minio.imagePullSecrets" -}} | ||
{{/* | ||
Helm 2.11 supports the assignment of a value to a variable defined in a different scope, | ||
but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. | ||
Also, we can not use a single if because lazy evaluation is not an option | ||
*/}} | ||
{{- if .Values.global }} | ||
{{- if .Values.global.imagePullSecrets }} | ||
imagePullSecrets: | ||
{{- range .Values.global.imagePullSecrets }} | ||
- name: {{ . }} | ||
{{- end }} | ||
{{- else if .Values.imagePullSecrets }} | ||
imagePullSecrets: | ||
{{ toYaml .Values.imagePullSecrets }} | ||
{{- end -}} | ||
{{- else if .Values.imagePullSecrets }} | ||
imagePullSecrets: | ||
{{ toYaml .Values.imagePullSecrets }} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Formats volumeMount for Minio tls keys and trusted certs | ||
*/}} | ||
{{- define "minio.tlsKeysVolumeMount" -}} | ||
{{- if .Values.tls.enabled }} | ||
- name: cert-secret-volume | ||
mountPath: {{ .Values.certsPath }} | ||
{{- end }} | ||
{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} | ||
{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }} | ||
- name: trusted-cert-secret-volume | ||
mountPath: {{ $casPath }} | ||
{{- end }} | ||
{{- end -}} | ||
|
||
{{/* | ||
Formats volume for Minio tls keys and trusted certs | ||
*/}} | ||
{{- define "minio.tlsKeysVolume" -}} | ||
{{- if .Values.tls.enabled }} | ||
- name: cert-secret-volume | ||
secret: | ||
secretName: {{ .Values.tls.certSecret }} | ||
items: | ||
- key: {{ .Values.tls.publicCrt }} | ||
path: public.crt | ||
- key: {{ .Values.tls.privateKey }} | ||
path: private.key | ||
{{- end }} | ||
{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} | ||
{{- $certSecret := eq .Values.trustedCertsSecret "" | ternary .Values.tls.certSecret .Values.trustedCertsSecret }} | ||
{{- $publicCrt := eq .Values.trustedCertsSecret "" | ternary .Values.tls.publicCrt "" }} | ||
- name: trusted-cert-secret-volume | ||
secret: | ||
secretName: {{ $certSecret }} | ||
{{- if ne $publicCrt "" }} | ||
items: | ||
- key: {{ $publicCrt }} | ||
path: public.crt | ||
{{- end }} | ||
{{- end }} | ||
{{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }} | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: {{ template "minio.serviceAccountName" . }} | ||
labels: | ||
app: {{ template "minio.name" . }} | ||
chart: {{ template "minio.chart" . }} | ||
release: {{ .Release.Name }} | ||
heritage: {{ .Release.Service }} | ||
rules: | ||
- apiGroups: | ||
- security.openshift.io | ||
resources: | ||
- securitycontextconstraints | ||
resourceNames: | ||
- {{ template "minio.fullname" . }} | ||
verbs: | ||
- use | ||
{{- end }} |
File renamed without changes.
Oops, something went wrong.