From c1f1c5da567e07ed9d64dded41b306763a490e54 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Wed, 14 Aug 2024 16:37:39 +0200 Subject: [PATCH] feat: upgrade minio chart to 14.7.0 Able to stop vendoring our own fork now since changes have been merged in upstream repo. --- charts/testkube-enterprise/Chart.lock | 8 +- charts/testkube-enterprise/Chart.yaml | 4 +- .../charts/minio/.helmignore | 25 - .../charts/minio/Chart.lock | 6 - .../charts/minio/Chart.yaml | 36 - .../charts/minio/README.md | 275 ---- .../charts/minio/charts/common/.helmignore | 26 - .../charts/minio/charts/common/Chart.yaml | 23 - .../charts/minio/charts/common/README.md | 26 - .../charts/common/templates/_affinities.tpl | 139 -- .../charts/common/templates/_capabilities.tpl | 229 --- .../common/templates/_compatibility.tpl | 42 - .../minio/charts/common/templates/_errors.tpl | 28 - .../minio/charts/common/templates/_images.tpl | 109 -- .../charts/common/templates/_ingress.tpl | 73 - .../minio/charts/common/templates/_labels.tpl | 46 - .../minio/charts/common/templates/_names.tpl | 71 - .../charts/common/templates/_resources.tpl | 50 - .../charts/common/templates/_secrets.tpl | 182 --- .../charts/common/templates/_storage.tpl | 22 - .../charts/common/templates/_tplvalues.tpl | 38 - .../minio/charts/common/templates/_utils.tpl | 77 - .../charts/common/templates/_warnings.tpl | 109 -- .../templates/validations/_cassandra.tpl | 77 - .../common/templates/validations/_mariadb.tpl | 108 -- .../common/templates/validations/_mongodb.tpl | 113 -- .../common/templates/validations/_mysql.tpl | 108 -- .../templates/validations/_postgresql.tpl | 134 -- .../common/templates/validations/_redis.tpl | 81 -- .../templates/validations/_validations.tpl | 51 - .../charts/minio/charts/common/values.yaml | 8 - .../charts/minio/templates/NOTES.txt | 78 - .../charts/minio/templates/_helpers.tpl | 267 ---- .../charts/minio/templates/api-ingress.yaml | 60 - .../templates/distributed/headless-svc.yaml | 30 - .../templates/distributed/statefulset.yaml | 361 ----- .../charts/minio/templates/extra-list.yaml | 9 - .../charts/minio/templates/ingress.yaml | 60 - .../charts/minio/templates/networkpolicy.yaml | 80 -- .../charts/minio/templates/pdb.yaml | 26 - .../minio/templates/prometheusrule.yaml | 25 - .../templates/provisioning-configmap.yaml | 76 - .../minio/templates/provisioning-job.yaml | 345 ----- .../templates/provisioning-networkpolicy.yaml | 50 - .../charts/minio/templates/pvc.yaml | 26 - .../charts/minio/templates/secrets.yaml | 20 - .../charts/minio/templates/service.yaml | 51 - .../minio/templates/serviceaccount.yaml | 20 - .../minio/templates/servicemonitor.yaml | 66 - .../templates/standalone/deployment.yaml | 279 ---- .../charts/minio/templates/tls-secrets.yaml | 69 - .../charts/minio/values.yaml | 1260 ----------------- 52 files changed, 6 insertions(+), 5576 deletions(-) delete mode 100644 charts/testkube-enterprise/charts/minio/.helmignore delete mode 100644 charts/testkube-enterprise/charts/minio/Chart.lock delete mode 100644 charts/testkube-enterprise/charts/minio/Chart.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/README.md delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/.helmignore delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/Chart.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/README.md delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_affinities.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_capabilities.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_compatibility.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_errors.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_images.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_ingress.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_labels.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_names.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_resources.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_secrets.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_storage.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_tplvalues.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_utils.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/_warnings.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_cassandra.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mariadb.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mongodb.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mysql.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_postgresql.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_redis.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_validations.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/charts/common/values.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/NOTES.txt delete mode 100644 charts/testkube-enterprise/charts/minio/templates/_helpers.tpl delete mode 100644 charts/testkube-enterprise/charts/minio/templates/api-ingress.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/distributed/headless-svc.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/distributed/statefulset.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/extra-list.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/ingress.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/networkpolicy.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/pdb.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/prometheusrule.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/provisioning-configmap.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/provisioning-job.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/provisioning-networkpolicy.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/pvc.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/secrets.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/service.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/serviceaccount.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/servicemonitor.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/standalone/deployment.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/templates/tls-secrets.yaml delete mode 100644 charts/testkube-enterprise/charts/minio/values.yaml diff --git a/charts/testkube-enterprise/Chart.lock b/charts/testkube-enterprise/Chart.lock index 2a9701a02..65151ec15 100644 --- a/charts/testkube-enterprise/Chart.lock +++ b/charts/testkube-enterprise/Chart.lock @@ -24,7 +24,7 @@ dependencies: repository: https://nats-io.github.io/k8s/helm/charts/ version: 1.2.0 - name: minio - repository: file://./charts/minio - version: 14.6.16 -digest: sha256:ca0f826e613d30ebdb93606f8e90614d76344dc28562bfc8e6fb99421e577b8c -generated: "2024-08-12T15:02:18.550814+02:00" + repository: https://charts.bitnami.com/bitnami + version: 14.7.0 +digest: sha256:244c149b77693697e9724a3cc41d82b0b057f0739a252b9a343d02a33f76b050 +generated: "2024-08-14T16:34:55.966527+02:00" diff --git a/charts/testkube-enterprise/Chart.yaml b/charts/testkube-enterprise/Chart.yaml index 130f5990a..15826e5b9 100644 --- a/charts/testkube-enterprise/Chart.yaml +++ b/charts/testkube-enterprise/Chart.yaml @@ -34,8 +34,8 @@ dependencies: repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled - name: minio - version: 14.6.16 - repository: file://./charts/minio + version: 14.7.0 + repository: https://charts.bitnami.com/bitnami condition: minio.enabled maintainers: - name: testkube diff --git a/charts/testkube-enterprise/charts/minio/.helmignore b/charts/testkube-enterprise/charts/minio/.helmignore deleted file mode 100644 index 207983f36..000000000 --- a/charts/testkube-enterprise/charts/minio/.helmignore +++ /dev/null @@ -1,25 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -# img folder -img/ -# Changelog -CHANGELOG.md diff --git a/charts/testkube-enterprise/charts/minio/Chart.lock b/charts/testkube-enterprise/charts/minio/Chart.lock deleted file mode 100644 index 5555cd3fe..000000000 --- a/charts/testkube-enterprise/charts/minio/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - version: 2.20.3 -digest: sha256:569e1c9d81abdcad3891e065c0f23c83786527d2043f2bc68193c43d18886c19 -generated: "2024-06-18T11:52:16.464950886Z" diff --git a/charts/testkube-enterprise/charts/minio/Chart.yaml b/charts/testkube-enterprise/charts/minio/Chart.yaml deleted file mode 100644 index 0ef28a2e6..000000000 --- a/charts/testkube-enterprise/charts/minio/Chart.yaml +++ /dev/null @@ -1,36 +0,0 @@ -annotations: - category: Infrastructure - images: | - - name: minio - image: docker.io/bitnami/minio:2024.6.29-debian-12-r0 - - name: minio-client - image: docker.io/bitnami/minio-client:2024.6.24-debian-12-r1 - - name: os-shell - image: docker.io/bitnami/os-shell:12-debian-12-r24 - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 2024.6.29 -dependencies: -- name: common - repository: oci://registry-1.docker.io/bitnamicharts - tags: - - bitnami-common - version: 2.x.x -description: MinIO(R) is an object storage server, compatible with Amazon S3 cloud - storage service, mainly used for storing unstructured data (such as photos, videos, - log files, etc.). -home: https://bitnami.com -icon: https://bitnami.com/assets/stacks/minio/img/minio-stack-220x234.png -keywords: -- minio -- storage -- object-storage -- s3 -- cluster -maintainers: -- name: Broadcom, Inc. All Rights Reserved. - url: https://github.com/bitnami/charts -name: minio -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/minio -version: 14.6.16 diff --git a/charts/testkube-enterprise/charts/minio/README.md b/charts/testkube-enterprise/charts/minio/README.md deleted file mode 100644 index 507cee67e..000000000 --- a/charts/testkube-enterprise/charts/minio/README.md +++ /dev/null @@ -1,275 +0,0 @@ -# minio - -![Version: 14.6.16](https://img.shields.io/badge/Version-14.6.16-informational?style=flat-square) ![AppVersion: 2024.6.29](https://img.shields.io/badge/AppVersion-2024.6.29-informational?style=flat-square) - -MinIO(R) is an object storage server, compatible with Amazon S3 cloud storage service, mainly used for storing unstructured data (such as photos, videos, log files, etc.). - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Broadcom, Inc. All Rights Reserved. | | | - -## Source Code - -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| oci://registry-1.docker.io/bitnamicharts | common | 2.x.x | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| apiIngress.annotations | object | `{}` | | -| apiIngress.apiVersion | string | `""` | | -| apiIngress.enabled | bool | `false` | | -| apiIngress.extraHosts | list | `[]` | | -| apiIngress.extraPaths | list | `[]` | | -| apiIngress.extraRules | list | `[]` | | -| apiIngress.extraTls | list | `[]` | | -| apiIngress.hostname | string | `"minio.local"` | | -| apiIngress.ingressClassName | string | `""` | | -| apiIngress.path | string | `"/"` | | -| apiIngress.pathType | string | `"ImplementationSpecific"` | | -| apiIngress.secrets | list | `[]` | | -| apiIngress.selfSigned | bool | `false` | | -| apiIngress.servicePort | string | `"minio-api"` | | -| apiIngress.tls | bool | `false` | | -| args | list | `[]` | | -| auth.existingSecret | string | `""` | | -| auth.forceNewKeys | bool | `false` | | -| auth.forcePassword | bool | `false` | | -| auth.rootPassword | string | `""` | | -| auth.rootPasswordSecretKey | string | `""` | | -| auth.rootUser | string | `"admin"` | | -| auth.rootUserSecretKey | string | `""` | | -| auth.useCredentialsFiles | bool | `false` | | -| auth.useSecret | bool | `true` | | -| automountServiceAccountToken | bool | `false` | | -| clientImage.digest | string | `""` | | -| clientImage.registry | string | `"docker.io"` | | -| clientImage.repository | string | `"bitnami/minio-client"` | | -| clientImage.tag | string | `"2024.6.24-debian-12-r1"` | | -| clusterDomain | string | `"cluster.local"` | | -| command | list | `[]` | | -| commonAnnotations | object | `{}` | | -| commonLabels | object | `{}` | | -| containerPorts.api | int | `9000` | | -| containerPorts.console | int | `9001` | | -| containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | -| containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | -| containerSecurityContext.enabled | bool | `true` | | -| containerSecurityContext.privileged | bool | `false` | | -| containerSecurityContext.readOnlyRootFilesystem | bool | `true` | | -| containerSecurityContext.runAsGroup | int | `1001` | | -| containerSecurityContext.runAsNonRoot | bool | `true` | | -| containerSecurityContext.runAsUser | int | `1001` | | -| containerSecurityContext.seLinuxOptions | object | `{}` | | -| containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| customLivenessProbe | object | `{}` | | -| customReadinessProbe | object | `{}` | | -| customStartupProbe | object | `{}` | | -| defaultBuckets | string | `""` | | -| deployment.updateStrategy.type | string | `"Recreate"` | | -| disableWebUI | bool | `false` | | -| extraDeploy | list | `[]` | | -| extraEnvVars | list | `[]` | | -| extraEnvVarsCM | string | `""` | | -| extraEnvVarsSecret | string | `""` | | -| extraVolumeMounts | list | `[]` | | -| extraVolumes | list | `[]` | | -| fullnameOverride | string | `""` | | -| global.compatibility.openshift.adaptSecurityContext | string | `"auto"` | | -| global.imagePullSecrets | list | `[]` | | -| global.imageRegistry | string | `""` | | -| global.storageClass | string | `""` | | -| hostAliases | list | `[]` | | -| image.debug | bool | `false` | | -| image.digest | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.pullSecrets | list | `[]` | | -| image.registry | string | `"docker.io"` | | -| image.repository | string | `"bitnami/minio"` | | -| image.tag | string | `"2024.6.29-debian-12-r0"` | | -| ingress.annotations | object | `{}` | | -| ingress.apiVersion | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.extraHosts | list | `[]` | | -| ingress.extraPaths | list | `[]` | | -| ingress.extraRules | list | `[]` | | -| ingress.extraTls | list | `[]` | | -| ingress.hostname | string | `"minio.local"` | | -| ingress.ingressClassName | string | `""` | | -| ingress.path | string | `"/"` | | -| ingress.pathType | string | `"ImplementationSpecific"` | | -| ingress.secrets | list | `[]` | | -| ingress.selfSigned | bool | `false` | | -| ingress.servicePort | string | `"minio-console"` | | -| ingress.tls | bool | `false` | | -| initContainers | list | `[]` | | -| kubeVersion | string | `""` | | -| lifecycleHooks | object | `{}` | | -| livenessProbe.enabled | bool | `true` | | -| livenessProbe.failureThreshold | int | `5` | | -| livenessProbe.initialDelaySeconds | int | `5` | | -| livenessProbe.periodSeconds | int | `5` | | -| livenessProbe.successThreshold | int | `1` | | -| livenessProbe.timeoutSeconds | int | `5` | | -| metrics.prometheusAuthType | string | `"public"` | | -| metrics.prometheusRule.additionalLabels | object | `{}` | | -| metrics.prometheusRule.enabled | bool | `false` | | -| metrics.prometheusRule.namespace | string | `""` | | -| metrics.prometheusRule.rules | list | `[]` | | -| metrics.serviceMonitor.apiVersion | string | `""` | | -| metrics.serviceMonitor.enabled | bool | `false` | | -| metrics.serviceMonitor.honorLabels | bool | `false` | | -| metrics.serviceMonitor.interval | string | `"30s"` | | -| metrics.serviceMonitor.jobLabel | string | `""` | | -| metrics.serviceMonitor.labels | object | `{}` | | -| metrics.serviceMonitor.metricRelabelings | list | `[]` | | -| metrics.serviceMonitor.namespace | string | `""` | | -| metrics.serviceMonitor.paths[0] | string | `"/minio/v2/metrics/cluster"` | | -| metrics.serviceMonitor.paths[1] | string | `"/minio/v2/metrics/node"` | | -| metrics.serviceMonitor.relabelings | list | `[]` | | -| metrics.serviceMonitor.scrapeTimeout | string | `""` | | -| metrics.serviceMonitor.selector | object | `{}` | | -| metrics.serviceMonitor.tlsConfig | object | `{}` | | -| mode | string | `"standalone"` | | -| nameOverride | string | `""` | | -| namespaceOverride | string | `""` | | -| networkPolicy.allowExternal | bool | `true` | | -| networkPolicy.allowExternalEgress | bool | `true` | | -| networkPolicy.enabled | bool | `true` | | -| networkPolicy.extraEgress | list | `[]` | | -| networkPolicy.extraIngress | list | `[]` | | -| networkPolicy.ingressNSMatchLabels | object | `{}` | | -| networkPolicy.ingressNSPodMatchLabels | object | `{}` | | -| nodeAffinityPreset.key | string | `""` | | -| nodeAffinityPreset.type | string | `""` | | -| nodeAffinityPreset.values | list | `[]` | | -| nodeSelector | object | `{}` | | -| pdb.create | bool | `true` | | -| pdb.maxUnavailable | string | `""` | | -| pdb.minAvailable | string | `""` | | -| persistence.accessModes[0] | string | `"ReadWriteOnce"` | | -| persistence.annotations | object | `{}` | | -| persistence.enabled | bool | `true` | | -| persistence.existingClaim | string | `""` | | -| persistence.mountPath | string | `"/bitnami/minio/data"` | | -| persistence.size | string | `"8Gi"` | | -| persistence.storageClass | string | `""` | | -| podAffinityPreset | string | `""` | | -| podAnnotations | object | `{}` | | -| podAntiAffinityPreset | string | `"soft"` | | -| podLabels | object | `{}` | | -| podSecurityContext.enabled | bool | `true` | | -| podSecurityContext.fsGroup | int | `1001` | | -| podSecurityContext.fsGroupChangePolicy | string | `"OnRootMismatch"` | | -| podSecurityContext.supplementalGroups | list | `[]` | | -| podSecurityContext.sysctls | list | `[]` | | -| priorityClassName | string | `""` | | -| provisioning.args | list | `[]` | | -| provisioning.buckets | list | `[]` | | -| provisioning.cleanupAfterFinished.enabled | bool | `false` | | -| provisioning.cleanupAfterFinished.seconds | int | `600` | | -| provisioning.command | list | `[]` | | -| provisioning.config | list | `[]` | | -| provisioning.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | -| provisioning.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | -| provisioning.containerSecurityContext.enabled | bool | `true` | | -| provisioning.containerSecurityContext.privileged | bool | `false` | | -| provisioning.containerSecurityContext.readOnlyRootFilesystem | bool | `true` | | -| provisioning.containerSecurityContext.runAsGroup | int | `1001` | | -| provisioning.containerSecurityContext.runAsNonRoot | bool | `true` | | -| provisioning.containerSecurityContext.runAsUser | int | `1001` | | -| provisioning.containerSecurityContext.seLinuxOptions | object | `{}` | | -| provisioning.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| provisioning.enabled | bool | `false` | | -| provisioning.extraCommands | list | `[]` | | -| provisioning.extraVolumeMounts | list | `[]` | | -| provisioning.extraVolumes | list | `[]` | | -| provisioning.groups | list | `[]` | | -| provisioning.networkPolicy.allowExternalEgress | bool | `true` | | -| provisioning.networkPolicy.enabled | bool | `true` | | -| provisioning.networkPolicy.extraEgress | list | `[]` | | -| provisioning.networkPolicy.extraIngress | list | `[]` | | -| provisioning.nodeSelector | object | `{}` | | -| provisioning.podAnnotations | object | `{}` | | -| provisioning.podLabels | object | `{}` | | -| provisioning.podSecurityContext.enabled | bool | `true` | | -| provisioning.podSecurityContext.fsGroup | int | `1001` | | -| provisioning.podSecurityContext.fsGroupChangePolicy | string | `"Always"` | | -| provisioning.podSecurityContext.supplementalGroups | list | `[]` | | -| provisioning.podSecurityContext.sysctls | list | `[]` | | -| provisioning.policies | list | `[]` | | -| provisioning.resources | object | `{}` | | -| provisioning.resourcesPreset | string | `"nano"` | | -| provisioning.schedulerName | string | `""` | | -| provisioning.users | list | `[]` | | -| provisioning.usersExistingSecrets | list | `[]` | | -| readinessProbe.enabled | bool | `true` | | -| readinessProbe.failureThreshold | int | `5` | | -| readinessProbe.initialDelaySeconds | int | `5` | | -| readinessProbe.periodSeconds | int | `5` | | -| readinessProbe.successThreshold | int | `1` | | -| readinessProbe.timeoutSeconds | int | `1` | | -| resources | object | `{}` | | -| resourcesPreset | string | `"micro"` | | -| runtimeClassName | string | `""` | | -| schedulerName | string | `""` | | -| service.annotations | object | `{}` | | -| service.clusterIP | string | `""` | | -| service.externalTrafficPolicy | string | `"Cluster"` | | -| service.extraPorts | list | `[]` | | -| service.headless.annotations | object | `{}` | | -| service.loadBalancerIP | string | `""` | | -| service.loadBalancerSourceRanges | list | `[]` | | -| service.nodePorts.api | string | `""` | | -| service.nodePorts.console | string | `""` | | -| service.ports.api | int | `9000` | | -| service.ports.console | int | `9001` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automountServiceAccountToken | bool | `false` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| sidecars | list | `[]` | | -| startupProbe.enabled | bool | `false` | | -| startupProbe.failureThreshold | int | `60` | | -| startupProbe.initialDelaySeconds | int | `0` | | -| startupProbe.periodSeconds | int | `10` | | -| startupProbe.successThreshold | int | `1` | | -| startupProbe.timeoutSeconds | int | `5` | | -| statefulset.drivesPerNode | int | `1` | | -| statefulset.podManagementPolicy | string | `"Parallel"` | | -| statefulset.replicaCount | int | `4` | | -| statefulset.updateStrategy.type | string | `"RollingUpdate"` | | -| statefulset.zones | int | `1` | | -| terminationGracePeriodSeconds | string | `""` | | -| tls.autoGenerated | bool | `false` | | -| tls.enabled | bool | `false` | | -| tls.existingSecret | string | `""` | | -| tls.mountPath | string | `""` | | -| tolerations | list | `[]` | | -| topologySpreadConstraints | list | `[]` | | -| volumePermissions.containerSecurityContext.runAsUser | int | `0` | | -| volumePermissions.containerSecurityContext.seLinuxOptions | object | `{}` | | -| volumePermissions.enabled | bool | `false` | | -| volumePermissions.image.digest | string | `""` | | -| volumePermissions.image.pullPolicy | string | `"IfNotPresent"` | | -| volumePermissions.image.pullSecrets | list | `[]` | | -| volumePermissions.image.registry | string | `"docker.io"` | | -| volumePermissions.image.repository | string | `"bitnami/os-shell"` | | -| volumePermissions.image.tag | string | `"12-debian-12-r24"` | | -| volumePermissions.resources | object | `{}` | | -| volumePermissions.resourcesPreset | string | `"nano"` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/testkube-enterprise/charts/minio/charts/common/.helmignore b/charts/testkube-enterprise/charts/minio/charts/common/.helmignore deleted file mode 100644 index d0e10845d..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/.helmignore +++ /dev/null @@ -1,26 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -# img folder -img/ -# Changelog -CHANGELOG.md diff --git a/charts/testkube-enterprise/charts/minio/charts/common/Chart.yaml b/charts/testkube-enterprise/charts/minio/charts/common/Chart.yaml deleted file mode 100644 index 23ba4e4e7..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure - licenses: Apache-2.0 -apiVersion: v2 -appVersion: 2.20.3 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://bitnami.com -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: Broadcom, Inc. All Rights Reserved. - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts/tree/main/bitnami/common -type: library -version: 2.20.3 diff --git a/charts/testkube-enterprise/charts/minio/charts/common/README.md b/charts/testkube-enterprise/charts/minio/charts/common/README.md deleted file mode 100644 index 994e69186..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/README.md +++ /dev/null @@ -1,26 +0,0 @@ -# common - -![Version: 2.20.3](https://img.shields.io/badge/Version-2.20.3-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: 2.20.3](https://img.shields.io/badge/AppVersion-2.20.3-informational?style=flat-square) - -A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Broadcom, Inc. All Rights Reserved. | | | - -## Source Code - -* - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| exampleValue | string | `"common-chart"` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_affinities.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_affinities.tpl deleted file mode 100644 index c2d290792..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,139 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a topologyKey definition -{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} -*/}} -{{- define "common.affinities.topologyKey" -}} -{{ .topologyKey | default "kubernetes.io/hostname" -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: 1 - {{- range $extraPodAffinityTerms }} - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - weight: {{ .weight | default 1 -}} - {{- end -}} -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $customLabels := default (dict) .customLabels -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- range $extraPodAffinityTerms }} - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := .extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} - {{- end -}} -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_capabilities.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 2fe81d32d..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,229 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- default (default .Capabilities.KubeVersion.Version .Values.kubeVersion) ((.Values.global).kubeVersion) -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for daemonset. -*/}} -{{- define "common.capabilities.daemonset.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if (.Values.ingress).apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} -{{- print "extensions/v1beta1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Vertical Pod Autoscaler. -*/}} -{{- define "common.capabilities.vpa.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if PodSecurityPolicy is supported -*/}} -{{- define "common.capabilities.psp.supported" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if or (empty $kubeVersion) (semverCompare "<1.25-0" $kubeVersion) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if AdmissionConfiguration is supported -*/}} -{{- define "common.capabilities.admissionConfiguration.supported" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for AdmissionConfiguration. -*/}} -{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- print "apiserver.config.k8s.io/v1alpha1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} -{{- print "apiserver.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiserver.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for PodSecurityConfiguration. -*/}} -{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} -{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} -{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} -{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} -{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} -{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "pod-security.admission.config.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_compatibility.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_compatibility.tpl deleted file mode 100644 index eb4061d7d..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_compatibility.tpl +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return true if the detected platform is Openshift -Usage: -{{- include "common.compatibility.isOpenshift" . -}} -*/}} -{{- define "common.compatibility.isOpenshift" -}} -{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} -{{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC -Usage: -{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} -*/}} -{{- define "common.compatibility.renderSecurityContext" -}} -{{- $adaptedContext := .secContext -}} - -{{- if (((.context.Values.global).compatibility).openshift) -}} - {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} - {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} - {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} - {{- if not .secContext.seLinuxOptions -}} - {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} - {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{/* Remove fields that are disregarded when running the container in privileged mode */}} -{{- if $adaptedContext.privileged -}} - {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}} -{{- end -}} -{{- omit $adaptedContext "enabled" | toYaml -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_errors.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_errors.tpl deleted file mode 100644 index e96536519..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_images.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_images.tpl deleted file mode 100644 index 6821b1ce2..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_images.tpl +++ /dev/null @@ -1,109 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := default .imageRoot.registry ((.global).imageRegistry) -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} - -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- if $registryName }} - {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- else -}} - {{- printf "%s%s%s" $repositoryName $separator $termination -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- range ((.global).imagePullSecrets) -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end }} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets .name -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- range (($context.Values.global).imagePullSecrets) -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- if kindIs "map" . -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} - {{- else -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) -}} -imagePullSecrets: - {{- range $pullSecrets | uniq }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) -{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} -*/}} -{{- define "common.images.version" -}} -{{- $imageTag := .imageRoot.tag | toString -}} -{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} -{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} - {{- $version := semver $imageTag -}} - {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} -{{- else -}} - {{- print .chart.AppVersion -}} -{{- end -}} -{{- end -}} - diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_ingress.