Bump minio to 8.0.5

* Source is now mino repo, not helm repo, because helm github
repo is deprecated

[#175806310](https://www.pivotaltracker.com/story/show/175806310)

Co-authored-by: Renee Chu <rchu@vmware.com>

build/minio/_vendir/stable/minio/.helmignore → build/minio/_vendir/minio/.helmignore

@@ -19,3 +19,5 @@
 .project
 .idea/
 *.tmproj
+# OWNERS file for Kubernetes
+OWNERS

build/minio/_vendir/stable/minio/Chart.yaml → build/minio/_vendir/minio/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
-description: MinIO is a high performance data infrastructure for machine learning, analytics and application data workloads.
+description: High Performance, Kubernetes Native Object Storage
 name: minio
-version: 5.0.30
+version: 8.0.5
 appVersion: master
 keywords:
 - storage
@@ -12,7 +12,5 @@ icon: https://min.io/resources/img/logo/MINIO_wordmark.png
 sources:
 - https://github.com/minio/minio
 maintainers:
-- name: Minio
+- name: MinIO, Inc
   email: dev@minio.io
-- name: Acaleph
-  email: hello@acale.ph

build/minio/_vendir/minio/README.md

@@ -0,0 +1 @@
+../README.md

build/minio/_vendir/stable/minio/templates/NOTES.txt → build/minio/_vendir/minio/templates/NOTES.txt

@@ -14,9 +14,11 @@ You can now access Minio server on http://localhost:9000. Follow the below steps
 
   1. Download the Minio mc client - https://docs.minio.io/docs/minio-client-quickstart-guide
 
-  2. mc config host add {{ template "minio.fullname" . }}-local http://localhost:9000 {{ .Values.accessKey }} {{ .Values.secretKey }} S3v4
+  2. Get the ACCESS_KEY=$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.accesskey}" | base64 --decode) and the SECRET_KEY=$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.secretkey}" | base64 --decode)
 
-  3. mc ls {{ template "minio.fullname" . }}-local
+  3. mc alias set {{ template "minio.fullname" . }}-local http://localhost:{{ .Values.service.port }} "$ACCESS_KEY" "$SECRET_KEY" --api s3v4
+
+  4. mc ls {{ template "minio.fullname" . }}-local
 
 Alternately, you can use your browser or the Minio SDK to access the server - https://docs.minio.io/categories/17
 {{- end }}
@@ -30,9 +32,10 @@ You can now access Minio server on http://<External-IP>:9000. Follow the below s
 
   1. Download the Minio mc client - https://docs.minio.io/docs/minio-client-quickstart-guide
 
-  2. mc config host add {{ template "minio.fullname" . }}-local http://<External-IP>:{{ .Values.service.port }} {{ .Values.accessKey }} {{ .Values.secretKey }} S3v4
+  2. Get the ACCESS_KEY=$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.accesskey}" | base64 --decode) and the SECRET_KEY=$(kubectl get secret {{ template "minio.secretName" . }} -o jsonpath="{.data.secretkey}" | base64 --decode)
+  3. mc alias set {{ template "minio.fullname" . }} http://<External-IP>:{{ .Values.service.port }} "$ACCESS_KEY" "$SECRET_KEY" --api s3v4
 
-  3. mc ls {{ template "minio.fullname" . }}-local
+  4. mc ls {{ template "minio.fullname" . }}
 
 Alternately, you can use your browser or the Minio SDK to access the server - https://docs.minio.io/categories/17
 {{- end }}

build/minio/_vendir/stable/minio/templates/_helper_create_bucket.txt → build/minio/_vendir/minio/templates/_helper_create_bucket.txt

@@ -3,9 +3,9 @@ set -e ; # Have script exit in the event of a failed command.
 
 {{- if .Values.configPathmc }}
 MC_CONFIG_DIR="{{ .Values.configPathmc }}"
-MC="/usr/bin/mc --config-dir ${MC_CONFIG_DIR}"
+MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
 {{- else }}
-MC="/usr/bin/mc"
+MC="/usr/bin/mc --insecure"
 {{- end }}
 
 # connectToMinio
@@ -49,6 +49,7 @@ createBucket() {
   BUCKET=$1
   POLICY=$2
   PURGE=$3
+  VERSIONING=$4
 
   # Purge the bucket, if set & exists
   # Since PURGE is user input, check explicitly for `true`
@@ -71,6 +72,20 @@ createBucket() {
     echo "Bucket '$BUCKET' already exists."
   fi
 
+
+  # set versioning for bucket
+  if [ ! -z $VERSIONING ] ; then
+    if [ $VERSIONING = true ] ; then
+        echo "Enabling versioning for '$BUCKET'"
+        ${MC} version enable myminio/$BUCKET
+    elif [ $VERSIONING = false ] ; then
+        echo "Suspending versioning for '$BUCKET'"
+        ${MC} version suspend myminio/$BUCKET
+    fi
+  else
+      echo "Bucket '$BUCKET' versioning unchanged."
+  fi
+
   # At this point, the bucket should exist, skip checking for existence
   # Set policy on the bucket
   echo "Setting policy of bucket '$BUCKET' to '$POLICY'."
@@ -87,10 +102,10 @@ connectToMinio $scheme
 
