-
Notifications
You must be signed in to change notification settings - Fork 215
/
minio.yaml
174 lines (172 loc) · 5.82 KB
/
minio.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
{{- if (eq (lower (default "" .Values.global.storage.type)) "minio")}}
apiVersion: apps/v1 # for k8s versions before 1.9.0 use apps/v1beta2 and before 1.8.0 use extensions/v1beta1
kind: StatefulSet
metadata:
# This name uniquely identifies the Deployment
name: airbyte-minio
annotations:
helm.sh/hook: pre-install
helm.sh/hook-weight: "-1"
labels:
{{ include "airbyte.minioLabels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{ include "airbyte.minioSelectorLabels" . | nindent 6 }}
serviceName: airbyte-minio-svc
volumeClaimTemplates:
- metadata:
name: airbyte-minio-pv-claim
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .Values.minio.storage.volumeClaimValue }}
template:
metadata:
labels:
# Label is used as selector in the service.
{{ include "airbyte.minioSelectorLabels" . | nindent 8 }}
spec:
# Refer to the PVC created earlier
securityContext:
fsGroup: 1000
containers:
- name: airbyte-minio
# Pulls the default Minio image from Docker Hub
image: "{{ .Values.minio.image.repository }}:{{ .Values.minio.image.tag }}"
args:
- server
- /storage
env:
# Minio access key and secret key. This must match the S3_ACCESS_KEY_ID and S3_SECRET_ACCESS_KEY declared in /dev/.env.
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-airbyte-secrets
key: DEFAULT_MINIO_ACCESS_KEY
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-airbyte-secrets
key: DEFAULT_MINIO_SECRET_KEY
ports:
- containerPort: 9000
resources:
requests:
memory: "64Mi"
cpu: "100m"
limits:
memory: "128Mi"
cpu: "200m"
# Mount the volume into the pod
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
# uid=1000(airbyte)
runAsUser: 1000
# gid=1000(airbyte)
runAsGroup: 1000
readOnlyRootFilesystem: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: airbyte-minio-pv-claim # must match the volume name, above
mountPath: "/storage"
{{- with .Values.minio.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.minio.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.minio.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: airbyte-minio-svc
labels:
{{ include "airbyte.minioLabels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-install
helm.sh/hook-weight: "-1"
spec:
ports:
- port: 9000
targetPort: 9000
protocol: TCP
selector:
{{ include "airbyte.minioSelectorLabels" . | nindent 4 }}
---
# This pod creates the state-storage bucket in the minio server,
# which the local cloud deployment requires to store its state.
apiVersion: v1
kind: Pod
metadata:
name: airbyte-minio-create-bucket
annotations:
"helm.sh/hook": post-install, post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
spec:
restartPolicy: OnFailure
securityContext:
fsGroup: 1000
containers:
- name: minio-mc
image: airbyte/mc
command: ["/bin/sh", "-c",
"until (/usr/bin/mc config host add myminio $MINIO_ENDPOINT $MINIO_ACCESS_KEY $MINIO_SECRET_KEY) do echo '...waiting...' && sleep 1; done;
/usr/bin/mc mb --ignore-existing myminio/state-storage;
/usr/bin/mc policy set public myminio/state-storage;
/usr/bin/mc mb --ignore-existing myminio/airbyte-dev-logs;
/usr/bin/mc policy set public myminio/airbyte-dev-logs;"]
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
# uid=1000(airbyte)
runAsUser: 1000
# gid=1000(airbyte)
runAsGroup: 1000
readOnlyRootFilesystem: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
env:
{{- if and (eq (lower (default "" .Values.global.storage.type)) "minio") (((.Values.global).storage).minio) }}
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "airbyte.secretStoreName" .Values.global.storage.storageSecretName }}
key: {{ include "airbyte.minioAccessKeyIdSecretKey" .Values.global.storage.minio.accessKeyIdSecretKey }}
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "airbyte.secretStoreName" .Values.global.storage.storageSecretName }}
key: {{ include "airbyte.minioSecretAccessKeySecretKey" .Values.global.storage.minio.secretAccessKeySecretKey }}
{{- else }}
# this is for the internally deployed minio
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-airbyte-secrets
key: DEFAULT_MINIO_ACCESS_KEY
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-airbyte-secrets
key: DEFAULT_MINIO_SECRET_KEY
{{- end }}
- name: MINIO_ENDPOINT
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-airbyte-env
key: MINIO_ENDPOINT
{{- end }}