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_ingress.tpl deleted file mode 100644 index 7d2b87985..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,73 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_labels.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_labels.tpl deleted file mode 100644 index 0a0cc5488..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Kubernetes standard labels -{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} -*/}} -{{- define "common.labels.standard" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} -{{- with .context.Chart.AppVersion -}} -{{- $_ := set $default "app.kubernetes.io/version" . -}} -{{- end -}} -{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Chart.AppVersion }} -app.kubernetes.io/version: {{ . | quote }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector -{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} - -We don't want to loop over custom labels appending them to the selector -since it's very likely that it will break deployments, services, etc. -However, it's important to overwrite the standard labels if the user -overwrote them on metadata.labels fields. -*/}} -{{- define "common.labels.matchLabels" -}} -{{- if and (hasKey . "customLabels") (hasKey . "context") -}} -{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} -{{- else -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_names.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_names.tpl deleted file mode 100644 index ba8395685..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_names.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_resources.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_resources.tpl deleted file mode 100644 index b4491f782..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_resources.tpl +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a resource request/limit object based on a given preset. -These presets are for basic testing and not meant to be used in production -{{ include "common.resources.preset" (dict "type" "nano") -}} -*/}} -{{- define "common.resources.preset" -}} -{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} -{{- $presets := dict - "nano" (dict - "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi") - ) - "micro" (dict - "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi") - ) - "small" (dict - "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi") - ) - "medium" (dict - "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi") - ) - "large" (dict - "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi") - ) - "xlarge" (dict - "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi") - ) - "2xlarge" (dict - "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") - "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi") - ) - }} -{{- if hasKey $presets .type -}} -{{- index $presets .type | toYaml -}} -{{- else -}} -{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} -{{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_secrets.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_secrets.tpl deleted file mode 100644 index e87575a88..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,182 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. - - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. - - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | b64dec }} - {{- else if not (eq .failOnNew false) }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} - {{- else }} - {{- $password = randAlphaNum $passwordLength }} - {{- end }} -{{- end -}} -{{- if not .skipB64enc }} -{{- $password = $password | b64enc }} -{{- end -}} -{{- if .skipQuote -}} -{{- printf "%s" $password -}} -{{- else -}} -{{- printf "%s" $password | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else if .defaultValue -}} - {{- $value = .defaultValue | toString | b64enc -}} -{{- end -}} -{{- if $value -}} -{{- printf "%s" $value -}} -{{- end -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_storage.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_storage.tpl deleted file mode 100644 index 7780da18b..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := default .persistence.storageClass ((.global).storageClass) -}} -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_tplvalues.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index c84d72c80..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template perhaps with scope if the scope is present. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} -*/}} -{{- define "common.tplvalues.render" -}} -{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} -{{- if contains "{{" (toJson .value) }} - {{- if .scope }} - {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} - {{- else }} - {{- tpl $value .context }} - {{- end }} -{{- else }} - {{- $value }} -{{- end }} -{{- end -}} - -{{/* -Merge a list of values that contains template after rendering them. -Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge -Usage: -{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} -*/}} -{{- define "common.tplvalues.merge" -}} -{{- $dst := dict -}} -{{- range .values -}} -{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} -{{- end -}} -{{ $dst | toYaml }} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_utils.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_utils.tpl deleted file mode 100644 index d53c74aa2..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). -Usage: -{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} -*/}} -{{- define "common.utils.checksumTemplate" -}} -{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} -{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/_warnings.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/_warnings.tpl deleted file mode 100644 index e4dbecde2..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,109 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html -{{- end }} -{{- end -}} - -{{/* -Warning about replaced images from the original. -Usage: -{{ include "common.warnings.modifiedImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} -*/}} -{{- define "common.warnings.modifiedImages" -}} -{{- $affectedImages := list -}} -{{- $printMessage := false -}} -{{- $originalImages := .context.Chart.Annotations.images -}} -{{- range .images -}} - {{- $fullImageName := printf (printf "%s/%s:%s" .registry .repository .tag) -}} - {{- if not (contains $fullImageName $originalImages) }} - {{- $affectedImages = append $affectedImages (printf "%s/%s:%s" .registry .repository .tag) -}} - {{- $printMessage = true -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -âš  SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables. - -Substituted images detected: -{{- range $affectedImages }} - - {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Warning about not setting the resource object in all deployments. -Usage: -{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} -Example: -{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} -The list in the example assumes that the following values exist: - - csiProvider.provider.resources - - server.resources - - volumePermissions.resources - - resources -*/}} -{{- define "common.warnings.resources" -}} -{{- $values := .context.Values -}} -{{- $printMessage := false -}} -{{ $affectedSections := list -}} -{{- range .sections -}} - {{- if eq . "" -}} - {{/* Case where the resources section is at the root (one main deployment in the chart) */}} - {{- if not (index $values "resources") -}} - {{- $affectedSections = append $affectedSections "resources" -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} - {{- $keys := split "." . -}} - {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} - {{- $section := $values -}} - {{- range $keys -}} - {{- $section = index $section . -}} - {{- end -}} - {{- if not (index $section "resources") -}} - {{/* If the section has enabled=false or replicaCount=0, do not include it */}} - {{- if and (hasKey $section "enabled") -}} - {{- if index $section "enabled" -}} - {{/* enabled=true */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else if and (hasKey $section "replicaCount") -}} - {{/* We need a casting to int because number 0 is not treated as an int by default */}} - {{- if (gt (index $section "replicaCount" | int) 0) -}} - {{/* replicaCount > 0 */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- else -}} - {{/* Default case, add it to the affected sections */}} - {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} - {{- $printMessage = true -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- if $printMessage }} - -WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: -{{- range $affectedSections }} - - {{ . }} -{{- end }} -+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -{{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_cassandra.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index 3f41ff8fc..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mariadb.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index 6ea8c0f45..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mongodb.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index d4cd38cbb..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,113 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mysql.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index 924812a93..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_postgresql.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 0fa0b1467..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,134 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_redis.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index f4778256d..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,81 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_validations.tpl b/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 7cdee6170..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,51 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/charts/common/values.yaml b/charts/testkube-enterprise/charts/minio/charts/common/values.yaml deleted file mode 100644 index de2cac57d..000000000 --- a/charts/testkube-enterprise/charts/minio/charts/common/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/charts/testkube-enterprise/charts/minio/templates/NOTES.txt b/charts/testkube-enterprise/charts/minio/templates/NOTES.txt deleted file mode 100644 index 12f863f02..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/NOTES.txt +++ /dev/null @@ -1,78 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -** Please be patient while the chart is being deployed ** - -MinIO® can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: - - {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - -To get your credentials run: - - export ROOT_USER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "minio.secretName" . }} -o jsonpath="{.data.{{ include "minio.rootUserKey" . }}}" | base64 -d) - export ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "minio.secretName" . }} -o jsonpath="{.data.{{ include "minio.rootPasswordKey" . }}}" | base64 -d) - -To connect to your MinIO® server using a client: - -- Run a MinIO® Client pod and append the desired command (e.g. 'admin info'): - - kubectl run --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-client \ - --rm --tty -i --restart='Never' \ - --env MINIO_SERVER_ROOT_USER=$ROOT_USER \ - --env MINIO_SERVER_ROOT_PASSWORD=$ROOT_PASSWORD \ - --env MINIO_SERVER_HOST={{ include "common.names.fullname" . }} \ - {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - --labels="{{ include "common.names.fullname" . }}-client=true" \ - {{- end }} - --image {{ template "minio.clientImage" . }} -- admin info minio - -{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - - NOTE: Since NetworkPolicy is enabled, only pods with label - "{{ template "common.names.fullname" . }}-client=true" will be able to connect to MinIO®. - -{{- end }} -{{- if (not .Values.disableWebUI) }} - -To access the MinIO® web UI: - -- Get the MinIO® URL: - -{{- if .Values.ingress.enabled }} - - You should be able to access your new MinIO® web UI through - - {{ if .Values.ingress.tls }}https{{ else }}http{{ end }}://{{ .Values.ingress.hostname }}/minio/ -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - {{- $port:=.Values.service.ports.console | toString }} - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - echo "MinIO® web URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.ports.console }}{{ end }}/minio" - -{{- else if contains "ClusterIP" .Values.service.type }} - - echo "MinIO® web URL: http://127.0.0.1:{{ .Values.containerPorts.console }}/minio" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.containerPorts.console }}:{{ .Values.service.ports.console }} - -{{- else if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "MinIO® web URL: http://$NODE_IP:$NODE_PORT/minio" - -{{- end }} -{{- else }} - - WARN: MinIO® Web UI is disabled. -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.clientImage }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- include "minio.validateValues" . }} -{{- include "common.warnings.resources" (dict "sections" (list "provisioning" "" "volumePermissions") "context" $) }} -{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.clientImage .Values.volumePermissions.image) "context" $) }} \ No newline at end of file diff --git a/charts/testkube-enterprise/charts/minio/templates/_helpers.tpl b/charts/testkube-enterprise/charts/minio/templates/_helpers.tpl deleted file mode 100644 index 4cf325560..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/_helpers.tpl +++ /dev/null @@ -1,267 +0,0 @@ -{{/* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper MinIO® image name -*/}} -{{- define "minio.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} - -{{- end -}} - -{{/* -Return the proper MinIO® Client image name -*/}} -{{- define "minio.clientImage" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.clientImage "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "minio.