 {{- if or .Values.defaultBucket.enabled }}
 # Create the bucket
-createBucket {{ .Values.defaultBucket.name }} {{ .Values.defaultBucket.policy }} {{ .Values.defaultBucket.purge }}
+createBucket {{ .Values.defaultBucket.name }} {{ .Values.defaultBucket.policy }} {{ .Values.defaultBucket.purge }} {{ .Values.defaultBucket.versioning }}
 {{ else if .Values.buckets }}
 # Create the buckets
 {{- range .Values.buckets }}
-createBucket {{ .name }} {{ .policy }} {{ .purge }} 
+createBucket {{ .name }} {{ .policy }} {{ .purge }} {{ .versioning }}
 {{- end }}
 {{- end }}

build/minio/_vendir/minio/templates/_helpers.tpl

@@ -0,0 +1,182 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "minio.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "minio.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "minio.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for networkpolicy.
+*/}}
+{{- define "minio.networkPolicy.apiVersion" -}}
+{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.Version -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for deployment.
+*/}}
+{{- define "minio.deployment.apiVersion" -}}
+{{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.Version -}}
+{{- print "apps/v1beta2" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for statefulset.
+*/}}
+{{- define "minio.statefulset.apiVersion" -}}
+{{- if semverCompare "<1.17-0" .Capabilities.KubeVersion.Version -}}
+{{- print "apps/v1beta2" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for ingress.
+*/}}
+{{- define "minio.ingress.apiVersion" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine secret name.
+*/}}
+{{- define "minio.secretName" -}}
+{{- if .Values.existingSecret -}}
+{{- .Values.existingSecret }}
+{{- else -}}
+{{- include "minio.fullname" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine service account name for deployment or statefulset.
+*/}}
+{{- define "minio.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+{{- default (include "minio.fullname" .) .Values.serviceAccount.name | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- default "default" .Values.serviceAccount.name -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Determine name for scc role and rolebinding
+*/}}
+{{- define "minio.sccRoleName" -}}
+{{- printf "%s-%s" "scc" (include "minio.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Properly format optional additional arguments to Minio binary
+*/}}
+{{- define "minio.extraArgs" -}}
+{{- range .Values.extraArgs -}}
+{{ " " }}{{ . }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "minio.imagePullSecrets" -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic.
+Also, we can not use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- else if .Values.imagePullSecrets }}
+imagePullSecrets:
+    {{ toYaml .Values.imagePullSecrets }}
+{{- end -}}
+{{- else if .Values.imagePullSecrets }}
+imagePullSecrets:
+    {{ toYaml .Values.imagePullSecrets }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Formats volumeMount for Minio tls keys and trusted certs
+*/}}
+{{- define "minio.tlsKeysVolumeMount" -}}
+{{- if .Values.tls.enabled }}
+- name: cert-secret-volume
+  mountPath: {{ .Values.certsPath }}
+{{- end }}
+{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }}
+{{- $casPath := printf "%s/CAs" .Values.certsPath | clean }}
+- name: trusted-cert-secret-volume
+  mountPath: {{ $casPath }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Formats volume for Minio tls keys and trusted certs
+*/}}
+{{- define "minio.tlsKeysVolume" -}}
+{{- if .Values.tls.enabled }}
+- name: cert-secret-volume
+  secret:
+    secretName: {{ .Values.tls.certSecret }}
+    items:
+    - key: {{ .Values.tls.publicCrt }}
+      path: public.crt
+    - key: {{ .Values.tls.privateKey }}
+      path: private.key
+{{- end }}
+{{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }}
+{{- $certSecret := eq .Values.trustedCertsSecret "" | ternary .Values.tls.certSecret .Values.trustedCertsSecret }}
+{{- $publicCrt := eq .Values.trustedCertsSecret "" | ternary .Values.tls.publicCrt "" }}
+- name: trusted-cert-secret-volume
+  secret:
+    secretName: {{ $certSecret }}
+    {{- if ne $publicCrt "" }}
+    items:
+    - key: {{ $publicCrt }}
+      path: public.crt
+    {{- end }}
+{{- end }}
+{{- end -}}

build/minio/_vendir/minio/templates/clusterroles.yaml

@@ -0,0 +1,20 @@
+{{- if and .Values.securityContext.enabled .Values.persistence.enabled (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "minio.serviceAccountName" . }}
+  labels:
+    app: {{ template "minio.name" . }}
+    chart: {{ template "minio.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - security.openshift.io
+  resources:
+  - securitycontextconstraints
+  resourceNames:
+  - {{ template "minio.fullname" . }}
+  verbs:
+  - use
+{{- end }}