{{- if or .Values.buckets .Values.users .Values.policies .Values.customCommands .Values.svcaccts }} apiVersion: batch/v1 kind: Job metadata: name: {{ template "minio.fullname" . }}-post-job labels: app: {{ template "minio.name" . }}-post-job chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation {{- with .Values.postJob.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: template: metadata: labels: app: {{ template "minio.name" . }}-job release: {{ .Release.Name }} {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} {{- if .Values.postJob.podAnnotations }} annotations: {{- toYaml .Values.postJob.podAnnotations | nindent 8 }} {{- end }} spec: restartPolicy: OnFailure {{- include "minio.imagePullSecrets" . | indent 6 }} {{- if .Values.nodeSelector }} nodeSelector: {{- toYaml .Values.postJob.nodeSelector | nindent 8 }} {{- end }} {{- with .Values.postJob.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.postJob.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.postJob.securityContext.enabled }} securityContext: {{ omit .Values.postJob.securityContext "enabled" | toYaml | nindent 12 }} {{- end }} volumes: - name: etc-path emptyDir: {} - name: tmp emptyDir: {} - name: minio-configuration projected: sources: - configMap: name: {{ template "minio.fullname" . }} - secret: name: {{ template "minio.secretName" . }} {{- range (concat .Values.users (default (list) .Values.svcaccts)) }} {{- if .existingSecret }} - secret: name: {{ tpl .existingSecret $ }} items: - key: {{ .existingSecretKey }} path: secrets/{{ tpl .existingSecret $ }}/{{ tpl .existingSecretKey $ }} {{- end }} {{- end }} {{- range ( default list .Values.svcaccts ) }} {{- if .existingSecret }} - secret: name: {{ tpl .existingSecret $ }} items: - key: {{ .existingSecretKey }} path: secrets-svc/{{ tpl .existingSecret $ }}/{{ tpl .existingSecretKey $ }} {{- end }} {{- end }} {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc secret: secretName: {{ .Values.tls.certSecret }} items: - key: {{ .Values.tls.publicCrt }} path: CAs/public.crt {{- end }} {{- if .Values.customCommandJob.extraVolumes }} {{- toYaml .Values.customCommandJob.extraVolumes | nindent 8 }} {{- end }} {{- if .Values.serviceAccount.create }} serviceAccountName: {{ .Values.serviceAccount.name }} {{- end }} {{- if .Values.policies }} initContainers: - name: minio-make-policy image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" {{- if .Values.makePolicyJob.securityContext.enabled }} {{- with .Values.makePolicyJob.containerSecurityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- end }} imagePullPolicy: {{ .Values.mcImage.pullPolicy }} {{- if .Values.makePolicyJob.exitCommand }} command: [ "/bin/sh", "-c" ] args: [ "/bin/sh /config/add-policy; EV=$?; {{ .Values.makePolicyJob.exitCommand }} && exit $EV" ] {{- else }} command: [ "/bin/sh", "/config/add-policy" ] {{- end }} env: - name: MINIO_ENDPOINT value: {{ template "minio.fullname" . }} - name: MINIO_PORT value: {{ .Values.service.port | quote }} volumeMounts: - name: etc-path mountPath: /etc/minio/mc - name: tmp mountPath: /tmp - name: minio-configuration mountPath: /config {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs {{- end }} resources: {{- toYaml .Values.makePolicyJob.resources | nindent 12 }} {{- end }} containers: {{- if .Values.buckets }} - name: minio-make-bucket image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" {{- if .Values.makeBucketJob.securityContext.enabled }} {{- with .Values.makeBucketJob.containerSecurityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- end }} imagePullPolicy: {{ .Values.mcImage.pullPolicy }} {{- if .Values.makeBucketJob.exitCommand }} command: [ "/bin/sh", "-c" ] args: [ "/bin/sh /config/initialize; EV=$?; {{ .Values.makeBucketJob.exitCommand }} && exit $EV" ] {{- else }} command: [ "/bin/sh", "/config/initialize" ] {{- end }} env: - name: MINIO_ENDPOINT value: {{ template "minio.fullname" . }} - name: MINIO_PORT value: {{ .Values.service.port | quote }} volumeMounts: - name: etc-path mountPath: /etc/minio/mc - name: tmp mountPath: /tmp - name: minio-configuration mountPath: /config {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs {{- end }} resources: {{- toYaml .Values.makeBucketJob.resources | nindent 12 }} {{- end }} {{- if .Values.users }} - name: minio-make-user image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" {{- if .Values.makeUserJob.securityContext.enabled }} {{- with .Values.makeUserJob.containerSecurityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- end }} imagePullPolicy: {{ .Values.mcImage.pullPolicy }} {{- if .Values.makeUserJob.exitCommand }} command: [ "/bin/sh", "-c" ] args: [ "/bin/sh /config/add-user; EV=$?; {{ .Values.makeUserJob.exitCommand }} && exit $EV" ] {{- else }} command: [ "/bin/sh", "/config/add-user" ] {{- end }} env: - name: MINIO_ENDPOINT value: {{ template "minio.fullname" . }} - name: MINIO_PORT value: {{ .Values.service.port | quote }} volumeMounts: - name: etc-path mountPath: /etc/minio/mc - name: tmp mountPath: /tmp - name: minio-configuration mountPath: /config {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs {{- end }} resources: {{- toYaml .Values.makeUserJob.resources | nindent 12 }} {{- end }} {{- if .Values.customCommands }} - name: minio-custom-command image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" {{- if .Values.customCommandJob.securityContext.enabled }} {{- with .Values.customCommandJob.containerSecurityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- end }} imagePullPolicy: {{ .Values.mcImage.pullPolicy }} {{- if .Values.customCommandJob.exitCommand }} command: [ "/bin/sh", "-c" ] args: [ "/bin/sh /config/custom-command; EV=$?; {{ .Values.customCommandJob.exitCommand }} && exit $EV" ] {{- else }} command: [ "/bin/sh", "/config/custom-command" ] {{- end }} env: - name: MINIO_ENDPOINT value: {{ template "minio.fullname" . }} - name: MINIO_PORT value: {{ .Values.service.port | quote }} volumeMounts: - name: etc-path mountPath: /etc/minio/mc - name: tmp mountPath: /tmp - name: minio-configuration mountPath: /config {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs {{- end }} {{- if .Values.customCommandJob.extraVolumeMounts }} {{- toYaml .Values.customCommandJob.extraVolumeMounts | nindent 12 }} {{- end }} resources: {{- toYaml .Values.customCommandJob.resources | nindent 12 }} {{- end }} {{- if .Values.svcaccts }} - name: minio-make-svcacct image: "{{ .Values.mcImage.repository }}:{{ .Values.mcImage.tag }}" {{- if .Values.makeServiceAccountJob.securityContext.enabled }} {{- with .Values.makeServiceAccountJob.containerSecurityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- end }} imagePullPolicy: {{ .Values.mcImage.pullPolicy }} {{- if .Values.makeServiceAccountJob.exitCommand }} command: [ "/bin/sh", "-c" ] args: ["/bin/sh /config/add-svcacct; EV=$?; {{ .Values.makeServiceAccountJob.exitCommand }} && exit $EV" ] {{- else }} command: ["/bin/sh", "/config/add-svcacct"] {{- end }} env: - name: MINIO_ENDPOINT value: {{ template "minio.fullname" . }} - name: MINIO_PORT value: {{ .Values.service.port | quote }} volumeMounts: - name: etc-path mountPath: /etc/minio/mc - name: tmp mountPath: /tmp - name: minio-configuration mountPath: /config {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.configPathmc }}certs {{- end }} resources: {{- toYaml .Values.makeServiceAccountJob.resources | nindent 12 }} {{- end }} {{- end }}