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "minio.imagePullSecrets" -}} -{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.clientImage .Values.volumePermissions.image) "context" $) -}} -{{- end -}} - -{{/* -Returns the available value for certain key in an existing secret (if it exists), -otherwise it generates a random value. -*/}} -{{- define "getValueFromSecret" }} -{{- $len := (default 16 .Length) | int -}} -{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} -{{- if $obj }} -{{- index $obj .Key | b64dec -}} -{{- else -}} -{{- randAlphaNum $len -}} -{{- end -}} -{{- end }} - -{{/* -Get the user to use to access MinIO® -*/}} -{{- define "minio.secret.userValue" -}} -{{- if .Values.auth.rootUser }} - {{- .Values.auth.rootUser -}} -{{- else if (not .Values.auth.forcePassword) }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "root-user") -}} -{{- else -}} - {{ required "A root username is required!" .Values.auth.rootUser }} -{{- end -}} -{{- end -}} - -{{/* -Get the password to use to access MinIO® -*/}} -{{- define "minio.secret.passwordValue" -}} -{{- if .Values.auth.rootPassword }} - {{- .Values.auth.rootPassword -}} -{{- else if (not .Values.auth.forcePassword) }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "root-password") -}} -{{- else -}} - {{ required "A root password is required!" .Values.auth.rootPassword }} -{{- end -}} -{{- end -}} - -{{/* -Get the credentials secret. -*/}} -{{- define "minio.secretName" -}} -{{- if .Values.auth.existingSecret -}} - {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the root user key. -*/}} -{{- define "minio.rootUserKey" -}} -{{- if and (.Values.auth.existingSecret) (.Values.auth.rootUserSecretKey) -}} - {{- printf "%s" (tpl .Values.auth.rootUserSecretKey $) -}} -{{- else -}} - {{- "root-user" -}} -{{- end -}} -{{- end -}} - -{{/* -Get the root password key. -*/}} -{{- define "minio.rootPasswordKey" -}} -{{- if and (.Values.auth.existingSecret) (.Values.auth.rootPasswordSecretKey) -}} - {{- printf "%s" (tpl .Values.auth.rootPasswordSecretKey $) -}} -{{- else -}} - {{- "root-password" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "minio.createSecret" -}} -{{- if .Values.auth.existingSecret -}} -{{- else -}} - {{- .Values.auth.useSecret -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a PVC object should be created (only in standalone mode) -*/}} -{{- define "minio.createPVC" -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.mode "standalone") }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the PVC name (only in standalone mode) -*/}} -{{- define "minio.claimName" -}} -{{- if and .Values.persistence.existingClaim }} - {{- printf "%s" (tpl .Values.persistence.existingClaim $) -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Returns the proper service account name depending if an explicit service account name is set -in the values file. If the name is not set it will default to either common.names.fullname if serviceAccount.create -is true or default otherwise. -*/}} -{{- define "minio.serviceAccountName" -}} - {{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} - {{- else -}} - {{ default "default" .Values.serviceAccount.name }} - {{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "minio.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "minio.validateValues.mode" .) -}} -{{- $messages := append $messages (include "minio.validateValues.totalDrives" .) -}} -{{- $messages := append $messages (include "minio.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of MinIO® - must provide a valid mode ("distributed" or "standalone") -*/}} -{{- define "minio.validateValues.mode" -}} -{{- $allowedValues := list "distributed" "standalone" }} -{{- if not (has .Values.mode $allowedValues) -}} -minio: mode - Invalid mode selected. Valid values are "distributed" and - "standalone". Please set a valid mode (--set mode="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of MinIO® - total number of drives should be greater than 4 -*/}} -{{- define "minio.validateValues.totalDrives" -}} -{{- $replicaCount := int .Values.statefulset.replicaCount }} -{{- $drivesPerNode := int .Values.statefulset.drivesPerNode }} -{{- $zones := int .Values.statefulset.zones }} -{{- $totalDrives := mul $replicaCount $zones $drivesPerNode }} -{{- if and (eq .Values.mode "distributed") (lt $totalDrives 4) -}} -minio: total drives - The total number of drives should be greater than 4 to guarantee erasure coding! - Please set a combination of nodes, and drives per node that match this condition. - For instance (--set statefulset.replicaCount=2 --set statefulset.drivesPerNode=2) -{{- end -}} -{{- end -}} - -{{/* -Validate values of MinIO® - TLS secret must provided if TLS is enabled -*/}} -{{- define "minio.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) (not .Values.tls.autoGenerated) }} -minio: tls.existingSecret, tls.autoGenerated - In order to enable TLS, you also need to provide - an existing secret containing the TLS certificates or - enable auto-generated certificates. -{{- end -}} -{{- end -}} - -{{/* -Return the secret containing MinIO TLS certificates -*/}} -{{- define "minio.tlsSecretName" -}} -{{- if .Values.tls.existingSecret -}} - {{- printf "%s" (tpl .Values.tls.existingSecret $) -}} -{{- else -}} - {{- printf "%s-crt" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "minio.createTlsSecret" -}} -{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Provisioning job labels (exclude matchLabels from standard labels) -*/}} -{{- define "minio.labels.provisioning" -}} -{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.provisioning.podLabels .Values.commonLabels ) "context" . ) }} -{{- $provisioningLabels := (include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | fromYaml ) -}} -{{- range (include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | fromYaml | keys ) -}} -{{- $_ := unset $provisioningLabels . -}} -{{- end -}} -{{- print ($provisioningLabels | toYaml) -}} -{{- end -}} - -{{/* -Return the ingress anotation -*/}} -{{- define "minio.ingress.annotations" -}} -{{ .Values.ingress.annotations | toYaml }} -{{- end -}} - -{{/* -Return the api ingress anotation -*/}} -{{- define "minio.apiIngress.annotations" -}} -{{ .Values.apiIngress.annotations | toYaml }} -{{- end -}} - -{{/* -Return the ingress hostname -*/}} -{{- define "minio.ingress.hostname" -}} -{{- tpl .Values.ingress.hostname $ -}} -{{- end -}} - -{{/* -Return the api ingress hostname -*/}} -{{- define "minio.apiIngress.hostname" -}} -{{- tpl .Values.apiIngress.hostname $ -}} -{{- end -}} diff --git a/charts/testkube-enterprise/charts/minio/templates/api-ingress.yaml b/charts/testkube-enterprise/charts/minio/templates/api-ingress.yaml deleted file mode 100644 index 817aa818c..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/api-ingress.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.apiIngress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }}-api - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list (include "minio.apiIngress.annotations" . | fromYaml) .Values.commonAnnotations ) "context" . ) }} - {{- if $annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.apiIngress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} - ingressClassName: {{ .Values.apiIngress.ingressClassName | quote }} - {{- end }} - rules: - {{- if (include "minio.apiIngress.hostname" .) }} - - host: {{ include "minio.apiIngress.hostname" . }} - http: - paths: - {{- if .Values.apiIngress.extraPaths }} - {{- toYaml .Values.apiIngress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.apiIngress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.apiIngress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "minio-api" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.apiIngress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "minio-api" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.apiIngress.extraRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.apiIngress.extraRules "context" $) | nindent 4 }} - {{- end }} - {{- $annotationsMap := include "common.tplvalues.render" (dict "value" $annotations "context" $) | fromYaml }} - {{- if or (and .Values.apiIngress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" $annotationsMap )) .Values.apiIngress.selfSigned)) .Values.apiIngress.extraTls }} - tls: - {{- if and .Values.apiIngress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" $annotationsMap )) .Values.apiIngress.selfSigned) }} - - hosts: - - {{ include "minio.apiIngress.hostname" . }} - secretName: {{ printf "%s-tls" (include "minio.apiIngress.hostname" .) }} - {{- end }} - {{- if .Values.apiIngress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.apiIngress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/distributed/headless-svc.yaml b/charts/testkube-enterprise/charts/minio/templates/distributed/headless-svc.yaml deleted file mode 100644 index 230829a06..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/distributed/headless-svc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (eq .Values.mode "distributed") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-headless" (include "common.names.fullname" .) | trunc 63 }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.service.headless.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: minio-api - port: {{ .Values.service.ports.api }} - targetPort: minio-api - - name: minio-console - port: {{ .Values.service.ports.console }} - targetPort: minio-console - publishNotReadyAddresses: true - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/distributed/statefulset.yaml b/charts/testkube-enterprise/charts/minio/templates/distributed/statefulset.yaml deleted file mode 100644 index 2d74b6f70..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/distributed/statefulset.yaml +++ /dev/null @@ -1,361 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (eq .Values.mode "distributed") }} -{{- $fullname := include "common.names.fullname" . }} -{{- $headlessService := printf "%s-headless" (include "common.names.fullname" .) | trunc 63 }} -{{- $releaseNamespace := include "common.names.namespace" . }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $apiPort := toString .Values.containerPorts.api }} -{{- $replicaCount := int .Values.statefulset.replicaCount }} -{{- $zoneCount := int .Values.statefulset.zones }} -{{- $drivesPerNode := int .Values.statefulset.drivesPerNode }} -{{- $mountPath := .Values.persistence.mountPath }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ $fullname }} - namespace: {{ $releaseNamespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - serviceName: {{ $headlessService }} - replicas: {{ mul $zoneCount $replicaCount }} - podManagementPolicy: {{ .Values.statefulset.podManagementPolicy }} - {{- if .Values.statefulset.updateStrategy }} - updateStrategy: {{- toYaml .Values.statefulset.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - {{- if or .Values.podAnnotations (include "minio.createSecret" .) }} - annotations: - {{- if (include "minio.createSecret" .) }} - checksum/credentials-secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "minio.imagePullSecrets" . | nindent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName }} - {{- end }} - serviceAccountName: {{ template "minio.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: {{ .Values.runtimeClassName | quote }} - {{- end}} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ template "minio.volumePermissions.image" . }} - imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if and .Values.persistence.enabled (gt $drivesPerNode 1) }} - chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ range $diskId := until $drivesPerNode }}{{ $mountPath }}-{{ $diskId }} {{ end }} - {{- else }} - chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ $mountPath }} - {{- end }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if and .Values.persistence.enabled (gt $drivesPerNode 1) }} - {{- range $diskId := until $drivesPerNode }} - - name: data-{{ $diskId }} - mountPath: {{ $mountPath }}-{{ $diskId }} - {{- end }} - {{- else }} - - name: data - mountPath: {{ $mountPath }} - {{- end }} - {{- end }} - {{- end }} - containers: - - name: minio - image: {{ include "minio.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: MINIO_DISTRIBUTED_MODE_ENABLED - value: "yes" - - name: MINIO_DISTRIBUTED_NODES - {{- $clusters := list }} - {{- range $i := until $zoneCount }} - {{- $factor := mul $i $replicaCount }} - {{- $endIndex := sub (add $factor $replicaCount) 1 }} - {{- $beginIndex := mul $i $replicaCount }} - {{- $bucket := ternary (printf "%s-{0...%d}" $mountPath (sub $drivesPerNode 1)) $mountPath (gt $drivesPerNode 1) }} - {{- $clusters = append $clusters (printf "%s-{%d...%d}.%s.%s.svc.%s:%s%s" $fullname $beginIndex $endIndex $headlessService $releaseNamespace $clusterDomain $apiPort $bucket) }} - {{- end }} - value: {{ join "," $clusters | quote }} - - name: MINIO_SCHEME - value: {{ ternary "https" "http" .Values.tls.enabled | quote }} - - name: MINIO_FORCE_NEW_KEYS - value: {{ ternary "yes" "no" .Values.auth.forceNewKeys | quote }} - {{- if .Values.auth.useCredentialsFiles }} - - name: MINIO_ROOT_USER_FILE - value: "/opt/bitnami/minio/secrets/root-user" - - name: MINIO_ROOT_PASSWORD_FILE - value: "/opt/bitnami/minio/secrets/root-password" - {{- else }} - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ include "minio.secretName" . }} - key: {{ include "minio.rootUserKey" . }} - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "minio.secretName" . }} - key: {{ include "minio.rootPasswordKey" . }} - {{- end }} - - name: MINIO_SKIP_CLIENT - value: {{ ternary "yes" "no" (empty .Values.defaultBuckets) | quote }} - {{- if .Values.defaultBuckets }} - - name: MINIO_DEFAULT_BUCKETS - value: {{ .Values.defaultBuckets }} - {{- end }} - - name: MINIO_BROWSER - value: {{ ternary "off" "on" .Values.disableWebUI | quote }} - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: {{ .Values.metrics.prometheusAuthType | quote }} - {{- if .Values.tls.mountPath }} - - name: MINIO_CERTS_DIR - value: {{ .Values.tls.mountPath | quote }} - - name: MINIO_CONSOLE_PORT_NUMBER - value: {{ .Values.containerPorts.console | quote }} - - name: MINIO_API_PORT_NUMBER - value: {{ .Values.containerPorts.api | quote }} - {{- end }} - - name: MINIO_DATA_DIR - value: {{ ternary (printf "%s-0" $mountPath) $mountPath (gt $drivesPerNode 1) | quote }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: minio-api - containerPort: {{ .Values.containerPorts.api }} - protocol: TCP - - name: minio-console - containerPort: {{ .Values.containerPorts.console }} - protocol: TCP - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /minio/health/live - port: minio-api - scheme: {{ ternary "HTTPS" "HTTP" .Values.tls.enabled | quote }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: minio-api - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.startupProbe.enabled }} - startupProbe: - tcpSocket: - port: minio-api - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- else if ne .Values.