diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 6ed8c9d..ebce78a 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -4,6 +4,7 @@ on: push: branches: - master + - new-start-args-and-user jobs: publish: @@ -29,18 +30,19 @@ jobs: - uses: imjasonh/setup-crane@v0.3 - - name: Get minio target image - id: imageMinioMirror + name: Get current minio tag + id: imageMinioTag uses: mikefarah/yq@v4.44.1 with: - cmd: yq '.spec.template.spec.containers[0].image' base/minio-statefulset.yaml + cmd: yq '.images[0].newTag | sub("(.*)@.*", "${1}")' base/kustomization.yaml - - name: Get minio official image - id: imageMinioFrom + name: Get current mc tag + id: imageMcTag uses: mikefarah/yq@v4.44.1 with: - cmd: echo ${{ steps.imageMinioMirror.outputs.result }} | sed 's|ghcr.io/yolean|docker.io/minio|' + cmd: yq '.images[0].newTag | sub("(.*)@.*", "${1}")' bucket-create/kustomization.yaml - run: | crane cp docker.io/minio/minio:RELEASE.2022-01-03T18-22-58Z ghcr.io/yolean/minio:RELEASE.2022-01-03T18-22-58Z - crane cp ${{ steps.imageMinioFrom.outputs.result }} ${{ steps.imageMinioMirror.outputs.result }} + crane cp docker.io/minio/minio:${{ steps.imageMinioTag.outputs.result }} ghcr.io/yolean/minio:${{ steps.imageMinioTag.outputs.result }} + crane cp docker.io/minio/mc:${{ steps.imageMcTag.outputs.result }} ghcr.io/yolean/mc:${{ steps.imageMcTag.outputs.result }} diff --git a/base/kustomization.yaml b/base/kustomization.yaml index d3a29ad..673e694 100644 --- a/base/kustomization.yaml +++ b/base/kustomization.yaml @@ -1,6 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +images: +- name: minio/minio + newName: ghcr.io/yolean/minio + newTag: RELEASE.2025-07-18T21-56-31Z@sha256:da0fe26595711d0fb93dd28e24552520f68897195f4a23f5a17ffa9924ec3fac + resources: - minio-hl-svc.yaml - minio-statefulset.yaml diff --git a/base/minio-statefulset.yaml b/base/minio-statefulset.yaml index c011ca4..b581926 100644 --- a/base/minio-statefulset.yaml +++ b/base/minio-statefulset.yaml @@ -19,7 +19,7 @@ spec: spec: containers: - name: minio - image: ghcr.io/yolean/minio:RELEASE.2022-06-03T01-40-53Z + image: minio/minio args: - server env: @@ -27,16 +27,16 @@ spec: value: public - name: MINIO_BROWSER value: "off" - - name: MINIO_ACCESS_KEY + - name: MINIO_ROOT_USER valueFrom: secretKeyRef: name: minio - key: accesskey - - name: MINIO_SECRET_KEY + key: rootuser + - name: MINIO_ROOT_PASSWORD valueFrom: secretKeyRef: name: minio - key: secretkey + key: rootpassword ports: - containerPort: 9000 protocol: TCP diff --git a/blobs-v2-scale-8/kustomization.yaml b/blobs-v2-scale-8/kustomization.yaml deleted file mode 100644 index 83f72b6..0000000 --- a/blobs-v2-scale-8/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -namespace: blobs-v2 -bases: -- ../base -patchesStrategicMerge: -- minio-scale8.yaml diff --git a/blobs-v2-scale-8/minio-scale8.yaml b/blobs-v2-scale-8/minio-scale8.yaml deleted file mode 100644 index 6a30f63..0000000 --- a/blobs-v2-scale-8/minio-scale8.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: minio -spec: - replicas: 8 - template: - spec: - containers: - - name: minio - args: - - server - - http://minio-0.minio-hl-svc.blobs-v2.svc.cluster.local/export - - http://minio-1.minio-hl-svc.blobs-v2.svc.cluster.local/export - - http://minio-2.minio-hl-svc.blobs-v2.svc.cluster.local/export - - http://minio-3.minio-hl-svc.blobs-v2.svc.cluster.local/export - - http://minio-4.minio-hl-svc.blobs-v2.svc.cluster.local/export - - http://minio-5.minio-hl-svc.blobs-v2.svc.cluster.local/export - - http://minio-6.minio-hl-svc.blobs-v2.svc.cluster.local/export - - http://minio-7.minio-hl-svc.blobs-v2.svc.cluster.local/export diff --git a/bucket-create/bucket-create-job.yaml b/bucket-create/bucket-create-job.yaml new file mode 100644 index 0000000..91931a6 --- /dev/null +++ b/bucket-create/bucket-create-job.yaml @@ -0,0 +1,65 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: bucket-create +spec: + template: + metadata: + annotations: + buckets: >- + testbucket001 + public: >- + upload + download + spec: + containers: + - name: mc + image: minio/mc + env: + - name: MINIO_HOST + value: http://minio:9000 + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: minio + key: rootuser + optional: true + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: minio + key: rootpassword + optional: true + - name: SQS_ARN + #value: arn:minio:sqs::_:kafka + - name: BUCKETS + valueFrom: + fieldRef: + fieldPath: metadata.annotations['buckets'] + - name: PUBLIC + valueFrom: + fieldRef: + fieldPath: metadata.annotations['public'] + command: + - /bin/sh + - -cex + - | + [ -n "$MINIO_ROOT_USER" ] || MINIO_ROOT_USER=minioadmin + [ -n "$MINIO_ROOT_PASSWORD" ] || MINIO_ROOT_PASSWORD=minioadmin + mc --no-color config host add minio $MINIO_HOST $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD + for BUCKET in $BUCKETS; do + mc --no-color stat minio/$BUCKET || mc --no-color mb minio/$BUCKET + for POLICY in $PUBLIC; do + if [ "upload" = "$POLICY" ]; then + mc --no-color policy list minio/$BUCKET | grep '/* => writedonly' || \ + mc --no-color policy set upload minio/$BUCKET + fi + if [ "download" = "$POLICY" ]; then + mc --no-color policy list minio/$BUCKET | grep '/* => readonly' || \ + mc --no-color policy set download minio/$BUCKET + fi + done + mc --no-color ls minio/$BUCKET + done + restartPolicy: Never + backoffLimit: 5 diff --git a/bucket-create/kustomization.yaml b/bucket-create/kustomization.yaml new file mode 100644 index 0000000..7337a0a --- /dev/null +++ b/bucket-create/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- bucket-create-job.yaml + +images: +- name: minio/mc + newName: ghcr.io/yolean/mc + newTag: RELEASE.2025-07-16T15-35-03Z@sha256:d5bccfe71e95a34b25d626d86621930342553657e8776833b65ae0bc63cf4928 diff --git a/legacyuser/kustomization.yaml b/legacyuser/kustomization.yaml new file mode 100644 index 0000000..35d5868 --- /dev/null +++ b/legacyuser/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +patchesStrategicMerge: +- minio-legacyuser.yaml diff --git a/legacyuser/minio-legacyuser.yaml b/legacyuser/minio-legacyuser.yaml new file mode 100644 index 0000000..4b87c35 --- /dev/null +++ b/legacyuser/minio-legacyuser.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: minio +spec: + template: + spec: + containers: + - name: minio + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + optional: true + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + optional: true + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: minio + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: minio + key: secretkey diff --git a/scale-1/kustomization.yaml b/scale-8/kustomization.yaml similarity index 72% rename from scale-1/kustomization.yaml rename to scale-8/kustomization.yaml index 62c4c86..787a8c4 100644 --- a/scale-1/kustomization.yaml +++ b/scale-8/kustomization.yaml @@ -3,7 +3,6 @@ kind: Kustomization resources: - ../base -- minio-service.yaml patchesStrategicMerge: -- minio-scale1.yaml +- minio-scale8.yaml diff --git a/scale-8/minio-scale8.yaml b/scale-8/minio-scale8.yaml new file mode 100644 index 0000000..96d25c8 --- /dev/null +++ b/scale-8/minio-scale8.yaml @@ -0,0 +1,18 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: minio +spec: + replicas: 8 # Note, insert N-1 in the expansion below + template: + spec: + containers: + - name: minio + args: + - server + - http://minio-{0...7}.minio-hl-svc.$(POD_NAMESPACE).svc.cluster.local/export + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace diff --git a/standalone/auth-default-insecure.yaml b/standalone/auth-default-insecure.yaml new file mode 100644 index 0000000..facf673 --- /dev/null +++ b/standalone/auth-default-insecure.yaml @@ -0,0 +1,18 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: minio +spec: + template: + spec: + containers: + - name: minio + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + optional: true + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + optional: true diff --git a/standalone/kustomization.yaml b/standalone/kustomization.yaml new file mode 100644 index 0000000..41e5ed9 --- /dev/null +++ b/standalone/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../base +- minio-service.yaml + +patchesStrategicMerge: +- minio-standalone.yaml +- auth-default-insecure.yaml diff --git a/scale-1/minio-service.yaml b/standalone/minio-service.yaml similarity index 100% rename from scale-1/minio-service.yaml rename to standalone/minio-service.yaml diff --git a/scale-1/minio-scale1.yaml b/standalone/minio-standalone.yaml similarity index 100% rename from scale-1/minio-scale1.yaml rename to standalone/minio-standalone.yaml diff --git a/ystack-scale-1/kustomization.yaml b/ystack-scale-1/kustomization.yaml index a8c1a4a..ee30622 100644 --- a/ystack-scale-1/kustomization.yaml +++ b/ystack-scale-1/kustomization.yaml @@ -3,5 +3,8 @@ kind: Kustomization namespace: ystack +components: +- ../legacyuser + resources: -- ../scale-1 +- ../standalone