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/minio/tmp - subPath: app-tmp-dir - - name: empty-dir - mountPath: /.mc - subPath: app-mc-dir - {{- if .Values.auth.useCredentialsFiles }} - - name: minio-credentials - mountPath: /opt/bitnami/minio/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: minio-certs - mountPath: {{ default "/certs" .Values.tls.mountPath }} - {{- end }} - {{- if gt $drivesPerNode 1 }} - {{- range $diskId := until $drivesPerNode }} - - name: data-{{ $diskId }} - mountPath: {{ $mountPath }}-{{ $diskId }} - {{- end }} - {{- else }} - - name: data - mountPath: {{ $mountPath }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - {{- if .Values.auth.useCredentialsFiles }} - - name: minio-credentials - secret: - secretName: {{ include "minio.secretName" . }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: minio-certs - secret: - secretName: {{ include "minio.tlsSecretName" . }} - items: - - key: tls.crt - path: public.crt - - key: tls.key - path: private.key - - key: ca.crt - path: CAs/public.crt - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if and (not .Values.persistence.enabled) (gt $drivesPerNode 1) }} - {{- range $diskId := until $drivesPerNode }} - - name: data-{{ $diskId }} - emptyDir: {} - {{- end }} - {{- else if not .Values.persistence.enabled }} - - name: data - emptyDir: {} - {{- else }} - volumeClaimTemplates: - {{- if gt $drivesPerNode 1 }} - {{- range $diskId := until $drivesPerNode }} - - metadata: - name: data-{{ $diskId }} - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 10 }} - {{- if $.Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range $.Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ $.Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" $.Values.persistence "global" $.Values.global) | nindent 8 }} - {{- end }} - {{- else }} - - metadata: - name: data - labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }} - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/extra-list.yaml b/charts/testkube-enterprise/charts/minio/templates/extra-list.yaml deleted file mode 100644 index 329f5c653..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/extra-list.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/ingress.yaml b/charts/testkube-enterprise/charts/minio/templates/ingress.yaml deleted file mode 100644 index 1d0d55194..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/ingress.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.ingress.enabled (not .Values.disableWebUI ) -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list (include "minio.ingress.annotations" . | fromYaml) .Values.commonAnnotations ) "context" . ) }} - {{- if $annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if (include "minio.ingress.hostname" .) }} - - host: {{ include "minio.ingress.hostname" . }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "minio-console" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "minio-console" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.extraRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} - {{- end }} - {{- $annotationsMap := include "common.tplvalues.render" (dict "value" $annotations "context" $) | fromYaml }} - {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" $annotationsMap )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" $annotationsMap )) .Values.ingress.selfSigned) }} - - hosts: - - {{ include "minio.ingress.hostname" . }} - secretName: {{ printf "%s-tls" (include "minio.ingress.hostname" .) }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/networkpolicy.yaml b/charts/testkube-enterprise/charts/minio/templates/networkpolicy.yaml deleted file mode 100644 index 209d5361f..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/networkpolicy.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - policyTypes: - - Ingress - - Egress - {{- if .Values.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - # Allow outbound connections to other cluster pods - - ports: - - port: {{ .Values.containerPorts.api }} - - port: {{ .Values.containerPorts.console }} - - port: {{ .Values.service.ports.api }} - - port: {{ .Values.service.ports.console }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - {{- if .Values.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dataCoord.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.containerPorts.console }} - - port: {{ .Values.containerPorts.api }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ include "common.names.fullname" . }}-client: "true" - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - {{- if or .Values.networkPolicy.ingressNSMatchLabels .Values.networkPolicy.ingressNSPodMatchLabels }} - - namespaceSelector: - matchLabels: - {{- if .Values.networkPolicy.ingressNSMatchLabels }} - {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{ else }} - {} - {{- end }} - {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- $extraIngress := coalesce .Values.networkPolicy.extraIngress .Values.networkPolicy.extraFromClauses }} - {{- if $extraIngress }} - {{- toYaml $extraIngress | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/pdb.yaml b/charts/testkube-enterprise/charts/minio/templates/pdb.yaml deleted file mode 100644 index e34aa458a..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/pdb.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if or .Values.pdb.maxUnavailable ( not .Values.pdb.minAvailable ) }} - maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/prometheusrule.yaml b/charts/testkube-enterprise/charts/minio/templates/prometheusrule.yaml deleted file mode 100644 index 5f1d6fe57..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/prometheusrule.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -{{- $releaseNamespace := default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ $releaseNamespace | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ include "common.names.fullname" . }} - rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/provisioning-configmap.yaml b/charts/testkube-enterprise/charts/minio/templates/provisioning-configmap.yaml deleted file mode 100644 index bf11bd1a9..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/provisioning-configmap.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.provisioning.enabled }} -{{- $fullname := printf "%s-provisioning" (include "common.names.fullname" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $fullname }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: minio-provisioning - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - {{- range $bucket := .Values.provisioning.buckets }} - {{- if $bucket.lifecycle }} - bucket-{{ $bucket.name }}.json: | - { - "Rules": [ - {{- range $idx, $lifecycle := $bucket.lifecycle }} - {{- if not (eq $idx 0) }} - , - {{- end }} - { - "ID": "{{ $lifecycle.id }}", - "Status": "{{ ternary "Disabled" "Enabled" (and (not (empty $lifecycle.disabled)) $lifecycle.disabled) }}", - {{- if $lifecycle.expiry }} - "Expiration": { - {{- with $lifecycle.expiry.date }} - "Date": "{{ . }}" - {{- end }} - {{- with $lifecycle.expiry.days }} - "Days": {{ . }} - {{- end }} - } - {{- with $lifecycle.expiry.nonconcurrentDays }} - , - "NoncurrentVersionExpiration": { - "NoncurrentDays": {{ . }} - } - {{- end }} - {{- with $lifecycle.prefix }} - , - "Filter": { - "Prefix": "{{ . }}" - } - {{- end }} - } - {{- end }} - {{- end }} - ] - } - {{- end }} - {{- end }} - {{- range $policy := .Values.provisioning.policies }} - policy-{{ $policy.name }}.json: | - {{- $statementsLength := sub (len $policy.statements) 1 }} - { - "Version": "2012-10-17", - "Statement": [ - {{- range $i, $statement := $policy.statements }} - { - "Effect": "{{ default "Deny" $statement.effect }}"{{ if $statement.actions }}, - "Action": {{ toJson $statement.actions }}{{end}}{{ if $statement.resources }}, - "Resource": {{ toJson $statement.resources }}{{end}}{{ if $statement.condition }}, - "Condition": {{ toJson $statement.condition }}{{end}} - }{{ if lt $i $statementsLength }},{{end }} - {{- end }} - ] - } - {{- end }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/provisioning-job.yaml b/charts/testkube-enterprise/charts/minio/templates/provisioning-job.yaml deleted file mode 100644 index 785bcaf62..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/provisioning-job.yaml +++ /dev/null @@ -1,345 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.provisioning.enabled }} -{{- $fullname := printf "%s-provisioning" (include "common.names.fullname" .) }} -{{- $minioAlias := "provisioning" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ $fullname }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/component: minio-provisioning - annotations: - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.provisioning.cleanupAfterFinished.enabled }} - ttlSecondsAfterFinished: {{ .Values.provisioning.cleanupAfterFinished.seconds }} - {{- end }} - parallelism: 1 - template: - metadata: - labels: {{- include "minio.labels.provisioning" . | nindent 8 }} - app.kubernetes.io/component: minio-provisioning - {{- if .Values.provisioning.podAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.provisioning.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "minio.imagePullSecrets" . | nindent 6 }} - {{- if .Values.provisioning.schedulerName }} - schedulerName: {{ .Values.provisioning.schedulerName }} - {{- end }} - restartPolicy: OnFailure - terminationGracePeriodSeconds: 0 - {{- if .Values.provisioning.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.provisioning.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "minio.serviceAccountName" . }} - initContainers: - - name: wait-for-available-minio - image: {{ include "minio.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.provisioning.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.provisioning.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - command: - - /bin/bash - - -c - - |- - set -e; - echo "Waiting for Minio"; - wait-for-port \ - --host={{ include "common.names.fullname" . }} \ - --state=inuse \ - --timeout=120 \ - {{ .Values.service.ports.api | int64 }}; - echo "Minio is available"; - {{- if .Values.provisioning.resources }} - resources: {{- toYaml .Values.provisioning.resources | nindent 12 }} - {{- else if ne .Values.provisioning.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.provisioning.resourcesPreset) | nindent 12 }} - {{- end }} - containers: - - name: minio - image: {{ include "minio.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.provisioning.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.provisioning.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.provisioning.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - >- - set -e; - echo "Start Minio provisioning"; - - function attachPolicy() { - local tmp=$(mc admin $1 info {{ $minioAlias }} $2 | sed -n -e 's/^Policy.*: \(.*\)$/\1/p'); - IFS=',' read -r -a CURRENT_POLICIES <<< "$tmp"; - if [[ ! "${CURRENT_POLICIES[*]}" =~ "$3" ]]; then - mc admin policy attach {{ $minioAlias }} $3 --$1=$2; - fi; - }; - - function detachDanglingPolicies() { - local tmp=$(mc admin $1 info {{ $minioAlias }} $2 | sed -n -e 's/^Policy.*: \(.*\)$/\1/p'); - IFS=',' read -r -a CURRENT_POLICIES <<< "$tmp"; - IFS=',' read -r -a DESIRED_POLICIES <<< "$3"; - for current in "${CURRENT_POLICIES[@]}"; do - if [[ ! "${DESIRED_POLICIES[*]}" =~ "${current}" ]]; then - mc admin policy detach {{ $minioAlias }} $current --$1=$2; - fi; - done; - } - - function addUsersFromFile() { - local username=$(grep -oP '^username=\K.+' $1); - local password=$(grep -oP '^password=\K.+' $1); - local disabled=$(grep -oP '^disabled=\K.+' $1); - local policies_list=$(grep -oP '^policies=\K.+' $1); - local set_policies=$(grep -oP '^setPolicies=\K.+' $1); - - mc admin user add {{ $minioAlias }} "${username}" "${password}"; - - IFS=',' read -r -a POLICIES <<< "${policies_list}"; - for policy in "${POLICIES[@]}"; do - attachPolicy user "${username}" "${policy}"; - done; - if [ "${set_policies}" == "true" ]; then - detachDanglingPolicies user "${username}" "${policies_list}"; - fi; - - local user_status="enable"; - if [[ "${disabled}" != "" && "${disabled,,}" == "true" ]]; then - user_status="disable"; - fi; - - mc admin user "${user_status}" {{ $minioAlias }} "${username}"; - }; - - {{- $minioUrl := printf "$MINIO_SCHEME://%s:%d" (include "common.names.fullname" .) (.Values.service.ports.api | int) }} - {{- $minioRootUser := ternary ("$(<$MINIO_ROOT_USER_FILE)") ("$MINIO_ROOT_USER") (.Values.auth.useCredentialsFiles) }} - {{- $minioRootPassword := ternary ("$(<$MINIO_ROOT_PASSWORD_FILE)") ("$MINIO_ROOT_PASSWORD") (.Values.auth.useCredentialsFiles) }} - mc alias set {{ $minioAlias }} {{ $minioUrl }} {{ $minioRootUser }} {{ $minioRootPassword }}; - - {{- range $config := .Values.provisioning.config }} - {{- $options := list }} - {{- range $name, $value := $config.options }} - {{- $options = (printf "%s=%s" $name $value) | append $options }} - {{- end }} - {{- $options := join " " $options }} - mc admin config set {{ $minioAlias }} {{ $config.name }} {{ $options }}; - {{- end }} - - mc admin service restart {{ $minioAlias }}; - - {{- range $policy := .Values.provisioning.policies }} - mc admin policy create {{ $minioAlias }} {{ $policy.name }} /etc/ilm/policy-{{ $policy.name }}.json; - {{- end }} - - {{- range $user := .Values.provisioning.users }} - mc admin user add {{ $minioAlias }} {{ $user.username }} {{ $user.password }}; - {{- range $policy := $user.policies }} - attachPolicy user {{ $user.username }} {{ $policy }}; - {{- end }} - {{- if $user.setPolicies }} - detachDanglingPolicies user {{ $user.username }} "{{ join "," $user.policies }}"; - {{- end }} - {{- $userStatus := ternary ("disable") ("enable") (and (not (empty $user.disabled)) $user.disabled) }} - mc admin user {{ $userStatus }} {{ $minioAlias }} {{ $user.username }}; - {{- end }} - {{- if gt (len .Values.provisioning.usersExistingSecrets) 0 }} - while read -d '' configFile; do - addUsersFromFile "${configFile}"; - done < <(find "/opt/bitnami/minio/users/" -type l -not -name '..data' -print0); - {{- end }} - - {{- range $group := .Values.provisioning.groups }} - mc admin group add {{ $minioAlias }} {{ $group.name }} {{ join " " $group.members }}; - {{- range $policy := $group.policies }} - attachPolicy group {{ $group.name }} {{ $policy }}; - {{- end }} - {{- if $group.setPolicies }} - detachDanglingPolicies group {{ $group.name }} "{{ join "," $group.policies }}"; - {{- end }} - {{- $groupStatus := ternary ("disable") ("enable") (and (not (empty $group.disabled)) $group.disabled) }} - mc admin group {{ $groupStatus }} {{ $minioAlias }} {{ $group.name }}; - {{- end }} - - {{- range $bucket := .Values.provisioning.buckets }} - {{- $target := printf "%s/%s" $minioAlias $bucket.name }} - {{- $region := ternary (printf "--region=%s" $bucket.region) ("") (not (empty $bucket.region)) }} - {{- $withLock := ternary ("--with-lock") ("") (and (not (empty $bucket.withLock)) $bucket.withLock) }} - mc mb {{ $target }} --ignore-existing {{ $region }} {{ $withLock }}; - - {{- if $bucket.lifecycle }} - mc ilm import {{ $minioAlias }}/{{ $bucket.name }} < /etc/ilm/bucket-{{ $bucket.name }}.json; - {{- end }} - - {{- with $bucket.quota }} - {{- if eq .type "hard" }} - mc quota set {{ $minioAlias }}/{{ $bucket.name }} {{ if .size }}--size {{ .size }}{{ end }}; - {{- else }} - mc quota {{ .type }} {{ $minioAlias }}/{{ $bucket.name }} {{ if .size }}--size {{ .size }}{{ end }}; - {{- end }} - {{- end }} - - {{- if (or ((empty $bucket.withLock)) (not $bucket.withLock)) }} - {{- $versioning := default "Suspended" $bucket.versioning }} - {{- if kindIs "bool" $bucket.versioning }} - {{- $versioning = ternary "Versioned" "Suspended" $bucket.versioning }} - {{- end }} - {{- if eq $versioning "Versioned" }} - mc version enable {{ $minioAlias }}/{{ $bucket.name }}; - {{- else if eq $versioning "Suspended" }} - mc version suspend {{ $minioAlias }}/{{ $bucket.name }}; - {{- else if ne $versioning "Unchanged" }} - {{- fail (printf "Invalid value '%s' for versioning of bucket '%s'" $versioning $bucket.name) }} - {{- end }} - {{- end }} - - {{- if $bucket.tags }} - {{- $target := printf "%s/%s" $minioAlias $bucket.name }} - {{- $tags := list }} - {{- range $name, $value := $bucket.tags }} - {{- $tags = (printf "%s=%s" $name $value) | append $tags }} - {{- end }} - {{- $tags = join "&" $tags | quote }} - mc tag set {{ $target }} {{ $tags }}; - {{- end }} - {{- end }} - - {{- if .Values.provisioning.extraCommands }} - {{ join ";" .Values.provisioning.extraCommands | nindent 14 }}; - {{- end }} - - echo "End Minio provisioning"; - {{- end }} - {{- if .Values.provisioning.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: MINIO_SCHEME - value: {{ ternary "https" "http" .Values.tls.enabled | quote }} - {{- if .Values.auth.useCredentialsFiles }} - - name: MINIO_ROOT_USER_FILE - value: "/opt/bitnami/minio/secrets/root-user" - - name: MINIO_ROOT_PASSWORD_FILE - value: "/opt/bitnami/minio/secrets/root-password" - {{- else }} - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ include "minio.secretName" . }} - key: {{ include "minio.rootUserKey" . }} - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "minio.secretName" . }} - key: {{ include "minio.rootPasswordKey" . }} - {{- end }} - {{- if .Values.tls.mountPath }} - - name: MINIO_CERTS_DIR - value: {{ .Values.tls.mountPath | quote }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.provisioning.resources }} - resources: {{- toYaml .Values.provisioning.resources | nindent 12 }} - {{- else if ne .Values.provisioning.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.provisioning.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /.mc - subPath: app-mc-dir - - name: empty-dir - mountPath: /opt/bitnami/minio/tmp - subPath: app-tmp-dir - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- if .Values.provisioning.enabled }} - - name: minio-provisioning - mountPath: /etc/ilm - {{- end }} - {{- if .Values.auth.useCredentialsFiles }} - - name: minio-credentials - mountPath: /opt/bitnami/minio/secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: minio-certs - mountPath: {{ default "/certs" .Values.tls.mountPath }} - - name: minio-client-certs - mountPath: /.mc/certs - {{- end }} - {{- range $idx, $_ := .Values.provisioning.usersExistingSecrets }} - - name: {{ printf "users-secret-%d" $idx }} - mountPath: /opt/bitnami/minio/users/{{ $idx }}/ - {{- end }} - {{- if .Values.provisioning.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.provisioning.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.nodeSelector "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - {{- if .Values.provisioning.enabled }} - - name: minio-provisioning - configMap: - name: {{ $fullname }} - {{- end }} - {{- if .Values.auth.useCredentialsFiles }} - - name: minio-credentials - secret: - secretName: {{ include "minio.secretName" . }} - {{- end }} - {{- range $idx, $userSecret := .Values.provisioning.usersExistingSecrets }} - - name: {{ printf "users-secret-%d" $idx }} - secret: - secretName: {{ $userSecret }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: minio-certs - secret: - secretName: {{ include "minio.tlsSecretName" . }} - items: - - key: tls.crt - path: public.crt - - key: tls.key - path: private.key - - key: ca.crt - path: CAs/public.crt - - name: minio-client-certs - secret: - secretName: {{ include "minio.tlsSecretName" . }} - items: - - key: ca.crt - path: CAs/public.crt - {{- end }} - {{- if .Values.provisioning.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.provisioning.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/provisioning-networkpolicy.yaml b/charts/testkube-enterprise/charts/minio/templates/provisioning-networkpolicy.yaml deleted file mode 100644 index ea9fb4a1c..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/provisioning-networkpolicy.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if and .Values.provisioning.enabled .Values.provisioning.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ printf "%s-provisioning" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - podSelector: - matchLabels: - app.kubernetes.io/component: minio-provisioning - policyTypes: - - Ingress - - Egress - {{- if .Values.provisioning.networkPolicy.allowExternalEgress }} - egress: - - {} - {{- else }} - egress: - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - # Allow outbound connections to other cluster pods - - ports: - - port: {{ .Values.containerPorts.api }} - - port: {{ .Values.containerPorts.console }} - - port: {{ .Values.service.ports.api }} - - port: {{ .Values.service.ports.console }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} - {{- if .Values.provisioning.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dataCoord.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - {{- if .Values.provisioning.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.initJob.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/pvc.yaml b/charts/testkube-enterprise/charts/minio/templates/pvc.yaml deleted file mode 100644 index 33e672767..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/pvc.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (include "minio.createPVC" .) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.persistence.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/secrets.yaml b/charts/testkube-enterprise/charts/minio/templates/secrets.yaml deleted file mode 100644 index c72933bfd..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/secrets.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (include "minio.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - root-user: {{ include "minio.secret.userValue" . | b64enc | quote }} - root-password: {{ include "minio.secret.passwordValue" . | b64enc | quote }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/service.yaml b/charts/testkube-enterprise/charts/minio/templates/service.yaml deleted file mode 100644 index ade92d124..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/service.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{ end }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: minio-api - port: {{ .Values.service.ports.api }} - targetPort: minio-api - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.api)) }} - nodePort: {{ .Values.service.nodePorts.api }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: minio-console - port: {{ .Values.service.ports.console }} - targetPort: minio-console - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.console)) }} - nodePort: {{ .Values.service.nodePorts.console }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} diff --git a/charts/testkube-enterprise/charts/minio/templates/serviceaccount.yaml b/charts/testkube-enterprise/charts/minio/templates/serviceaccount.yaml deleted file mode 100644 index ac3f4637a..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "minio.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} - annotations: {{- include "common.tplvalues.render" (dict "value" $annotations "context" $) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -secrets: - - name: {{ include "common.names.fullname" . }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/servicemonitor.yaml b/charts/testkube-enterprise/charts/minio/templates/servicemonitor.yaml deleted file mode 100644 index 927a2252e..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/servicemonitor.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.metrics.serviceMonitor.enabled }} -{{- $releaseNamespace := default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace }} -apiVersion: {{ default "monitoring.coreos.com/v1" .Values.metrics.serviceMonitor.apiVersion }} -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ $releaseNamespace | quote }} - {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - {{- /* Backward Compatibility for .Values.metrics.serviceMonitor.path */}} - {{- $paths := list }} - {{- if (.Values.metrics.serviceMonitor.paths | empty | not) }} - {{- $paths = .Values.metrics.serviceMonitor.paths }} - {{- end }} - {{- if (.Values.metrics.serviceMonitor.path | empty | not) }} - {{- $paths = prepend $paths .Values.metrics.serviceMonitor.path }} - {{- end }} - {{- range $idx, $path := ($paths | uniq) }} - {{- with $ }} - - port: minio-api - path: {{ $path }} - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - scheme: https - {{- end }} - {{- if .Values.metrics.serviceMonitor.tlsConfig }} - tlsConfig: {{- toYaml .Values.metrics.serviceMonitor.tlsConfig | nindent 8 }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "common.names.namespace" . | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/standalone/deployment.yaml b/charts/testkube-enterprise/charts/minio/templates/standalone/deployment.yaml deleted file mode 100644 index daeccb8ac..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/standalone/deployment.yaml +++ /dev/null @@ -1,279 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if (eq .Values.mode "standalone") }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} - selector: - matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} - {{- if .Values.deployment.updateStrategy }} - strategy: {{- toYaml .Values.deployment.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} - {{- if or .Values.podAnnotations (include "minio.createSecret" .) }} - annotations: - {{- if (include "minio.createSecret" .) }} - checksum/credentials-secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "minio.imagePullSecrets" . | nindent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName }} - {{- end }} - serviceAccountName: {{ template "minio.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "customLabels" $podLabels "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.runtimeClassName }} - runtimeClassName: {{ .Values.runtimeClassName | quote }} - {{- end}} - automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- end }} - {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ template "minio.volumePermissions.image" . }} - imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- end }} - containers: - - name: minio - image: {{ include "minio.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: MINIO_SCHEME - value: {{ ternary "https" "http" .Values.tls.enabled | quote }} - - name: MINIO_FORCE_NEW_KEYS - value: {{ ternary "yes" "no" .Values.auth.forceNewKeys | quote }} - - name: MINIO_API_PORT_NUMBER - value: {{ .Values.containerPorts.api | quote }} - {{- if .Values.auth.useCredentialsFiles }} - - name: MINIO_ROOT_USER_FILE - value: "/opt/bitnami/minio/secrets/root-user" - - name: MINIO_ROOT_PASSWORD_FILE - value: "/opt/bitnami/minio/secrets/root-password" - {{- else }} - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ include "minio.secretName" . }} - key: {{ include "minio.rootUserKey" . }} - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "minio.secretName" . }} - key: {{ include "minio.rootPasswordKey" . }} - {{- end }} - {{- if .Values.defaultBuckets }} - - name: MINIO_DEFAULT_BUCKETS - value: {{ .Values.defaultBuckets }} - {{- end }} - - name: MINIO_BROWSER - value: {{ ternary "off" "on" .Values.disableWebUI | quote }} - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: {{ .Values.metrics.prometheusAuthType | quote }} - - name: MINIO_CONSOLE_PORT_NUMBER - value: {{ .Values.containerPorts.console | quote }} - {{- if .Values.tls.mountPath }} - - name: MINIO_CERTS_DIR - value: {{ .Values.tls.mountPath | quote }} - {{- end }} - {{- if .Values.persistence.mountPath }} - - name: MINIO_DATA_DIR - value: {{ .Values.persistence.mountPath | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: minio-api - containerPort: {{ .Values.containerPorts.api }} - protocol: TCP - - name: minio-console - containerPort: {{ .Values.containerPorts.console }} - protocol: TCP - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /minio/health/live - port: minio-api - scheme: {{ ternary "HTTPS" "HTTP" .Values.tls.enabled | quote }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: minio-api - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.startupProbe.enabled }} - startupProbe: - tcpSocket: - port: minio-console - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- else if ne .Values.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: empty-dir - mountPath: /opt/bitnami/minio/tmp - subPath: app-tmp-dir - - name: empty-dir - mountPath: /.mc - subPath: app-mc-dir - {{- if and .Values.auth.useSecret .Values.auth.useCredentialsFiles }} - mountPath: /opt/bitnami/minio/secrets/ - {{- end }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.tls.enabled }} - - name: minio-certs - mountPath: {{ default "/certs" .Values.tls.mountPath }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: empty-dir - emptyDir: {} - {{- if and .Values.auth.useSecret .Values.auth.useCredentialsFiles }} - - name: minio-credentials - secret: - secretName: {{ include "minio.secretName" . }} - {{- end }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "minio.claimName" . }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: minio-certs - secret: - secretName: {{ include "minio.tlsSecretName" . }} - items: - - key: tls.crt - path: public.crt - - key: tls.key - path: private.key - - key: ca.crt - path: CAs/public.crt - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/templates/tls-secrets.yaml b/charts/testkube-enterprise/charts/minio/templates/tls-secrets.yaml deleted file mode 100644 index 765664a10..000000000 --- a/charts/testkube-enterprise/charts/minio/templates/tls-secrets.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- /* -Copyright Broadcom, Inc. All Rights Reserved. -SPDX-License-Identifier: APACHE-2.0 -*/}} - -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ include "common.names.namespace" $ | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} -{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} -{{- $ca := genCA "minio-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} - tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} - ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} -{{- end }} -{{- end }} -{{- if (include "minio.createTlsSecret" .) }} -{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} -{{- $ca := genCA "minio-ca" 365 }} -{{- $releaseNamespace := include "common.names.namespace" . }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $fullname := include "common.names.fullname" . }} -{{- $serviceName := include "common.names.fullname" . }} -{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} -{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} -{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} - tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} - ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} -{{- end }} diff --git a/charts/testkube-enterprise/charts/minio/values.yaml b/charts/testkube-enterprise/charts/minio/values.yaml deleted file mode 100644 index ace057b87..000000000 --- a/charts/testkube-enterprise/charts/minio/values.yaml +++ /dev/null @@ -1,1260 +0,0 @@ -# Copyright Broadcom, Inc. All Rights Reserved. -# SPDX-License-Identifier: APACHE-2.0 - -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## e.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - ## Compatibility adaptations for Kubernetes platforms - ## - compatibility: - ## Compatibility adaptations for Openshift - ## - openshift: - ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) - ## - adaptSecurityContext: auto -## @section Common parameters - -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param clusterDomain Default Kubernetes cluster domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## @section MinIO® parameters - -## Bitnami MinIO® image version -## ref: https://hub.docker.com/r/bitnami/minio/tags/ -## @param image.registry [default: REGISTRY_NAME] MinIO® image registry -## @param image.repository [default: REPOSITORY_NAME/minio] MinIO® image repository -## @skip image.tag MinIO® image tag (immutable tags are recommended) -## @param image.digest MinIO® image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy Image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/minio - tag: 2024.6.29-debian-12-r0 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## Bitnami MinIO® Client image version -## ref: https://hub.docker.com/r/bitnami/minio-client/tags/ -## @param clientImage.registry [default: REGISTRY_NAME] MinIO® Client image registry -## @param clientImage.repository [default: REPOSITORY_NAME/minio-client] MinIO® Client image repository -## @skip clientImage.tag MinIO® Client image tag (immutable tags are recommended) -## @param clientImage.digest MinIO® Client image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## -clientImage: - registry: docker.io - repository: bitnami/minio-client - tag: 2024.6.24-debian-12-r1 - digest: "" -## @param mode MinIO® server mode (`standalone` or `distributed`) -## ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide -## -mode: standalone -## MinIO® authentication parameters -## -auth: - ## @param auth.rootUser MinIO® root username - ## - rootUser: admin - ## @param auth.rootPassword Password for MinIO® root user - ## - rootPassword: "" - ## @param auth.existingSecret Use existing secret for credentials details (`auth.rootUser` and `auth.rootPassword` will be ignored and picked up from this secret). - ## - existingSecret: "" - ## @param auth.rootUserSecretKey Key where the MINIO_ROOT_USER username is being stored inside the existing secret `auth.existingSecret` - ## - rootUserSecretKey: "" - ## @param auth.rootPasswordSecretKey Key where the MINIO_ROOT_USER password is being stored inside the existing secret `auth.existingSecret` - ## - rootPasswordSecretKey: "" - ## @param auth.forcePassword Force users to specify required passwords - ## - forcePassword: false - ## @param auth.useCredentialsFiles Mount credentials as a files instead of using an environment variable - ## - useCredentialsFiles: false - ## @param auth.useSecret Uses a secret to mount the credential files. - ## - useSecret: true - ## @param auth.forceNewKeys Force root credentials (user and password) to be reconfigured every time they change in the secrets - ## - forceNewKeys: false -## @param defaultBuckets Comma, semi-colon or space separated list of buckets to create at initialization (only in standalone mode) -## e.g: -## defaultBuckets: "my-bucket, my-second-bucket" -## -defaultBuckets: "" -## @param disableWebUI Disable MinIO® Web UI -## ref: https://github.com/minio/minio/tree/master/docs/config/#browser -## -disableWebUI: false -## Enable tls in front of MinIO® containers. -## -tls: - ## @param tls.enabled Enable tls in front of the container - ## - enabled: false - ## @param tls.autoGenerated Generate automatically self-signed TLS certificates - ## - autoGenerated: false - ## @param tls.existingSecret Name of an existing secret holding the certificate information - ## - existingSecret: "" - ## @param tls.mountPath The mount path where the secret will be located - ## Custom mount path where the certificates will be located, if empty will default to /certs - mountPath: "" -## @param extraEnvVars Extra environment variables to be set on MinIO® container -## e.g: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap with extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret with extra environment variables -## -extraEnvVarsSecret: "" -## @param command Default container command (useful when using custom images). Use array form -## -command: [] -## @param args Default container args (useful when using custom images). Use array form -## -args: [] -## @section MinIO® deployment/statefulset parameters - -## @param schedulerName Specifies the schedulerName, if it's nil uses kube-scheduler -## https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param terminationGracePeriodSeconds In seconds, time the given to the MinIO pod needs to terminate gracefully -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods -## -terminationGracePeriodSeconds: "" -## MinIO® deployment parameters -## Only when 'mode' is 'standalone' -## -deployment: - ## @param deployment.updateStrategy.type Deployment strategy type - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## e.g: - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: Recreate -## MinIO® statefulset parameters -## Only when mode is 'distributed' -## -statefulset: - ## @param statefulset.updateStrategy.type StatefulSet strategy type - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## e.g: - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: RollingUpdate - ## @param statefulset.podManagementPolicy StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel - ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy - ## - podManagementPolicy: Parallel - ## @param statefulset.replicaCount Number of pods per zone (only for MinIO® distributed mode). Should be even and `>= 4` - ## - replicaCount: 4 - ## @param statefulset.zones Number of zones (only for MinIO® distributed mode) - ## - zones: 1 - ## @param statefulset.drivesPerNode Number of drives attached to every node (only for MinIO® distributed mode) - ## - drivesPerNode: 1 -## MinIO® provisioning -## -provisioning: - ## @param provisioning.enabled Enable MinIO® provisioning Job - ## - enabled: false - ## @param provisioning.schedulerName Name of the k8s scheduler (other than default) for MinIO® provisioning - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param provisioning.nodeSelector Node labels for pod assignment. Evaluated as a template. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/ - ## - nodeSelector: {} - ## @param provisioning.podLabels Extra labels for provisioning pods - ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param provisioning.podAnnotations Provisioning Pod annotations. - ## - podAnnotations: {} - ## @param provisioning.command Default provisioning container command (useful when using custom images). Use array form - ## - command: [] - ## @param provisioning.args Default provisioning container args (useful when using custom images). Use array form - ## - args: [] - ## @param provisioning.extraCommands Optionally specify extra list of additional commands for MinIO® provisioning pod - ## - extraCommands: [] - ## @param provisioning.extraVolumes Optionally specify extra list of additional volumes for MinIO® provisioning pod - ## - extraVolumes: [] - ## @param provisioning.extraVolumeMounts Optionally specify extra list of additional volumeMounts for MinIO® provisioning container - ## - extraVolumeMounts: [] - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param provisioning.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if provisioning.resources is set (provisioning.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param provisioning.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## @param provisioning.policies MinIO® policies provisioning - ## https://docs.min.io/docs/minio-admin-complete-guide.html#policy - ## e.g. - ## policies: - ## - name: custom-bucket-specific-policy - ## statements: - ## - resources: - ## - "arn:aws:s3:::my-bucket" - ## actions: - ## - "s3:GetBucketLocation" - ## - "s3:ListBucket" - ## - "s3:ListBucketMultipartUploads" - ## - resources: - ## - "arn:aws:s3:::my-bucket/*" - ## # Allowed values: "Allow" | "Deny" - ## # Defaults to "Deny" if not specified - ## effect: "Allow" - ## actions: - ## - "s3:AbortMultipartUpload" - ## - "s3:DeleteObject" - ## - "s3:GetObject" - ## - "s3:ListMultipartUploadParts" - ## - "s3:PutObject" - ## condition: - ## StringLike: - ## "s3:prefix": - ## - "${aws:username}/*" - policies: [] - ## @param provisioning.users MinIO® users provisioning. Can be used in addition to provisioning.usersExistingSecrets. - ## https://docs.min.io/docs/minio-admin-complete-guide.html#user - ## e.g. - ## users: - ## - username: test-username - ## password: test-password - ## disabled: false - ## policies: - ## - readwrite - ## - consoleAdmin - ## - diagnostics - ## # When set to true, it will replace all policies with the specified. - ## # When false, the policies will be added to the existing. - ## setPolicies: false - users: [] - ## @param provisioning.usersExistingSecrets Array if existing secrets containing MinIO® users to be provisioned. Can be used in addition to provisioning.users. - ## https://docs.min.io/docs/minio-admin-complete-guide.html#user - ## - ## Instead of configuring users inside values.yaml, referring to existing Kubernetes secrets containing user - ## configurations is possible. - ## e.g. - ## usersExistingSecrets: - ## - centralized-minio-users - ## - ## All provided Kubernetes secrets require a specific data structure. The same data from the provisioning.users example above - ## can be defined via secrets with the following data structure. The secret keys have no meaning to the provisioning job except that - ## they are used as filenames. - ## ## apiVersion: v1 - ## ## kind: Secret - ## ## metadata: - ## ## name: centralized-minio-users - ## ## type: Opaque - ## ## stringData: - ## ## username1: | - ## ## username=test-username - ## ## password=test-password - ## ## disabled=false - ## ## policies=readwrite,consoleAdmin,diagnostics - ## ## setPolicies=false - usersExistingSecrets: [] - ## @param provisioning.groups MinIO® groups provisioning - ## https://docs.min.io/docs/minio-admin-complete-guide.html#group - ## e.g. - ## groups - ## - name: test-group - ## disabled: false - ## members: - ## - test-username - ## policies: - ## - readwrite - ## # When set to true, it will replace all policies with the specified. - ## # When false, the policies will be added to the existing. - ## setPolicies: false - groups: [] - ## @param provisioning.buckets MinIO® buckets, versioning, lifecycle, quota and tags provisioning - ## Buckets https://docs.min.io/docs/minio-client-complete-guide.html#mb - ## Lifecycle https://docs.min.io/docs/minio-client-complete-guide.html#ilm - ## Quotas https://docs.min.io/docs/minio-admin-complete-guide.html#bucket - ## Tags https://docs.min.io/docs/minio-client-complete-guide.html#tag - ## Versioning https://docs.min.io/docs/minio-client-complete-guide.html#version - ## e.g. - ## buckets: - ## - name: test-bucket - ## region: us-east-1 - ## # Only when mode is 'distributed' - ## # Allowed values: "Versioned" | "Suspended" | "Unchanged" - ## # Defaults to "Suspended" if not specified. - ## # For compatibility, accepts boolean values as well, where true maps - ## # to "Versioned" and false to "Suspended". - ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide - ## versioning: Suspended - ## # Versioning is automatically enabled if withLock is true - ## # ref: https://docs.min.io/docs/minio-bucket-versioning-guide.html - ## withLock: true - ## # Only when mode is 'distributed' - ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide - ## lifecycle: - ## - id: TestPrefix7dRetention - ## prefix: test-prefix - ## disabled: false - ## expiry: - ## days: 7 - ## # Days !OR! date - ## # date: "2021-11-11T00:00:00Z" - ## nonconcurrentDays: 3 - ## # Only when mode is 'distributed' - ## # ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide - ## quota: - ## # set (hard still works as an alias but is deprecated) or clear(+ omit size) - ## type: set - ## size: 10GiB - ## tags: - ## key1: value1 - buckets: [] - ## @param provisioning.config MinIO® config provisioning - ## https://docs.min.io/docs/minio-server-configuration-guide.html - ## e.g. - ## config: - ## - name: region - ## options: - ## name: us-east-1 - config: [] - ## MinIO® pod Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param provisioning.podSecurityContext.enabled Enable pod Security Context - ## @param provisioning.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy - ## @param provisioning.podSecurityContext.sysctls Set kernel settings using the sysctl interface - ## @param provisioning.podSecurityContext.supplementalGroups Set filesystem extra groups - ## @param provisioning.podSecurityContext.fsGroup Group ID for the container - ## - podSecurityContext: - enabled: true - fsGroupChangePolicy: Always - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - ## MinIO® container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param provisioning.containerSecurityContext.enabled Enabled containers' Security Context - ## @param provisioning.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param provisioning.containerSecurityContext.runAsUser Set containers' Security Context runAsUser - ## @param provisioning.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup - ## @param provisioning.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot - ## @param provisioning.containerSecurityContext.privileged Set container's Security Context privileged - ## @param provisioning.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem - ## @param provisioning.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation - ## @param provisioning.containerSecurityContext.capabilities.drop List of capabilities to be dropped - ## @param provisioning.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile - ## - containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" - ## Automatic Cleanup for Finished Jobs - ## @param provisioning.cleanupAfterFinished.enabled Enables Cleanup for Finished Jobs - ## @param provisioning.cleanupAfterFinished.seconds Sets the value of ttlSecondsAfterFinished - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/ - ## - cleanupAfterFinished: - enabled: false - seconds: 600 - ## Network Policy configuration - ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - ## - networkPolicy: - ## @param provisioning.networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: true - ## @param provisioning.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param provisioning.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraIngress: [] - ## @param provisioning.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] -## @param automountServiceAccountToken Mount Service Account token in pod -## -automountServiceAccountToken: false -## @param hostAliases MinIO® pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param containerPorts.api MinIO® container port to open for MinIO® API -## @param containerPorts.console MinIO® container port to open for MinIO® Console -## -containerPorts: - api: 9000 - console: 9001 -## MinIO® pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable pod Security Context -## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface -## @param podSecurityContext.supplementalGroups Set filesystem extra groups -## @param podSecurityContext.fsGroup Group ID for the container -## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy -## @param podSecurityContext.sysctls Set kernel settings using the sysctl interface -## @param podSecurityContext.supplementalGroups Set filesystem extra groups -## @param podSecurityContext.fsGroupChangePolicy When K8s should preform chown on attached volumes -## -podSecurityContext: - enabled: true - sysctls: [] - supplementalGroups: [] - fsGroup: 1001 - fsGroupChangePolicy: "OnRootMismatch" -## MinIO® container Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled containers' Security Context -## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container -## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser -## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup -## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot -## @param containerSecurityContext.privileged Set container's Security Context privileged -## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem -## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation -## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped -## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile -## -containerSecurityContext: - enabled: true - seLinuxOptions: {} - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - privileged: false - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - seccompProfile: - type: "RuntimeDefault" -## @param podLabels Extra labels for MinIO® pods -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Annotations for MinIO® pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param topologySpreadConstraints Topology Spread Constraints for MinIO® pods assignment spread across your cluster among failure-domains -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods -## -topologySpreadConstraints: [] -## @param priorityClassName MinIO® pods' priorityClassName -## -priorityClassName: "" -## @param runtimeClassName Name of the runtime class to be used by MinIO® pods' -## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ -## -runtimeClassName: "" -## MinIO® containers' resource requests and limits -## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). -## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 -## -resourcesPreset: "micro" -## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) -## Example: -## resources: -## requests: -## cpu: 2 -## memory: 512Mi -## limits: -## cpu: 3 -## memory: 1024Mi -## -resources: {} -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 -## Configure extra options for startupProbe probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 60 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param customStartupProbe Override default startup probe -## -customStartupProbe: {} -## @param lifecycleHooks for the MinIO® container(s) to automate configuration before or after startup -## -lifecycleHooks: {} -## @param extraVolumes Optionally specify extra list of additional volumes for MinIO® pods -## -extraVolumes: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for MinIO® container(s) -## -extraVolumeMounts: [] -## @param initContainers Add additional init containers to the MinIO® pods -## e.g: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Add additional sidecar containers to the MinIO® pods -## e.g: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @section Traffic exposure parameters - -## MinIO® Service properties -## -service: - ## @param service.type MinIO® service type - ## - type: ClusterIP - ## @param service.ports.api MinIO® API service port - ## @param service.ports.console MinIO® Console service port - ## - ports: - api: 9000 - console: 9001 - ## @param service.nodePorts.api Specify the MinIO® API nodePort value for the LoadBalancer and NodePort service types - ## @param service.nodePorts.console Specify the MinIO® Console nodePort value for the LoadBalancer and NodePort service types - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - api: "" - console: "" - ## @param service.clusterIP Service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param service.annotations Annotations for MinIO® service - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - ## Headless service properties - ## - headless: - ## @param service.headless.annotations Annotations for the headless service. - ## - annotations: {} -## Configure the ingress resource that allows you to access the -## MinIO® Console. Set up the URL -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource for MinIO Console - ## - enabled: false - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: minio.local - ## @param ingress.path The Path to MinIO®. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.servicePort Service port to be used - ## Default is http. Alternative is https. - ## - servicePort: minio-console - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Rely on cert-manager to create it by setting the corresponding annotations - ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## e.g: - ## extraHosts: - ## - name: minio.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional paths that may need to be added to the ingress under the main host - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - minio.local - ## secretName: minio.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate are expected in PEM format - ## name should line up with a secretName set further up - ## - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - ## Example - ## secrets: - ## - name: minio.local-tls - ## key: "" - ## certificate: "" - ## - secrets: [] - ## @param ingress.extraRules Additional rules to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - ## e.g: - ## extraRules: - ## - host: example.local - ## http: - ## path: / - ## backend: - ## service: - ## name: example-svc - ## port: - ## name: http - ## - extraRules: [] -## Configure the ingress resource that allows you to access the -## MinIO® API. Set up the URL -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## -apiIngress: - ## @param apiIngress.enabled Enable ingress controller resource for MinIO API - ## - enabled: false - ## @param apiIngress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param apiIngress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param apiIngress.hostname Default host for the ingress resource - ## - hostname: minio.local - ## @param apiIngress.path The Path to MinIO®. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param apiIngress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param apiIngress.servicePort Service port to be used - ## Default is http. Alternative is https. - ## - servicePort: minio-api - ## @param apiIngress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: {} - ## @param apiIngress.tls Enable TLS configuration for the hostname defined at `apiIngress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.apiIngress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Rely on cert-manager to create it by setting the corresponding annotations - ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: false - ## @param apiIngress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param apiIngress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## e.g: - ## extraHosts: - ## - name: minio.local - ## path: / - ## - extraHosts: [] - ## @param apiIngress.extraPaths Any additional paths that may need to be added to the ingress under the main host - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param apiIngress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - minio.local - ## secretName: minio.local-tls - ## - extraTls: [] - ## @param apiIngress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate are expected in PEM format - ## name should line up with a secretName set further up - ## - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - ## Example - ## secrets: - ## - name: minio.local-tls - ## key: "" - ## certificate: "" - ## - secrets: [] - ## @param apiIngress.extraRules Additional rules to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules - ## e.g: - ## extraRules: - ## - host: example.local - ## http: - ## path: / - ## backend: - ## service: - ## name: example-svc - ## port: - ## name: http - ## - extraRules: [] -## Network Policy configuration -## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: true - ## @param networkPolicy.allowExternal The Policy model to apply - ## When set to false, only pods with the correct client label will have network access to the ports MinIO is - ## listening on. When true, MinIO will accept connections from any source (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. - ## - allowExternalEgress: true - ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraIngress: [] - ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable MinIO® data persistence using PVC. If false, use emptyDir - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for MinIO® data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.mountPath Data volume mount path - ## - mountPath: /bitnami/minio/data - ## @param persistence.accessModes PVC Access Modes for MinIO® data volume - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for MinIO® data volume - ## - size: 8Gi - ## @param persistence.annotations Annotations for the PVC - ## - annotations: {} - ## @param persistence.existingClaim Name of an existing PVC to use (only in `standalone` mode) - ## - existingClaim: "" -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` - ## - enabled: false - ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry - ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository - ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/os-shell - tag: 12-debian-12-r24 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container' resource requests and limits - ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). - ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 - ## - resourcesPreset: "nano" - ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) - ## Example: - ## resources: - ## requests: - ## cpu: 2 - ## memory: 512Mi - ## limits: - ## cpu: 3 - ## memory: 1024Mi - ## - resources: {} - ## Init container' Security Context - ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser - ## and not the below volumePermissions.containerSecurityContext.runAsUser - ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container - ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container - ## - containerSecurityContext: - seLinuxOptions: {} - runAsUser: 0 -## @section RBAC parameters - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - ## @param serviceAccount.create Enable the creation of a ServiceAccount for MinIO® pods - ## - create: true - ## @param serviceAccount.name Name of the created ServiceAccount - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token - ## - automountServiceAccountToken: false - ## @param serviceAccount.annotations Custom annotations for MinIO® ServiceAccount - ## - annotations: {} -## @section Other parameters - -## MinIO® Pod Disruption Budget configuration in distributed mode. -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - ## @param pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: true - ## @param pdb.minAvailable Minimum number/percentage of pods that must still be available after the eviction - ## - minAvailable: "" - ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable after the eviction - ## - maxUnavailable: "" -## @section Metrics parameters -metrics: - ## @param metrics.prometheusAuthType Authentication mode for Prometheus (`jwt` or `public`) - ## To allow public access without authentication for prometheus metrics set environment as follows. - ## - prometheusAuthType: public - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in - ## - namespace: "" - ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor - ## - labels: {} - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus - ## - jobLabel: "" - ## DEPRECATED metrics.serviceMonitor.path - please use `metrics.serviceMonitor.paths` instead - ## - ## path: /minio/v2/metrics/cluster - ## @param metrics.serviceMonitor.paths HTTP paths to scrape for metrics - ## - paths: - - /minio/v2/metrics/cluster - - /minio/v2/metrics/node - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## e.g: - ## scrapeTimeout: 30s - scrapeTimeout: "" - ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.relabelings Metrics relabelings to add to the scrape endpoint, applied before scraping - ## - relabelings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration - ## - selector: {} - ## @param metrics.serviceMonitor.apiVersion ApiVersion for the serviceMonitor Resource (defaults to "monitoring.coreos.com/v1") - apiVersion: "" - ## @param metrics.serviceMonitor.tlsConfig Additional TLS configuration for metrics endpoint with "https" scheme - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.TLSConfig - tlsConfig: {} - ## Prometheus Operator PrometheusRule configuration - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Create a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) - ## - enabled: false - ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) - ## - namespace: "" - ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.prometheusRule.rules Prometheus Rule definitions - # - alert: minio cluster nodes offline - # annotations: - # summary: "minio cluster nodes offline" - # description: "minio cluster nodes offline, pod {{`{{`}} $labels.pod {{`}}`}} service {{`{{`}} $labels.job {{`}}`}} offline" - # for: 10m - # expr: minio_cluster_nodes_offline_total > 0 - # labels: - # severity: critical - # group: PaaS - ## - rules: []